sage5, thanks for your quick response. Your help is truely appreciated.
I have followed you last instructions, but SDfix would not run. The c prompt window would only flash on the screen quickly. I have xp 64bit, is it possible SDfix does not run in an 64bit environment?
All of the other logs you requested are below:
File ggfixigd.exe received on 03.21.2008 04:53:04 (CET)
Current status: finished
Result: 3/32 (9.38%)
Compact Print results
Antivirus Version Last Update Result
AhnLab-V3 - - -
AntiVir - - TR/Crypt.XPACK.Gen
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - -
eTrust-Vet - - -
Ewido - - -
FileAdvisor - - -
Fortinet - - -
F-Prot - - -
F-Secure - - -
Ikarus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - -
Panda - - -
Prevx1 - - Covert.Sys.Exec
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - Trojan.Crypt.XPACK.Gen
Additional information
MD5: 17c37b76226f50b9e0494b01bb49656e
SHA1: adc43c93e91f97a9189d9307bc27c64a658f0168
SHA256: dccb4b4fc148c363d7e5bf2ad03ee05372a27df4c37e14495537bf58d835994c
SHA512: e54f14f747cb36670fa9446a4c38128f038889f0e828bed14e110630d0196fda 177080aeea0003f6804f38020bbe26f23d4f189574317f55025f008cb820b68b
File jtyzerqn.exe received on 03.21.2008 05:02:24 (CET)
Current status: finished
Result: 3/32 (9.38%)
Compact Print results
Antivirus Version Last Update Result
AhnLab-V3 - - -
AntiVir - - TR/Crypt.XPACK.Gen
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - -
eTrust-Vet - - -
Ewido - - -
FileAdvisor - - -
Fortinet - - -
F-Prot - - -
F-Secure - - -
Ikarus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - -
Panda - - -
Prevx1 - - Covert.Sys.Exec
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - Trojan.Crypt.XPACK.Gen
Additional information
MD5: b3292ea4c4fc468d61da76a4facd0e8f
SHA1: 50c6e79dc427b13ec89dda37d2df311af972246b
SHA256: 9d84a717050b86addbafd5079cb573bc1e0fd16a3f8d3015ab8c1b26b682c434
SHA512: 432a5c341fc301f49980feea938cfa3556cb2d37a4d6d4a7748c5dec1c8b952a 1216e17c28ec74e32850d6bac62e7091dd65060485b834900f3d0370320fffc1
File ujuhmjit.exe received on 03.21.2008 04:22:54 (CET)
Current status: finished
Result: 8/32 (25.00%)
Compact Print results
Antivirus Version Last Update Result
AhnLab-V3 - - -
AntiVir - - TR/Crypt.XPACK.Gen
Authentium - - -
Avast - - -
AVG - - SHeur.AZZX
BitDefender - - -
CAT-QuickHeal - - Win32.Trojan.Obfuscated.gx.3
ClamAV - - -
DrWeb - - -
eSafe - - suspicious Trojan/Worm
eTrust-Vet - - -
Ewido - - -
FileAdvisor - - -
Fortinet - - -
F-Prot - - -
F-Secure - - -
Ikarus - - Trojan.Crypt.XPACK
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - -
Panda - - Suspicious file
Prevx1 - - Malware.Sys.Covert
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - Trojan.Crypt.XPACK.Gen
Additional information
MD5: 3adf3d806ea43b5767e9950b4ce8e9bd
SHA1: 88918203ea8f3d2cc8f7a86dea3249fd8bd2e412
SHA256: 32f5a381a21155728c1f12d85fc67c98a84bbb0c3f0f840c9dbd7d04ffd3c847
SHA512: 074d5b8da0d1a4748a33371719c64fe0467dc177ca607ac612c871b52bf73ec2 f6b649137f9896eb993a594e145b2f43bc7b182d79cf21c6b18576fc7fc9d0a7
SmitFraudFix v2.305
Scan done at 8:19:59.37, Fri 03/21/2008
Run from C:\Documents and Settings\Administrator\Desktop\SmitfraudFix
OS: Microsoft Windows [Version 5.2.3790] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Trend Micro\Client Server Security Agent\ntrtscan.exe
C:\WINDOWS\system32\nvsvc64.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmlisten.exe
C:\Program Files (x86)\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ujuhmjit.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\TEMP\BN34D2.EXE
C:\WINDOWS\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe
C:\WINDOWS\SysWow64\jtyzerqn.exe
C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrator
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrator\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files (x86)
Deckard's System Scanner v20071014.68
Run by fairoot on 2008-03-21 08:35:07
Computer is in Normal Mode.
--------------------------------------------------------------------------------
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as fairoot.exe) ---------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:37:08 AM, on 3/21/2008
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmlisten.exe
C:\Program Files (x86)\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
C:\WINDOWS\ujuhmjit.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe
C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\SysWow64\jtyzerqn.exe
C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\WINDOWS\TEMP\MUB968.EXE
C:\Documents and Settings\Administrator\Desktop\dss.exe
C:\PROGRA~2\TRENDM~1\HIJACK~1\fairoot.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://companywebR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157F2 - REG:system.ini: UserInit=userinit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\SysWow64\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [ggfixigd] C:\WINDOWS\SysWow64\ggfixigd.exe
O4 - HKLM\..\Run: [jtyzerqn] C:\WINDOWS\SysWow64\jtyzerqn.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [DRA9ZDKmx1] C:\WINDOWS\ujuhmjit.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone:
http://runonce.msn.comO16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) -
http://www.alternati.../00/alttiff.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.micros...b?1201836176806O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoft...free/asinst.cabO17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fargoautomation.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{2D9CC770-9F05-4CD2-AEA0-60EDA28FB161}: NameServer = 192.168.1.5,64.21.232.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = fargoautomation.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = fargoautomation.local
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)
O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\ntrtscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc64.exe (file missing)
O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmlisten.exe
O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)
--
End of file - 7637 bytes
-- File Associations -----------------------------------------------------------
.scr - AutoCADScriptFile - shell\open\command - "C:\WINDOWS\system32\NOTEPAD.EXE" "%1"-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 ACPI (Microsoft ACPI Driver) - c:\windows\system32\drivers\acpi.sys (file missing)
R0 atapi (Standard IDE/ESDI Hard Disk Controller) - c:\windows\system32\drivers\atapi.sys (file missing)
R0 crcdisk (CRC Disk Filter Driver) - c:\windows\system32\drivers\crcdisk.sys (file missing)
R0 Disk (Disk Driver) - c:\windows\system32\drivers\disk.sys (file missing)
R0 dmio (Logical Disk Manager Driver) - c:\windows\system32\drivers\dmio.sys (file missing)
R0 dmload - c:\windows\system32\drivers\dmload.sys (file missing)
R0 FltMgr - c:\windows\system32\drivers\fltmgr.sys (file missing)
R0 Ftdisk (Volume Manager Driver) - c:\windows\system32\drivers\ftdisk.sys (file missing)
R0 isapnp (PnP ISA/EISA Bus Driver) - c:\windows\system32\drivers\isapnp.sys (file missing)
R0 JGOGO (JMicron Hot-Plug Driver) - c:\windows\system32\drivers\jgogo.sys (file missing)
R0 JRAID - c:\windows\system32\drivers\jraid.sys (file missing)
R0 KSecDD - c:\windows\system32\drivers\ksecdd.sys (file missing)
R0 MountMgr (Mount Point Manager) - c:\windows\system32\drivers\mountmgr.sys (file missing)
R0 Mup - c:\windows\system32\drivers\mup.sys (file missing)
R0 NDIS (NDIS System Driver) - c:\windows\system32\drivers\ndis.sys (file missing)
R0 ohci1394 (VIA OHCI Compliant IEEE 1394 Host Controller) - c:\windows\system32\drivers\ohci1394.sys (file missing)
R0 PartMgr (Partition Manager) - c:\windows\system32\drivers\partmgr.sys (file missing)
R0 PCI (PCI Bus Driver) - c:\windows\system32\drivers\pci.sys (file missing)
R0 PCIIde - c:\windows\system32\drivers\pciide.sys (file missing)
R0 sr (System Restore Filter Driver) - c:\windows\system32\drivers\sr.sys (file missing)
R0 VolSnap (Storage volumes) - c:\windows\system32\drivers\volsnap.sys (file missing)
R1 AFD - c:\windows\system32\drivers\afd.sys (file missing)
R1 AvgAsC64 (AVG Anti-Spyware Clean Driver) - c:\windows\system32\drivers\avgasc64.sys (file missing)
R1 Beep - c:\windows\system32\drivers\beep.sys (file missing)
R1 Cdrom (CD-ROM Driver) - c:\windows\system32\drivers\cdrom.sys (file missing)
R1 Fips - c:\windows\system32\drivers\fips.sys (file missing)
R1 imapi (CD-Burning Filter Driver) - c:\windows\system32\drivers\imapi.sys (file missing)
R1 IPSec (IPSEC driver) - c:\windows\system32\drivers\ipsec.sys (file missing)
R1 Kbdclass (Keyboard Class Driver) - c:\windows\system32\drivers\kbdclass.sys (file missing)
R1 kbdhid (Keyboard HID Driver) - c:\windows\system32\drivers\kbdhid.sys (file missing)
R1 mnmdd - c:\windows\system32\drivers\mnmdd.sys (file missing)
R1 Mouclass (Mouse Class Driver) - c:\windows\system32\drivers\mouclass.sys (file missing)
R1 MRxSmb - c:\windows\system32\drivers\mrxsmb.sys (file missing)
R1 Msfs - c:\windows\system32\drivers\msfs.sys (file missing)
R1 NetBIOS (NetBIOS Interface) - c:\windows\system32\drivers\netbios.sys (file missing)
R1 NetBT (NetBios over Tcpip) - c:\windows\system32\drivers\netbt.sys (file missing)
R1 Npfs - c:\windows\system32\drivers\npfs.sys (file missing)
R1 Null - c:\windows\system32\drivers\null.sys (file missing)
R1 RasAcd (Remote Access Auto Connection Driver) - c:\windows\system32\drivers\rasacd.sys (file missing)
R1 Rdbss - c:\windows\system32\drivers\rdbss.sys (file missing)
R1 RDPCDD - c:\windows\system32\drivers\rdpcdd.sys (file missing)
R1 redbook (Digital CD Audio Playback Filter Driver) - c:\windows\system32\drivers\redbook.sys (file missing)
R1 Serial (Serial port driver) - c:\windows\system32\drivers\serial.sys (file missing)
R1 Tcpip (TCP/IP Protocol Driver) - c:\windows\system32\drivers\tcpip.sys (file missing)
R1 TermDD (Terminal Device Driver) - c:\windows\system32\drivers\termdd.sys (file missing)
R1 VgaSave (VGA Display Controller.) - c:\windows\system32\drivers\vga.sys (file missing)
R2 CdaC15BA - c:\windows\system32\drivers\cdac15ba.sys (file missing)
R2 CdaD10BA - c:\windows\system32\drivers\cdad10ba.sys (file missing)
R2 LBeepKE - c:\windows\system32\drivers\lbeepke.sys (file missing)
R2 Secdrv (Security Driver) - c:\windows\system32\drivers\secdrv.sys (file missing)
R3 Arp1394 (1394 ARP Client Protocol) - c:\windows\system32\drivers\arp1394.sys (file missing)
R3 audstub (Audio Stub Driver) - c:\windows\system32\drivers\audstub.sys (file missing)
R3 Fdc (Floppy Disk Controller Driver) - c:\windows\system32\drivers\fdc.sys (file missing)
R3 Flpydisk (Floppy Disk Driver) - c:\windows\system32\drivers\flpydisk.sys (file missing)
R3 Gpc (Generic Packet Classifier) - c:\windows\system32\drivers\msgpc.sys (file missing)
R3 HDAudBus (Microsoft UAA Bus Driver for High Definition Audio) - c:\windows\system32\drivers\hdaudbus.sys (file missing)
R3 hidusb (Microsoft HID Class Driver) - c:\windows\system32\drivers\hidusb.sys (file missing)
R3 HTTP - c:\windows\system32\drivers\http.sys (file missing)
R3 IntcAzAudAddService (Service for Realtek HD Audio (WDM)) - c:\windows\system32\drivers\rtkhda64.sys (file missing)
R3 intelppm (Intel Processor Driver) - c:\windows\system32\drivers\intelppm.sys (file missing)
R3 IpNat (IP Network Address Translator) - c:\windows\system32\drivers\ipnat.sys (file missing)
R3 ksthunk (Kernel Streaming WOW64 Thunk Service) - c:\windows\system32\drivers\ksthunk.sys (file missing)
R3 LHidFilt (Logitech SetPoint KMDF HID Filter Driver) - c:\windows\system32\drivers\lhidfilt.sys (file missing)
R3 LMouFilt (Logitech SetPoint KMDF Mouse Filter Driver) - c:\windows\system32\drivers\lmoufilt.sys (file missing)
R3 LUsbFilt (Logitech SetPoint KMDF USB Filter) - c:\windows\system32\drivers\lusbfilt.sys (file missing)
R3 mouhid (Mouse HID Driver) - c:\windows\system32\drivers\mouhid.sys (file missing)
R3 MRxDAV (WebDav Client Redirector) - c:\windows\system32\drivers\mrxdav.sys (file missing)
R3 mssmbios (Microsoft System Management BIOS Driver) - c:\windows\system32\drivers\mssmbios.sys (file missing)
R3 MTsensor (ATK0110 ACPI UTILITY) - c:\windows\system32\drivers\asacpi.sys (file missing)
R3 NdisTapi (Remote Access NDIS TAPI Driver) - c:\windows\system32\drivers\ndistapi.sys (file missing)
R3 Ndisuio (NDIS Usermode I/O Protocol) - c:\windows\system32\drivers\ndisuio.sys (file missing)
R3 NdisWan (Remote Access NDIS WAN Driver) - c:\windows\system32\drivers\ndiswan.sys (file missing)
R3 NDProxy (NDIS Proxy) - c:\windows\system32\drivers\ndproxy.sys (file missing)
R3 NIC1394 (1394 Net Driver) - c:\windows\system32\drivers\nic1394.sys (file missing)
R3 nv - c:\windows\system32\drivers\nv4_mini.sys (file missing)
R3 NVENETFD (NVIDIA nForce Networking Controller Driver) - c:\windows\system32\drivers\nvenetfd.sys (file missing)
R3 nvnetbus (NVIDIA Network Bus Enumerator) - c:\windows\system32\drivers\nvnetbus.sys (file missing)
R3 Parport (Parallel port driver) - c:\windows\system32\drivers\parport.sys (file missing)
R3 PptpMiniport (WAN Miniport (PPTP)) - c:\windows\system32\drivers\raspptp.sys (file missing)
R3 PSched (QoS Packet Scheduler) - c:\windows\system32\drivers\psched.sys (file missing)
R3 Ptilink (Direct Parallel Link Driver) - c:\windows\system32\drivers\ptilink.sys (file missing)
R3 Rasl2tp (WAN Miniport (L2TP)) - c:\windows\system32\drivers\rasl2tp.sys (file missing)
R3 RasPppoe (Remote Access PPPOE Driver) - c:\windows\system32\drivers\raspppoe.sys (file missing)
R3 Raspti (Direct Parallel) - c:\windows\system32\drivers\raspti.sys (file missing)
R3 rdpdr (Terminal Server Device Redirector Driver) - c:\windows\system32\drivers\rdpdr.sys (file missing)
R3 serenum (Serenum Filter Driver) - c:\windows\system32\drivers\serenum.sys (file missing)
R3 Srv - c:\windows\system32\drivers\srv.sys (file missing)
R3 swenum (Software Bus Driver) - c:\windows\system32\drivers\swenum.sys (file missing)
R3 sysaudio (Microsoft Kernel System Audio Device) - c:\windows\system32\drivers\sysaudio.sys (file missing)
R3 Update (Microcode Update Driver) - c:\windows\system32\drivers\update.sys (file missing)
R3 usbccgp (Microsoft USB Generic Parent Driver) - c:\windows\system32\drivers\usbccgp.sys (file missing)
R3 usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - c:\windows\system32\drivers\usbehci.sys (file missing)
R3 usbhub (Microsoft USB Standard Hub Driver) - c:\windows\system32\drivers\usbhub.sys (file missing)
R3 usbohci (Microsoft USB Open Host Controller Miniport Driver) - c:\windows\system32\drivers\usbohci.sys (file missing)
R3 Wanarp (Remote Access IP ARP Driver) - c:\windows\system32\drivers\wanarp.sys (file missing)
R3 Wdf01000 - c:\windows\system32\drivers\wdf01000.sys (file missing)
R3 wdmaud (Microsoft WINMM WDM Audio Compatibility Driver) - c:\windows\system32\drivers\wdmaud.sys (file missing)
R4 Cdfs - c:\windows\system32\drivers\cdfs.sys (file missing)
R4 Ntfs - c:\windows\system32\drivers\ntfs.sys (file missing)
S1 i8042prt (i8042 Keyboard and PS/2 Mouse Port Driver) - c:\windows\system32\drivers\i8042prt.sys (file missing)
S1 PCLEPCI - c:\windows\system32\drivers\pclepci.sys <Not Verified; Pinnacle Systems GmbH; PCLEPCI>
S1 SASDIFSV - c:\program files (x86)\superantispyware\sasdifsv.sys
S1 Sfloppy - c:\windows\system32\drivers\sfloppy.sys (file missing)
S3 61883 (61883 Unit Device) - c:\windows\system32\drivers\61883.sys (file missing)
S3 aec (Microsoft Kernel Acoustic Echo Canceller) - c:\windows\system32\drivers\aec.sys (file missing)
S3 AsyncMac (RAS Asynchronous Media Driver) - c:\windows\system32\drivers\asyncmac.sys (file missing)
S3 AtiHdmiService (ATI Function Driver for HDMI Service) - c:\windows\system32\drivers\atihdmi.sys (file missing)
S3 Atmarpc (ATM ARP Client Protocol) - c:\windows\system32\drivers\atmarpc.sys (file missing)
S3 Avc (AVC Device) - c:\windows\system32\drivers\avc.sys (file missing)
S3 CCDECODE (Closed Caption Decoder) - c:\windows\system32\drivers\ccdecode.sys (file missing)
S3 HdAudAddService (ATI Function Driver for High Definition Audio Service) - c:\windows\system32\drivers\atihdaud.sys (file missing)
S3 Ip6Fw (IPv6 Windows Firewall Driver) - c:\windows\system32\drivers\ip6fw.sys (file missing)
S3 IpFilterDriver (IP Traffic Filter Driver) - c:\windows\system32\drivers\ipfltdrv.sys (file missing)
S3 IpInIp (IP in IP Tunnel Driver) - c:\windows\system32\drivers\ipinip.sys (file missing)
S3 IRENUM (IR Enumerator Service) - c:\windows\system32\drivers\irenum.sys (file missing)
S3 kmixer (Microsoft Kernel Wave Audio Mixer) - c:\windows\system32\drivers\kmixer.sys (file missing)
S3 LHidKe (SetPoint HID Mouse Filter Driver) - c:\windows\system32\drivers\lhidke.sys (file missing)
S3 LMouKE (SetPoint Mouse Filter Driver) - c:\windows\system32\drivers\lmouke.sys (file missing)
S3 LUsbKbd (SetPoint USB Filter Driver) - c:\windows\system32\drivers\lusbkbd.sys (file missing)
S3 Modem - c:\windows\system32\drivers\modem.sys (file missing)
S3 MSDV (Microsoft DV Camera and VCR) - c:\windows\system32\drivers\msdv.sys (file missing)
S3 MSKSSRV (Microsoft Streaming Service Proxy) - c:\windows\system32\drivers\mskssrv.sys (file missing)
S3 MSPCLOCK (Microsoft Streaming Clock Proxy) - c:\windows\system32\drivers\mspclock.sys (file missing)
S3 MSPQM (Microsoft Streaming Quality Manager Proxy) - c:\windows\system32\drivers\mspqm.sys (file missing)
S3 MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) - c:\windows\system32\drivers\mstee.sys (file missing)
S3 NABTSFEC (NABTS/FEC VBI Codec) - c:\windows\system32\drivers\nabtsfec.sys (file missing)
S3 NdisIP (Microsoft TV/Video Connection) - c:\windows\system32\drivers\ndisip.sys (file missing)
S3 RDPWD - c:\windows\system32\drivers\rdpwd.sys (file missing)
S3 SASENUM - c:\program files (x86)\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
S3 SLIP (BDA Slip De-Framer) - c:\windows\system32\drivers\slip.sys (file missing)
S3 splitter (Microsoft Kernel Audio Splitter) - c:\windows\system32\drivers\splitter.sys (file missing)
S3 streamip (BDA IPSink) - c:\windows\system32\drivers\streamip.sys (file missing)
S3 swmidi (Microsoft Kernel GS Wavetable Synthesizer) - c:\windows\system32\drivers\swmidi.sys (file missing)
S3 TDPIPE - c:\windows\system32\drivers\tdpipe.sys (file missing)
S3 TDTCP - c:\windows\system32\drivers\tdtcp.sys (file missing)
S3 USBSTOR (USB Mass Storage Driver) - c:\windows\system32\drivers\usbstor.sys (file missing)
S3 vga - c:\windows\system32\drivers\vgapnp.sys (file missing)
S3 WSTCODEC (World Standard Teletext Codec) - c:\windows\system32\drivers\wstcodec.sys (file missing)
S3 WudfPf (Windows Driver Foundation - User-mode Driver Framework Platform Driver) - c:\windows\system32\drivers\wudfpf.sys (file missing)
S3 WudfRd (Windows Driver Foundation - User-mode Driver Framework Reflector) - c:\windows\system32\drivers\wudfrd.sys (file missing)
S4 ACPIEC - c:\windows\system32\drivers\acpiec.sys (file missing)
S4 dmboot - c:\windows\system32\drivers\dmboot.sys (file missing)
S4 Fastfat - c:\windows\system32\drivers\fastfat.sys (file missing)
S4 Pcmcia - c:\windows\system32\drivers\pcmcia.sys (file missing)
S4 Udfs - c:\windows\system32\drivers\udfs.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Eventlog (Event Log) - c:\windows\system32\services.exe (file missing)
R2 Netlogon (Net Logon) - c:\windows\system32\lsass.exe (file missing)
R2 ntrtscan (Trend Micro Client/Server Security Agent RealTime Scan) - c:\program files (x86)\trend micro\client server security agent\ntrtscan.exe
R2 NVSvc (NVIDIA Display Driver Service) - c:\windows\system32\nvsvc64.exe (file missing)
R2 OfcPfwSvc (Trend Micro Client/Server Security Agent Personal Firewall) - c:\program files (x86)\trend micro\client server security agent\ofcpfwsvc.exe
R2 PlugPlay (Plug and Play) - c:\windows\system32\services.exe (file missing)
R2 PolicyAgent (IPSEC Services) - c:\windows\system32\lsass.exe (file missing)
R2 ProtectedStorage (Protected Storage) - c:\windows\system32\lsass.exe (file missing)
R2 SamSs (Security Accounts Manager) - c:\windows\system32\lsass.exe (file missing)
R2 tmlisten (Trend Micro Client/Server Security Agent Listener) - c:\program files (x86)\trend micro\client server security agent\tmlisten.exe
S2 Fax - c:\windows\system32\fxssvc.exe (file missing)
S3 dmadmin (Logical Disk Manager Administrative Service) - c:\windows\system32\dmadmin.exe /com (file missing)
S3 HTTPFilter (HTTP SSL) - c:\windows\system32\lsass.exe (file missing)
S3 ImapiService (IMAPI CD-Burning COM Service) - c:\windows\system32\imapi.exe (file missing)
S3 MSDTC (Distributed Transaction Coordinator) - c:\windows\system32\msdtc.exe (file missing)
S3 NMIndexingService - "c:\program files (x86)\common files\ahead\lib\nmindexingservice.exe" <Not Verified; Nero AG; Nero Home>
S3 NtLmSsp (NT LM Security Support Provider) - c:\windows\system32\lsass.exe (file missing)
S3 RDSessMgr (Remote Desktop Help Session Manager) - c:\windows\system32\sessmgr.exe (file missing)
S3 SolidWorks Licensing Service - "c:\program files (x86)\common files\solidworks shared\service\solidworkslicensing.exe" <Not Verified; SolidWorks; SolidWorks Licensing Service>
S3 vds (Virtual Disk Service) - c:\windows\system32\vds.exe (file missing)
S3 VSS (Volume Shadow Copy) - c:\windows\system32\vssvc.exe (file missing)
S3 WmiApSrv (WMI Performance Adapter) - c:\windows\system32\wbem\wmiapsrv.exe (file missing)
S4 TlntSvr (Telnet) - c:\windows\system32\tlntsvr.exe (file missing)
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2008-03-21 08:36:41 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
-- Files created between 2008-02-21 and 2008-03-21 -----------------------------
2008-03-20 17:22:51 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-03-20 16:54:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-03-20 16:13:28 0 d-------- C:\Documents and Settings\Administrator\Application Data\PTC
2008-03-20 16:11:14 0 d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-03-20 16:07:51 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2008-03-20 16:07:47 0 d-------- C:\Program Files (x86)\SUPERAntiSpyware
2008-03-20 16:07:47 0 d-------- C:\Documents and Settings\eric.henschke\Application Data\SUPERAntiSpyware.com
2008-03-20 16:07:33 0 d-------- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2008-03-20 16:04:07 0 d-------- C:\Documents and Settings\eric.henschke\Application Data\Grisoft
2008-03-20 16:03:57 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
2008-03-20 15:49:17 0 d-------- C:\Program Files (x86)\XoftSpySE
2008-03-20 15:49:16 0 d-------- C:\Documents and Settings\Administrator\Desktopvirii
2008-03-20 15:26:16 2621440 --ah----- C:\Documents and Settings\eric.henschke\NTUSER.DAT
2008-03-20 14:25:49 0 d-------- C:\Program Files (x86)\Enigma Software Group
2008-03-20 13:09:15 2146 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-20 13:02:12 0 d-------- C:\WINDOWS\pss
2008-03-20 12:54:15 4096 --a------ C:\Documents and Settings\Administrator\Desktopfilemanagerclient.exe
2008-03-20 12:54:14 4096 --a------ C:\Documents and Settings\Administrator\DesktopFWebdEditor.exe
2008-03-20 12:54:14 4096 --a------ C:\Documents and Settings\Administrator\Desktopfwebd.exe
2008-03-20 12:54:02 98304 --a------ C:\WINDOWS\system32\jtyzerqn.exe
2008-03-20 12:47:18 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-03-20 12:47:18 82432 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-03-20 12:47:17 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-20 12:47:17 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-03-20 12:47:17 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-03-20 12:47:17 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified;
http://www.beyondlogic.org; Command Line Process Utility>
2008-03-20 12:47:17 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-20 11:54:15 0 dr-h----- C:\Documents and Settings\eric.henschke\Recent
2008-03-20 11:01:26 0 d-------- C:\Documents and Settings\eric.henschke\Application Data\PC-Cleaner
2008-03-20 10:57:56 0 d-------- C:\Program Files (x86)\PC-Cleaner
2008-03-20 09:07:19 401408 --a------ C:\WINDOWS\system32\pvmjpg30.dll <Not Verified; Pegasus Imaging Corporation; PICVideo Codec Suite>
2008-03-20 09:07:18 44544 --a------ C:\WINDOWS\system32\msxml4a.dll <Not Verified; Microsoft Corporation; Microsoft® MSXML 4.0 SP1>
2008-03-20 09:07:18 1712128 --a------ C:\WINDOWS\system32\GDIPLUS.DLL <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-03-20 09:05:30 0 d-------- C:\Documents and Settings\NetworkService\My Documents
2008-03-20 09:05:30 0 d-------- C:\Documents and Settings\LocalService\My Documents
2008-03-20 09:04:54 138752 --a------ C:\WINDOWS\system32\mase32.dll
2008-03-20 09:04:54 57856 --a------ C:\WINDOWS\system32\masd32.dll
2008-03-20 09:04:54 136192 --a------ C:\WINDOWS\system32\mamc32.dll <Not Verified; ; MAMC32 Dynamic Link Library>
2008-03-20 09:04:54 196096 --a------ C:\WINDOWS\system32\macd32.dll <Not Verified; ; MACD32 Dynamic Link Library>
2008-03-20 09:04:54 27648 --a------ C:\WINDOWS\system32\ma32.dll
2008-03-20 09:03:44 41219 --a------ C:\WINDOWS\RSETPATH.exe <Not Verified; Pinnacle Systems; Pinnacle Systems RSETPATH>
2008-03-20 09:03:18 49152 --a------ C:\WINDOWS\system32\PCLEGetGuid.dll <Not Verified; Pinnacle Systems; Guid_dll>
2008-03-20 08:57:02 0 d-------- C:\Documents and Settings\eric.henschke\Application Data\InstallShield
2008-03-20 08:49:28 4096 --a------ C:\WINDOWS\winsystem.exe
2008-03-20 08:49:28 4096 --a------ C:\WINDOWS\userconfig9x.dll
2008-03-20 08:49:28 4096 --a------ C:\WINDOWS\SysWOW64WINWGPX.EXE
2008-03-20 08:49:28 4096 --a------ C:\WINDOWS\SysWOW64winsystem.exe
2008-03-20 08:49:28 4096 --a------ C:\WINDOWS\SysWOW64winlogonpc.exe
2008-03-20 08:49:28 4096 --a------ C:\WINDOWS\SysWOW64vcatchpi.dll
2008-03-20 08:49:28 4096 --a------ C:\WINDOWS\SysWOW64thun32.dll
2008-03-20 08:49:28 4096 --a------ C:\WINDOWS\SysWOW64thun.dll
2008-03-20 08:49:28 4096 --a------ C:\WINDOWS\SysWOW64temp#01.exe
2008-03-20 08:49:28 4096 --a------ C:\WINDOWS\SysWOW64taack.exe
2008-03-20 08:49:28 4096 --a------ C:\WINDOWS\SysWOW64taack.dat
2008-03-20 08:49:28 4096 --a------ C:\WINDOWS\SysWOW64sysreq.exe
2008-03-20 08:49:28 4096 --a------ C:\WINDOWS\SysWOW64ssvchost.exe
2008-03-20 08:49:28 4096 --a------ C:\WINDOWS\SysWOW64ssvchost.com
2008-03-20 08:49:28 4096 --a------ C:\WINDOWS\SysWOW64ssurf022.dll
2008-03-20 08:49:28 4096 --a------ C:\WINDOWS\SysWOW64sncntr.exe
2008-03-20 08:49:28 0 d-------- C:\WINDOWS\SysWOW64smp
2008-03-20 08:49:28 4096 --a------ C:\WINDOWS\SysWOW64Rundl1.exe
2008-03-20 08:49:28 4096 --a------ C:\WINDOWS\SysWOW64regm64.dll
2008-03-20 08:49:28 4096 --a------ C:\WINDOWS\SysWOW64regc64.dll
2008-03-20 08:49:28 4096 --a------ C:\WINDOWS\SysWOW64psoft1.exe
2008-03-20 08:49:28 4096 --a------ C:\WINDOWS\SysWOW64psof1.exe
2008-03-20 08:49:28 4096 --a------ C:\WINDOWS\SysWOW64ps1.exe
2008-03-20 08:49:28 4096 --a------ C:\WINDOWS\SysWOW64newsd32.exe
2008-03-20 08:49:28 4096 --a------ C:\WINDOWS\SysWOW64netode.exe
2008-03-20 08:49:28 4096 --a------ C:\WINDOWS\SysWOW64mwin32.exe
2008-03-20 08:49:28 4096 --a------ C:\WINDOWS\SysWOW64mtr2.exe
2008-03-20 08:49:28 4096 --a------ C:\WINDOWS\SysWOW64msvchost.exe
2008-03-20 08:49:28 4096 --a------ C:\WINDOWS\SysWOW64mssecu.exe
2008-03-20 08:49:28 4096 --a------ C:\WINDOWS\SysWOW64msnbho.dll
2008-03-20 08:49:28 4096 --a------ C:\WINDOWS\SysWOW64msgp.exe
2008-03-20 08:49:28 4096 --a------ C:\WINDOWS\SysWOW64medup020.dll
2008-03-20 08:49:28 4096 --a------ C:\WINDOWS\SysWOW64medup012.dll
2008-03-20 08:49:28 4096 --a------ C:\WINDOWS\SysWOW64hxiwlgpm.exe
2008-03-20 08:49:28 4096 --a------ C:\WINDOWS\SysWOW64hxiwlgpm.dat
2008-03-20 08:49:28 4096 --a------ C:\WINDOWS\SysWOW64hoproxy.dll
2008-03-20 08:49:28 4096 --a------ C:\WINDOWS\SysWOW64h@tkeysh@@k.dll
2008-03-20 08:49:28 4096 --a------ C:\WINDOWS\SysWOW64emesx.dll
2008-03-20 08:49:28 4096 --a------ C:\WINDOWS\SysWOW64dpcproxy.exe
2008-03-20 08:49:28 4096 --a------ C:\WINDOWS\SysWOW64bsva-egihsg52.exe
2008-03-20 08:49:28 4096 --a------ C:\WINDOWS\SysWOW64bdn.com
2008-03-20 08:49:28 4096 --a------ C:\WINDOWS\SysWOW64awtoolb.dll
2008-03-20 08:49:28 4096 --a------ C:\WINDOWS\SysWOW64anticipator.dll
2008-03-20 08:49:28 4096 --a------ C:\WINDOWS\SysWOW64akttzn.exe
2008-03-20 08:49:28 4096 --a------ C:\WINDOWS\mssecu.exe
2008-03-20 08:49:28 0 d-------- C:\WINDOWS\mslagent
2008-03-20 08:49:28 4096 --a------ C:\WINDOWS\iTunesMusic.exe
2008-03-20 08:49:28 4096 --a------ C:\WINDOWS\FVProtect.exe
2008-03-20 08:49:28 4096 --a------ C:\WINDOWS\bdn.com
2008-03-20 08:49:28 4096 --a------ C:\WINDOWS\a.bat
2008-03-20 08:49:28 0 d-------- C:\Program Files (x86)\Inet Delivery
2008-03-20 08:49:28 0 d-------- C:\Documents and Settings\eric.henschke\Desktopvirii
2008-03-20 08:49:28 4096 --a------ C:\Documents and Settings\eric.henschke\DesktopFWebdEditor.exe
2008-03-20 08:49:28 4096 --a------ C:\Documents and Settings\eric.henschke\Desktopfwebd.exe
2008-03-20 08:49:28 4096 --a------ C:\Documents and Settings\eric.henschke\Desktopfilemanagerclient.exe
2008-03-20 08:49:27 4096 --a------ C:\WINDOWS\SysWOW64vbsys2.dll
2008-03-20 08:49:27 0 d-------- C:\Program Files (x86)\akl
2008-03-20 08:47:20 38912 --a------ C:\WINDOWS\ujuhmjit.exe
2008-03-20 08:47:19 98304 --a------ C:\WINDOWS\system32\ggfixigd.exe
2008-03-19 15:28:40 0 d-------- C:\Program Files (x86)\WinAce
2008-03-17 09:04:57 0 d-------- C:\Program Files (x86)\proDAD
2008-03-17 09:01:39 0 d-------- C:\Program Files (x86)\AdorageI-SAL
2008-03-17 08:52:47 0 d-------- C:\WINDOWS\system32\URTTEMP
2008-03-17 08:49:39 0 d-------- C:\Program Files (x86)\SmartSound Software
2008-03-17 08:49:08 86016 --a------ C:\WINDOWS\unvise32qt.exe <Not Verified; MindVision; Installer VISE 2.8.3>
2008-03-17 08:49:03 0 d-------- C:\Program Files (x86)\QuickTime
2008-03-17 08:49:03 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\QuickTime
2008-03-17 08:41:32 0 d-------- C:\Program Files (x86)\DivX
2008-03-17 08:38:29 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Pinnacle Studio
2008-03-14 10:41:09 0 d-------- C:\WINDOWS\Downloaded Installations
2008-03-14 10:30:39 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Pinnacle
2008-03-14 10:30:37 0 d-------- C:\Program Files (x86)\Pinnacle
2008-03-14 10:30:23 14165 --a------ C:\WINDOWS\system32\drivers\Pclepci.sys <Not Verified; Pinnacle Systems GmbH; PCLEPCI>
2008-03-05 09:46:42 16384 --a------ C:\WINDOWS\system32\FileOps.exe
2008-03-05 09:46:42 0 d-------- C:\WINDOWS\system32\Adobe
2008-02-28 17:08:42 0 d-------- C:\Program Files (x86)\Common Files\Canon
2008-02-26 18:21:32 0 d-------- C:\Documents and Settings\eric.henschke\Application Data\Google
2008-02-26 18:21:20 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Google
2008-02-26 18:21:16 0 d-------- C:\Program Files (x86)\Google
-- Find3M Report ---------------------------------------------------------------
2008-03-20 16:07:33 0 d-------- C:\Program Files (x86)\Common Files
2008-03-20 15:12:37 0 d-------- C:\Program Files (x86)\Trend Micro
2008-03-20 09:04:54 108 --a------ C:\AUTOEXEC.BAT
2008-03-20 09:02:55 0 d--h----- C:\Program Files (x86)\InstallShield Installation Information
2008-03-17 10:41:36 0 d-------- C:\Program Files (x86)\Common Files\LightScribe
2008-03-17 08:49:31 0 d-------- C:\Program Files (x86)\Common Files\InstallShield
2008-03-13 08:50:59 0 d-------- C:\Program Files (x86)\Common Files\Adobe
2008-02-18 17:31:05 0 d-------- C:\Program Files (x86)\Common Files\Adobe Systems Shared
2008-02-18 15:33:50 1019 --a------ C:\WINDOWS\mozver.dat
2008-02-12 11:48:40 0 d-------- C:\Documents and Settings\Administrator\Application Data\MSNInstaller
2008-02-07 15:08:30 0 d-------- C:\Program Files (x86)\Common Files\SolidWorks Shared
2008-02-07 15:08:25 0 d-------- C:\Program Files (x86)\Common Files\eDrawings2008
2008-02-01 14:52:57 0 d-------- C:\Program Files (x86)\GPLGS
2008-02-01 09:39:15 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-02-01 09:32:29 0 d-------- C:\Program Files (x86)\Microsoft Works
2008-02-01 09:27:30 0 d-------- C:\Documents and Settings\Administrator\Application Data\Logitech
2008-02-01 09:19:31 0 d-------- C:\Program Files (x86)\Microsoft ActiveSync
2008-02-01 09:18:58 0 d-------- C:\Program Files (x86)\Microsoft.NET
2008-01-31 23:57:38 0 d-------- C:\Program Files (x86)\MSXML 4.0
2008-01-31 23:53:33 0 d-------- C:\Program Files (x86)\Windows Defender
2008-01-31 23:51:41 0 d-------- C:\Documents and Settings\Administrator\Application Data\Ahead
2008-01-31 23:51:16 0 d-------- C:\Program Files (x86)\Common Files\Ahead
2008-01-31 23:49:53 0 d-------- C:\Program Files (x86)\Nero
2008-01-31 23:46:05 0 d-------- C:\Program Files (x86)\MA User Marked Database
2008-01-31 23:45:56 0 d-------- C:\Program Files (x86)\Motion Analyzer
2008-01-31 23:44:40 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-01-31 23:43:08 0 d-------- C:\Program Files (x86)\AutoCAD 2007
2008-01-31 23:42:51 0 d-------- C:\Program Files (x86)\Common Files\Autodesk Shared
2008-01-31 23:42:49 0 d-------- C:\Program Files (x86)\AnswerWorks 4.0
2008-01-31 23:40:36 0 d-------- C:\Program Files (x86)\proeWildfire
2008-01-31 23:38:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\Autodesk
2008-01-31 23:37:44 0 d-------- C:\Program Files (x86)\Autodesk
2008-01-31 23:35:58 0 d-------- C:\Program Files (x86)\Acro Software
2008-01-31 23:35:22 0 d-------- C:\Program Files (x86)\Innotiv Spekan Batch Tool
2008-01-31 23:22:03 19739 --a------ C:\license.dat
2008-01-31 23:17:52 0 d-------- C:\Program Files (x86)\Realtek
2008-01-31 23:16:43 0 d-------- C:\Documents and Settings\Administrator\Application Data\ATI
2008-01-31 23:07:42 0 d-------- C:\Program Files (x86)\MSXML 6.0
2008-01-31 22:48:45 0 d-------- C:\Program Files (x86)\MSBuild
2008-01-31 22:44:53 0 d-------- C:\Program Files (x86)\Reference Assemblies
2008-01-31 22:22:11 0 d-------- C:\Documents and Settings\Administrator\Application Data\InstallShield
2008-01-31 22:19:49 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-01-31 22:15:32 0 d-------- C:\Program Files (x86)\system
2008-01-31 22:15:32 0 d-------- C:\Program Files (x86)\speechengines
2008-01-31 22:15:32 0 d-------- C:\Program Files (x86)\microsoft shared
2008-01-31 22:15:21 0 -rahs---- C:\MSDOS.SYS
2008-01-31 22:15:21 0 -rahs---- C:\IO.SYS
2008-01-31 22:15:21 0 --a------ C:\CONFIG.SYS
2008-01-31 21:19:32 0 d-------- C:\Program Files (x86)\Movie Maker
2008-01-31 21:19:20 0 d-------- C:\Program Files (x86)\Windows Media Player[Strings]
2008-01-31 21:18:12 0 d-------- C:\Program Files (x86)\MSN Gaming Zone
2008-01-31 21:17:37 0 d-------- C:\Program Files (x86)\Windows NT
2008-01-31 16:09:27 62 --ahs---- C:\Documents and Settings\Administrator\Application Data\desktop.ini
2008-01-31 14:59:56 0 d-------- C:\Program Files (x86)\Common Files\ODBC
2008-01-31 14:59:51 0 d-------- C:\Program Files (x86)\Common Files\SpeechEngines
-- Registry Dump ---------------------------------------------------------------
-- End of Deckard's System Scanner: finished at 2008-03-21 08:37:49 ------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft® Windows® XP Professional x64 Edition (build 3790) SP 2.0
Architecture: X64; Language: English
CPU 0: Intel® Core2 Quad CPU Q6600 @ 2.40GHz
CPU 1: Intel® Core2 Quad CPU Q6600 @ 2.40GHz
CPU 2: Intel® Core2 Quad CPU Q6600 @ 2.40GHz
CPU 3: Intel® Core2 Quad CPU Q6600 @ 2.40GHz
Percentage of Memory in Use: 11%
Physical Memory (total/avail): 8190.25 MiB / 7260.64 MiB
Pagefile Memory (total/avail): 9806.72 MiB / 9275.27 MiB
Virtual Memory (total/avail): 4095.88 MiB / 3947.74 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 69.24 GiB total, 43.92 GiB free.
D: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - WDC WD740ADFD-00NLR5 - 69.24 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 69.24 GiB - C:
-- Security Center -------------------------------------------------------------
Windows Internal Firewall is enabled.
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files (x86)\\proeWildfire\\i486_nt\\nms\\nmsd.exe"="C:\\Program Files (x86)\\proeWildfire\\i486_nt\\nms\\nmsd.exe:*:Disabled:nmsd"
"C:\\Program Files (x86)\\proeWildfire\\i486_nt\\obj\\xtop.exe"="C:\\Program Files (x86)\\proeWildfire\\i486_nt\\obj\\xtop.exe:*:Disabled:xtop"
"C:\\Program Files (x86)\\proeWildfire\\i486_nt\\obj\\pro_comm_msg.exe"="C:\\Program Files (x86)\\proeWildfire\\i486_nt\\obj\\pro_comm_msg.exe:*:Disabled:pro_comm_msg"
"C:\\Program Files (x86)\\Pinnacle\\Studio 10\\programs\\RM.exe"="C:\\Program Files (x86)\\Pinnacle\\Studio 10\\programs\\RM.exe:*:Enabled:Render Manager"
"C:\\Program Files (x86)\\Pinnacle\\Studio 10\\programs\\Studio.exe"="C:\\Program Files (x86)\\Pinnacle\\Studio 10\\programs\\Studio.exe:*:Enabled:Studio"
"C:\\Program Files (x86)\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"="C:\\Program Files (x86)\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\\Program Files (x86)\\Pinnacle\\Studio 10\\programs\\umi.exe"="C:\\Program Files (x86)\\Pinnacle\\Studio 10\\programs\\umi.exe:*:Enabled:umi"
"C:\\Program Files (x86)\\Pinnacle\\Studio 11\\programs\\RM.exe"="C:\\Program Files (x86)\\Pinnacle\\Studio 11\\programs\\RM.exe:*:Enabled:Render Manager"
"C:\\Program Files (x86)\\Pinnacle\\Studio 11\\programs\\Studio.exe"="C:\\Program Files (x86)\\Pinnacle\\Studio 11\\programs\\Studio.exe:*:Enabled:Studio"
"C:\\Program Files (x86)\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"="C:\\Program Files (x86)\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\\Program Files (x86)\\Pinnacle\\Studio 11\\programs\\umi.exe"="C:\\Program Files (x86)\\Pinnacle\\Studio 11\\programs\\umi.exe:*:Enabled:umi"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Administrator\\Local Settings\\Temp\\ptcE_tmp.exe"="C:\\Documents and Settings\\Administrator\\Local Settings\\Temp\\ptcE_tmp.exe:*:Enabled:ptcE_tmp"
"C:\\Program Files (x86)\\proeWildfire\\i486_nt\\nms\\nmsd.exe"="C:\\Program Files (x86)\\proeWildfire\\i486_nt\\nms\\nmsd.exe:*:Disabled:nmsd"
"C:\\Program Files (x86)\\proeWildfire\\i486_nt\\obj\\xtop.exe"="C:\\Program Files (x86)\\proeWildfire\\i486_nt\\obj\\xtop.exe:*:Disabled:xtop"
"C:\\Program Files (x86)\\proeWildfire\\i486_nt\\obj\\pro_comm_msg.exe"="C:\\Program Files (x86)\\proeWildfire\\i486_nt\\obj\\pro_comm_msg.exe:*:Disabled:pro_comm_msg"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS
APPDATA=C:\Documents and Settings\Administrator\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files (x86)\Common Files
CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
CommonProgramW6432=C:\Program Files\Common Files
COMPUTERNAME=D21
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator
LOGONSERVER=\\D21
NUMBER_OF_PROCESSORS=4
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\proeWildfire\bin;C:\Program Files (x86)\Common Files\Adobe\AGL;C:\Program Files (x86)\Pinnacle\Shared Files\;C:\Program Files (x86)\Pinnacle\Shared Files\Filter
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_ARCHITEW6432=AMD64
PROCESSOR_IDENTIFIER=EM64T Family 6 Model 15 Stepping 11, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0b
ProgramFiles=C:\Program Files (x86)
ProgramFiles(x86)=C:\Program Files (x86)
ProgramW6432=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
USERDOMAIN=D21
USERNAME=fairoot
USERPROFILE=C:\Documents and Settings\Administrator
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
eric.henschke
(update central, admin)fairoot
(new local, admin, net ready)Administrator
(admin)-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files (x86)\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
2007 Micro