Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer slow, kernel errors, pop-ups galore [RESOLVED]


  • This topic is locked This topic is locked

#16
integral_apparel

integral_apparel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
ComboFix 08-03-10.1 - R C 2008-03-11 19:47:25.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.235 [GMT -5:00]
Running from: C:\Documents and Settings\Rashaun Collins\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Rashaun Collins\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-02-12 to 2008-03-12 )))))))))))))))))))))))))))))))
.

2008-03-08 22:59 . 2008-03-08 22:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-03-08 22:58 . 2008-03-08 22:58 <DIR> d-------- C:\Program Files\Dell Support Center
2008-03-08 22:53 . 2008-03-08 22:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Dell
2008-03-08 14:00 . 2008-03-08 22:13 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-08 14:00 . 2008-03-08 14:00 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-07 16:35 . 2001-07-09 12:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-03-02 00:56 . 2008-03-08 00:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-03-01 11:46 . 2008-03-01 14:26 <DIR> d-------- C:\Documents and Settings\r c\.housecall6.6
2008-02-25 23:48 . 2008-02-25 23:48 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-24 04:00 . 2008-02-24 04:00 <DIR> d-------- C:\Program Files\eMule
2008-02-24 04:00 . 2008-03-08 22:58 <DIR> d-------- C:\Program Files\Common Files\SupportSoft
2008-02-22 01:39 . 2008-02-29 17:43 158,208 --a------ C:\WINDOWS\system32\dllcache\msconfig.exe
2008-02-19 01:50 . 2008-02-19 01:50 <DIR> d-------- C:\Documents and Settings\r c\Application Data\BitZipper
2008-02-19 01:49 . 2008-02-24 03:59 <DIR> d-------- C:\Program Files\BitZipper
2008-02-19 00:19 . 2008-03-04 20:31 <DIR> d-------- C:\Documents and Settings\r c\Application Data\Azureus
2008-02-19 00:19 . 2008-02-19 00:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-02-19 00:18 . 2008-02-24 03:59 <DIR> d-------- C:\Program Files\Azureus

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-12 00:47 --------- d-----w C:\Program Files\Zune
2008-03-12 00:47 --------- d-----w C:\Program Files\QuickTime
2008-03-12 00:47 --------- d-----w C:\Program Files\Lexmark 5200 Series
2008-03-12 00:47 --------- d-----w C:\Program Files\iTunes
2008-03-12 00:47 --------- d-----w C:\Program Files\DellSupport
2008-02-29 22:43 158,208 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\MSConfig.exe
2008-02-24 09:00 --------- d-----w C:\Program Files\DivX
2008-02-24 06:53 10 ----a-w C:\Program Files\.autoreg
2008-02-10 21:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-01-12 06:38 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-12 06:37 --------- d-----w C:\Documents and Settings\r c\Application Data\Yahoo!
2008-01-12 06:37 --------- d-----w C:\Documents and Settings\r c\Application Data\Grisoft(2)
2008-01-12 06:37 --------- d-----w C:\Documents and Settings\r c\Application Data\Grisoft
2008-01-12 06:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-01-12 06:36 --------- d-----w C:\Program Files\Mozilla Firefox(2)
2005-04-01 04:17 40,960 -c--a-w C:\Program Files\Uninstall_CDS.exe
2006-05-15 05:15 1,682 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2007-12-29 23:45 1694208]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 12:09 460784]
"Dot1XCfg"="C:\Program Files\Dot1XCfg\Dot1XCfg.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 19:42 1404928]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-10-13 15:14 26112]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 01:02 86016]
"LXBTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll" [2004-03-17 11:30 65536]
"Windows Media Connect 2"="C:\Program Files\Windows Media Connect 2\WMCCFG.exe" [ ]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 04:48 36975]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-02-29 17:43 158208]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\bak\mcupdate.exe" [2006-01-11 13:05 212992]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24 16384]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-10-21 18:53:42 110592]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-10-21 18:53:42 110592]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-10-13 15:09:39 24576]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-09-03 08:45:28 176128]
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe [2007-03-19 13:12:21 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
--a------ 2005-09-22 19:29 303104 c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
--a------ 2006-01-11 13:05 212992 C:\PROGRA~1\mcafee.com\agent\bak\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
--a------ 2005-11-11 18:00 1005096 C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
--a------ 2004-06-16 23:33 98304 C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
--a------ 2004-10-25 12:18 1111552 C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
--a------ 2006-11-16 16:42 1327104 C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NI.UGES_0001_N122M0502]
C:\Documents and Settings\r c\Desktop\setup_en(2) .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
--a------ 2005-08-11 22:02 53248 C:\Program Files\McAfee.com\VSO\oasclnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-05-29 02:13 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
--a------ 2005-08-10 12:49 163840 C:\Program Files\McAfee.com\VSO\mcvsshld.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
--a------ 2005-07-08 18:18 151552 C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=

R2 AdobeActiveFileMonitor;Adobe Active File Monitor;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-04 05:47]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-04 04:40]
S2 SpoolSvc207;Print Spooler Service;C:\WINDOWS\TEMP\cjnr4r47205535.exe []
S2 SVSLOG;Service Logon Protocol;"C:\WINDOWS\svslogon.exe" []

.
Contents of the 'Scheduled Tasks' folder
"2008-02-21 19:39:15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-09 01:36:13 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (RASHAUN-Rashaun Collins).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-11 19:50:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-11 19:51:13
ComboFix-quarantined-files.txt 2008-03-12 00:51:04
ComboFix2.txt 2008-03-06 07:53:20
ComboFix3.txt 2008-03-03 02:06:26
ComboFix4.txt 2008-03-02 19:57:34
ComboFix5.txt 2008-03-02 03:56:43



--------------------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:06:59 PM, on 3/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
c:\program files\mcafee.com\agent\mcupdate.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.0.0.0:80
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,[email protected]
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\bak\mcupdate.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader2.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1199043603484
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1199043459062
O16 - DPF: {D0B5B58D-8CB9-4EDB-8BB0-9D34AEF727CF} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Print Spooler Service (SpoolSvc207) - Unknown owner - C:\WINDOWS\TEMP\cjnr4r47205535.exe (file missing)
O23 - Service: Service Logon Protocol (SVSLOG) - Unknown owner - C:\WINDOWS\svslogon.exe (file missing)
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 9915 bytes
  • 0

Advertisements


#17
Tigger93

Tigger93

    Trusted Helper

  • Retired Staff
  • 1,870 posts
Everything looks good. :) Still having any problems?
  • 0

#18
integral_apparel

integral_apparel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Actually it has been amazing the differences you made on the first day of post and logs..
The only things I noticed were I had to ALT+tab to get inbetween windows, I couldnt click on the taskbar and windows start menu unless I used keyboard functions.

Also sometimes when I webpage is done loading or right when its done, the page goes back somehow like I clicked back but I didnt, usually happens on every link I clink on now

I still have the red x for an Icon instead of my C drive icon
and then there are a lot of random files in foldes
-For example in the windows folder, there are all these $NTuninstallKB29 folders with different numbers at the end
and also a lot of KB232etc files in my windows folder as well
The KB files are text documents, and when I opened one, heres what is inside
Other then that everything seems fine, and definitely appreciate your help through the whole process.
I will be defintely referring people and clients of mine to your service. Thanks again Tigger



[KB936357.log]
3.484: ================================================================================
3.484: 2007/12/30 14:02:00.671 (local)
3.484: C:\WINDOWS\SoftwareDistribution\Download\44e64941e64e5067dd624ca4e27c2efd\update\update.exe (version 6.2.29.0)
3.484: Hotfix started with following command line: /si /ParentInfo:d9739a3f236e9946abe18873eb277ca8
3.953: DoInstallation: CleanPFR failed: 0x2
3.984: SetProductTypes: InfProductBuildType=BuildType.IC
3.984: SetAltOsLoaderPath: No section uses DirId 65701; done.
4.062: CreateUninstall = 1,Directory = C:\WINDOWS\$NtUninstallKB936357$
4.062: LoadFileQueues: UpdSpGetSourceFileLocation for halaacpi.dll failed: 0xe0000102
4.093: ref tag c:\windows\system32\sp4.cab does not exist
4.093: ref tag c:\windows\system32\sp3.cab does not exist
4.093: ref tag c:\windows\system32\sp2.cab does not exist
4.093: ref tag c:\windows\system32\sp1.cab does not exist
4.093: ref tag c:\windows\system32\driver.cab does not exist
4.093: ref tag c:\windows\system32\fp40ext.cab does not exist
4.093: ref tag c:\windows\system32\fp40ext1.cab does not exist
4.093: ref tag c:\windows\system32\wms4.cab does not exist
4.093: ref tag c:\windows\system32\wms41.cab does not exist
4.109: ref tag c:\windows\system32\ims.cab does not exist
4.109: ref tag c:\windows\system32\ims1.cab does not exist
4.109: ref tag c:\windows\system32\ins.cab does not exist
4.109: ref tag c:\windows\system32\ins1.cab does not exist
4.109: Starting AnalyzeComponents
4.109: AnalyzePhaseZero used 0 ticks
4.109: No c:\windows\INF\updtblk.inf file.
4.109: OEM file scan used 0 ticks
4.156: AnalyzePhaseOne: used 47 ticks
4.156: AnalyzeComponents: Hotpatch analysis disabled; skipping.
4.156: AnalyzeComponents: Hotpatching is disabled.
4.156: FindFirstFile c:\windows\$hf_mig$\*.*
5.343: KB936357 Setup encountered an error: The update.ver file is not correct.
5.343: KB936357 Setup encountered an error: The update.ver file is not correct.
5.343: KB936357 Setup encountered an error: The update.ver file is not correct.
5.343: KB936357 Setup encountered an error: The update.ver file is not correct.
5.343: KB936357 Setup encountered an error: The update.ver file is not correct.
5.343: KB936357 Setup encountered an error: The update.ver file is not correct.
5.343: KB936357 Setup encountered an error: The update.ver file is not correct.
5.359: KB936357 Setup encountered an error: The update.ver file is not correct.
5.359: KB936357 Setup encountered an error: The update.ver file is not correct.
5.359: KB936357 Setup encountered an error: The update.ver file is not correct.
5.359: KB936357 Setup encountered an error: The update.ver file is not correct.
5.359: KB936357 Setup encountered an error: The update.ver file is not correct.
5.359: KB936357 Setup encountered an error: The update.ver file is not correct.
5.359: KB936357 Setup encountered an error: The update.ver file is not correct.
5.359: KB936357 Setup encountered an error: The update.ver file is not correct.
5.359: KB936357 Setup encountered an error: The update.ver file is not correct.
5.359: KB936357 Setup encountered an error: The update.ver file is not correct.
5.359: KB936357 Setup encountered an error: The update.ver file is not correct.
5.359: KB936357 Setup encountered an error: The update.ver file is not correct.
5.359: KB936357 Setup encountered an error: The update.ver file is not correct.
5.359: KB936357 Setup encountered an error: The update.ver file is not correct.
5.359: KB936357 Setup encountered an error: The update.ver file is not correct.
5.359: KB936357 Setup encountered an error: The update.ver file is not correct.
5.359: KB936357 Setup encountered an error: The update.ver file is not correct.
5.359: KB936357 Setup encountered an error: The update.ver file is not correct.
5.359: KB936357 Setup encountered an error: The update.ver file is not correct.
5.359: KB936357 Setup encountered an error: The update.ver file is not correct.
5.359: KB936357 Setup encountered an error: The update.ver file is not correct.
5.359: KB936357 Setup encountered an error: The update.ver file is not correct.
5.359: KB936357 Setup encountered an error: The update.ver file is not correct.
5.359: KB936357 Setup encountered an error: The update.ver file is not correct.
5.359: KB936357 Setup encountered an error: The update.ver file is not correct.
5.359: KB936357 Setup encountered an error: The update.ver file is not correct.
5.390: AnalyzeForBranching used 31 ticks.
5.390: AnalyzePhaseTwo used 0 ticks
5.390: AnalyzePhaseThree used 0 ticks
5.390: AnalyzePhaseFive used 0 ticks
5.390: AnalyzePhaseSix used 0 ticks
5.390: AnalyzeComponents used 1281 ticks
5.390: Downloading 2 files
5.390: bPatchMode = TRUE
5.390: Inventory complete: ReturnStatus=0, 1328 ticks
5.390: Num Ticks for invent : 1328
5.468: [dumpDownloadTask] Update.exe posting request file to download a total of 236114 bytes (236114 bytes in patches and 0 bytes in fallbacks)
5.484: dumpDownloadTask returned 0xf200 (more files to download)
5.531: KB936357 installation did not complete.
5.531: Update.exe extended error code = 0xf200
1.640: ================================================================================
1.640: 2007/12/30 14:02:10.406 (local)
1.640: C:\WINDOWS\SoftwareDistribution\Download\44e64941e64e5067dd624ca4e27c2efd\update\update.exe (version 6.2.29.0)
1.640: Hotfix started with following command line: /si /ParentInfo:1d5da2f5c6b6234696fab435b5a3a76d
1.828: DoInstallation: CleanPFR failed: 0x2
1.828: SetProductTypes: InfProductBuildType=BuildType.IC
1.843: SetAltOsLoaderPath: No section uses DirId 65701; done.
1.859: Express: 236,114 bytes were downloaded.
1.937: [PatchFilesFromResponseBlob] returning STATUS_READY_TO_INSTALL
1.953: KB936357 installation did not complete.
1.953: Update.exe extended error code = 0xf201
2.125: ================================================================================
2.140: 2007/12/30 14:29:16.984 (local)
2.140: C:\WINDOWS\SoftwareDistribution\Download\1eec13b5c1997fc7de00e3422db4b84d\update\update.exe (version 6.2.29.0)
2.140: Failed To Enable SE_SHUTDOWN_PRIVILEGE
2.140: Hotfix started with following command line: -q -z -er /ParentInfo:aa7bd5ae9b489c44828c2f07ca22b615
2.469: ---- Old Information In The Registry ------
2.469: Source:C:\WINDOWS\system32\SETC9.tmp (5.1.2600.2938)
2.469: Destination:C:\WINDOWS\system32\rasadhlp.dll (5.1.2600.2180)
2.484: Source:C:\WINDOWS\system32\SETCA.tmp (5.1.2600.2938)
2.484: Destination:C:\WINDOWS\system32\dnsapi.dll (5.1.2600.2912)
2.484: Source:C:\WINDOWS\system32\SETD1.tmp (5.1.2600.2978)
2.484: Destination:C:\WINDOWS\system32\fltmc.exe (5.1.2600.2180)
2.484: Source:C:\WINDOWS\system32\SETD2.tmp (5.1.2600.2978)
2.484: Destination:C:\WINDOWS\system32\fltlib.dll (5.1.2600.2180)
2.484: Source:C:\WINDOWS\system32\DllCache\SETD3.tmp (5.1.2600.2978)
2.484: Destination:C:\WINDOWS\system32\DllCache\fltmgr.sys (5.1.2600.2180)
2.484: Source:C:\WINDOWS\system32\SETF6.tmp (6.0.2900.2987)
2.484: Destination:C:\WINDOWS\system32\shdocvw.dll (6.0.2900.2919)
2.484: Source:C:\WINDOWS\system32\_000005_.tmp.dll (5.82.2900.2180)
2.484: Destination:
2.484: Source:C:\WINDOWS\system32\SETFE.tmp (5.1.2600.2975)
2.484: Destination:C:\WINDOWS\system32\6to4svc.dll (5.1.2600.2180)
2.484: Source:C:\WINDOWS\system32\DllCache\SETFF.tmp (5.1.2600.2975)
2.484: Destination:C:\WINDOWS\system32\DllCache\tcpip6.sys (5.1.2600.2180)
2.484: Source:C:\WINDOWS\system32\_000007_.tmp.dll (5.1.2600.2180)
2.484: Destination:
2.484: Source:C:\WINDOWS\system32\_000008_.tmp.dll (5.1.2600.2525)
2.484: Destination:
2.484: Source:C:\WINDOWS\system32\SET106.tmp (5.1.2600.2976)
2.484: Destination:C:\WINDOWS\system32\netapi32.dll (5.1.2600.2180)
2.484: Source:C:\WINDOWS\system32\SET115.tmp (5.1.2600.3019)
2.484: Destination:C:\WINDOWS\system32\sxs.dll (5.1.2600.2180)
2.484: Source:C:\WINDOWS\system32\SET119.tmp (6.0.2900.3051)
2.484: Destination:C:\WINDOWS\system32\shsvcs.dll (6.0.2900.2180)
2.484: Source:C:\WINDOWS\system32\SET1FC.tmp (6.0.2900.3241)
2.484: Destination:C:\WINDOWS\system32\shell32.dll (6.0.2900.2869)
2.484: Source:C:\WINDOWS\system32\SET125.tmp (5.1.2600.3051)
2.484: Destination:C:\WINDOWS\system32\wiaservc.dll (5.1.2600.2180)
2.484: Source:C:\Program Files\Common Files\System\ADO\SET12E.tmp (2.81.1128.0)
2.484: Destination:C:\Program Files\Common Files\System\ADO\msjro.dll (2.81.1117.0)
2.484: Source:C:\Program Files\Common Files\System\ADO\SET12F.tmp (2.81.1128.0)
2.484: Destination:C:\Program Files\Common Files\System\ADO\msadox.dll (2.81.1117.0)
2.484: Source:C:\Program Files\Common Files\System\ADO\SET130.tmp (2.81.1128.0)
2.484: Destination:C:\Program Files\Common Files\System\ADO\msadomd.dll (2.81.1117.0)
2.500: Source:C:\Program Files\Common Files\System\ADO\SET131.tmp (2.81.1128.0)
2.500: Destination:C:\Program Files\Common Files\System\ADO\msado15.dll (2.81.1117.0)
2.500: Source:C:\WINDOWS\system32\SET13B.tmp (5.30.23.1228)
2.500: Destination:C:\WINDOWS\system32\riched20.dll (5.30.23.1221)
2.500: Source:C:\WINDOWS\system32\_000009_.tmp.dll (5.1.2600.2770)
2.500: Destination:
2.500: Source:C:\WINDOWS\system32\SET147.tmp (5.1.2600.3099)
2.500: Destination:C:\WINDOWS\system32\user32.dll (5.1.2600.2622)
2.500: Source:C:\WINDOWS\system32\SET1AB.tmp (5.1.2600.3159)
2.500: Destination:C:\WINDOWS\system32\gdi32.dll (5.1.2600.2818)
2.500: Source:C:\WINDOWS\system32\SET164.tmp (5.1.2600.3103)
2.500: Destination:C:\WINDOWS\system32\winsrv.dll (5.1.2600.2751)
2.500: Source:C:\WINDOWS\msagent\SET16C.tmp (2.0.0.3425)
2.500: Destination:C:\WINDOWS\msagent\agentdpv.dll (2.0.0.3423)
2.500: Source:C:\WINDOWS\system32\SET1FD.tmp (5.1.2600.3243)
2.500: Destination:C:\WINDOWS\system32\xpsp3res.dll (5.1.2600.2906)
2.500: Source:C:\WINDOWS\system32\SET183.tmp (3.1.4000.4039)
2.500: Destination:C:\WINDOWS\system32\msi.dll (3.1.4000.2435)
2.500: Source:C:\WINDOWS\system32\_000006_.tmp.dll (5.1.2600.2180)
2.500: Destination:
2.500: Source:C:\WINDOWS\system32\_000010_.tmp.dll (5.1.2600.2180)
2.500: Destination:
2.500: Source:C:\WINDOWS\SET1A3.tmp (6.0.2900.3156)
2.500: Destination:C:\WINDOWS\explorer.exe (6.0.2900.2180)
2.500: Source:C:\WINDOWS\system32\_000011_.tmp.dll (5.1.2600.2180)
2.500: Destination:
2.500: Source:c:\Config.Msi\2a1810.rbf (6.0.3890.0)
2.500: Destination:
2.500: Source:C:\WINDOWS\system32\SET1C4.tmp (8.90.1101.0)
2.500: Destination:C:\WINDOWS\system32\msxml3.dll (8.50.2162.0)
2.500: Source:C:\WINDOWS\system32\SET1C8.tmp (5.1.2600.3173)
2.500: Destination:C:\WINDOWS\system32\rpcrt4.dll (5.1.2600.2180)
2.500: Source:C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\New\mdiui.dll
2.500: Destination:C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mdiui.dll (0.3.8166.2)
2.500: Source:C:\Config.Msi\2a1880.rbf (11.0.5510.0)
2.500: Destination:
2.500: ---- New Information In The Registry ------
2.500: Source:C:\WINDOWS\system32\SETC9.tmp (5.1.2600.2938)
2.500: Destination:C:\WINDOWS\system32\rasadhlp.dll (5.1.2600.2180)
2.500: Source:C:\WINDOWS\system32\SETCA.tmp (5.1.2600.2938)
2.500: Destination:C:\WINDOWS\system32\dnsapi.dll (5.1.2600.2912)
2.500: Source:C:\WINDOWS\system32\SETD1.tmp (5.1.2600.2978)
2.500: Destination:C:\WINDOWS\system32\fltmc.exe (5.1.2600.2180)
2.500: Source:C:\WINDOWS\system32\SETD2.tmp (5.1.2600.2978)
2.500: Destination:C:\WINDOWS\system32\fltlib.dll (5.1.2600.2180)
2.500: Source:C:\WINDOWS\system32\DllCache\SETD3.tmp (5.1.2600.2978)
2.500: Destination:C:\WINDOWS\system32\DllCache\fltmgr.sys (5.1.2600.2180)
2.500: Source:C:\WINDOWS\system32\SETF6.tmp (6.0.2900.2987)
2.500: Destination:C:\WINDOWS\system32\shdocvw.dll (6.0.2900.2919)
2.500: Source:C:\WINDOWS\system32\_000005_.tmp.dll (5.82.2900.2180)
2.515: Destination:
2.515: Source:C:\WINDOWS\system32\SETFE.tmp (5.1.2600.2975)
2.515: Destination:C:\WINDOWS\system32\6to4svc.dll (5.1.2600.2180)
2.515: Source:C:\WINDOWS\system32\DllCache\SETFF.tmp (5.1.2600.2975)
2.515: Destination:C:\WINDOWS\system32\DllCache\tcpip6.sys (5.1.2600.2180)
2.515: Source:C:\WINDOWS\system32\_000007_.tmp.dll (5.1.2600.2180)
2.515: Destination:
2.515: Source:C:\WINDOWS\system32\_000008_.tmp.dll (5.1.2600.2525)
2.515: Destination:
2.515: Source:C:\WINDOWS\system32\SET106.tmp (5.1.2600.2976)
2.515: Destination:C:\WINDOWS\system32\netapi32.dll (5.1.2600.2180)
2.515: Source:C:\WINDOWS\system32\SET115.tmp (5.1.2600.3019)
2.515: Destination:C:\WINDOWS\system32\sxs.dll (5.1.2600.2180)
2.515: Source:C:\WINDOWS\system32\SET119.tmp (6.0.2900.3051)
2.515: Destination:C:\WINDOWS\system32\shsvcs.dll (6.0.2900.2180)
2.515: Source:C:\WINDOWS\system32\SET1FC.tmp (6.0.2900.3241)
2.515: Destination:C:\WINDOWS\system32\shell32.dll (6.0.2900.2869)
2.515: Source:C:\WINDOWS\system32\SET125.tmp (5.1.2600.3051)
2.515: Destination:C:\WINDOWS\system32\wiaservc.dll (5.1.2600.2180)
2.515: Source:C:\Program Files\Common Files\System\ADO\SET12E.tmp (2.81.1128.0)
2.515: Destination:C:\Program Files\Common Files\System\ADO\msjro.dll (2.81.1117.0)
2.515: Source:C:\Program Files\Common Files\System\ADO\SET12F.tmp (2.81.1128.0)
2.515: Destination:C:\Program Files\Common Files\System\ADO\msadox.dll (2.81.1117.0)
2.515: Source:C:\Program Files\Common Files\System\ADO\SET130.tmp (2.81.1128.0)
2.515: Destination:C:\Program Files\Common Files\System\ADO\msadomd.dll (2.81.1117.0)
2.515: Source:C:\Program Files\Common Files\System\ADO\SET131.tmp (2.81.1128.0)
2.515: Destination:C:\Program Files\Common Files\System\ADO\msado15.dll (2.81.1117.0)
2.515: Source:C:\WINDOWS\system32\SET13B.tmp (5.30.23.1228)
2.515: Destination:C:\WINDOWS\system32\riched20.dll (5.30.23.1221)
2.515: Source:C:\WINDOWS\system32\_000009_.tmp.dll (5.1.2600.2770)
2.515: Destination:
2.515: Source:C:\WINDOWS\system32\SET147.tmp (5.1.2600.3099)
2.515: Destination:C:\WINDOWS\system32\user32.dll (5.1.2600.2622)
2.515: Source:C:\WINDOWS\system32\SET1AB.tmp (5.1.2600.3159)
2.515: Destination:C:\WINDOWS\system32\gdi32.dll (5.1.2600.2818)
2.515: Source:C:\WINDOWS\system32\SET164.tmp (5.1.2600.3103)
2.515: Destination:C:\WINDOWS\system32\winsrv.dll (5.1.2600.2751)
2.515: Source:C:\WINDOWS\msagent\SET16C.tmp (2.0.0.3425)
2.515: Destination:C:\WINDOWS\msagent\agentdpv.dll (2.0.0.3423)
2.515: Source:C:\WINDOWS\system32\SET1FD.tmp (5.1.2600.3243)
2.515: Destination:C:\WINDOWS\system32\xpsp3res.dll (5.1.2600.2906)
2.515: Source:C:\WINDOWS\system32\SET183.tmp (3.1.4000.4039)
2.515: Destination:C:\WINDOWS\system32\msi.dll (3.1.4000.2435)
2.515: Source:C:\WINDOWS\system32\_000006_.tmp.dll (5.1.2600.2180)
2.515: Destination:
2.515: Source:C:\WINDOWS\system32\_000010_.tmp.dll (5.1.2600.2180)
2.515: Destination:
2.515: Source:C:\WINDOWS\SET1A3.tmp (6.0.2900.3156)
2.515: Destination:C:\WINDOWS\explorer.exe (6.0.2900.2180)
2.515: Source:C:\WINDOWS\system32\_000011_.tmp.dll (5.1.2600.2180)
2.515: Destination:
2.515: Source:c:\Config.Msi\2a1810.rbf (6.0.3890.0)
2.515: Destination:
2.515: Source:C:\WINDOWS\system32\SET1C4.tmp (8.90.1101.0)
2.515: Destination:C:\WINDOWS\system32\msxml3.dll (8.50.2162.0)
2.531: Source:C:\WINDOWS\system32\SET1C8.tmp (5.1.2600.3173)
2.531: Destination:C:\WINDOWS\system32\rpcrt4.dll (5.1.2600.2180)
2.531: Source:C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\New\mdiui.dll
2.531: Destination:C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mdiui.dll (0.3.8166.2)
2.531: Source:C:\Config.Msi\2a1880.rbf (11.0.5510.0)
2.531: Destination:
2.531: SetProductTypes: InfProductBuildType=BuildType.IC
2.531: SetAltOsLoaderPath: No section uses DirId 65701; done.
2.562: CreateUninstall = 1,Directory = C:\WINDOWS\$NtUninstallKB936357$
2.562: LoadFileQueues: UpdSpGetSourceFileLocation for halaacpi.dll failed: 0xe0000102
2.594: ref tag c:\windows\system32\sp4.cab does not exist
2.594: ref tag c:\windows\system32\sp3.cab does not exist
2.594: ref tag c:\windows\system32\sp2.cab does not exist
2.594: ref tag c:\windows\system32\sp1.cab does not exist
2.594: ref tag c:\windows\system32\driver.cab does not exist
2.609: ref tag c:\windows\system32\fp40ext.cab does not exist
2.609: ref tag c:\windows\system32\fp40ext1.cab does not exist
2.609: ref tag c:\windows\system32\wms4.cab does not exist
2.609: ref tag c:\windows\system32\wms41.cab does not exist
2.609: ref tag c:\windows\system32\ims.cab does not exist
2.609: ref tag c:\windows\system32\ims1.cab does not exist
2.609: ref tag c:\windows\system32\ins.cab does not exist
2.609: ref tag c:\windows\system32\ins1.cab does not exist
2.609: Starting AnalyzeComponents
2.609: AnalyzePhaseZero used 0 ticks
2.609: No c:\windows\INF\updtblk.inf file.
2.609: OEM file scan used 0 ticks
2.640: AnalyzePhaseOne: used 31 ticks
2.640: AnalyzeComponents: Hotpatch analysis disabled; skipping.
2.640: AnalyzeComponents: Hotpatching is disabled.
2.640: FindFirstFile c:\windows\$hf_mig$\*.*
2.797: KB936357 Setup encountered an error: The update.ver file is not correct.
2.797: KB936357 Setup encountered an error: The update.ver file is not correct.
2.797: KB936357 Setup encountered an error: The update.ver file is not correct.
2.797: KB936357 Setup encountered an error: The update.ver file is not correct.
2.797: KB936357 Setup encountered an error: The update.ver file is not correct.
2.797: AnalyzeForBranching used 0 ticks.
2.797: AnalyzePhaseTwo used 0 ticks
2.797: AnalyzePhaseThree used 0 ticks
2.797: AnalyzePhaseFive used 0 ticks
2.797: AnalyzePhaseSix used 0 ticks
2.797: AnalyzeComponents used 188 ticks
2.797: Downloading 0 files
2.797: bPatchMode = TRUE
2.797: Inventory complete: ReturnStatus=0, 235 ticks
2.797: Num Ticks for invent : 235
2.812: VerifyTargetFileSize: Unable to verify size as Source = NULL for file c:\windows\inf\HFX201.tmp
2.812: Copied file: c:\windows\inf\branches.inf
3.125: Allocation size of drive C: is 4096 bytes, free space = 102178619392 bytes
3.125: AnalyzeDiskUsage: Skipping EstimateDiskUsageForUninstall.
3.125: Drive C: free 97445MB req: 12MB w/uninstall: NOT CALCULATED.
3.125: CabinetBuild complete
3.125: Num Ticks for Cabinet build : 328
3.125: DynamicStrings section not defined or empty.
3.140: FileInUse:: Detection disabled.
4.140: LoadFileQueues: UpdSpGetSourceFileLocation for halaacpi.dll failed: 0xe0000102
4.234: Num Ticks for Backup : 1109
4.437: Num Ticks for creating uninst inf : 203
4.453: Registering Uninstall Program for -> KB936357, KB936357 , 0x0
4.453: LoadFileQueues: UpdSpGetSourceFileLocation for halaacpi.dll failed: 0xe0000102
4.500: System Restore Point set.
4.531: PFE2: Not avoiding Per File Exceptions.
4.765: GetCatVersion: Failed to retrieve version information from C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB936357.cat with error 0x57
5.015: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\windows\softwaredistribution\download\1eec13b5c1997fc7de00e3422db4b84d\update\update_SP2QFE.inf -> c:\windows\$hf_mig$\KB936357\update\update_SP2QFE.inf.
5.140: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\windows\softwaredistribution\download\1eec13b5c1997fc7de00e3422db4b84d\spuninst.exe -> c:\windows\$hf_mig$\KB936357\spuninst.exe.
5.156: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\windows\softwaredistribution\download\1eec13b5c1997fc7de00e3422db4b84d\spmsg.dll -> c:\windows\$hf_mig$\KB936357\spmsg.dll.
5.203: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\windows\softwaredistribution\download\1eec13b5c1997fc7de00e3422db4b84d\update\spcustom.dll -> c:\windows\$hf_mig$\KB936357\update\spcustom.dll.
5.219: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\windows\softwaredistribution\download\1eec13b5c1997fc7de00e3422db4b84d\update\KB936357.CAT -> c:\windows\$hf_mig$\KB936357\update\KB936357.CAT.
5.250: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\windows\softwaredistribution\download\1eec13b5c1997fc7de00e3422db4b84d\update\update.exe -> c:\windows\$hf_mig$\KB936357\update\update.exe.
5.281: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\windows\softwaredistribution\download\1eec13b5c1997fc7de00e3422db4b84d\update\updspapi.dll -> c:\windows\$hf_mig$\KB936357\update\updspapi.dll.
5.297: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\windows\softwaredistribution\download\1eec13b5c1997fc7de00e3422db4b84d\update\update.ver -> c:\windows\$hf_mig$\KB936357\update\update.ver.
5.297: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\windows\softwaredistribution\download\1eec13b5c1997fc7de00e3422db4b84d\update\updatebr.inf -> c:\windows\$hf_mig$\KB936357\update\updatebr.inf.
5.312: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\windows\softwaredistribution\download\1eec13b5c1997fc7de00e3422db4b84d\update\eula.txt -> c:\windows\$hf_mig$\KB936357\update\eula.txt.
5.406: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\windows\softwaredistribution\download\1eec13b5c1997fc7de00e3422db4b84d\update\branches.inf -> c:\windows\$hf_mig$\KB936357\update\branches.inf.
5.672: Copied file: C:\WINDOWS\system32\DRIVERS\update.sys
6.687: Copied file: C:\WINDOWS\system32\DRIVERS\update.sys
6.687: Copied file: C:\WINDOWS\system32\DllCache\update.sys
6.765: Copied file: c:\windows\$hf_mig$\KB936357\SP2QFE\update.sys
7.094: DoInstallation: Installing assemblies with source root path: c:\windows\softwaredistribution\download\1eec13b5c1997fc7de00e3422db4b84d\
7.094: Num Ticks for Copying files : 2657
11.984: Num Ticks for Reg update and deleting 0 size files : 4890
12.453: ---- Old Information In The Registry ------
12.453: Source:C:\WINDOWS\system32\SETC9.tmp (5.1.2600.2938)
12.453: Destination:C:\WINDOWS\system32\rasadhlp.dll (5.1.2600.2180)
12.453: Source:C:\WINDOWS\system32\SETCA.tmp (5.1.2600.2938)
12.453: Destination:C:\WINDOWS\system32\dnsapi.dll (5.1.2600.2912)
12.453: Source:C:\WINDOWS\system32\SETD1.tmp (5.1.2600.2978)
12.453: Destination:C:\WINDOWS\system32\fltmc.exe (5.1.2600.2180)
12.453: Source:C:\WINDOWS\system32\SETD2.tmp (5.1.2600.2978)
12.453: Destination:C:\WINDOWS\system32\fltlib.dll (5.1.2600.2180)
12.453: Source:C:\WINDOWS\system32\DllCache\SETD3.tmp (5.1.2600.2978)
12.453: Destination:C:\WINDOWS\system32\DllCache\fltmgr.sys (5.1.2600.2180)
12.453: Source:C:\WINDOWS\system32\SETF6.tmp (6.0.2900.2987)
12.453: Destination:C:\WINDOWS\system32\shdocvw.dll (6.0.2900.2919)
12.453: Source:C:\WINDOWS\system32\_000005_.tmp.dll (5.82.2900.2180)
12.453: Destination:
12.453: Source:C:\WINDOWS\system32\SETFE.tmp (5.1.2600.2975)
12.453: Destination:C:\WINDOWS\system32\6to4svc.dll (5.1.2600.2180)
12.453: Source:C:\WINDOWS\system32\DllCache\SETFF.tmp (5.1.2600.2975)
12.453: Destination:C:\WINDOWS\system32\DllCache\tcpip6.sys (5.1.2600.2180)
12.453: Source:C:\WINDOWS\system32\_000007_.tmp.dll (5.1.2600.2180)
12.453: Destination:
12.453: Source:C:\WINDOWS\system32\_000008_.tmp.dll (5.1.2600.2525)
12.453: Destination:
12.453: Source:C:\WINDOWS\system32\SET106.tmp (5.1.2600.2976)
12.453: Destination:C:\WINDOWS\system32\netapi32.dll (5.1.2600.2180)
12.453: Source:C:\WINDOWS\system32\SET115.tmp (5.1.2600.3019)
12.453: Destination:C:\WINDOWS\system32\sxs.dll (5.1.2600.2180)
12.453: Source:C:\WINDOWS\system32\SET119.tmp (6.0.2900.3051)
12.453: Destination:C:\WINDOWS\system32\shsvcs.dll (6.0.2900.2180)
12.453: Source:C:\WINDOWS\system32\SET1FC.tmp (6.0.2900.3241)
12.469: Destination:C:\WINDOWS\system32\shell32.dll (6.0.2900.2869)
12.469: Source:C:\WINDOWS\system32\SET125.tmp (5.1.2600.3051)
12.469: Destination:C:\WINDOWS\system32\wiaservc.dll (5.1.2600.2180)
12.469: Source:C:\Program Files\Common Files\System\ADO\SET12E.tmp (2.81.1128.0)
12.469: Destination:C:\Program Files\Common Files\System\ADO\msjro.dll (2.81.1117.0)
12.469: Source:C:\Program Files\Common Files\System\ADO\SET12F.tmp (2.81.1128.0)
12.469: Destination:C:\Program Files\Common Files\System\ADO\msadox.dll (2.81.1117.0)
12.469: Source:C:\Program Files\Common Files\System\ADO\SET130.tmp (2.81.1128.0)
12.469: Destination:C:\Program Files\Common Files\System\ADO\msadomd.dll (2.81.1117.0)
12.469: Source:C:\Program Files\Common Files\System\ADO\SET131.tmp (2.81.1128.0)
12.469: Destination:C:\Program Files\Common Files\System\ADO\msado15.dll (2.81.1117.0)
12.469: Source:C:\WINDOWS\system32\SET13B.tmp (5.30.23.1228)
12.469: Destination:C:\WINDOWS\system32\riched20.dll (5.30.23.1221)
12.469: Source:C:\WINDOWS\system32\_000009_.tmp.dll (5.1.2600.2770)
12.469: Destination:
12.469: Source:C:\WINDOWS\system32\SET147.tmp (5.1.2600.3099)
12.469: Destination:C:\WINDOWS\system32\user32.dll (5.1.2600.2622)
12.469: Source:C:\WINDOWS\system32\SET1AB.tmp (5.1.2600.3159)
12.469: Destination:C:\WINDOWS\system32\gdi32.dll (5.1.2600.2818)
12.469: Source:C:\WINDOWS\system32\SET164.tmp (5.1.2600.3103)
12.469: Destination:C:\WINDOWS\system32\winsrv.dll (5.1.2600.2751)
12.469: Source:C:\WINDOWS\msagent\SET16C.tmp (2.0.0.3425)
12.469: Destination:C:\WINDOWS\msagent\agentdpv.dll (2.0.0.3423)
12.469: Source:C:\WINDOWS\system32\SET1FD.tmp (5.1.2600.3243)
12.469: Destination:C:\WINDOWS\system32\xpsp3res.dll (5.1.2600.2906)
12.469: Source:C:\WINDOWS\system32\SET183.tmp (3.1.4000.4039)
12.469: Destination:C:\WINDOWS\system32\msi.dll (3.1.4000.2435)
12.469: Source:C:\WINDOWS\system32\_000006_.tmp.dll (5.1.2600.2180)
12.469: Destination:
12.469: Source:C:\WINDOWS\system32\_000010_.tmp.dll (5.1.2600.2180)
12.469: Destination:
12.469: Source:C:\WINDOWS\SET1A3.tmp (6.0.2900.3156)
12.469: Destination:C:\WINDOWS\explorer.exe (6.0.2900.2180)
12.469: Source:C:\WINDOWS\system32\_000011_.tmp.dll (5.1.2600.2180)
12.469: Destination:
12.469: Source:c:\Config.Msi\2a1810.rbf (6.0.3890.0)
12.469: Destination:
12.484: Source:C:\WINDOWS\system32\SET1C4.tmp (8.90.1101.0)
12.484: Destination:C:\WINDOWS\system32\msxml3.dll (8.50.2162.0)
12.484: Source:C:\WINDOWS\system32\SET1C8.tmp (5.1.2600.3173)
12.484: Destination:C:\WINDOWS\system32\rpcrt4.dll (5.1.2600.2180)
12.484: Source:C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\New\mdiui.dll
12.484: Destination:C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mdiui.dll (0.3.8166.2)
12.484: Source:C:\Config.Msi\2a1880.rbf (11.0.5510.0)
12.484: Destination:
12.484: ---- New Information In The Registry ------
12.484: Source:C:\WINDOWS\system32\SETC9.tmp (5.1.2600.2938)
12.484: Destination:C:\WINDOWS\system32\rasadhlp.dll (5.1.2600.2180)
12.484: Source:C:\WINDOWS\system32\SETCA.tmp (5.1.2600.2938)
12.484: Destination:C:\WINDOWS\system32\dnsapi.dll (5.1.2600.2912)
12.484: Source:C:\WINDOWS\system32\SETD1.tmp (5.1.2600.2978)
12.484: Destination:C:\WINDOWS\system32\fltmc.exe (5.1.2600.2180)
12.484: Source:C:\WINDOWS\system32\SETD2.tmp (5.1.2600.2978)
12.484: Destination:C:\WINDOWS\system32\fltlib.dll (5.1.2600.2180)
12.484: Source:C:\WINDOWS\system32\DllCache\SETD3.tmp (5.1.2600.2978)
12.484: Destination:C:\WINDOWS\system32\DllCache\fltmgr.sys (5.1.2600.2180)
12.484: Source:C:\WINDOWS\system32\SETF6.tmp (6.0.2900.2987)
12.484: Destination:C:\WINDOWS\system32\shdocvw.dll (6.0.2900.2919)
12.484: Source:C:\WINDOWS\system32\_000005_.tmp.dll (5.82.2900.2180)
12.484: Destination:
12.484: Source:C:\WINDOWS\system32\SETFE.tmp (5.1.2600.2975)
12.484: Destination:C:\WINDOWS\system32\6to4svc.dll (5.1.2600.2180)
12.484: Source:C:\WINDOWS\system32\DllCache\SETFF.tmp (5.1.2600.2975)
12.484: Destination:C:\WINDOWS\system32\DllCache\tcpip6.sys (5.1.2600.2180)
12.484: Source:C:\WINDOWS\system32\_000007_.tmp.dll (5.1.2600.2180)
12.484: Destination:
12.484: Source:C:\WINDOWS\system32\_000008_.tmp.dll (5.1.2600.2525)
12.484: Destination:
12.484: Source:C:\WINDOWS\system32\SET106.tmp (5.1.2600.2976)
12.484: Destination:C:\WINDOWS\system32\netapi32.dll (5.1.2600.2180)
12.484: Source:C:\WINDOWS\system32\SET115.tmp (5.1.2600.3019)
12.484: Destination:C:\WINDOWS\system32\sxs.dll (5.1.2600.2180)
12.484: Source:C:\WINDOWS\system32\SET119.tmp (6.0.2900.3051)
12.484: Destination:C:\WINDOWS\system32\shsvcs.dll (6.0.2900.2180)
12.484: Source:C:\WINDOWS\system32\SET1FC.tmp (6.0.2900.3241)
12.484: Destination:C:\WINDOWS\system32\shell32.dll (6.0.2900.2869)
12.484: Source:C:\WINDOWS\system32\SET125.tmp (5.1.2600.3051)
12.484: Destination:C:\WINDOWS\system32\wiaservc.dll (5.1.2600.2180)
12.484: Source:C:\Program Files\Common Files\System\ADO\SET12E.tmp (2.81.1128.0)
12.484: Destination:C:\Program Files\Common Files\System\ADO\msjro.dll (2.81.1117.0)
12.484: Source:C:\Program Files\Common Files\System\ADO\SET12F.tmp (2.81.1128.0)
12.484: Destination:C:\Program Files\Common Files\System\ADO\msadox.dll (2.81.1117.0)
12.484: Source:C:\Program Files\Common Files\System\ADO\SET130.tmp (2.81.1128.0)
12.484: Destination:C:\Program Files\Common Files\System\ADO\msadomd.dll (2.81.1117.0)
12.484: Source:C:\Program Files\Common Files\System\ADO\SET131.tmp (2.81.1128.0)
12.484: Destination:C:\Program Files\Common Files\System\ADO\msado15.dll (2.81.1117.0)
12.484: Source:C:\WINDOWS\system32\SET13B.tmp (5.30.23.1228)
12.484: Destination:C:\WINDOWS\system32\riched20.dll (5.30.23.1221)
12.484: Source:C:\WINDOWS\system32\_000009_.tmp.dll (5.1.2600.2770)
12.484: Destination:
12.484: Source:C:\WINDOWS\system32\SET147.tmp (5.1.2600.3099)
12.484: Destination:C:\WINDOWS\system32\user32.dll (5.1.2600.2622)
12.484: Source:C:\WINDOWS\system32\SET1AB.tmp (5.1.2600.3159)
12.484: Destination:C:\WINDOWS\system32\gdi32.dll (5.1.2600.2818)
12.484: Source:C:\WINDOWS\system32\SET164.tmp (5.1.2600.3103)
12.484: Destination:C:\WINDOWS\system32\winsrv.dll (5.1.2600.2751)
12.484: Source:C:\WINDOWS\msagent\SET16C.tmp (2.0.0.3425)
12.484: Destination:C:\WINDOWS\msagent\agentdpv.dll (2.0.0.3423)
12.484: Source:C:\WINDOWS\system32\SET1FD.tmp (5.1.2600.3243)
12.484: Destination:C:\WINDOWS\system32\xpsp3res.dll (5.1.2600.2906)
12.484: Source:C:\WINDOWS\system32\SET183.tmp (3.1.4000.4039)
12.484: Destination:C:\WINDOWS\system32\msi.dll (3.1.4000.2435)
12.484: Source:C:\WINDOWS\system32\_000006_.tmp.dll (5.1.2600.2180)
12.484: Destination:
12.500: Source:C:\WINDOWS\system32\_000010_.tmp.dll (5.1.2600.2180)
12.500: Destination:
12.500: Source:C:\WINDOWS\SET1A3.tmp (6.0.2900.3156)
12.500: Destination:C:\WINDOWS\explorer.exe (6.0.2900.2180)
12.500: Source:C:\WINDOWS\system32\_000011_.tmp.dll (5.1.2600.2180)
12.500: Destination:
12.500: Source:c:\Config.Msi\2a1810.rbf (6.0.3890.0)
12.500: Destination:
12.500: Source:C:\WINDOWS\system32\SET1C4.tmp (8.90.1101.0)
12.500: Destination:C:\WINDOWS\system32\msxml3.dll (8.50.2162.0)
12.500: Source:C:\WINDOWS\system32\SET1C8.tmp (5.1.2600.3173)
12.500: Destination:C:\WINDOWS\system32\rpcrt4.dll (5.1.2600.2180)
12.500: Source:C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\New\mdiui.dll
12.500: Destination:C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mdiui.dll (0.3.8166.2)
12.500: Source:C:\Config.Msi\2a1880.rbf (11.0.5510.0)
12.500: Destination:
19.594: UpdateSpUpdSvcInf: Source [ProcessesToRunAfterReboot] section is empty; nothing to do.
19.594: IsRebootRequiredForFileQueue: c:\windows\system32\drivers\update.sys was no-delay replaced; reboot is required.
19.594: DoInstallation: A reboot is required to complete the installation of one or more files.
19.594: UpdateSpUpdSvcInf: Source [ProcessesToRunAfterReboot.RebootNotRequired] section is empty; nothing to do.
19.609: RebootNecessary = 1,WizardInput = 1 , DontReboot = 1, ForceRestart = 0
  • 0

#19
Tigger93

Tigger93

    Trusted Helper

  • Retired Staff
  • 1,870 posts
All those files you are talking about are Windows Updates and should not be deleted.

Let's run another scan:

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#20
integral_apparel

integral_apparel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
MAIN.TXT

Deckard's System Scanner v20071014.68
Run by R C on 2008-03-17 02:18:43
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
158: 2008-03-17 07:19:08 UTC - RP799 - Deckard's System Scanner Restore Point
157: 2008-03-16 16:14:33 UTC - RP798 - Installed Java™ 6 Update 5
156: 2008-03-15 07:15:22 UTC - RP797 - System Checkpoint
155: 2008-03-14 06:32:31 UTC - RP796 - System Checkpoint
154: 2008-03-13 00:57:21 UTC - RP795 - System Checkpoint


-- First Restore Point --
1: 2007-12-30 03:12:17 UTC - RP642 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 510 MiB (512 MiB recommended).


-- HijackThis (run as R C.exe) -------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:20:24 AM, on 3/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
c:\program files\mcafee.com\agent\mcupdate.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Documents and Settings\R C\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\R C.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.0.0.0:80
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,[email protected]
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\bak\mcupdate.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader2.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1199043603484
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1199043459062
O16 - DPF: {D0B5B58D-8CB9-4EDB-8BB0-9D34AEF727CF} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Print Spooler Service (SpoolSvc207) - Unknown owner - C:\WINDOWS\TEMP\cjnr4r47205535.exe (file missing)
O23 - Service: Service Logon Protocol (SVSLOG) - Unknown owner - C:\WINDOWS\svslogon.exe (file missing)
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 10153 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080225-225111-731 O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139

-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe,2
.js - JSFile - shell\open\command - "C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 PenClass (Pen Class) - c:\windows\system32\drivers\penclass.sys <Not Verified; Wacom Technology Corporation; Wacom Pen Class Driver>
R1 MPFIREWL - c:\windows\system32\drivers\mpfirewall.sys <Not Verified; McAfee; McAfee Personal Firewall>
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S3 catchme - c:\docume~1\rashau~1\locals~1\temp\catchme.sys (file missing)
S3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AdobeActiveFileMonitor (Adobe Active File Monitor) - c:\program files\adobe\photoshop elements 3.0\photoshopelementsfileagent.exe
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 PhotoshopElementsDeviceConnect (Photoshop Elements Device Connect) - c:\program files\adobe\photoshop elements 3.0\photoshopelementsdeviceconnect.exe
R2 TabletService - c:\windows\system32\tablet.exe <Not Verified; Wacom Technology, Corp.; Wacom Win32 Tablet Service>

S2 SpoolSvc207 (Print Spooler Service) - c:\windows\temp\cjnr4r47205535.exe /service (file missing)
S2 SVSLOG (Service Logon Protocol) - "c:\windows\svslogon.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-03-14 18:30:19 370 --a------ C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (R-R C).job
2008-02-21 14:39:15 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-02-17 and 2008-03-17 -----------------------------

2008-03-08 22:59:04 0 d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-03-08 22:58:39 0 d-------- C:\Program Files\Dell Support Center
2008-03-08 22:53:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Dell
2008-03-07 16:35:02 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe <Not Verified; Ahead Software Gmbh; Ahead Software Gmbh NeroCheck>
2008-03-06 02:47:14 0 d-------- C:\Combo-Fix
2008-03-02 00:56:59 0 d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-03-01 16:30:45 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-03-01 16:30:45 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-03-01 16:30:45 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-03-01 16:30:45 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-03-01 11:46:11 0 d-------- C:\Documents and Settings\R C\.housecall6.6
2008-02-25 23:48:36 0 d-------- C:\Program Files\Trend Micro
2008-02-24 04:00:39 0 d-------- C:\Program Files\eMule
2008-02-24 04:00:34 0 d-------- C:\Program Files\Common Files\SupportSoft
2008-02-19 01:50:14 0 d-------- C:\Documents and Settings\R C\Application Data\BitZipper
2008-02-19 01:49:44 0 d-------- C:\Program Files\BitZipper
2008-02-19 00:19:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-02-19 00:19:30 0 d-------- C:\Documents and Settings\R C\Application Data\Azureus
2008-02-19 00:18:10 0 d-------- C:\Program Files\Azureus


-- Find3M Report ---------------------------------------------------------------

2008-03-16 11:15:31 0 d-------- C:\Program Files\Java
2008-03-16 11:11:53 335 --a------ C:\WINDOWS\system32\tablet.dat
2008-03-11 19:50:21 0 d-------- C:\Program Files\Zune
2008-03-11 19:50:21 0 d-------- C:\Program Files\QuickTime
2008-03-11 19:50:21 0 d-------- C:\Program Files\Lexmark 5200 Series
2008-03-11 19:50:21 0 d-------- C:\Program Files\iTunes
2008-03-11 19:50:21 0 d-------- C:\Program Files\DellSupport
2008-03-06 02:49:16 0 d-------- C:\Program Files\Messenger
2008-03-01 16:39:50 0 d-------- C:\Program Files\Common Files
2008-03-01 16:39:31 0 d-------- C:\Program Files\MSN Gaming Zone
2008-02-24 04:00:33 0 d-------- C:\Program Files\DivX
2008-02-24 01:53:12 10 --a------ C:\Program Files\.autoreg <AUTORE~1>
2008-02-03 03:40:16 1482 --a------ C:\WINDOWS\mozver.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [10/14/2004 07:42 PM]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [10/13/2005 03:14 PM]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [01/27/2005 01:02 AM]
"LXBTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll" [03/17/2004 11:30 AM]
"Windows Media Connect 2"="C:\Program Files\Windows Media Connect 2\WMCCFG.exe" []
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [02/29/2008 05:43 PM]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\bak\mcupdate.exe" [01/11/2006 01:05 PM]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [11/15/2007 10:24 AM]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\McAgent.exe" [09/22/2005 07:29 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [12/29/2007 11:45 PM]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 12:09 PM]
"Dot1XCfg"="C:\Program Files\Dot1XCfg\Dot1XCfg.exe" []

C:\Documents and Settings\R C\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [10/21/2005 6:53:42 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [10/21/2005 6:53:42 PM]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [10/21/2005 6:53:42 PM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [10/13/2005 3:09:39 PM]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [9/3/2005 8:45:28 AM]
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe [3/19/2007 1:12:21 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\bak\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NI.UGES_0001_N122M0502]
"C:\Documents and Settings\R C\Desktop\setup_en(2) .exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
C:\Program Files\McAfee.com\VSO\oasclnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
C:\Program Files\McAfee.com\VSO\mcvsshld.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
"C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)

--------------------------------


-- End of Deckard's System Scanner: finished at 2008-03-17 02:21:03 ------------



EXTRA.TXT
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.80GHz
Percentage of Memory in Use: 36%
Physical Memory (total/avail): 509.98 MiB / 325.06 MiB
Pagefile Memory (total/avail): 1248.79 MiB / 1020.38 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1934.96 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 145.96 GiB total, 100.19 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD1600JB-75GVC0 - 149.01 GiB - 3 partitions
\PARTITION0 - Unknown - 39.19 MiB
\PARTITION1 (bootable) - Installable File System - 145.96 GiB - C:
\PARTITION2 - Unknown - 3 GiB



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
UpdatesDisableNotify is set.
AntivirusOverride is set.
FirewallOverride is set.

FW: McAfee Personal Firewall Plus v (McAfee)
AV: McAfee VirusScan v (McAfee) Disabled Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\R C\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=RASHAUN
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\R C
LOGONSERVER=\\RASHAUN
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\RASHAU~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\RASHAU~1\LOCALS~1\Temp
USERDOMAIN=RASHAUN
USERNAME=R C
USERPROFILE=C:\Documents and Settings\R C
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

R C (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
--> MsiExec.exe /I{5B782FFA-6A95-480D-8E0A-0954A14693D6}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CBBB5EED-CC92-49F2-A276-D5433F39D1EB}\Setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 5.0 Sprint Plus --> MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
Adobe Acrobat - Reader 6.0.2 Update --> MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5101}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Illustrator 10 --> "C:\Program Files\InstallShield Installation Information\{412033BC-44CF-48D9-B813-4B835101F4D3}\setup.exe"
Adobe Illustrator CS2 Tryout --> msiexec /I {AD05F1FF-F284-402D-952A-ABCA6A6063FB}
Adobe Photoshop 6.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 6.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 6.0\Uninst.dll"
Adobe Photoshop Elements 3.0 --> MsiExec.exe /I{851C67EF-068A-4060-9EF5-2E3DDCD68382}
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
AOLIcon --> MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
Apple Mobile Device Support --> MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
AXIS Media Control --> rundll32 "C:\Program Files\Axis Communications\AXIS Media Control\AxisMediaControl.dll",UninstallMe
Azureus Vuze --> C:\Program Files\Azureus\uninstall.exe
BitZipper 5.0.2 --> "C:\Program Files\BitZipper\unins000.exe"
CardRd81 --> MsiExec.exe /I{54C8FE84-89C4-40E8-976C-439EB0729BD6}
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Conexant D850 56K V.9x DFVc Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
CR2 --> MsiExec.exe /I{432C3720-37BF-4BD7-8E49-F38E090246D0}
Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Media Experience --> MsiExec.exe /I{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}
Dell Picture Studio v3.0 --> MsiExec.exe /I{AF06CAE4-C134-44B1-B699-14FBDB63BD37}
Dell Support Center --> MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Content Portal --> MsiExec.exe /I{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
DVD Solution --> "C:\Program Files\Uninstall_CDS.exe"
EarthLink setup files --> MsiExec.exe /X{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}
ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSCT --> MsiExec.exe /I{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}
ESSEMAIL --> MsiExec.exe /I{FEDE2483-87B7-44C1-A5BB-D75AEB8B6340}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESShelp --> MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock --> MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC --> MsiExec.exe /I{4F677FC7-7AA8-412B-A957-F13CBE1C7331}
ESSTOOLS --> MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvcpt --> MsiExec.exe /I{D1973749-F5E7-40EB-B528-F2B78685B9FF}
ESSvpaht --> MsiExec.exe /I{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}
ESSvpot --> MsiExec.exe /I{48C82F7A-F100-4DAB-A310-8E18BF2159E1}
Get High Speed Internet! --> MsiExec.exe /I{7A3F0566-5E05-4919-9C98-456F6B5CF831}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HLPIndex --> MsiExec.exe /I{38441BE7-79B0-42B8-8297-833704F949FE}
HLPPDOCK --> MsiExec.exe /I{154508C0-07C5-4659-A7A0-E49968750D21}
HLPSFO --> MsiExec.exe /I{8DD94CA3-BCD2-49C0-B537-F3B5D95FF0C8}
Intel® Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
Intel® PROSet for Wired Connections --> MsiExec.exe /I{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}
Internet Explorer Default Page --> MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
iPod Updater 2004-11-15 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{06E73C0B-7DE7-4F41-860B-587033B75BD9} /l1033
iTunes --> MsiExec.exe /I{B045B608-4A47-4C77-9EAD-06C394503306}
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Jasc Paint Shop Pro Studio, Dell Editon --> MsiExec.exe /I{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_190007_34c14f\Setup.exe /APR-REMOVE
KSU --> MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
Lexmark 5200 Series --> C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBTUNST.EXE -NOLICENSE
LimeWire PRO 4.12.11 --> "C:\Program Files\LimeWire\uninstall.exe"
Macromedia Dreamweaver MX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B4AB829-DFD3-436D-B808-D9733D76C590}\Setup.exe" -l0x9 mmUninstall
Macromedia Extension Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall
MapEDC --> "C:\Program Files\MapEDC\MapEDC.exe" -uninstall
McAfee Personal Firewall Plus --> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=mpf /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\mpfrem.ui::uninstall.htm
McAfee SecurityCenter --> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=msc /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\screm.ui::uninstall.htm
McAfee SpamKiller --> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /interact=1 /script_proactive=1 /start="c:\PROGRA~1\mcafee.com\agent\uninst\mskremui.dll::uninstall.htm"
McAfee VirusScan --> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=vso /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\vsoremui.dll::uninstall.htm
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Mozilla Firefox (2.0.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB927977) --> MsiExec.exe /I{5A710547-B58E-488B-828D-CA9A25A0533C}
Multimedia Launcher --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
MySpaceIM --> C:\Program Files\MySpace\IM\Uninstall.exe
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
NetZeroInstallers --> MsiExec.exe /X{352310C3-E46B-42D3-8F32-54721FDD72D9}
NoDNS --> C:\Program Files\\NoDNS\\UnInstall.exe
Notifier --> MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
OfotoXMI --> MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
OTtBP --> MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
OTtBPSDK --> MsiExec.exe /I{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}
Photo Click --> MsiExec.exe /I{6E179C77-7335-458D-9537-4F4EAC0181ED}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerProducer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Security Task Manager 1.6f --> C:\Program Files\Security Task Manager\Uninstal.exe "C:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager"
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
SFR --> MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SFR2 --> MsiExec.exe /I{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}
SHASTA --> MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
SKIN0001 --> MsiExec.exe /I{FDF9943A-3D5C-46B3-9679-586BD237DDEE}
SKINXSDK --> MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
Sonic Audio module --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Tablet --> C:\Program Files\Tablet\Remove.exe /u
VGA USB Camera --> C:\WINDOWS\CleanDev.exe C:\WINDOWS\ov519.TXT
VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
WebCyberCoach 3.2 Dell --> "C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
WIRELESS --> MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
WordPerfect Office 12 --> MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG


-- Application Event Log -------------------------------------------------------

Event Record #/Type9306 / Error
Event Submitted/Written: 03/16/2008 11:13:07 AM
Event ID/Source: 3001 / LoadPerf
Event Description:
The performance counter name string value in the registry is incorrectly
formatted. The bogus string is 3174, the bogus index value is the first
DWORD in Data section while the last valid index values are the second and
third DWORD in Data section.

Event Record #/Type9305 / Warning
Event Submitted/Written: 03/16/2008 11:13:07 AM
Event ID/Source: 2006 / LoadPerf
Event Description:
LastCounter and LastHelp values of performance registry is corrupted and
needs to be updated. The first and second DWORDs in Data Section are the
original values while the third and forth DWORDs in Data Section are the
updated new values.

Event Record #/Type9304 / Error
Event Submitted/Written: 03/16/2008 11:13:04 AM
Event ID/Source: 3011 / LoadPerf
Event Description:
Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The
Error code is the first DWORD in Data section.

Event Record #/Type9303 / Error
Event Submitted/Written: 03/16/2008 11:13:04 AM
Event ID/Source: 3001 / LoadPerf
Event Description:
The performance counter name string value in the registry is incorrectly
formatted. The bogus string is 3174, the bogus index value is the first
DWORD in Data section while the last valid index values are the second and
third DWORD in Data section.

Event Record #/Type9299 / Success
Event Submitted/Written: 03/16/2008 11:11:44 AM
Event ID/Source: 2570 / Adobe Active File Monitor
Event Description:
Adobe Active File Monitor Service has Started.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type15273 / Warning
Event Submitted/Written: 03/17/2008 02:14:26 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type15272 / Warning
Event Submitted/Written: 03/16/2008 11:13:27 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type15271 / Warning
Event Submitted/Written: 03/16/2008 10:08:14 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type15269 / Warning
Event Submitted/Written: 03/16/2008 02:32:05 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type15268 / Warning
Event Submitted/Written: 03/16/2008 00:57:13 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.



-- End of Deckard's System Scanner: finished at 2008-03-17 02:21:03 ------------
  • 0

#21
Tigger93

Tigger93

    Trusted Helper

  • Retired Staff
  • 1,870 posts
Hi again. :)

If you still have Combofix, please delete it.

Do you know what this program is? Notifier.

Go Start > Control Panel > Add/Remove Programs and uninstall the following:
Java 2 Runtime Environment, SE v1.4.2_03
NoDNS


This is a new version of Combofix.

Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

.

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\Documents and Settings\R C\Desktop\setup_en(2) .exe

Folder::
C:\Program Files\NoDNS\

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NI.UGES_0001_N122M0502]



3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

  • 0

#22
integral_apparel

integral_apparel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Alright here we go..I also removed the 2 programs you told me about.

ComboFix 08-03-17.1 - Rashaun Collins 2008-03-18 20:36:47.7 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.200 [GMT -5:00]
Running from: C:\Documents and Settings\R C\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\R C\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\R C\Desktop\setup_en(2) .exe
.

((((((((((((((((((((((((( Files Created from 2008-02-19 to 2008-03-19 )))))))))))))))))))))))))))))))
.

2008-03-17 02:18 . 2008-03-17 02:18 <DIR> d-------- C:\Deckard
2008-03-16 11:28 . 2008-03-16 11:28 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-16 11:28 . 2008-03-16 11:28 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-16 11:15 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-16 11:13 . 2008-03-16 11:13 2,930 --a------ C:\WINDOWS\system32\PerfStringBackup.TMP
2008-03-08 22:59 . 2008-03-08 22:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-03-08 22:58 . 2008-03-08 22:58 <DIR> d-------- C:\Program Files\Dell Support Center
2008-03-08 22:53 . 2008-03-08 22:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Dell
2008-03-07 16:35 . 2001-07-09 12:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-03-02 00:56 . 2008-03-08 00:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-03-01 11:46 . 2008-03-01 14:26 <DIR> d-------- C:\Documents and Settings\R C\.housecall6.6
2008-02-25 23:48 . 2008-02-25 23:48 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-24 04:00 . 2008-02-24 04:00 <DIR> d-------- C:\Program Files\eMule
2008-02-24 04:00 . 2008-03-08 22:58 <DIR> d-------- C:\Program Files\Common Files\SupportSoft
2008-02-22 01:39 . 2008-02-29 17:43 158,208 --a------ C:\WINDOWS\system32\dllcache\msconfig.exe
2008-02-19 01:50 . 2008-02-19 01:50 <DIR> d-------- C:\Documents and Settings\R C\Application Data\BitZipper
2008-02-19 01:49 . 2008-02-24 03:59 <DIR> d-------- C:\Program Files\BitZipper
2008-02-19 00:19 . 2008-03-04 20:31 <DIR> d-------- C:\Documents and Settings\R C\Application Data\Azureus
2008-02-19 00:19 . 2008-02-19 00:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-02-19 00:18 . 2008-02-24 03:59 <DIR> d-------- C:\Program Files\Azureus

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-19 01:31 --------- d-----w C:\Program Files\Java
2008-03-12 00:50 --------- d-----w C:\Program Files\Zune
2008-03-12 00:50 --------- d-----w C:\Program Files\QuickTime
2008-03-12 00:50 --------- d-----w C:\Program Files\Lexmark 5200 Series
2008-03-12 00:50 --------- d-----w C:\Program Files\iTunes
2008-03-12 00:50 --------- d-----w C:\Program Files\DellSupport
2008-02-29 22:43 158,208 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\MSConfig.exe
2008-02-24 09:00 --------- d-----w C:\Program Files\DivX
2008-02-24 06:53 10 ----a-w C:\Program Files\.autoreg
2008-02-10 21:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2005-04-01 04:17 40,960 -c--a-w C:\Program Files\Uninstall_CDS.exe
2006-05-15 05:15 1,682 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2007-12-29 23:45 1694208]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 12:09 460784]
"Dot1XCfg"="C:\Program Files\Dot1XCfg\Dot1XCfg.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 19:42 1404928]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-10-13 15:14 26112]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 01:02 86016]
"LXBTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll" [2004-03-17 11:30 65536]
"Windows Media Connect 2"="C:\Program Files\Windows Media Connect 2\WMCCFG.exe" [ ]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [ ]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-02-29 17:43 158208]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\bak\mcupdate.exe" [2006-01-11 13:05 212992]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24 16384]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\McAgent.exe" [2005-09-22 19:29 303104]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 11:54 282624]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-10-21 18:53:42 110592]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-10-21 18:53:42 110592]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-10-13 15:09:39 24576]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-09-03 08:45:28 176128]
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe [2007-03-19 13:12:21 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
--a------ 2005-09-22 19:29 303104 c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
--a------ 2006-01-11 13:05 212992 C:\PROGRA~1\mcafee.com\agent\bak\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
--a------ 2005-11-11 18:00 1005096 C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
--a------ 2004-06-16 23:33 98304 C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
--a------ 2004-10-25 12:18 1111552 C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
--a------ 2006-11-16 16:42 1327104 C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
--a------ 2005-08-11 22:02 53248 C:\Program Files\McAfee.com\VSO\oasclnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-05-29 02:13 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
--a------ 2005-08-10 12:49 163840 C:\Program Files\McAfee.com\VSO\mcvsshld.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
--a------ 2005-07-08 18:18 151552 C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=

R2 AdobeActiveFileMonitor;Adobe Active File Monitor;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-04 05:47]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-04 04:40]
S2 SpoolSvc207;Print Spooler Service;C:\WINDOWS\TEMP\cjnr4r47205535.exe []
S2 SVSLOG;Service Logon Protocol;"C:\WINDOWS\svslogon.exe" []

.
Contents of the 'Scheduled Tasks' folder
"2008-02-21 19:39:15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-14 23:30:19 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (RASHAUN-R C).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-18 20:40:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-18 20:40:58
ComboFix-quarantined-files.txt 2008-03-19 01:40:49
ComboFix2.txt 2008-03-12 00:51:14
ComboFix3.txt 2008-03-06 07:53:20
ComboFix4.txt 2008-03-03 02:06:26
ComboFix5.txt 2008-03-02 19:57:34
------------------------------------------------------------------------------------------------------


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:54:44 PM, on 3/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
c:\program files\mcafee.com\agent\mcupdate.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Adobe\Photoshop 6.0\Photoshp.exe
C:\Program Files\Common Files\Adobe\Web\AOM.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.0.0.0:80
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,[email protected]
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\bak\mcupdate.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader2.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1199043603484
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1199043459062
O16 - DPF: {D0B5B58D-8CB9-4EDB-8BB0-9D34AEF727CF} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Print Spooler Service (SpoolSvc207) - Unknown owner - C:\WINDOWS\TEMP\cjnr4r47205535.exe (file missing)
O23 - Service: Service Logon Protocol (SVSLOG) - Unknown owner - C:\WINDOWS\svslogon.exe (file missing)
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 10329 bytes
  • 0

#23
Tigger93

Tigger93

    Trusted Helper

  • Retired Staff
  • 1,870 posts
Go Start > Run and type in regsvr32 /i shell32.dll and press enter. Click OK to any prompts you get.

Then download this to your desktop. Extract it and double-click the .reg file inside. If it asks to merge with the registry, let it.

Restart your computer and let me know if you still have the red X icon.
  • 0

#24
integral_apparel

integral_apparel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
No sir, looks like its still there, but everything that stopped me from even using my computer and doing designs definitely has improved..

The only things I really/Notice is the red X and my browser randomly clicking back and every min or two I cant click on different windows I have to do Alt-tab most times now a days to get in-between windows which isn't anything compared to the troubles I had before..
  • 0

#25
Tigger93

Tigger93

    Trusted Helper

  • Retired Staff
  • 1,870 posts
Well, from what I can see, you are clean from malware and your problems are not malware related. You could try asking in the Windows XP forum and they should be able to help. :)
  • 0

Advertisements


#26
integral_apparel

integral_apparel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Thanks again for all your help, my computer is back to normal. Appreciate your time to my problem. Thanks again Tigger
  • 0

#27
Tigger93

Tigger93

    Trusted Helper

  • Retired Staff
  • 1,870 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP