Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Virus Malware - Desktop PC


  • Please log in to reply

#1
jake4321

jake4321

    Member

  • Member
  • PipPip
  • 36 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:32:09 AM, on 6/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Ahnlab\Smart Update Utility\Ahnsdsv.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\PROGRA~1\Ahnlab\V3\MonSvcNT.EXE
C:\Program Files\Common Files\NeatReceipts\DB Controller\NeatReceiptsDBController.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SE...S01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SE...S01?FORM=TOOLBR
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: V3 - {9E3849D6-41EF-4B2F-86B7-632EF90758E4} - C:\Program Files\Ahnlab\V3\V3Bar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyds...oad/tgctlcm.cab
O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} - http://asp11.centra....raUpdaterAx.cab
O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} (HPSDDX Class) - http://www.hp.com/cp...ddObjSigned.cab
O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} (Webshots Multiple Media Uploader - Container) - http://community.web...wsaxcontrol.cab
O16 - DPF: {36E4E9BC-4D0C-41B4-90C9-37AFDBFAAD3C} (InforbitHelper Class) - https://download.inf...in/ifhelper.cab
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritag...EngineQuery.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1134705769583
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1182341261509
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.c...rt/IbmEgath.cab
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - http://transfers.one...ransferCtrl.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://hgtv.view22.c...p/view22rte.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://trafficcams.c...activex/AMC.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ahnlab Task Scheduler - Ahnlab, Inc. - C:\Program Files\Ahnlab\Smart Update Utility\Ahnsdsv.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MonSvcNT - Ahnlab, Inc. - C:\PROGRA~1\Ahnlab\V3\MonSvcNT.EXE
O23 - Service: NeatReceipts Database Controller - Digital Business Processes - C:\Program Files\Common Files\NeatReceipts\DB Controller\NeatReceiptsDBController.exe

--
End of file - 7060 bytes
  • 0

Advertisements


#2
MichWasHere

MichWasHere

    Member

  • Member
  • PipPipPip
  • 424 posts
Hi Jake, welcome to Geeks to Go :)

I'm in training right now so I am posting under supervision, there may be a lag between my replies as they have to be checked before I say them to you. I have gone through your log and will be posting help for you shortly :)

If you have already resolved this problem or are receiving help elsewhere please let us know so this topic can be closed :)
  • 0

#3
MichWasHere

MichWasHere

    Member

  • Member
  • PipPipPip
  • 424 posts
Hello again :)

You have too many Antivirus Programs
You have 2 antivirus programs installed and running. Please uninstall one (preferrably Ahnlab unless this is a paid subscription). These programs should be removable from your control Panel.

- Click Start and select "Control Panel"
- In the control panel select "Add\Remove Programs"
- In the add or remove programs window scroll down the list to the program you are removing (AhnLab or Avira)
- Select the program and click 'remove'

Run an Online Virus Scan
Please do an online scan with Kaspersky WebScanner

- Click on "Kaspersky Online Scanner" and click "Accept"

You will be prompted to install an ActiveX component from Kaspersky, Click "Yes".
- The program will launch and then begin downloading the latest definition files:
- Once the files have been downloaded click on "NEXT"
- Next click on "Scan Settings"
- In the scan settings make that the following are selected:
"Scan using the following Anti-Virus database:"
"Extended" (if available otherwise "Standard")

- Scan Options:
"Scan Archives"
"Scan Mail Bases"

- Click "OK"

- Now under "select a target to scan" select "My Computer"
- The program will start and scan your system.
- The scan will take a while so be patient and let it run.
- Once the scan is complete it will display if your system has been infected.

Next click on the "Save as Text" button:
- Save the file to your desktop.
- Copy and paste that information in your next post.

Get DSS Logs
Please download Deckard's System Scanner (DSS) and save it to your Desktop.
- Close all other windows before proceeding.
- Double-click on dss.exe and follow the prompts.
- If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
- When the scan has finished, two notepad files will open named main.txt and extra.txt. Please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt in one reply and extra.txt in a separate reply.
  • 0

#4
jake4321

jake4321

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Yes your right, I need to uninstall Ahnlab V3 but I can't remember the password. I have tried all my passwords? I'll keep hammering at it.

Do you know of any apps that can uninstall without a password?
  • 0

#5
MichWasHere

MichWasHere

    Member

  • Member
  • PipPipPip
  • 424 posts
Hi Jake :)

Sorry, I've been looking and can't seem to find a way around the password. So I have a couple questions

- is the subscription for ahnlab up to date?
- have you tried removing it in safemode?
  • 0

#6
jake4321

jake4321

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
1. In safemode it still ask for the Password.

2. It's an old legacy version of Ahnlab (V3 pro 2002 Deluxe), they do not support it anymore. It would have been removed years ago but I never did because of the PW. My other options are to try and get some Support from them and/or see if I can find the password maybe I have written it down somewhere?

==> I just emailed them requesting instructions on the password issue.

Edited by jake4321, 10 June 2008 - 05:37 AM.

  • 0

#7
MichWasHere

MichWasHere

    Member

  • Member
  • PipPipPip
  • 424 posts
Silly software vendors... thanks for the update :) please let me know when you get rid of it :)
  • 0

#8
MichWasHere

MichWasHere

    Member

  • Member
  • PipPipPip
  • 424 posts
Good morning :)

I think while we are waiting for you to get removal instructions we can just disable the program from running until you can uninstall it.

Re-open HiJackThis and scan. Check the boxes next to all the entries listed below:
O23 - Service: Ahnlab Task Scheduler - Ahnlab, Inc. - C:\Program Files\Ahnlab\Smart Update Utility\Ahnsdsv.exe
O23 - Service: MonSvcNT - Ahnlab, Inc. - C:\PROGRA~1\Ahnlab\V3\MonSvcNT.EXE


Now close all windows other than HiJackThis, then click Fix Checked. You should be asked to restart your computer, say yes.

Next please continue on with the online scan and the DSS logs :)
  • 0

#9
jake4321

jake4321

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, June 11, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, June 10, 2008 15:24:20
Records in database: 845734


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
A:\
C:\
D:\
E:\
F:\

Scan statistics
Files scanned 256474
Threat name 2
Infected objects 6
Suspicious objects 0
Duration of the scan 06:32:05

File name Threat name Threats count
C:\Documents and Settings\Jake\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-51fad18-7e82143d.zip Infected: Exploit.Java.Gimsh.a 1

C:\Documents and Settings\Jake\Application Data\Sun\Java\Deployment\cache\6.0\44\232f2a6c-5e18640c Infected: Exploit.Java.Gimsh.a 1

C:\Documents and Settings\Jake\.housecall6.6\Quarantine\keyfinder.exe.bac_a03500 Infected: not-a-virus:PSWTool.Win32.RAS.a 2

C:\Documents and Settings\Jake\.housecall6.6\Quarantine\A0043547.exe.bac_a02916 Infected: not-a-virus:PSWTool.Win32.RAS.a 2

The selected area was scanned.
  • 0

#10
jake4321

jake4321

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Deckard's System Scanner v20071014.68
Run by Jake on 2008-06-11 00:55:08
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
25: 2008-06-11 04:55:12 UTC - RP608 - Deckard's System Scanner Restore Point
24: 2008-06-11 04:41:03 UTC - RP607 - System Checkpoint
23: 2008-06-10 02:41:15 UTC - RP606 - Software Distribution Service 3.0
22: 2008-06-07 19:16:25 UTC - RP605 - System Checkpoint
21: 2008-06-04 22:05:45 UTC - RP604 - Ad-Aware Restore Point 2008-06-04 18:05:40


-- First Restore Point --
1: 2008-04-14 14:47:17 UTC - RP584 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 18.29 GiB (less than 15%) free.


-- HijackThis (run as Jake.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:59:05 AM, on 2008-06-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\NeatReceipts\DB Controller\NeatReceiptsDBController.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Jake\My Documents\My Downloads\AntiVirus\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Jake.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SE...S01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SE...S01?FORM=TOOLBR
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: V3 - {9E3849D6-41EF-4B2F-86B7-632EF90758E4} - C:\Program Files\Ahnlab\V3\V3Bar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyds...oad/tgctlcm.cab
O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} - http://asp11.centra....raUpdaterAx.cab
O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} (HPSDDX Class) - http://www.hp.com/cp...ddObjSigned.cab
O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} (Webshots Multiple Media Uploader - Container) - http://community.web...wsaxcontrol.cab
O16 - DPF: {36E4E9BC-4D0C-41B4-90C9-37AFDBFAAD3C} (InforbitHelper Class) - https://download.inf...in/ifhelper.cab
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritag...EngineQuery.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1134705769583
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1182341261509
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.c...rt/IbmEgath.cab
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - http://transfers.one...ransferCtrl.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://hgtv.view22.c...p/view22rte.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://trafficcams.c...activex/AMC.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NeatReceipts Database Controller - Digital Business Processes - C:\Program Files\Common Files\NeatReceipts\DB Controller\NeatReceiptsDBController.exe

--
End of file - 6789 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080610-162133-170 O23 - Service: Ahnlab Task Scheduler - Ahnlab, Inc. - C:\Program Files\Ahnlab\Smart Update Utility\Ahnsdsv.exe
backup-20080610-162133-867 O23 - Service: MonSvcNT - Ahnlab, Inc. - C:\PROGRA~1\Ahnlab\V3\MonSvcNT.EXE

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 mpegport - c:\windows\system32\drivers\mpegport.sys <Not Verified; Sigma Designs Inc.; MPEG Port Driver>
R1 BIOS - c:\windows\system32\drivers\bios.sys <Not Verified; BIOSTAR Group; BIOSTAR I/O driver fle>
R1 BS_I2cIo - c:\windows\system32\drivers\bs_i2cio.sys <Not Verified; BIOSTAR Group; BIOSTAR I/O driver fle>
R2 DLPORTIO - c:\windows\dlportio.sys
R2 Machnm32 (Machnm32 Driver) - c:\windows\system32\machnm32.sys
R2 ppsio2 (PPDevice) - c:\windows\system32\drivers\ppsio2.sys <Not Verified; ; Flatbed DevDriver/NT4>
R2 rmdvd (RM DVD helper) - c:\windows\system32\drivers\rmdvd.sys
R3 rmquasar (Hollywood Plus MiniDriver) - c:\windows\system32\drivers\rmquasar.sys <Not Verified; Sigma Designs Inc.; >

S2 BT848 (Conexant's BtPCI WDM Video Capture) - c:\windows\system32\drivers\bt848.sys <Not Verified; Illusion & Hope.; bt848.sys>
S3 AhnFlt2K - c:\windows\system32\drivers\ahnflt2k.sys <Not Verified; Ahnlab, Inc.; Ahnlab, Inc.>
S3 AhnRec2K - c:\windows\system32\drivers\ahnrec2k.sys <Not Verified; Ahnlab, Inc.; Ahnlab Product>
S3 CLPCIID - c:\program files\cyberlink\powerdvd\clpciid.sys <Not Verified; CyberLink Corp.; clpciid>
S3 giveio - c:\windows\system32\giveio.sys
S3 grmn0200 (grmn0200.Sys Garmin USB DCP driver (install)) - c:\windows\system32\drivers\grmn0200.sys <Not Verified; GARMIN Corp.; grmn0200>
S3 grmn1200 (grmn0400.Sys Garmin USB DCP driver) - c:\windows\system32\drivers\grmn1200.sys <Not Verified; GARMIN Corp.; grmn1200>
S3 gwiopm - f:\my drivers\video drivers\video sniffer\files\gwiopm.sys
S3 MREMPR5 (MREMPR5 NDIS Protocol Driver) - c:\program files\common files\motive\mrempr5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
S3 MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - c:\program files\common files\motive\mrendis5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
S3 TPP200 (USB Storage Adapter V2 (TPP)) - c:\windows\system32\drivers\tpp200.sys <Not Verified; Cypress Semiconductor; TPP Storage Adapter>
S3 v3engine - c:\windows\system32\drivers\v3engine.sys <Not Verified; AhnLab, Inc.; V3 Common>
S3 V3Flt2K - c:\program files\ahnlab\v3\v3flt2k.sys <Not Verified; AhnLab, Inc.; V3>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AntiVirScheduler (AntiVir PersonalEdition Classic Scheduler) - "c:\program files\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; AntiVir Workstation>

S4 Ahnlab Task Scheduler - "c:\program files\ahnlab\smart update utility\ahnsdsv.exe" <Not Verified; Ahnlab, Inc.; Smart Update Utility>
S4 MonSvcNT - c:\progra~1\ahnlab\v3\monsvcnt.exe <Not Verified; Ahnlab, Inc.; V3Pro 2002 Deluxe>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-10 21:47:24 420 --ah----- C:\WINDOWS\Tasks\User_Feed_Synchronization-{9548FC62-0A4D-4267-9272-AAD14A94E584}.job
2008-04-19 10:41:12 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-05-04 06:46:28 402 --ah----- C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job


-- Files created between 2008-05-11 and 2008-06-11 -----------------------------

2075-01-11 11:23:06 0 d-------- C:\Program Files\AZZ Cardfile
2014-12-23 13:29:38 0 d-------- C:\Documents and Settings\Jake\Application Data\NetCentrics
2008-06-10 06:54:38 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-06-10 06:54:38 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-06-10 06:54:38 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-06-10 06:54:38 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-06-10 06:54:38 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-06-10 06:54:38 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-06-10 06:54:38 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-06-10 06:54:38 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-06-10 06:54:38 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-06-10 06:54:37 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-06-10 06:54:37 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-06-10 06:54:37 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-06-10 06:54:37 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-06-10 06:54:36 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-06-09 22:06:58 0 d-------- C:\Program Files\Easy Uninstaller
2008-06-04 12:13:40 68096 --a------ C:\WINDOWS\zip.exe
2008-06-04 12:13:40 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-04 12:13:40 98816 --a------ C:\WINDOWS\sed.exe
2008-06-04 12:13:40 80412 --a------ C:\WINDOWS\grep.exe
2008-06-04 12:13:39 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-04 12:13:39 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-04 12:13:38 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-04 12:13:38 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-04 08:31:04 0 d-------- C:\Program Files\Trend Micro
2008-06-04 08:04:06 0 d-------- C:\Documents and Settings\Jake\Application Data\Malwarebytes
2008-06-04 08:03:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-03 20:33:03 0 d-------- C:\Program Files\Common Files\Java
2008-06-02 19:27:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-25 17:32:03 0 d-------- C:\Documents and Settings\Jake\Application Data\vlc
2008-05-25 17:25:06 0 d-------- C:\Program Files\TVAnts
2008-05-25 17:16:26 0 d-------- C:\Program Files\VideoLAN
2008-05-25 16:38:19 0 d-------- C:\Documents and Settings\Jake\Application Data\TVU Networks
2008-05-25 16:38:19 0 d-------- C:\Documents and Settings\All Users\Application Data\TVU Networks
2008-05-25 16:38:09 0 d-------- C:\Documents and Settings\Jake\LocalLow
2008-05-25 16:38:05 0 d-------- C:\Program Files\TVUPlayer
2008-05-25 16:16:48 0 d-------- C:\Program Files\SopCast
2008-05-20 20:27:26 760 --a------ C:\WINDOWS\system32\install_dlportio.bat
2008-05-20 20:27:25 176 --a------ C:\WINDOWS\system32\status_dlportio.bat
2008-05-20 20:27:25 27460 --a------ C:\WINDOWS\system32\loaddrv.exe
2008-05-20 20:27:25 34816 --a------ C:\WINDOWS\system32\Dlportio.dll <Not Verified; Scientific Software Tools, Inc.; DriverLINX Port I/O Driver>
2008-05-20 20:27:25 3584 --a------ C:\WINDOWS\Dlportio.sys
2008-05-19 08:50:36 0 d-------- C:\Program Files\Microsoft Silverlight


-- Find3M Report ---------------------------------------------------------------

2008-05-05 17:30:46 4097 --a------ C:\WINDOWS\mozver.dat
2008-05-05 12:12:02 0 d-------- C:\Documents and Settings\Jake\Application Data\Joost
2008-05-05 12:11:30 0 d-------- C:\Program Files\Joost
2008-04-11 19:52:08 0 d-------- C:\Program Files\Virtual Earth 3D
2008-03-25 11:43:08 36638 --a------ C:\Documents and Settings\Jake\Application Data\Comma Separated Values (Windows).ADR


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-06-20 09:42 PM C:\WINDOWS\SOUNDMAN.EXE]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2005-03-23 04:26 PM]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2005-03-15 02:46 AM]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-14 04:09 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytools"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP OfficeJet Series 500 Startup.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP OfficeJet Series 500 Startup.lnk
backup=C:\WINDOWS\pss\HP OfficeJet Series 500 Startup.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WarpSpeeder Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WarpSpeeder Tray Icon.lnk
backup=C:\WINDOWS\pss\WarpSpeeder Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk
backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jake^Start Menu^Programs^Startup^Joost.lnk]
path=C:\Documents and Settings\Jake\Start Menu\Programs\Startup\Joost.lnk
backup=C:\WINDOWS\pss\Joost.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jake^Start Menu^Programs^Startup^Mozilla Firefox.lnk]
path=C:\Documents and Settings\Jake\Start Menu\Programs\Startup\Mozilla Firefox.lnk
backup=C:\WINDOWS\pss\Mozilla Firefox.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jake^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
path=C:\Documents and Settings\Jake\Start Menu\Programs\Startup\PowerReg Scheduler.exe
backup=C:\WINDOWS\pss\PowerReg Scheduler.exeStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A Verizon App]
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AHNSD]
"C:\Program Files\Ahnlab\Smart Update Utility\AhnSD.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
E:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVGCtrl]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
"C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.2]
"C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe" /R

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iCall Internet Phone]
"C:\Program Files\iCall\iCall.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
C:\WINDOWS\TWAIN_32\Vivid\VIVID.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Location Finder]
"C:\Program Files\Microsoft Location Finder\LocationFinder.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
"C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REWARDS NETWORK]
C:\Program Files\Rewards Network\brntray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STB TVFIX]
C:\WINDOWS\system32\NOAPPRUN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TivoNotify]
"C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TivoServer]
"C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TivoTransfer]
"C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPP Auto Loader]
C:\WINDOWS\tppaldr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verizon_McciTrayApp]
C:\Program Files\Verizon\McciTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]
VTtrayp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zinio DLM]
C:\Program Files\Zinio\ZinioDeliveryManager.exe /autostart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TivoBeacon2"=2 (0x2)
"iPodService"=3 (0x3)
"WMPNetworkSvc"=2 (0x2)




-- Hosts -----------------------------------------------------------------------

127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 www.abx4.com #[Adware.ABXToolbar]
127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
127.0.0.1 phpadsnew.abac.com
127.0.0.1 a.abnad.net
127.0.0.1 b.abnad.net
127.0.0.1 c.abnad.net #[eTrust.Tracking.Cookie]
127.0.0.1 d.abnad.net

18617 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-06-11 01:00:05 ------------
  • 0

Advertisements


#11
jake4321

jake4321

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Celeron® CPU 2.93GHz
Percentage of Memory in Use: 44%
Physical Memory (total/avail): 958.42 MiB / 531.92 MiB
Pagefile Memory (total/avail): 4424.16 MiB / 3881.39 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1918.38 MiB

A: is Removable (No Media)
C: is Fixed (FAT32) - 127.97 GiB total, 18.29 GiB free.
D: is CDROM (No Media)
E: is Fixed (FAT32) - 39.06 GiB total, 6.27 GiB free.
F: is Fixed (FAT32) - 37.24 GiB total, 7.9 GiB free.

\\.\PHYSICALDRIVE0 - HDS722516VLAT80 - 153.38 GiB - 1 partition
\PARTITION0 (bootable) - Unknown - 128 GiB - C:

\\.\PHYSICALDRIVE1 - Maxtor 6Y080P0 - 76.33 GiB - 2 partitions
\PARTITION0 (bootable) - Unknown - 39.07 GiB - E:
\PARTITION1 - Extended w/Extended Int 13 - 37.25 GiB - F:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) Outdated
AV: Avira AntiVir PersonalEdition v8.0.1.18 (Avira GmbH) Disabled
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Internet Explorer\\Iexplore.exe"="C:\\Program Files\\Internet Explorer\\Iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\MyNews30\\mynews.exe"="C:\\Program Files\\MyNews30\\mynews.exe:*:Disabled:mynews"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\System32\\dxdiag.exe"="C:\\WINDOWS\\System32\\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool"
"C:\\Program Files\\SnapStream Media\\Beyond TV 3\\BTVGuideDataLoader.exe"="C:\\Program Files\\SnapStream Media\\Beyond TV 3\\BTVGuideDataLoader.exe:*:Disabled:Beyond TV Guide Data Loader"
"C:\\Program Files\\SnapStream Media\\Beyond TV 3\\PVSLibraryAppService.exe"="C:\\Program Files\\SnapStream Media\\Beyond TV 3\\PVSLibraryAppService.exe:*:Disabled:Beyond TV Library Service"
"C:\\Program Files\\SnapStream Media\\Beyond TV 3\\BTVRecordingEngine.exe"="C:\\Program Files\\SnapStream Media\\Beyond TV 3\\BTVRecordingEngine.exe:*:Disabled:Beyond TV Recording Engine"
"C:\\Program Files\\SnapStream Media\\Beyond TV 3\\PVSConfigService.exe"="C:\\Program Files\\SnapStream Media\\Beyond TV 3\\PVSConfigService.exe:*:Disabled:Beyond TV Settings Service"
"C:\\Program Files\\SnapStream Media\\Beyond TV 3\\BTVD3DShell.exe"="C:\\Program Files\\SnapStream Media\\Beyond TV 3\\BTVD3DShell.exe:*:Disabled:Beyond TV ViewScape"
"C:\\Program Files\\SnapStream Media\\Beyond TV 3\\BTVWebServer.exe"="C:\\Program Files\\SnapStream Media\\Beyond TV 3\\BTVWebServer.exe:*:Disabled:Beyond TV Web Server"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Disabled:Veoh Client"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Disabled:iTunes"
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\AVP.EXE"="C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\AVP.EXE:*:Disabled:Kaspersky Anti-Virus"
"C:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\HelpCtr.exe"="C:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\HelpCtr.exe:*:Disabled:Remote Assistance - Windows Messenger and Voice"
"C:\\Program Files\\Common Files\\TiVo Shared\\Beacon\\TiVoBeacon.exe"="C:\\Program Files\\Common Files\\TiVo Shared\\Beacon\\TiVoBeacon.exe:LocalSubNet:Disabled:TiVo Beacon Service"
"C:\\Program Files\\TiVo\\Desktop\\TiVoDesktop.exe"="C:\\Program Files\\TiVo\\Desktop\\TiVoDesktop.exe:LocalSubNet:Disabled:TiVo Desktop User Interface"
"C:\\Program Files\\TiVo\\Desktop\\TiVoServer.exe"="C:\\Program Files\\TiVo\\Desktop\\TiVoServer.exe:LocalSubNet:Disabled:TiVo Server Service"
"C:\\Program Files\\Common Files\\TiVo Shared\\Transfer\\TiVoTransfer.exe"="C:\\Program Files\\Common Files\\TiVo Shared\\Transfer\\TiVoTransfer.exe:LocalSubNet:Disabled:TiVo Transfer Service"
"C:\\Program Files\\Messenger\\MSMSGS.EXE"="C:\\Program Files\\Messenger\\MSMSGS.EXE:*:Disabled:Windows Messenger"
"C:\\Program Files\\iCall\\iCall.exe"="C:\\Program Files\\iCall\\iCall.exe:*:Enabled:iCall"
"C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"="C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe:*:Disabled:tvprunner"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Disabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Disabled:Windows Live Messenger (Phone)"
"C:\\WINDOWS\\System32\\mmc.exe"="C:\\WINDOWS\\System32\\mmc.exe:*:Enabled:Microsoft Management Console"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Jake\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JAKE
ComSpec=C:\WINDOWS\system32\cmd.exe
DXSDK_DIR=C:\Program Files\Microsoft DirectX SDK (December 2005)\
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Jake
LOGONSERVER=\\JAKE
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program;C:\Program Files\Common Files\NeatReceipts\NeatOCR 2.0\;C:\Program Files\Common Files\NeatReceipts\Drivers\M12\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Jake\LOCALS~1\Temp
TMP=C:\DOCUME~1\Jake\LOCALS~1\Temp
USERDOMAIN=JAKE
USERNAME=Jake
USERPROFILE=C:\Documents and Settings\Jake
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Jake (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
ABBYY FineReader 6.0 Sprint --> MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Abcc Free DIVX AVI MP4 WMV iPod Converter 2.0 --> "C:\Program Files\Abcc Free DIVX AVI MP4 WMV iPod Converter\unins000.exe"
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~1\INSTALL.LOG
AnswerWorks 4.0 Runtime - English --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
AnswerWorks 5.0 English Runtime --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}\setup.exe" -l0x9 -uninst -removeonly
Any Video Converter 2.5.6 --> "C:\Program Files\Any Video Converter\unins000.exe"
Apex Video Converter Free 6.65 --> "C:\Program Files\Apex\Apex Video Converter Free\unins000.exe"
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Asymetrix Digital Video Producer 4.0 --> C:\WINDOWS\uninst.exe -fc:\PROGRA~1\ASYMET~1\dvp40\DeIsL1.isu
Avira AntiVir Personal – Free Antivirus --> C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
AXIS Media Control Embedded --> rundll32 "C:\Program Files\Axis Communications\AXIS Media Control Embedded\AxisMediaControlEmb.dll",UninstallMe
Bushnell ImageView --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04E21962-D0C3-4EE8-8A3B-0B1A71B284C2}\Setup.exe" -l0x9
Channel Master --> "C:\Program Files\SharpC\Channel Master\uninstall.exe"
Channel Master --> "C:\Program Files\SharpC\Channel Master\uninstall.exe"
Chart Navigator --> C:\WINDOWS\uninst.exe -f"E:\Program Files\Maptech\Chart Navigator\DeIsL5.isu"
Cole2k Media - Codec Pack (Standard) --> C:\WINDOWS\system32\C2MP\Uninst.exe
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
CutePDF Writer 2.7 --> C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe /uninstall
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DraftDominator Version 8.0q Full --> "C:\Program Files\DraftDominator\DraftDominator\unins000.exe"
eFax Messenger 4.2 --> C:\Program Files\eFax Messenger 4.2\Uninstall.exe
EPSON Copy Utility 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x9 -UnInstall
EPSON Event Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48F22622-1CC2-4A83-9C1E-644DD96F832D}\Setup.exe" -l0x9 -u
EPSON File Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E86BC406-944E-41F6-ADE6-2C136734C96B}\Setup.exe" -l0x9 UNINST
EPSON Perf 4490P Guide --> C:\Program Files\epson\guide\perf4490_e\uninstall.exe
EPSON Scan Assistant --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x9 -u
Family Tree Maker 2008 --> C:\Program Files\InstallShield Installation Information\{15F53CD8-552B-40D3-BEB1-13E710CA6C3F}\setup.exe -runfromtemp -l0x0409
Fx MPEG Writer --> C:\PROGRA~1\FXMPEG~1\UNWISE.EXE C:\PROGRA~1\FXMPEG~1\INSTALL.LOG
Garmin BlueChart Americas v9 --> MsiExec.exe /X{254A2683-4128-47B1-85DF-7690E6119EC6}
Garmin MapSource --> MsiExec.exe /X{DF4B49A6-C31A-4D68-8983-505EC9334A63}
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x9 -removeonly
Google SketchUp 6 Exporters --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EB459C2F-41CA-4222-B9CA-F8EBA40B8DAB}\setup.exe" -l0x9 -removeonly
Google SketchUp LayOut 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C12D609B-EB71-411B-82C3-9BE6D40435D7}\setup.exe" -l0x9 -removeonly
Google SketchUp Pro 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12E75B98-8463-4C1F-8DDA-F6CF31566A55}\setup.exe" -l0x9 -removeonly
Hex Workshop v4.23 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\BreakPoint Software\Hex Workshop 4.2\hw41unin.isu"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
HP OfficeJet Series 500 (Remove Only) --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Hewlett-Packard\HP OfficeJet Series 500\uninst.isu" -c"C:\Program Files\Hewlett-Packard\HP OfficeJet Series 500\uninst.dll"
I.I.I. Home Inventory 3.08 --> C:\Program Files\Insurance Information Institute\HomeInventory\uninst.exe
iCall --> "C:\Program Files\iCall\unins000.exe"
Infotriever --> C:\PROGRA~1\INFOTR~1\Agent\infoclient.exe -uninstall
iTunes --> MsiExec.exe /I{AB90749C-7422-4580-8A7A-66CC5E9E5F98}
IZArc 3.6 --> "e:\Program Files\IZArc\unins000.exe"
Java™ 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Joost ™ Beta 1.1.4 --> C:\Program Files\Joost\uninst.exe
LineupDominator Version 3.0j Full --> "C:\Program Files\LineupDominator\unins000.exe"
LogSat Professional v5.2 - Demo - --> C:\PROGRA~1\LOGSAT\Uninstal.EXE C:\PROGRA~1\LOGSAT\INSTALL.LOG "LogSat Professional Uninstall"
MapSource --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Garmin\MapSource\Uninst.isu"
MapSource --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{20ACA1B0-8043-11D4-AEB1-00C04F590412}\Setup.exe" -l0x9 AddRemove
MapSource --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5E3CFCA6-C95A-47CB-A822-7FA80D423AF2}\Setup.exe" -l0x9 AddRemove
MapSource - Americas BlueChart v4.00 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll<UNINSTALL_CMD> AddRemove
MapSource - Marine Trip & Waypoint Manager v2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{E8D67BF1-59FB-4C32-A9D1-8E93CE4D1D5A} /l1033
MapSource Manual --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{86DDF563-E427-4D60-9AFA-6165DE800C91}\Setup.exe" -l0x9 AddRemove
Marine POI Database Recovery --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BA345EC-E9A4-459E-AAE5-349402E415B9}\Setup.exe" -uninst
Master Draft version 2.02 --> "C:\Program Files\Master Draft\unins000.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft DirectX SDK (December 2005) --> MsiExec.exe /I{F7AD7366-10AD-40C4-9846-52FFAC1784A2}
Microsoft Location Finder --> MsiExec.exe /I{EC637522-73A5-4428-8B46-65A621529CC7}
Microsoft MapPoint North America 2004 --> MsiExec.exe /I{8704D51E-25B7-4F23-81E7-AA4F54790230}
Microsoft Money Shared Libraries --> MsiExec.exe /X{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}
Microsoft Office 2000 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Outlook Personal Folders Backup --> MsiExec.exe /X{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}
Microsoft Primary Interoperability Assemblies 2005 --> MsiExec.exe /X{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 --> "C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server 2005 Express Edition (NR2007) --> MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server Native Client --> MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Microsoft SQL Server Setup Support Files (English) --> MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer --> MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 --> MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft WSE 3.0 --> MsiExec.exe /I{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\Jake\Application Data\Move Networks\ie_bin\Uninst.exe
MozBackup 1.4.7 --> "C:\Program Files\MozBackup\unins000.exe"
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
My Financial House 1.01 --> C:\Program Files\Insurance Information Institute\My Financial House\uninst.exe
N2Diff-Teirs-v2.0.0.exe --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\N2 Diff Teirs\ST6UNST.LOG"
Nagra Master - ROM 102 Utility 1.6.(BETA) --> C:\DOCUME~1\Jake\MYDOCU~1\DISH\FILESP~1\NAGRAM~1\Setup.exe /remove /q0
NeatReceipts Database Controller --> MsiExec.exe /X{91789CDD-E83A-4186-B436-AA7A588679FD}
NeatReceipts Professional --> C:\Program Files\NeatReceipts Professional\uninstallNR.exe
NeatReceipts Professional 3.0 Core Files --> MsiExec.exe /X{8D199EBB-749F-478E-B4E4-9D343A1BEB07}
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
OziExplorer 3.95 --> "E:\Program Files\OziExplorer\unins000.exe"
PhotoSuite 4 (Remove Only) --> "C:\Program Files\Roxio\PhotoSuite 4\System\MGIUninstall.exe" C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Roxio\PhotoSuite 4\Uninst.isu" -c"C:\Program Files\Roxio\PhotoSuite 4\System\CustomUninstall.dll"
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Presto! BizCard 4.1 Eng --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\NewSoft\BizCard 4.1 Eng\Uninst.isu" -c"C:\WINDOWS\StiRegstEng.dll"
Projections Dominator Version 2.0k --> "C:\Program Files\ProjectionsDominator\unins000.exe"
Quicken WillMaker Plus 2007 --> C:\WINDOWS\unvise32.exe E:\Program Files\Quicken WillMaker Plus 2007\uninstal.log
QuickTime --> MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F}
REALmagic Hollywood Plus --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\REALmagic\REALmagic Hollywood Plus\Uninst.isu" -c"C:\Program Files\REALmagic\REALmagic Hollywood Plus\rmset.dll
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
RegistryFix v6.2 --> "C:\Program Files\RegistryFix\unins000.exe"
Smart Update Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1424D162-C162-11D4-AE6E-00105A877C32}\setup.exe" -l0x9
SolveIT! v5.7 --> "C:\Program Files\SolveIT57\unins000.exe"
SopCast 3.0.3 --> C:\Program Files\SopCast\uninst.exe
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Stellar Phoenix Mailbox Professional v2.0 --> "C:\Program Files\Stellar Phoenix Mailbox Professional\unins000.exe"
TiVo Desktop 2.5 --> MsiExec.exe /X{4E839090-3B68-436A-B3CF-A2A08C38DD26}
TradeDominator version 3.0d --> "C:\Program Files\TradeDominator\unins000.exe"
TVAnts 1.0 --> C:\PROGRA~1\TVANTS\UNWISE.EXE C:\PROGRA~1\TVANTS\INSTALL.LOG
TVUPlayer 2.3.6.1 --> C:\Program Files\TVUPlayer\uninst.exe
Ulead iPhoto Express 1.1 --> C:\WINDOWS\ULEAD.DAT\ULuninst.exe /f:ipe11f.inf
Ulead VideoStudio 7 SE Basic --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{757AD3D4-036B-42FA-B0A4-96BD6F4605A0}\setup.exe" -l0x9
USB Storage Adapter V2 (TPP) --> tppun.exe TPP200
V3Pro 2002 Deluxe --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AF221765-2FA0-4DC0-95B7-A9F1AE28CE58}\setup.exe" -l0x9
VeohTV BETA --> C:\Program Files\InstallShield Installation Information\{97A96172-A963-4A37-9FFB-DA6805BB915A}\setup.exe -runfromtemp -l0x0409
Verizon Online Help & Support --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{25EF03E6-F17B-11D6-88EA-000476CD2443}\setup.exe" -l0x9 UNINSTALL -removeonly
VIA/S3G Display Driver 6.14.10.0343 --> C:\PROGRA~1\S3\UChromeP\s3minset.exe /u UChromeP.uns
VideoLAN VLC media player 0.8.6f --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewer V7 --> C:\View7\UNINST7.EXE
ViewSonic Monitor Drivers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B4FEA924-630D-11D4-B78E-005004566E4D}\Setup.exe" -l0x9
ViewSonic Windows XP Signed Files --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC47C7A5-BE63-11D5-B7C9-005004566E4D}\Setup.exe" -l0x9
Virtual Earth 3D (Beta) --> MsiExec.exe /I{39CE3C17-846D-4D9B-8B3E-C01A4B90FB73}
WarpSpeeder --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EB4EAD4A-8A80-43A5-8B23-78A2F6B26298}\setup.exe"
WEEI Sport Club --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE7BE6FA-A577-49CD-81B1-FF0A61657C65}\Setup.exe"
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Backup Utility --> MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Rights Management Client --> MsiExec.exe /X{3192A00C-7336-48C6-8BD7-54B9CFA6F7C1}
Windows Rights Management Client Backwards Compatibility --> MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XP Codec Pack --> C:\Program Files\XP Codec Pack\Uninstall.exe
XviD MPEG-4 Codec --> "C:\Program Files\XviD\UninstXviD.exe"
Yahoo! Photos Easy Upload Tool 1v7 --> C:\WINDOWS\system32\regsvr32 /u /s "C:\WINDOWS\cache\YDropper.dll"
Zinio Reader --> C:\Program Files\Zinio\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type17601 / Warning
Event Submitted/Written: 06/10/2008 06:51:34 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type17592 / Error
Event Submitted/Written: 06/09/2008 10:29:12 PM
Event ID/Source: 1001 / Application Hang
Event Description:
Fault bucket 752105286.

Event Record #/Type17591 / Error
Event Submitted/Written: 06/09/2008 10:28:57 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application WINWORD.EXE, version 11.0.8215.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type17590 / Error
Event Submitted/Written: 06/09/2008 10:18:54 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application WINWORD.EXE, version 11.0.8215.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type17029 / Error
Event Submitted/Written: 06/04/2008 01:34:26 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application acrord32.exe, version 8.1.0.137, faulting module unknown, version 0.0.0.0, fault address 0x24003f75.
Processing media-specific event for [acrord32.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type108630 / Error
Event Submitted/Written: 06/10/2008 04:24:28 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Conexant's BtPCI WDM Video Capture service failed to start due to the following error:
%%1058

Event Record #/Type108592 / Error
Event Submitted/Written: 06/10/2008 03:53:55 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Conexant's BtPCI WDM Video Capture service failed to start due to the following error:
%%1058

Event Record #/Type108564 / Error
Event Submitted/Written: 06/10/2008 07:07:29 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Conexant's BtPCI WDM Video Capture service failed to start due to the following error:
%%1058

Event Record #/Type108559 / Error
Event Submitted/Written: 06/10/2008 07:05:49 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type108558 / Error
Event Submitted/Written: 06/10/2008 06:55:56 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
AFD
avgio
avipbb
BIOS
BS_I2cIo
Fips
intelppm
IPSec
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
ssmdrv
Tcpip



-- End of Deckard's System Scanner: finished at 2008-06-11 01:00:05 ------------

Edited by jake4321, 10 June 2008 - 11:25 PM.

  • 0

#12
MichWasHere

MichWasHere

    Member

  • Member
  • PipPipPip
  • 424 posts
Hi Jake, you're pretty much clean :)

There is a leftover registry entry from an old infection to fix
- Click start > select run
- Paste the following text into the run box
reg.exe delete HKLM\software\microsoft\shared tools\msconfig\startupreg\REWARDS NETWORK /f
- click ok

Delete a Folder
Using Windows Explorer (right click the Start button and select "Explore"), please delete these folders (if present):
C:\Program Files\Rewards Network

Optional Removal
You do have one entry in your Hijackthis log from Microsoft that isn't needed and is known for being a resource hog. Its up to you to remove this or not. Removal directions are below:
- Re-open HiJackThis and scan. Check the boxes next to all the entries listed below:
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - http://transfers.one...ransferCtrl.cab
- Close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

Outdated Antivirus
Uninstall your current Avira program and install the newest version, website link here

Some suggestions/pointers
- You have P2P programs installed, these types of programs are very vulnerable to malware and should be removed. They are also known to be big resource hogs as well.
- Convert your hard drives to NTFS, NTFS is a much more secure file system. For more information about the differences between FAT and NTFS file systems read this article.
- Uninstall un-needed/un-used programs and files, you should have at least 15% free disk space, consider getting a larger hard drive if you use all the programs and files installed.
  • 0

#13
jake4321

jake4321

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Thanks for the help I'll implement your suggestions and see how it goes.
  • 0

#14
MichWasHere

MichWasHere

    Member

  • Member
  • PipPipPip
  • 424 posts
You're welcome, good luck :)
  • 0

#15
jake4321

jake4321

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Do I need to do any cleanup on the executables we have ran? I.E Deckard's System Scanner (DSS)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP