Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Win32.Trojan.Yspy

Started by kelkay , Jun 10 2008 07:09 AM

  • This topic is locked This topic is locked

#181
kelkay
Posted 02 July 2008 - 07:12 PM

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
SDFix: Version 1.200
Run by Kelly on Wed 07/02/2008 at 19:41

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:



Could Not Remove C:\csrss.exe
Could Not Remove C:\winstall.exe
Could Not Remove C:\WINDOWS\2020search.dll
Could Not Remove C:\WINDOWS\2020search2.dll
Could Not Remove C:\WINDOWS\avpcc.dll
Could Not Remove C:\WINDOWS\csrss.exe
Could Not Remove C:\WINDOWS\ctrlpan.dll
Could Not Remove C:\WINDOWS\explore.exe
Could Not Remove C:\WINDOWS\FVProtect.exe
Could Not Remove C:\WINDOWS\iexplorer.exe
Could Not Remove C:\WINDOWS\lsasss.exe
Could Not Remove C:\WINDOWS\msconfd.dll
Could Not Remove C:\WINDOWS\mssvr.exe
Could Not Remove C:\WINDOWS\olehelp.exe
Could Not Remove C:\WINDOWS\qttasks.exe
Could Not Remove C:\WINDOWS\rundll16.exe
Could Not Remove C:\WINDOWS\services.exe
Could Not Remove C:\WINDOWS\sistem.exe
Could Not Remove C:\WINDOWS\svchost.exe
Could Not Remove C:\WINDOWS\system32\alsys.exe
Could Not Remove C:\WINDOWS\system32\bho.dll
Could Not Remove C:\WINDOWS\system32\bootconf.exe
Could Not Remove C:\WINDOWS\system32\e1.dll
Could Not Remove C:\WINDOWS\system32\emesx.dll
Could Not Remove C:\WINDOWS\system32\iexplore.exe
Could Not Remove C:\WINDOWS\system32\iexplorer.exe
Could Not Remove C:\WINDOWS\system32\internet.exe
Could Not Remove C:\WINDOWS\system32\ipv6mons.dll
Could Not Remove C:\WINDOWS\system32\msclt.exe
Could Not Remove C:\WINDOWS\system32\msmsgs.exe
Could Not Remove C:\WINDOWS\system32\mstc.exe
Could Not Remove C:\WINDOWS\system32\msupdate.exe
Could Not Remove C:\WINDOWS\system32\mswins.exe
Could Not Remove C:\WINDOWS\system32\nordsys.exe
Could Not Remove C:\WINDOWS\system32\ppl.exe
Could Not Remove C:\WINDOWS\system32\remote.exe
Could Not Remove C:\WINDOWS\system32\rundll.exe
Could Not Remove C:\WINDOWS\system32\rx.exe
Could Not Remove C:\WINDOWS\system32\scvhost32.exe
Could Not Remove C:\WINDOWS\system32\se.exe
Could Not Remove C:\WINDOWS\system32\server.exe
Could Not Remove C:\WINDOWS\system32\svchost32.exe
Could Not Remove C:\WINDOWS\system32\svhost.exe
Could Not Remove C:\WINDOWS\system32\svshost.exe
Could Not Remove C:\WINDOWS\system32\sys.exe
Could Not Remove C:\WINDOWS\system32\taskgmr.exe
Could Not Remove C:\WINDOWS\system32\update.exe
Could Not Remove C:\WINDOWS\system32\wgareg.exe
Could Not Remove C:\WINDOWS\system32\wgavm.exe
Could Not Remove C:\WINDOWS\system32\win32.exe
Could Not Remove C:\WINDOWS\system32\windll.exe
Could Not Remove C:\WINDOWS\system32\windowz.exe
Could Not Remove C:\WINDOWS\system32\winhost.exe
Could Not Remove C:\WINDOWS\system32\winsvc.exe
Could Not Remove C:\WINDOWS\system32\winsys32.exe
Could Not Remove C:\WINDOWS\system32\winupd.exe
Could Not Remove C:\WINDOWS\system32\winxp.exe
Could Not Remove C:\WINDOWS\system32\zlbw.dll
Could Not Remove C:\WINDOWS\userconfig9x.dll
Could Not Remove C:\WINDOWS\voiceip.dll
Could Not Remove C:\WINDOWS\winlogon.exe
Could Not Remove C:\WINDOWS\winserv.exe
Could Not Remove C:\WINDOWS\xpupdate.exe
Could Not Remove C:\WINDOWS\system32\wincom32.sys



Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-02 20:04:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"="C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe:*:Enabled:Updates from HP"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Application Loader"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe:*:Enabled:AOLTsMon"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"C:\\Program Files\\Common Files\\AOL\\1164757353\\EE\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1164757353\\EE\\AOLServiceHost.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"="C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"="C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0a\\waol.exe"="C:\\Program Files\\America Online 9.0a\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Paltalk Messenger\\paltalk.exe"="C:\\Program Files\\Paltalk Messenger\\paltalk.exe:*:Enabled:Paltalk 9 beta"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"="C:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe:*:Enabled:Zoo Tycoon 2 Executable"
"C:\\Program Files\\kontiki\\KService.exe"="C:\\Program Files\\kontiki\\KService.exe:*:Enabled:Delivery Manager Service"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :

C:\csrss.exe Found
C:\winstall.exe Found
C:\WINDOWS\2020search.dll Found
C:\WINDOWS\2020search2.dll Found
C:\WINDOWS\avpcc.dll Found
C:\WINDOWS\csrss.exe Found
C:\WINDOWS\ctrlpan.dll Found
C:\WINDOWS\explore.exe Found
C:\WINDOWS\FVProtect.exe Found
C:\WINDOWS\iexplorer.exe Found
C:\WINDOWS\lsasss.exe Found
C:\WINDOWS\msconfd.dll Found
C:\WINDOWS\mssvr.exe Found
C:\WINDOWS\olehelp.exe Found
C:\WINDOWS\qttasks.exe Found
C:\WINDOWS\rundll16.exe Found
C:\WINDOWS\services.exe Found
C:\WINDOWS\sistem.exe Found
C:\WINDOWS\svchost.exe Found
C:\WINDOWS\system32\alsys.exe Found
C:\WINDOWS\system32\bho.dll Found
C:\WINDOWS\system32\bootconf.exe Found
C:\WINDOWS\system32\e1.dll Found
C:\WINDOWS\system32\emesx.dll Found
C:\WINDOWS\system32\iexplore.exe Found
C:\WINDOWS\system32\iexplorer.exe Found
C:\WINDOWS\system32\internet.exe Found
C:\WINDOWS\system32\ipv6mons.dll Found
C:\WINDOWS\system32\msclt.exe Found
C:\WINDOWS\system32\msmsgs.exe Found
C:\WINDOWS\system32\mstc.exe Found
C:\WINDOWS\system32\msupdate.exe Found
C:\WINDOWS\system32\mswins.exe Found
C:\WINDOWS\system32\nordsys.exe Found
C:\WINDOWS\system32\ppl.exe Found
C:\WINDOWS\system32\remote.exe Found
C:\WINDOWS\system32\rundll.exe Found
C:\WINDOWS\system32\rx.exe Found
C:\WINDOWS\system32\scvhost32.exe Found
C:\WINDOWS\system32\se.exe Found
C:\WINDOWS\system32\server.exe Found
C:\WINDOWS\system32\svchost32.exe Found
C:\WINDOWS\system32\svhost.exe Found
C:\WINDOWS\system32\svshost.exe Found
C:\WINDOWS\system32\sys.exe Found
C:\WINDOWS\system32\taskgmr.exe Found
C:\WINDOWS\system32\update.exe Found
C:\WINDOWS\system32\wgareg.exe Found
C:\WINDOWS\system32\wgavm.exe Found
C:\WINDOWS\system32\win32.exe Found
C:\WINDOWS\system32\windll.exe Found
C:\WINDOWS\system32\windowz.exe Found
C:\WINDOWS\system32\winhost.exe Found
C:\WINDOWS\system32\winsvc.exe Found
C:\WINDOWS\system32\winsys32.exe Found
C:\WINDOWS\system32\winupd.exe Found
C:\WINDOWS\system32\winxp.exe Found
C:\WINDOWS\system32\zlbw.dll Found
C:\WINDOWS\userconfig9x.dll Found
C:\WINDOWS\voiceip.dll Found
C:\WINDOWS\winlogon.exe Found
C:\WINDOWS\winserv.exe Found
C:\WINDOWS\xpupdate.exe Found
C:\WINDOWS\system32\wincom32.sys Found

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Sat 28 Jun 2008 274 ...HR --- "C:\Program Files\adwareremovergold.com"
Sat 28 Jun 2008 274 ...HR --- "C:\Program Files\bulletproofsoft.com"
Sat 28 Jun 2008 236 ...HR --- "C:\Program Files\dealhelper.com inc"
Sat 28 Jun 2008 228 ...HR --- "C:\Program Files\gator.com"
Sat 28 Jun 2008 274 ...HR --- "C:\Program Files\malwaresweeper.com"
Sat 28 Jun 2008 274 ...HR --- "C:\Program Files\pcprivacysoftware.com"
Fri 19 Nov 2004 54,872 A..H. --- "C:\Program Files\America Online 9.0\AOLphx.exe"
Fri 19 Nov 2004 31,832 A..H. --- "C:\Program Files\America Online 9.0\rbm.exe"
Tue 12 Jul 2005 54,872 A..H. --- "C:\Program Files\America Online 9.0a\AOLphx.exe"
Tue 12 Jul 2005 31,832 A..H. --- "C:\Program Files\America Online 9.0a\rbm.exe"
Sun 21 Oct 2007 72,704 ..SHR --- "C:\Program Files\Malware Immunizer\MI.exe"
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Tue 28 Nov 2006 22 A.SH. --- "C:\WINDOWS\SMINST\HPCD.sys"
Tue 25 Sep 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 25 Sep 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Mon 19 Sep 2005 788,568 A..H. --- "C:\Program Files\Online Services\Canada\KOL\client.exe"
Wed 17 Aug 2005 13,459,528 A..H. --- "C:\Program Files\Online Services\NetscapeOnline\Netscape Tech\nsb-install-8-0.exe"
Wed 17 Aug 2005 233,472 A..H. --- "C:\Program Files\Online Services\NetscapeOnline\Netscape Tech\webutil8.exe"
Wed 17 Aug 2005 389,120 A..H. --- "C:\Program Files\Online Services\NetscapeOnline\Netscape Tech\WinsockFix.exe"
Wed 14 Dec 2005 200,704 A..H. --- "C:\Program Files\Online Services\Aol\United States\AOL90\ACST4.DLL"
Tue 22 Nov 2005 81,920 A..H. --- "C:\Program Files\Online Services\Aol\United States\AOL90\AOLFIREWALLMGR.DLL"
Tue 22 Nov 2005 73,728 A..H. --- "C:\Program Files\Online Services\Aol\United States\AOL90\AOLINSTALLERFW.DLL"
Wed 14 Dec 2005 88,064 A..H. --- "C:\Program Files\Online Services\Aol\United States\AOL90\INSTPH.DLL"
Wed 14 Dec 2005 200,704 A..H. --- "C:\Program Files\Online Services\Aol\United States\AOL90E\ACST4.DLL"
Tue 22 Nov 2005 81,920 A..H. --- "C:\Program Files\Online Services\Aol\United States\AOL90E\AOLFIREWALLMGR.DLL"
Tue 22 Nov 2005 73,728 A..H. --- "C:\Program Files\Online Services\Aol\United States\AOL90E\AOLINSTALLERFW.DLL"
Wed 14 Dec 2005 88,064 A..H. --- "C:\Program Files\Online Services\Aol\United States\AOL90E\INSTPH.DLL"
Thu 1 Nov 2007 10,186 A.SH. --- "C:\Documents and Settings\Kelly\Application Data\Roxio\Dragon\DiscInfoCache\TSSTcorp_CD_DVDW_TS-H652L_0603_300_DICV018_DRGV2050108.TMP"
Wed 2 Jul 2008 2,146 A.SH. --- "C:\Documents and Settings\Kelly\Application Data\Roxio\Dragon\DiscInfoCache\TSSTcorp_CD_DVDW_TS-H652L_0603_000_DICV018_DRGV2050108.TMP"
Mon 19 Sep 2005 77,824 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\acs\AcsInstN.dll"
Mon 19 Sep 2005 6,961,146 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\acs\acsnet.zip"
Mon 19 Sep 2005 3,058,888 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\acs\acssetup.exe"
Mon 19 Sep 2005 307,289 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\asp\aspcheck.dll"
Mon 19 Sep 2005 7,083,361 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\asp\aspsetup.exe"
Wed 21 Sep 2005 1,960,296 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\autoit\autoit-v3.zip"
Mon 19 Sep 2005 550,488 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\deskbar\deskbr.exe"
Mon 19 Sep 2005 553,984 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\flash\FlashAX.exe"
Mon 19 Sep 2005 2,242,759 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\fw\nisale.exe"
Mon 19 Sep 2005 24,064 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\fw\NISChk.dll"
Mon 19 Sep 2005 57,344 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\ocp\ocpchk.dll"
Mon 19 Sep 2005 748,728 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\ocp\ocpinst.exe"
Mon 19 Sep 2005 7,515,304 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\qt\qt.exe"
Mon 19 Sep 2005 86,016 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\qt\QTInsInf.dll"
Mon 19 Sep 2005 45,056 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\rp\RealChk.dll"
Mon 19 Sep 2005 5,111,296 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\rp\RealPl8.EXE"
Mon 19 Sep 2005 4,378,673 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\rp\real_upd.exe"
Mon 19 Sep 2005 360,448 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\rp\rp9codec.exe"
Mon 19 Sep 2005 40,960 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\sysinfo\SiNdInst.dll"
Mon 19 Sep 2005 473,736 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\sysinfo\SinfInst.exe"
Mon 19 Sep 2005 12,288 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\tb\tbinst.dll"
Mon 19 Sep 2005 516,032 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\tb\tbsetup.exe"
Mon 19 Sep 2005 597,080 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\toolbar\toolbr.exe"
Mon 19 Sep 2005 590,688 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\tpspd\TSsetup.exe"
Mon 19 Sep 2005 57,344 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\tpspd\tsverchk.dll"
Mon 19 Sep 2005 49,152 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\vwpt\AOLVPChk.dll"
Mon 19 Sep 2005 61,440 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\vwpt\VPPrePop.exe"
Mon 19 Sep 2005 3,858,056 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\vwpt\Vwpt.exe"

Finished!
  • 0

Advertisements

#182
kelkay
Posted 02 July 2008 - 07:14 PM

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:13:55, on 7/2/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\mozilla.org\SeaMonkey\seamonkey.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O3 - Toolbar: WebFerret - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - C:\Program Files\FerretSoft\WebFerret\FerretBand.dll
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\system32\wweb32.dll/lookup.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....030/CTSUEng.cab
O16 - DPF: {127CE7BA-AD89-4108-A913-C52EFC037C36} (OMN Player Support) - http://kdx.omn.org/s...ayerSupport.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {2776DDE9-D4B2-4BF7-9F98-ADC1A1B80AF5} (OMN Media Publisher) - http://kdx.omn.org/s...iaPublisher.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.shockwave...h2.1.0.0.67.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1165348971449
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
O16 - DPF: {A7ECD556-D6F6-4F41-8C6B-14AB246801A0} (Secure Delivery) - http://kdx.omn.org/s...ery/omn/kdx.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15030/CTPID.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9318 bytes
  • 0

#183
koko_crunch
Posted 02 July 2008 - 07:23 PM

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
And we're back to square one. :)

Let's run this again then we'll clear out most of the stuff you don't need.

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

Close all other windows before proceeding.

Click on Start, click on Run
copy and paste the following in bold in the open window and then click OK
"%userprofile%\desktop\dss.exe" /config
This will open up DSS configuration
click on Check All
click Scan
DSS will now run again when finished
Please post back both logs that open in notepad
Main txt and extra txt
  • 0

#184
kelkay
Posted 03 July 2008 - 12:33 PM

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
Deckard's System Scanner v20071014.68
Run by Kelly on 2008-07-03 13:25:40
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Kelly.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:28:21, on 7/3/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Documents and Settings\Kelly\desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Kelly.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O3 - Toolbar: WebFerret - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - C:\Program Files\FerretSoft\WebFerret\FerretBand.dll
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\system32\wweb32.dll/lookup.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....030/CTSUEng.cab
O16 - DPF: {127CE7BA-AD89-4108-A913-C52EFC037C36} (OMN Player Support) - http://kdx.omn.org/s...ayerSupport.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {2776DDE9-D4B2-4BF7-9F98-ADC1A1B80AF5} (OMN Media Publisher) - http://kdx.omn.org/s...iaPublisher.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.shockwave...h2.1.0.0.67.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1165348971449
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
O16 - DPF: {A7ECD556-D6F6-4F41-8C6B-14AB246801A0} (Secure Delivery) - http://kdx.omn.org/s...ery/omn/kdx.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15030/CTPID.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9123 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080605-104113-318 O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
backup-20080605-104113-343 O23 - Service: AZZVJ - Unknown owner - C:\DOCUME~1\Kelly\LOCALS~1\Temp\AZZVJ.exe (file missing)
backup-20080605-104113-576 O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
backup-20080605-104113-858 O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - (no file)
backup-20080605-104113-971 O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
backup-20080701-095252-943 O23 - Service: OYKNVASYNG - Unknown owner - C:\DOCUME~1\Kelly\LOCALS~1\Temp\OYKNVASYNG.exe (file missing)

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 giveio - c:\windows\system32\giveio.sys
R0 speedfan - c:\windows\system32\speedfan.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>

S0 ftsata2 - c:\windows\system32\drivers\ftsata2.sys (file missing)
S3 catchme - c:\docume~1\kelly\locals~1\temp\catchme.sys (file missing)
S3 MEMSWEEP2 - c:\windows\system32\8b.tmp (file missing)
S3 PCAMPR5 (PCAMPR5 NDIS Protocol Driver) - c:\windows\system32\pcampr5.sys (file missing)
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
S4 spcstb - c:\windows\system32\drivers\spcstb.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 SansaService (Sansa Updater Service) - c:\program files\sandisk\sansa updater\sansasvr.exe

S4 OYKNVASYNG - c:\docume~1\kelly\locals~1\temp\oyknvasyng.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Process Modules -------------------------------------------------------------

C:\WINDOWS\explorer.exe (pid 2948)
2005-07-12 00:17:43 77824 --a------ C:\Program Files\Common Files\aolshare\aolshcpy.dll <Not Verified; America Online Inc.; aolshcpy Module>
2002-07-04 09:38:00 53248 --a------ C:\Program Files\ArcSoft\PhotoImpression 5\Share\PIHook.dll
-- :: 0 --------- C:\DOCUME~1\Kelly\LOCALS~1\Temp\IadHide5.dll
2005-04-04 14:06:02 1515520 -----n--- C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll <Not Verified; Nero AG; Nero Digital Tools>
2007-08-30 21:00:52 335872 --a------ C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll <Not Verified; Sun Microsystems, Inc.; >
2007-08-17 22:54:42 98304 --a------ C:\Program Files\OpenOffice.org 2.3\program\uwinapi.dll <Not Verified; Sun Microsystems, Inc.; >
2007-08-08 20:04:26 577536 --a------ C:\Program Files\OpenOffice.org 2.3\program\stlport_vc7145.dll <Not Verified; STLport Consulting, Inc.; STLport Standard ANSI C++ Libarary>


-- Scheduled Tasks -------------------------------------------------------------

2008-07-03 09:49:43 478 --a------ C:\WINDOWS\Tasks\SmartDefrag.job
2008-06-27 15:40:03 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-06-03 and 2008-07-03 -----------------------------

2008-07-01 01:15:01 0 d-------- C:\WINDOWS\Prefetch
2008-07-01 01:04:25 0 d-------- C:\WINDOWS\system32\scripting
2008-07-01 01:04:24 0 d-------- C:\WINDOWS\system32\en
2008-07-01 01:04:24 0 d-------- C:\WINDOWS\l2schemas
2008-07-01 01:04:23 0 d-------- C:\WINDOWS\system32\bits
2008-07-01 01:02:31 0 d-------- C:\WINDOWS\ServicePackFiles
2008-06-28 16:49:35 0 dr-hs---- C:\WINDOWS\winupie.exe
2008-06-28 16:49:35 0 dr-hs---- C:\WINDOWS\winmuschi.exe
2008-06-28 16:49:35 0 dr-hs---- C:\WINDOWS\updatewinlocator.exe
2008-06-28 16:49:35 0 dr-hs---- C:\WINDOWS\system32\zp.dll
2008-06-28 16:49:35 0 dr-hs---- C:\WINDOWS\system32\zeropopupbar.dll
2008-06-28 16:49:35 0 dr-hs---- C:\WINDOWS\system32\winwsl.exe
2008-06-28 16:49:35 0 dr-hs---- C:\WINDOWS\system32\wintft.dll
2008-06-28 16:49:35 0 dr-hs---- C:\WINDOWS\system32\wintbpx.exe
2008-06-28 16:49:35 0 dr-hs---- C:\WINDOWS\system32\wintbp.exe
2008-06-28 16:49:35 0 dr-hs---- C:\WINDOWS\system32\winshow.dll
2008-06-28 16:49:35 0 dr-hs---- C:\WINDOWS\system32\winsb.dll
2008-06-28 16:49:35 0 dr-hs---- C:\WINDOWS\system32\winrvl.exe
2008-06-28 16:49:35 0 dr-hs---- C:\WINDOWS\system32\winpup32.exe
2008-06-28 16:49:35 0 dr-hs---- C:\WINDOWS\system32\winpup.exe
2008-06-28 16:49:35 0 dr-hs---- C:\WINDOWS\system32\winlocatorhelper.dll
2008-06-28 16:49:35 0 dr-hs---- C:\WINDOWS\system32\winlocator.dll
2008-06-28 16:49:35 0 dr-hs---- C:\WINDOWS\system32\winksl.exe
2008-06-28 16:49:35 0 d-------- C:\WINDOWS\system32\update.exe
2008-06-28 16:49:35 0 dr-hs---- C:\WINDOWS\system32\systemout.exe
2008-06-28 16:49:35 0 dr-hs---- C:\WINDOWS\system32\sysdll32.dll
2008-06-28 16:49:35 0 dr-hs---- C:\WINDOWS\system32\servises.exe
2008-06-28 16:49:35 0 d-------- C:\WINDOWS\system32\rx.exe
2008-06-28 16:49:35 0 dr-hs---- C:\WINDOWS\system32\regperf.exe
2008-06-28 16:49:35 0 dr-hs---- C:\WINDOWS\system32\pup.exe
2008-06-28 16:49:35 0 dr-hs---- C:\WINDOWS\system32\pnp.exe
2008-06-28 16:49:35 0 dr-hs---- C:\WINDOWS\system32\per.exe
2008-06-28 16:49:35 0 dr-hs---- C:\WINDOWS\system32\nvctrl.exe
2008-06-28 16:49:35 0 dr-hs---- C:\WINDOWS\system32\norton update.exe
2008-06-28 16:49:35 0 dr-hs---- C:\WINDOWS\system32\mssearchnet.exe
2008-06-28 16:49:35 0 d-------- C:\WINDOWS\system32\msmsgs.exe
2008-06-28 16:49:35 0 dr-hs---- C:\WINDOWS\system32\mscornet.exe
2008-06-28 16:49:35 0 dr-hs---- C:\WINDOWS\system32\issearch.exe
2008-06-28 16:49:35 0 dr-hs---- C:\WINDOWS\system32\isnotify.exe
2008-06-28 16:49:35 0 dr-hs---- C:\WINDOWS\system32\ismon.exe
2008-06-28 16:49:35 0 dr-hs---- C:\WINDOWS\system32\ishost.exe
2008-06-28 16:49:35 0 dr-hs---- C:\WINDOWS\system32\dfrgsrv.exe
2008-06-28 16:49:35 0 dr-hs---- C:\WINDOWS\system32\df_kme.exe
2008-06-28 16:49:35 0 dr-hs---- C:\WINDOWS\system32\dcomcfg.exe
2008-06-28 16:49:35 0 dr-hs---- C:\WINDOWS\system32\csm.exe
2008-06-28 16:49:35 0 dr-hs---- C:\WINDOWS\system32\botzor.exe
2008-06-28 16:49:35 0 dr-hs---- C:\WINDOWS\system32\axconfig.dll
2008-06-28 16:49:35 0 dr-hs---- C:\WINDOWS\system32\4ccc3cea.exe
2008-06-28 16:49:35 0 dr-hs---- C:\WINDOWS\pnpasn32.exe
2008-06-28 16:49:35 0 dr-hs---- C:\WINDOWS\hpsv.exe
2008-06-28 16:49:35 0 dr-hs---- C:\WINDOWS\cdproxyserv.exe
2008-06-28 16:49:35 230 -r-h----- C:\Program Files\zsearch
2008-06-28 16:49:35 240 -r-h----- C:\Program Files\zeropopupbar
2008-06-28 16:49:35 226 -r-h----- C:\Program Files\zangoclient
2008-06-28 16:49:35 226 -r-h----- C:\Program Files\zango games
2008-06-28 16:49:35 228 -r-h----- C:\Program Files\xsoftware
2008-06-28 16:49:35 228 -r-h----- C:\Program Files\xpcspy
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\windowsupd4.exe
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\windowsupd2.exe
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\windowsupd1.exe
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\vx2.dll
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\t2serv.exe
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\t2serv.dll
2008-06-28 16:49:34 0 d-------- C:\WINDOWS\system32\zlbw.dll
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\wshtlprh.dll
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\wshnseri.exe
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\winntcreate.exe
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\winftsap.exe
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\winftsap.dll
2008-06-28 16:49:34 0 d-------- C:\WINDOWS\system32\wincom32.sys
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\w3sskbda.dll
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\vx2.dll
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\vwix32.exe
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\vsxmpgpc.dll
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\vnetsmme.dll
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\vb5dmspo.dll
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\v4pbpt51.dll
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\uninmyad.exe
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\trafracp.dll
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\tps108.dll
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\tisa.dll
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\tips.exe
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\tippcls.dat
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\tipp.dat
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\timesrv.exe
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\ticont.dll
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\ticads.exe
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\tconini.dat
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\sysmonnt.exe
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\spwgoc.exe
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\snmpmssw.exe
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\slbrmqtr.exe
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\slbipsch.exe
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\slbipsch.dll
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\shfoxpob.exe
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\secumsje.exe
2008-06-28 16:49:34 0 d-------- C:\WINDOWS\system32\se.exe
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\sd16win.dll
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\scp3jgaw.dll
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\rvreg.exe
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\rulesak.dll
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\rdpwmsjt.exe
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\rcbdwmpd.dll
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\qdvtscf.dll
2008-06-28 16:49:34 0 d-------- C:\WINDOWS\system32\ppl.exe
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\oebdfc.dll
2008-06-28 16:49:34 0 d-------- C:\WINDOWS\system32\nordsys.exe
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\myad.dll
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\msview.dll
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\msnavc32.exe
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\messenger.lib.exe
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\lut.dat
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\lspak.dll
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\localnrd.dll
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\lcch.dat
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\ladchkr.exe
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\host.dll
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\hook2.dll
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\hook1.dll
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\google.png.exe
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\gdu.dll
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\game3.exe
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\game2.exe
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\game1.exe
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\dad.bat
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\cidrules.dll
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\bridge.dll
2008-06-28 16:49:34 0 d-------- C:\WINDOWS\system32\alsys.exe
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\adchkr.exe
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\a.exe
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\6fo4svc.dll
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\sserrvv.exe
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\serrv.exe
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\reggserv.exe
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\psapi.dll
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\msupdtwiz.exe
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\kernellos.dll
2008-06-28 16:49:34 222 -r-h----- C:\WINDOWS\isrvs
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\iehelper.dll
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\cserv32.exe
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\cleanhistories.dll
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\ccsserv.exe
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\ads.js
2008-06-28 16:49:34 234 -r-h----- C:\temp_kl
2008-06-28 16:49:34 232 -r-h----- C:\Program Files\winfixer 2005
2008-06-28 16:49:34 240 -r-h----- C:\Program Files\winfavorites
2008-06-28 16:49:34 246 -r-h----- C:\Program Files\windows adtools
2008-06-28 16:49:34 250 -r-h----- C:\Program Files\windows adcontrol
2008-06-28 16:49:34 230 -r-h----- C:\Program Files\win comm
2008-06-28 16:49:34 226 -r-h----- C:\Program Files\whenu
2008-06-28 16:49:34 236 -r-h----- C:\Program Files\web_rebates
2008-06-28 16:49:34 236 -r-h----- C:\Program Files\web_cpr
2008-06-28 16:49:34 224 -r-h----- C:\Program Files\vvsn
2008-06-28 16:49:34 226 -r-h----- C:\Program Files\vvsdl
2008-06-28 16:49:34 226 -r-h----- C:\Program Files\vomba
2008-06-28 16:49:34 238 -r-h----- C:\Program Files\vmntoolbar
2008-06-28 16:49:34 232 -r-h----- C:\Program Files\ts trial
2008-06-28 16:49:34 232 -r-h----- C:\Program Files\topmoxie
2008-06-28 16:49:34 244 -r-h----- C:\Program Files\sys detective+
2008-06-28 16:49:34 240 -r-h----- C:\Program Files\surfsidekick
2008-06-28 16:49:34 240 -r-h----- C:\Program Files\surfsidekick 2
2008-06-28 16:49:34 232 -r-h----- C:\Program Files\superbar
2008-06-28 16:49:34 232 -r-h----- C:\Program Files\netmeting
2008-06-28 16:49:34 222 -r-h----- C:\Program Files\hpdll
2008-06-28 16:49:34 232 -r-h----- C:\Program Files\Common Files\winsoftware
2008-06-28 16:49:34 226 -r-h----- C:\Program Files\Common Files\ucontrol
2008-06-28 16:49:34 222 -r-h----- C:\Program Files\autoupdate
2008-06-28 16:49:34 234 -r-h----- C:\archivos de programa
2008-06-28 16:49:33 236 -r-h----- C:\WINDOWS\winsecurity
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\waladhpr.exe
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\xkrdk.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\wzhelper.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\wiatwain.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\webalize.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\unsocul.exe
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\somatic.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\sodahk.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\socul.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\smdnn05.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\servehost.exe
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\seqsb.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\searchupdate33.exe
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\searchupdate31.exe
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\searchsquire33.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\searchsquire3.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\searchsquire2.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\searchsquire.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\seantb.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\s4helper.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\replmap.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\reg2.exe
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\pqhelper.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\mygeek.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\msstersv.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\msqsb.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\msnsxole.exe
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\msnsxole.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\mslspcg.exe
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\mslsicwd.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\msexcred.exe
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\msafiasn.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\mqoacdmo.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\mqadscp3.exe
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\mgmtmtxc.exe
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\mgeekremove.exe
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\mcd3mscm.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\lmrtatkc.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\kbdpkbdr.exe
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\kbdfwshe.exe
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\jgsdrpcn.exe
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\jgsdrpcn.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\jgdwadsn.exe
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\jgdwadsn.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\iuennwcf.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\ir32racp.exe
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\ipxwshel.exe
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\ipxrmfc4.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\imesrdch.exe
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\ifsomatic.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\ifhelper.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\iebrw.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\icmpdx3j.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\iaspdpus.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\i4n27vl.exe
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\hotlink.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\homepage.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\hmepge.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\higehsg.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\hhselz32.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\gsim.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\fltlauto.exe
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\fileserv.dll
2008-06-28 16:49:33 0 d-------- C:\WINDOWS\system32\e1.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\dsseds32.exe
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\dsseds32.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\dpugmswe.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\dnsrxpob.exe
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\deskmcd3.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\ddemdmco.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\davctool.exe
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\davctool.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\confbrw.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\comrkbdd.exe
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\comploader.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\chkmfdep.exe
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\camodpnm.exe
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\brwstat.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\brwprf32.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\brwperf.exe
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\brwmgr32.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\brwconf.exe
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\barbho.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\avifipxr.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\admeiolo.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\actidmoc.exe
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\svrmgr.exe
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\ssmsgr.exe
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\ssls.exe
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\ssdgt.exe
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\sscrg.exe
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\gsim.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\cssswd.exe
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\csssupd.exe
2008-06-28 16:49:33 236 -r-h----- C:\WINDOWS\connectionstatus
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\adrsb.exe
2008-06-28 16:49:33 234 -r-h----- C:\spedia
2008-06-28 16:49:33 232 -r-h----- C:\Program Files\valintines day card
2008-06-28 16:49:33 244 -r-h----- C:\Program Files\swagent
2008-06-28 16:49:33 244 -r-h----- C:\Program Files\stealthwatcher200
2008-06-28 16:49:33 230 -r-h----- C:\Program Files\spytech software
2008-06-28 16:49:33 234 -r-h----- C:\Program Files\spyonthis
2008-06-28 16:49:33 232 -r-h----- C:\Program Files\spyblast
2008-06-28 16:49:33 234 -r-h----- C:\Program Files\softomate
2008-06-28 16:49:33 248 -r-h----- C:\Program Files\selectrebates
2008-06-28 16:49:33 234 -r-h----- C:\Program Files\searchnet
2008-06-28 16:49:33 240 -r-h----- C:\Program Files\searchlocate
2008-06-28 16:49:33 236 -r-h----- C:\Program Files\screenview
2008-06-28 16:49:33 226 -r-h----- C:\Program Files\p4p
2008-06-28 16:49:33 234 -r-h----- C:\Program Files\ietoolbar
2008-06-28 16:49:33 242 -r-h----- C:\Program Files\dynamic toolbar
2008-06-28 16:49:33 226 -r-h----- C:\Program Files\Common Files\sogou pxp
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\wserver.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\winlogon.scr
2008-06-28 16:49:32 0 d-------- C:\WINDOWS\winlogon.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\visualguard.exe
2008-06-28 16:49:32 0 d-------- C:\WINDOWS\userconfig9x.dll
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\xpfirewall.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\wpwmgrs.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\winvnc.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\wintasker.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\winsyscfg.exe
2008-06-28 16:49:32 0 d-------- C:\WINDOWS\system32\winsys32.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\winsys.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\winsvc32.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\winstart.pif
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\winnt.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\wininfo.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\winhlpapi.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\wingmt32.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\winds.exe
2008-06-28 16:49:32 0 d-------- C:\WINDOWS\system32\windowz.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\windowsfirewall.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\windasz-updote.exe
2008-06-28 16:49:32 0 d-------- C:\WINDOWS\system32\win32.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\win24.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\wid32.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\wfdmgr.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\wfdgmr.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\wdns33.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\w32ntupdt.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\w1nt5k.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\vlcx052.dll
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\twunk_65.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\timemanager.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\taskgmr32.exe
2008-06-28 16:49:32 0 d-------- C:\WINDOWS\system32\taskgmr.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\taskgamr.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\tagmr.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\sysconf.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\sword.exe
2008-06-28 16:49:32 0 d-------- C:\WINDOWS\system32\svshost.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\stagmr.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\speeder.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\sp2winfix.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\sp2fx.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\slpube03.dll
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\shnlog.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\rlvknlg.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\rkinstaller.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\rk.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\optserve.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\optserve.dll
2008-06-28 16:49:32 0 d-------- C:\WINDOWS\system32\mstc.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\msplus4.dll
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\msplus3.dll
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\msplus2.dll
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\msplus1.dll
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\msplus.dll
2008-06-28 16:49:32 0 d-------- C:\WINDOWS\system32\msclt.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\mrkscr.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\lp.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\lp.dll
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\intmon.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\auole4.dll
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\sysmonxp.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\symav.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\switpb.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\switpa.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\skynetave.exe
2008-06-28 16:49:32 0 d-------- C:\WINDOWS\services.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\rundil32.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\rundil.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\phantom.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\pandaavengine.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\netmedia.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\napatch.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\msnmsgrs.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\maja.exe
2008-06-28 16:49:32 0 d-------- C:\WINDOWS\lsasss.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\lansas.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\kasperskyaveng.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\jammer2nd.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\infodll.dll
2008-06-28 16:49:32 0 d-------- C:\WINDOWS\fvprotect.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\fooding.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\firewallsvr.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\easyav.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\diskmonitor.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\comp.cpl
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\cfg32s.dll
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\cfg32r.dll
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\cfg32o.dll
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\cfg32.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\avserve3.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\avserve2.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\avprotect9x.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\avprotect.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\avpguard.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\avguard.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\avbgle.exe
2008-06-28 16:49:32 234 -r-h----- C:\Program Files\startup mechanic
2008-06-28 16:49:32 230 -r-h----- C:\Program Files\savenow
2008-06-28 16:49:32 234 -r-h----- C:\Program Files\rxtoolbar
2008-06-28 16:49:32 250 -r-h----- C:\Program Files\relevantknowledge
2008-06-28 16:49:32 234 -r-h----- C:\Program Files\rax search helper
2008-06-28 16:49:32 228 -r-h----- C:\Program Files\psupport
2008-06-28 16:49:32 234 -r-h----- C:\Program Files\need2find
2008-06-28 16:49:32 226 -r-h----- C:\Program Files\ncase
2008-06-28 16:49:32 232 -r-h----- C:\Program Files\navexcel
2008-06-28 16:49:32 232 -r-h----- C:\Program Files\navexcel search toolbar
2008-06-28 16:49:32 238 -r-h----- C:\Program Files\mywebsearch
2008-06-28 16:49:32 230 -r-h----- C:\Program Files\ezthemes_whenusavenow_installer
2008-06-28 16:49:32 228 -r-h----- C:\Program Files\exolon
2008-06-28 16:49:32 234 -r-h----- C:\Program Files\ddr
2008-06-28 16:49:32 236 -r-h----- C:\Program Files\Common Files\nsis
2008-06-28 16:49:32 234 -r-h----- C:\Program Files\arcade!
2008-06-28 16:49:31 0 dr-hs---- C:\winssystem.exe
2008-06-28 16:49:31 240 -r-h----- C:\WINDOWS\wintrim
2008-06-28 16:49:31 240 -r-h----- C:\WINDOWS\winmgts
2008-06-28 16:49:31 240 -r-h----- C:\WINDOWS\wincomp
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\unstall.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\winnb60.dll
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\winnb58.dll
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\winnb57.dll
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\winnb56.dll
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\winnb52.dll
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\winnb51.dll
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\winnb42.dll
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\winnb41.dll
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\winnb40.dll
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\windmy.dll
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\winats.dll
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\vtlbar1.dll
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\tubby.dll
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\tbc.dll
2008-06-28 16:49:31 0 d-------- C:\WINDOWS\system32\sys.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\skybot.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\shell.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\service5.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\sd.exe
2008-06-28 16:49:31 0 d-------- C:\WINDOWS\system32\scvhost32.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\scrigz.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\scalpe91.exe
2008-06-28 16:49:31 0 d-------- C:\WINDOWS\system32\rundll.exe
2008-06-28 16:49:31 0 d-------- C:\WINDOWS\system32\remote.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\protection.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\plugnplay32.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\picx.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\phantom.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\patch31345.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\osalogbe.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\nn_bar31.dll
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\nn_bar22.dll
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\nn_bar21.dll
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\nn_bar.dll
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\netcog.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\nas.dll
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\myaccess.dll
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\mtrnqs.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\mtc.dll
2008-06-28 16:49:31 0 d-------- C:\WINDOWS\system32\mswins.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\mssck.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\msplus32.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\msnl.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\msmgrxp.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\msklive.dll
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\msgmr.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\msegcompid.dll
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\msdev32.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\msapasrc.dll
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\msa64chk.dll
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\mouse.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\microupdate.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\microsystem.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\memloader.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\mcscn.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\mapisvc32.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\mailinfo.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\madise.dll
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\logitechwls.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\logic.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\lienvdk.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\lienvandekelder.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\lientjeuh.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\lien vd kelder.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\lien vande kelder.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\lien Van de kelderrr.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\lien van de kelder.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\lcd32.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\jusched32.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\itunegui.exe
2008-06-28 16:49:31 0 d-------- C:\WINDOWS\system32\internet.exe
2008-06-28 16:49:31 0 d-------- C:\WINDOWS\system32\iexplorer.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\hostdrvxp.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\hbmail.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\gothica.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\fixupdattr.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\evil.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\ds.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\dll.dll
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\dcomuser.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\coolbot.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\ccsrs.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\avpr.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\adv.dll
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\abs.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\666.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\1hellbot.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\0.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\patch31345.exe
2008-06-28 16:49:31 240 -r-h----- C:\WINDOWS\navpmc
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\msnarrator.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\mrhop.dll
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\mpgcom.dll
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\mmups.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\mm63.ocx
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\mm21.ocx
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\mm20.ocx
2008-06-28 16:49:31 240 -r-h----- C:\WINDOWS\mc
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\imgurla.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\iempg2.dll
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\iempg.dll
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\a64sddd.exe
2008-06-28 16:49:31 236 -r-h----- C:\Program Files\support software
2008-06-28 16:49:31 236 -r-h----- C:\Program Files\network essentials
2008-06-28 16:49:31 236 -r-h----- C:\Program Files\medialoads
2008-06-28 16:49:31 236 -r-h----- C:\Program Files\medialoads enhanced
2008-06-28 16:49:31 242 -r-h----- C:\Program Files\media gateway
2008-06-28 16:49:31 232 -r-h----- C:\Program Files\md
2008-06-28 16:49:31 0 dr-hs---- C:\hellmsn.exe
2008-06-28 16:49:30 0 dr-hs---- C:\WINDOWS\xwrm.exe
2008-06-28 16:49:30 232 -r-h----- C:\WINDOWS\wqzq
2008-06-28 16:49:30 0 d-------- C:\WINDOWS\winserv.exe
2008-06-28 16:49:30 0 dr-hs---- C:\WINDOWS\winobject.dll
2008-06-28 16:49:30 0 dr-hs---- C:\WINDOWS\wdskctl.exe
2008-06-28 16:49:30 232 -r-h----- C:\WINDOWS\wcby
2008-06-28 16:49:30 0 dr-hs---- C:\WINDOWS\ts.exe
2008-06-28 16:49:30 0 dr-hs---- C:\WINDOWS\system32\zopenssl.dll
2008-06-28 16:49:30 0 dr-hs---- C:\WINDOWS\system32\yvsvga.sys
2008-06-28 16:49:30 0 dr-hs---- C:\WINDOWS\system32\yvsvga.dll
2008-06-28 16:49:30 0 dr-hs---- C:\WINDOWS\system32\yvprgb.dll
2008-06-28 16:49:30 0 dr-hs---- C:\WINDOWS\system32\yvpp02.sys
2008-06-28 16:49:30 0 dr-hs---- C:\WINDOWS\system32\xcdmfree.dll
2008-06-28 16:49:30 0 dr-hs---- C:\WINDOWS\system32\wndtx1.dll
2008-06-28 16:49:30 0 dr-hs---- C:\WINDOWS\system32\winstart001.exe
2008-06-28 16:49:30 0 dr-hs---- C:\WINDOWS\system32\winstart.exe
2008-06-28 16:49:30 0 dr-hs---- C:\WINDOWS\system32\winsrm32.dll
2008-06-28 16:49:30 0 dr-hs---- C:\WINDOWS\system32\winenc32.dll
2008-06-28 16:49:30 0 dr-hs---- C:\WINDOWS\system32\windowsie.dll
2008-06-28 16:49:30 0 dr-hs---- C:\WINDOWS\system32\windec32.dll
2008-06-28 16:49:30 0 d-------- C:\WINDOWS\system32\wgavm.exe
2008-06-28 16:49:30 0 d-------- C:\WINDOWS\system32\wgareg.exe
2008-06-28 16:49:30 0 dr-hs---- C:\WINDOWS\system32\waeb.dll
2008-06-28 16:49:30 0 dr-hs---- C:\WINDOWS\system32\version.exe
2008-06-28 16:49:30 0 dr-hs---- C:\WINDOWS\system32\updtscheduler.exe
2008-06-28 16:49:30 0 dr-hs---- C:\WINDOWS\system32\update_rsp.DLL
2008-06-28 16:49:30 0 dr-hs---- C:\WINDOWS\system32\update_removeold.dll
2008-06-28 16:49:30 0 dr-hs---- C:\WINDOWS\system32\update_hosts.dll
2008-06-28 16:49:30 0 dr-hs---- C:\WINDOWS\system32\update_com.dll
2008-06-28 16:49:30 0 dr-hs---- C:\WINDOWS\system32\update_bho.dll
2008-06-28 16:49:30 0 dr-hs---- C:\WINDOWS\system32\toolbar.dll
2008-06-28 16:49:30 0 dr-hs---- C:\WINDOWS\system32\tcpwrk.dll
2008-06-28 16:49:30 0 dr-hs---- C:\WINDOWS\system32\tcpgdc.dll
2008-06-28 16:49:30 0 dr-hs---- C:\WINDOWS\system32\tcpg4t.dll
2008-06-28 16:4
  • 0

#185
kelkay
Posted 03 July 2008 - 12:34 PM

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 X2 Dual Core Processor 4200+
Percentage of Memory in Use: 55%
Physical Memory (total/avail): 958.48 MiB / 430.18 MiB
Pagefile Memory (total/avail): 2311.87 MiB / 1956.66 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1904.62 MiB

C: is Fixed (NTFS) - 224.03 GiB total, 119.82 GiB free.
D: is Fixed (FAT32) - 8.84 GiB total, 0.6 GiB free.
E: is CDROM (CDFS)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)

\\.\PHYSICALDRIVE0 - WDC WD2500JS-60NCB1 - 232.88 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 224.03 GiB - C:
\PARTITION1 - Unknown - 8.85 GiB - D:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Kelly\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=YOUR-4DACD0EA75
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Kelly
LOGONSERVER=\\YOUR-4DACD0EA75
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;c:\Python22;C:\Program Files\Common Files\GTK\2.0\bin;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared;C:\Program Files\QuickTime\QTSystem;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625;C:\PROGRA~1\COMMON~1\MUVEET~1\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 75 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4b02
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Kelly\LOCALS~1\Temp
TMP=C:\DOCUME~1\Kelly\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=YOUR-4DACD0EA75
USERNAME=Kelly
USERPROFILE=C:\Documents and Settings\Kelly
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Kelly (admin)
Kayla
Kyle
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\BZEdit1.6.5TankGame\uninstall.exe"
--> "C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /nolog/l0x0009
--> "C:\Program Files\Creative Installation Information\CTCMSGO\Setup.exe" /remove /nolog/l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_NET_CONTENT_U\Setup.exe" /remove /nolog/l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_CDBURNER_U\Setup.exe" /remove /nolog/l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_MINIDISC_U\Setup.exe" /remove /nolog/l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_MTP_U\Setup.exe" /remove /nolog/l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_MUSICPLAYER_MSS_U\Setup.exe" /remove /nolog/l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_NOMADJUKEBOXTYPE2_U\Setup.exe" /remove /nolog/l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_ONLINESTORE_U\Setup.exe" /remove /nolog/l0x0009
--> "C:\Program Files\Creative Installation Information\MEDIASOURCE_PLAYER_SKINPACK_U\Setup.exe" /remove /nolog/l0x0009
--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {F80239D8-7811-4D5E-B033-0D0BBFE32920}
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNNMP.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8DF9BF77-7E10-4973-965E-3B7013ABEA6D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8DF9BF77-7E10-4973-965E-3B7013ABEA6D}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C029DB0E-C59F-417A-90F8-88FD5B2C4AE7}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.57 --> "C:\Program Files\7-Zip\Uninstall.exe"
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AOL Coach Version 2.0(Build:20041026.5 en) --> C:\Program Files\Common Files\AolCoach\en_en\AolCInUn.exe -lang=en_en -ext=UDP
AOL Toolbar --> "C:\Program Files\AOL Toolbar\UNWISE.EXE" /u "C:\Program Files\AOL Toolbar\INSTALL.LOG"
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ArcSoft PhotoImpression 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{069364A0-8F64-4691-8719-B3CC728BFD6C}\Setup.exe" -l0x9
ArcSoft PhotoPrinter 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{65D30520-CFB9-4E46-A101-68C0AADAE40C}\Setup.exe" -l0x9
Ashampoo Burning Studio 2007 --> "C:\Program Files\Ashampoo\Ashampoo Burning Studio 2007\Uninstall\1010_Uninstall.EXE"
Ashampoo Burning Studio 5 --> "C:\Program Files\Ashampoo\Ashampoo Burning Studio 5\Uninstall\BS5_Uninstall.EXE"
Ashampoo Burning Studio 6 --> "C:\Program Files\Ashampoo\Ashampoo Burning Studio 6\Uninstall\BS6_Uninstall.EXE"
Ashampoo Music Studio 3 --> "C:\Program Files\Ashampoo\Ashampoo Music Studio 3\Uninstall\0230_Uninstall.EXE"
Ashampoo PowerUP XP Platinum 2 --> C:\Program Files\Ashampoo\Ashampoo PowerUp XP Platinum 2\Uninstall\PowerUp_Uninstall.EXE
Ashampoo WinOptimizer Platinum 3 --> "C:\Program Files\Ashampoo\Ashampoo WinOptimizer Platinum 3\Uninstall\WOP3_Uninstall.exe"
Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"
AudibleManager --> C:\Program Files\Audible\Bin\Upgrade.exe /Uninstall
Career Direct --> C:\PROGRA~1\CAREER~1\UNWISE.EXE C:\PROGRA~1\CAREER~1\INSTALL.LOG
CCleaner (remove only) --> "C:\Program Files\CCleaner137\uninst.exe"
Click'N Design 3D (V5) --> C:\PROGRA~1\CLICK'~1\UNWISE.EXE C:\PROGRA~1\CLICK'~1\INSTALL.LOG
Creative MediaSource 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\SETUP.EXE" -l0x9 /remove
Creative Removable Disk Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9 /remove
Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Creative ZEN Vision M Series --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{31C44235-A613-4E95-B297-207BF6C6A8C1}\SETUP.EXE" -l0x9 /remove
Data Fax SoftModem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\HXFSETUP.EXE -U -ITrx200Ck.inf
DiskTools ImageMaker 1.1 Version 1.1 --> "C:\Program Files\DiskTools\ImageMaker\unins000.exe"
DropMyRights --> MsiExec.exe /I{E5B72007-07C9-4E67-B29E-696073F45704}
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
e-Sword --> MsiExec.exe /I{87791AF4-4D4C-43DC-97BF-05EEEE5187F2}
Enhanced Multimedia Keyboard Solution --> C:\HP\KBD\Install.exe /u
Error Messages for Windows --> C:\WINDOWS\SDUnInst.exe c:\program files\software by design\mswinerr.uni
ESET NOD32 Antivirus --> MsiExec.exe /I{86A6E235-C08F-4A14-B14C-793C7D8844A0}
Fish Tycoon --> "C:\Program Files\Oberon Media\Fish Tycoon\Uninstall.exe" "C:\Program Files\Oberon Media\Fish Tycoon\install.log"
Free CD to MP3 Converter --> C:\PROGRA~1\CDTOMP~1\UNWISE.EXE C:\PROGRA~1\CDTOMP~1\INSTALL.LOG
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Video Player --> "C:\Program Files\Google\Google Video Player\Uninstall.exe"
GTK+ 2.10.13 runtime environment --> "C:\Program Files\Common Files\GTK\2.0\setup\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Boot Optimizer --> MsiExec.exe /X{1341D838-719C-4A05-B50F-49420CA1B4BB}
HP Customer Participation Program 7.0 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP DigitalMedia Archive --> MsiExec.exe /X{F80239D8-7811-4D5E-B033-0D0BBFE32920}
HP DVD Play 2.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
HP Imaging Device Functions 7.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart and Deskjet 7.0 Software --> C:\Program Files\HP\Digital Imaging\{D2A3C9D5-0B56-4656-8277-7EDC65D62B6E}\setup\hpzscr01.exe -datfile hphscr12.dat -showdisconnect -forcereboot
HP Photosmart Essential --> MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F}
HP Photosmart for Media Center PC --> c:\Program Files\HP\Digital Imaging\bin\mcpc\setupmcl.exe /u
HP Photosmart Premier Software 6.5 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Solution Center 7.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update --> MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
HP Web Helper --> regsvr32 /u /s "C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll"
IObit SmartDefrag Beta1.1 --> "C:\Program Files\IObit\IObit SmartDefrag\unins000.exe"
iTunes --> MsiExec.exe /I{9F70BF98-003C-491D-81FC-FF9792206AF0}
iVocalize Web Conference 4 --> rundll32 C:\WINDOWS\system32\iv4.dll,uninstall
Java™ 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
JGsoft EditPad Lite 6.2.1 --> C:\WINDOWS\UnDeploy.exe "C:\Program Files\JGsoft\EditPadLite\Deploy.log"
Legacy 6.0 --> C:\Legacy\UNWISE.EXE /U C:\Legacy\Install.log
Logitech MouseWare 9.79 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\setup.exe" -l0x9 -l0009 UNINSTALL
Malware Immunizer 1.5 --> C:\PROGRA~1\MALWAR~1\MI.exe /remove /q0
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Media Center Karaoke Plug-in --> MsiExec.exe /I{348054A0-6F9A-4EF9-BBB0-827C14C20D86}
MediaCoder 0.5.1 --> C:\Program Files\MediaCoder\uninst.exe
MediaMonkey 2.5 --> "C:\Program Files\MediaMonkey\unins000.exe"
Microsoft Age of Empires II --> "C:\Program Files\Microsoft Games\Age of Empires II\UNINSTAL.EXE" /runtemp /uninstall
Microsoft Age of Empires II: The Conquerors Expansion --> "C:\Program Files\Microsoft Games\Age of Empires II\UNINSTALX.EXE" /runtemp /addremove
Microsoft Away Mode -->
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mozilla Firefox (2.0.0.15) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
muvee autoProducer 5.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB4740B3-2530-452D-A825-F7AB246CA7DF}\setup.exe" -l0x9
muvee autoProducer unPlugged 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5FDD0538-C67A-4F67-B3F8-09D1AAF04D99}\setup.exe" -l0x9
Napster --> C:\Program Files\InstallShield Installation Information\{BBBCAE4B-B416-4182-A6F2-438180894A81}\setup.exe -runfromtemp -l0x0009 -removeonly
Napster Burn Engine --> MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
Napster Label Creator --> MsiExec.exe /X{16FD907B-FA72-4F3C-B959-E076C8238F80}
Nero Suite --> C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
NVIDIA Drivers --> C:\WINDOWS\system32\nvunrm.exe UninstallGUI
OMN --> MsiExec.exe /X{65150683-D155-485A-A037-690087DE2271}
OpenOffice.org 2.3 --> MsiExec.exe /I{83C03FBE-4492-4133-BBAB-421CD88ADA32}
OpenTalk v3.20 --> "C:\Program Files\OpenTalk\unins000.exe"
PaltalkScene --> "C:\WINDOWS\Paltalk Messenger\uninstall.exe" "/U:C:\Program Files\Paltalk Messenger\irunin.xml"
PC-Doctor 5 for Windows --> C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
REA's TESTware for CLEP Western Civilization I --> MsiExec.exe /I{1FCD61C5-E3A9-4B11-8651-ED29B35C1B9E}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver --> RtlUpd.exe -r -m
Registry Mechanic 6.0 --> "C:\Program Files\Registry Mechanic\unins000.exe"
RootsMagic 3.2.5.0 --> "C:\Program Files\RootsMagic\unins000.exe"
Samsung Digital Camera --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B79684C-6DAC-438C-8F30-10DF65C2068F}\Setup.exe"
Samsung Master --> C:\Program Files\InstallShield Installation Information\{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}\Setup.exe -runfromtemp -l0x0009 -removeonly
Sansa Media Converter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2A0F8F4-CE50-4857-A21C-3061682B2E87}\Setup.exe" -l0x9
Sansa Updater --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E2D7E05E-C8C7-45F4-8D89-D6696075E0B7}\setup.exe" -l0x9 -removeonly
SeaMonkey (1.1.9) --> C:\WINDOWS\SeaMonkeyUninstall.exe /ua "1.1.9 (en)"
SelectSoft Championship Chess --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{871EFABF-ED09-42A0-8C4C-000000000027}\Setup.exe"
SpeedFan (remove only) --> "C:\Program Files\SpeedFan\uninstall.exe"
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
SpywareGuard v2.2 --> "C:\Program Files\SpywareGuard\unins000.exe"
SureThing CD Labeler --> C:\WINDOWS\MVUNINST\App1\unwise.exe C:\WINDOWS\MVUNINST\APP1\INSTALL.LOG "SureThing CD Labeler Uninstall"
The GIMP 2.2.17 --> "C:\Program Files\GIMP-2.0\unins000.exe"
The Sims Deluxe Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{10798AE3-DCBB-43C3-9C93-C23512427E25}\setup.exe" -l0009
TheSage --> "C:\Program Files\TheSage\uninstall.exe"
Unreal Streaming Media Player v 4.0 --> MsiExec.exe /I{ECB9FA96-3E03-411A-AFDB-1FC4686E5099}
Update Rollup 2 for Windows XP Media Center Edition 2005 -->
Updates from HP (remove only) --> C:\WINDOWS\HPCPCUninstall-9972322\HPBWSetup.exe -appid 9972322 -uninstall
WebFerret --> C:\WINDOWS\WebFerretUninstall.exe C:\Program Files\FerretSoft\WebFerret
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinUpdatesList --> C:\WINDOWS\zipinst.exe /uninst "C:\Program Files\WinUpdatesList\uninst1~.nsu"
WordWeb --> C:\Program Files\WordWeb\uninst.exe
XML Paper Specification Shared Components Pack 1.0 -->
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
ZENcast Organizer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C029DB0E-C59F-417A-90F8-88FD5B2C4AE7}\setup.exe" -l0x9 /remove
ZoneAlarm Pro --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
Zoo Tycoon 2 --> "C:\Program Files\Microsoft Games\Zoo Tycoon 2\UNINSTAL.EXE" /runtemp /uninstall
ZVUE Portable MP3 Player --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05698A5C-23A7-4EC2-945C-66F1F0DE4856}\setup.exe" -l0x9


-- Application Event Log -------------------------------------------------------

Event Record #/Type11299 / Error
Event Submitted/Written: 07/02/2008 10:27:33 PM
Event ID/Source: 0 /
Event Description:
7

Event Record #/Type11298 / Error
Event Submitted/Written: 07/02/2008 10:27:33 PM
Event ID/Source: 0 /
Event Description:
6

Event Record #/Type11297 / Error
Event Submitted/Written: 07/02/2008 10:27:33 PM
Event ID/Source: 0 /
Event Description:
1

Event Record #/Type11296 / Error
Event Submitted/Written: 07/02/2008 10:27:33 PM
Event ID/Source: 0 /
Event Description:
1

Event Record #/Type11295 / Error
Event Submitted/Written: 07/02/2008 10:27:33 PM
Event ID/Source: 0 /
Event Description:
1



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type16584 / Error
Event Submitted/Written: 07/03/2008 01:27:40 PM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk0\D, has a bad block.

Event Record #/Type16583 / Error
Event Submitted/Written: 07/03/2008 01:27:38 PM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk0\D, has a bad block.

Event Record #/Type16582 / Error
Event Submitted/Written: 07/03/2008 01:27:36 PM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk0\D, has a bad block.

Event Record #/Type16581 / Error
Event Submitted/Written: 07/03/2008 01:27:34 PM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk0\D, has a bad block.

Event Record #/Type16580 / Error
Event Submitted/Written: 07/03/2008 01:27:32 PM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk0\D, has a bad block.



-- End of Deckard's System Scanner: finished at 2008-07-03 13:31:17 ------------
  • 0

#186
koko_crunch
Posted 03 July 2008 - 09:20 PM

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Hey kelkay,

I think the problem lies on you HDD.
You still have a bad block on your drive.

Could you download HDTune then Install.

Run the program.
You should see a temperature reading there, post back with that.

Next,

Goto Error Scan then click on start.
Patiently wait for the scan to finish.
Once done, point mouse on the first icon next to the temperature reading.
It should say "Copy Information to clipboard".
Click on it then post info on next reply.
  • 0

#187
kelkay
Posted 03 July 2008 - 09:37 PM

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
If I am looking at the right thing it is 42 C
  • 0

#188
kelkay
Posted 03 July 2008 - 09:40 PM

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
What temperature are you wanting to see? I have Speed Fan, which has a few different temps it can check.
  • 0

#189
kelkay
Posted 03 July 2008 - 09:48 PM

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
CPU is 100deg F
Ambient 105
Remote 127
HD0 108
Core 122
These readings are from Speed Fan. The program you wanted me to try is running now still. It will take a while to get the end result on that one.
  • 0

#190
koko_crunch
Posted 03 July 2008 - 10:10 PM

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
The temp is fine.
Not exceeding 54 C according to what I gathered is ok.

Did you do the Error scan?
  • 0

Advertisements

#191
kelkay
Posted 03 July 2008 - 10:32 PM

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
The scan is still going, it is very slow. It is about 3/4 done.
  • 0

#192
kelkay
Posted 03 July 2008 - 10:35 PM

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
Since I started the scan it has been 46C
  • 0

#193
kelkay
Posted 03 July 2008 - 11:10 PM

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
HD Tune Error Scan

Scanned data 238379mb

Damaged Blocks .3%

Elapsed Time 82:02
  • 0

#194
koko_crunch
Posted 03 July 2008 - 11:46 PM

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Let's try repairing the your disk again,

Download OTCleanit then save it to your Desktop.
  • Double-click on OTCleanIt.exe to run
  • Click on the CleanUp! button
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You may be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

Next,

  • Go to My Computer, right-click on C:\ then select Properties.
  • Under Tools tab click on Check Now.
  • Chkdsk Utility will open, place a check on

    • Automatically fix file system errors
      Scan for and attempt recovery of bad sectors
      Click on Start
  • You will receive a prompt, select Yes .
  • Reboot computer and let Scandisk perform its task.

After scan,

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

click on Start, click on Run
copy and paste the following in bold in the open window and then click OK
"%userprofile%\desktop\dss.exe" /config
This will open up DSS configuration
click on Check All then Uncheck All
Place a check on "File Associations" and "Event Logs"
Click Scan
DSS will now run again when finished
Please post back both logs that open in notepad
  • 0

#195
kelkay
Posted 04 July 2008 - 10:16 AM

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
I double clicked OTCleanIt.exe It went immediately to a reboot. I clicked yes. I don't remember it doing that last time. I will go on to the next steps now. .3% bad block is acceptable, or no? This computer is only about a year and a half old if I remember right.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP