Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Win32.Trojan.Yspy

Started by kelkay , Jun 10 2008 07:09 AM

  • This topic is locked This topic is locked

#196
kelkay
Posted 04 July 2008 - 12:39 PM

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
Deckard's System Scanner v20071014.68
Run by Kelly on 2008-07-04 13:35:31
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 5 Restore Point(s) --
150: 2008-07-03 18:25:54 UTC - RP587 - Deckard's System Scanner Restore Point
149: 2008-07-01 20:47:29 UTC - RP586 - Ad-Aware Restore Point 2008-07-01 15:47:25
148: 2008-07-01 05:52:02 UTC - RP585 - Software Distribution Service 3.0
147: 2008-06-30 21:43:23 UTC - RP584 - System Checkpoint
146: 2008-06-29 15:55:36 UTC - RP583 - Removed Windows Installer Clean Up


-- First Restore Point --
1: 2008-02-01 18:47:27 UTC - RP438 - System Checkpoint


Performed disk cleanup.



-- HijackThis (run as Kelly.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:36:15, on 7/4/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Documents and Settings\Kelly\desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Kelly.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O3 - Toolbar: WebFerret - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - C:\Program Files\FerretSoft\WebFerret\FerretBand.dll
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\system32\wweb32.dll/lookup.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....030/CTSUEng.cab
O16 - DPF: {127CE7BA-AD89-4108-A913-C52EFC037C36} (OMN Player Support) - http://kdx.omn.org/s...ayerSupport.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {2776DDE9-D4B2-4BF7-9F98-ADC1A1B80AF5} (OMN Media Publisher) - http://kdx.omn.org/s...iaPublisher.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.shockwave...h2.1.0.0.67.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1165348971449
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
O16 - DPF: {A7ECD556-D6F6-4F41-8C6B-14AB246801A0} (Secure Delivery) - http://kdx.omn.org/s...ery/omn/kdx.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15030/CTPID.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9015 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080605-104113-318 O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
backup-20080605-104113-343 O23 - Service: AZZVJ - Unknown owner - C:\DOCUME~1\Kelly\LOCALS~1\Temp\AZZVJ.exe (file missing)
backup-20080605-104113-576 O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
backup-20080605-104113-858 O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - (no file)
backup-20080605-104113-971 O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
backup-20080701-095252-943 O23 - Service: OYKNVASYNG - Unknown owner - C:\DOCUME~1\Kelly\LOCALS~1\Temp\OYKNVASYNG.exe (file missing)

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 giveio - c:\windows\system32\giveio.sys
R0 speedfan - c:\windows\system32\speedfan.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>

S0 ftsata2 - c:\windows\system32\drivers\ftsata2.sys (file missing)
S3 MEMSWEEP2 - c:\windows\system32\8b.tmp (file missing)
S3 PCAMPR5 (PCAMPR5 NDIS Protocol Driver) - c:\windows\system32\pcampr5.sys (file missing)
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
S4 spcstb - c:\windows\system32\drivers\spcstb.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 SansaService (Sansa Updater Service) - c:\program files\sandisk\sansa updater\sansasvr.exe

S4 OYKNVASYNG - c:\docume~1\kelly\locals~1\temp\oyknvasyng.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Process Modules -------------------------------------------------------------

C:\WINDOWS\explorer.exe (pid 1688)
2005-07-12 00:17:43 77824 --a------ C:\Program Files\Common Files\aolshare\aolshcpy.dll <Not Verified; America Online Inc.; aolshcpy Module>
2002-07-04 09:38:00 53248 --a------ C:\Program Files\ArcSoft\PhotoImpression 5\Share\PIHook.dll
-- :: 0 --------- C:\DOCUME~1\Kelly\LOCALS~1\Temp\IadHide5.dll


-- Scheduled Tasks -------------------------------------------------------------

2008-07-04 13:30:20 478 --a------ C:\WINDOWS\Tasks\SmartDefrag.job
2008-06-27 15:40:03 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-06-04 and 2008-07-04 -----------------------------

2008-07-04 11:27:13 0 d--hs---- C:\found.000
2008-07-03 22:34:18 0 d-------- C:\Program Files\HD Tune
2008-07-01 01:15:01 0 d-------- C:\WINDOWS\Prefetch
2008-07-01 01:04:25 0 d-------- C:\WINDOWS\system32\scripting
2008-07-01 01:04:24 0 d-------- C:\WINDOWS\system32\en
2008-07-01 01:04:24 0 d-------- C:\WINDOWS\l2schemas
2008-07-01 01:04:23 0 d-------- C:\WINDOWS\system32\bits
2008-07-01 01:02:31 0 d-------- C:\WINDOWS\ServicePackFiles
2008-06-28 16:49:35 0 dr-hs---- C:\WINDOWS\winupie.exe
2008-06-28 16:49:35 0 dr-hs---- C:\WINDOWS\winmuschi.exe
2008-06-28 16:49:35 0 dr-hs---- C:\WINDOWS\updatewinlocator.exe
2008-06-28 16:49:35 0 dr-hs---- C:\WINDOWS\system32\zp.dll
2008-06-28 16:49:35 0 dr-hs---- C:\WINDOWS\system32\zeropopupbar.dll
2008-06-28 16:49:35 0 dr-hs---- C:\WINDOWS\system32\winwsl.exe
2008-06-28 16:49:35 0 dr-hs---- C:\WINDOWS\system32\wintft.dll
2008-06-28 16:49:35 0 dr-hs---- C:\WINDOWS\system32\wintbpx.exe
2008-06-28 16:49:35 0 dr-hs---- C:\WINDOWS\system32\wintbp.exe
2008-06-28 16:49:35 0 dr-hs---- C:\WINDOWS\system32\winshow.dll
2008-06-28 16:49:35 0 dr-hs---- C:\WINDOWS\system32\winsb.dll
2008-06-28 16:49:35 0 dr-hs---- C:\WINDOWS\system32\winrvl.exe
2008-06-28 16:49:35 0 dr-hs---- C:\WINDOWS\system32\winpup32.exe
2008-06-28 16:49:35 0 dr-hs---- C:\WINDOWS\system32\winpup.exe
2008-06-28 16:49:35 0 dr-hs---- C:\WINDOWS\system32\winlocatorhelper.dll
2008-06-28 16:49:35 0 dr-hs---- C:\WINDOWS\system32\winlocator.dll
2008-06-28 16:49:35 0 dr-hs---- C:\WINDOWS\system32\winksl.exe
2008-06-28 16:49:35 0 d-------- C:\WINDOWS\system32\update.exe
2008-06-28 16:49:35 0 dr-hs---- C:\WINDOWS\system32\systemout.exe
2008-06-28 16:49:35 0 dr-hs---- C:\WINDOWS\system32\sysdll32.dll
2008-06-28 16:49:35 0 dr-hs---- C:\WINDOWS\system32\servises.exe
2008-06-28 16:49:35 0 d-------- C:\WINDOWS\system32\rx.exe
2008-06-28 16:49:35 0 dr-hs---- C:\WINDOWS\system32\regperf.exe
2008-06-28 16:49:35 0 dr-hs---- C:\WINDOWS\system32\pup.exe
2008-06-28 16:49:35 0 dr-hs---- C:\WINDOWS\system32\pnp.exe
2008-06-28 16:49:35 0 dr-hs---- C:\WINDOWS\system32\per.exe
2008-06-28 16:49:35 0 dr-hs---- C:\WINDOWS\system32\nvctrl.exe
2008-06-28 16:49:35 0 dr-hs---- C:\WINDOWS\system32\norton update.exe
2008-06-28 16:49:35 0 dr-hs---- C:\WINDOWS\system32\mssearchnet.exe
2008-06-28 16:49:35 0 d-------- C:\WINDOWS\system32\msmsgs.exe
2008-06-28 16:49:35 0 dr-hs---- C:\WINDOWS\system32\mscornet.exe
2008-06-28 16:49:35 0 dr-hs---- C:\WINDOWS\system32\issearch.exe
2008-06-28 16:49:35 0 dr-hs---- C:\WINDOWS\system32\isnotify.exe
2008-06-28 16:49:35 0 dr-hs---- C:\WINDOWS\system32\ismon.exe
2008-06-28 16:49:35 0 dr-hs---- C:\WINDOWS\system32\ishost.exe
2008-06-28 16:49:35 0 dr-hs---- C:\WINDOWS\system32\dfrgsrv.exe
2008-06-28 16:49:35 0 dr-hs---- C:\WINDOWS\system32\df_kme.exe
2008-06-28 16:49:35 0 dr-hs---- C:\WINDOWS\system32\dcomcfg.exe
2008-06-28 16:49:35 0 dr-hs---- C:\WINDOWS\system32\csm.exe
2008-06-28 16:49:35 0 dr-hs---- C:\WINDOWS\system32\botzor.exe
2008-06-28 16:49:35 0 dr-hs---- C:\WINDOWS\system32\axconfig.dll
2008-06-28 16:49:35 0 dr-hs---- C:\WINDOWS\system32\4ccc3cea.exe
2008-06-28 16:49:35 0 dr-hs---- C:\WINDOWS\pnpasn32.exe
2008-06-28 16:49:35 0 dr-hs---- C:\WINDOWS\hpsv.exe
2008-06-28 16:49:35 0 dr-hs---- C:\WINDOWS\cdproxyserv.exe
2008-06-28 16:49:35 230 -r-h----- C:\Program Files\zsearch
2008-06-28 16:49:35 240 -r-h----- C:\Program Files\zeropopupbar
2008-06-28 16:49:35 226 -r-h----- C:\Program Files\zangoclient
2008-06-28 16:49:35 226 -r-h----- C:\Program Files\zango games
2008-06-28 16:49:35 228 -r-h----- C:\Program Files\xsoftware
2008-06-28 16:49:35 228 -r-h----- C:\Program Files\xpcspy
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\windowsupd4.exe
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\windowsupd2.exe
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\windowsupd1.exe
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\vx2.dll
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\t2serv.exe
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\t2serv.dll
2008-06-28 16:49:34 0 d-------- C:\WINDOWS\system32\zlbw.dll
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\wshtlprh.dll
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\wshnseri.exe
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\winntcreate.exe
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\winftsap.exe
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\winftsap.dll
2008-06-28 16:49:34 0 d-------- C:\WINDOWS\system32\wincom32.sys
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\w3sskbda.dll
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\vx2.dll
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\vwix32.exe
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\vsxmpgpc.dll
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\vnetsmme.dll
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\vb5dmspo.dll
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\v4pbpt51.dll
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\uninmyad.exe
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\trafracp.dll
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\tps108.dll
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\tisa.dll
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\tips.exe
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\tippcls.dat
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\tipp.dat
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\timesrv.exe
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\ticont.dll
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\ticads.exe
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\tconini.dat
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\sysmonnt.exe
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\spwgoc.exe
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\snmpmssw.exe
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\slbrmqtr.exe
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\slbipsch.exe
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\slbipsch.dll
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\shfoxpob.exe
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\secumsje.exe
2008-06-28 16:49:34 0 d-------- C:\WINDOWS\system32\se.exe
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\sd16win.dll
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\scp3jgaw.dll
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\rvreg.exe
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\rulesak.dll
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\rdpwmsjt.exe
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\rcbdwmpd.dll
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\qdvtscf.dll
2008-06-28 16:49:34 0 d-------- C:\WINDOWS\system32\ppl.exe
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\oebdfc.dll
2008-06-28 16:49:34 0 d-------- C:\WINDOWS\system32\nordsys.exe
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\myad.dll
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\msview.dll
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\msnavc32.exe
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\messenger.lib.exe
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\lut.dat
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\lspak.dll
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\localnrd.dll
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\lcch.dat
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\ladchkr.exe
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\host.dll
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\hook2.dll
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\hook1.dll
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\google.png.exe
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\gdu.dll
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\game3.exe
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\game2.exe
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\game1.exe
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\dad.bat
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\cidrules.dll
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\bridge.dll
2008-06-28 16:49:34 0 d-------- C:\WINDOWS\system32\alsys.exe
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\adchkr.exe
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\a.exe
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\system32\6fo4svc.dll
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\sserrvv.exe
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\serrv.exe
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\reggserv.exe
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\psapi.dll
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\msupdtwiz.exe
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\kernellos.dll
2008-06-28 16:49:34 222 -r-h----- C:\WINDOWS\isrvs
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\iehelper.dll
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\cserv32.exe
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\cleanhistories.dll
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\ccsserv.exe
2008-06-28 16:49:34 0 dr-hs---- C:\WINDOWS\ads.js
2008-06-28 16:49:34 234 -r-h----- C:\temp_kl
2008-06-28 16:49:34 232 -r-h----- C:\Program Files\winfixer 2005
2008-06-28 16:49:34 240 -r-h----- C:\Program Files\winfavorites
2008-06-28 16:49:34 246 -r-h----- C:\Program Files\windows adtools
2008-06-28 16:49:34 250 -r-h----- C:\Program Files\windows adcontrol
2008-06-28 16:49:34 230 -r-h----- C:\Program Files\win comm
2008-06-28 16:49:34 226 -r-h----- C:\Program Files\whenu
2008-06-28 16:49:34 236 -r-h----- C:\Program Files\web_rebates
2008-06-28 16:49:34 236 -r-h----- C:\Program Files\web_cpr
2008-06-28 16:49:34 224 -r-h----- C:\Program Files\vvsn
2008-06-28 16:49:34 226 -r-h----- C:\Program Files\vvsdl
2008-06-28 16:49:34 226 -r-h----- C:\Program Files\vomba
2008-06-28 16:49:34 238 -r-h----- C:\Program Files\vmntoolbar
2008-06-28 16:49:34 232 -r-h----- C:\Program Files\ts trial
2008-06-28 16:49:34 232 -r-h----- C:\Program Files\topmoxie
2008-06-28 16:49:34 244 -r-h----- C:\Program Files\sys detective+
2008-06-28 16:49:34 240 -r-h----- C:\Program Files\surfsidekick
2008-06-28 16:49:34 240 -r-h----- C:\Program Files\surfsidekick 2
2008-06-28 16:49:34 232 -r-h----- C:\Program Files\superbar
2008-06-28 16:49:34 232 -r-h----- C:\Program Files\netmeting
2008-06-28 16:49:34 222 -r-h----- C:\Program Files\hpdll
2008-06-28 16:49:34 232 -r-h----- C:\Program Files\Common Files\winsoftware
2008-06-28 16:49:34 226 -r-h----- C:\Program Files\Common Files\ucontrol
2008-06-28 16:49:34 222 -r-h----- C:\Program Files\autoupdate
2008-06-28 16:49:34 234 -r-h----- C:\archivos de programa
2008-06-28 16:49:33 236 -r-h----- C:\WINDOWS\winsecurity
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\waladhpr.exe
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\xkrdk.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\wzhelper.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\wiatwain.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\webalize.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\unsocul.exe
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\somatic.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\sodahk.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\socul.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\smdnn05.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\servehost.exe
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\seqsb.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\searchupdate33.exe
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\searchupdate31.exe
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\searchsquire33.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\searchsquire3.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\searchsquire2.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\searchsquire.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\seantb.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\s4helper.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\replmap.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\reg2.exe
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\pqhelper.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\mygeek.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\msstersv.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\msqsb.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\msnsxole.exe
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\msnsxole.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\mslspcg.exe
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\mslsicwd.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\msexcred.exe
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\msafiasn.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\mqoacdmo.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\mqadscp3.exe
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\mgmtmtxc.exe
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\mgeekremove.exe
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\mcd3mscm.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\lmrtatkc.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\kbdpkbdr.exe
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\kbdfwshe.exe
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\jgsdrpcn.exe
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\jgsdrpcn.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\jgdwadsn.exe
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\jgdwadsn.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\iuennwcf.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\ir32racp.exe
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\ipxwshel.exe
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\ipxrmfc4.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\imesrdch.exe
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\ifsomatic.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\ifhelper.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\iebrw.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\icmpdx3j.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\iaspdpus.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\i4n27vl.exe
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\hotlink.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\homepage.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\hmepge.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\higehsg.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\hhselz32.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\gsim.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\fltlauto.exe
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\fileserv.dll
2008-06-28 16:49:33 0 d-------- C:\WINDOWS\system32\e1.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\dsseds32.exe
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\dsseds32.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\dpugmswe.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\dnsrxpob.exe
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\deskmcd3.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\ddemdmco.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\davctool.exe
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\davctool.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\confbrw.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\comrkbdd.exe
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\comploader.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\chkmfdep.exe
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\camodpnm.exe
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\brwstat.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\brwprf32.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\brwperf.exe
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\brwmgr32.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\brwconf.exe
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\barbho.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\avifipxr.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\admeiolo.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\system32\actidmoc.exe
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\svrmgr.exe
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\ssmsgr.exe
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\ssls.exe
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\ssdgt.exe
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\sscrg.exe
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\gsim.dll
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\cssswd.exe
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\csssupd.exe
2008-06-28 16:49:33 236 -r-h----- C:\WINDOWS\connectionstatus
2008-06-28 16:49:33 0 dr-hs---- C:\WINDOWS\adrsb.exe
2008-06-28 16:49:33 234 -r-h----- C:\spedia
2008-06-28 16:49:33 232 -r-h----- C:\Program Files\valintines day card
2008-06-28 16:49:33 244 -r-h----- C:\Program Files\swagent
2008-06-28 16:49:33 244 -r-h----- C:\Program Files\stealthwatcher200
2008-06-28 16:49:33 230 -r-h----- C:\Program Files\spytech software
2008-06-28 16:49:33 234 -r-h----- C:\Program Files\spyonthis
2008-06-28 16:49:33 232 -r-h----- C:\Program Files\spyblast
2008-06-28 16:49:33 234 -r-h----- C:\Program Files\softomate
2008-06-28 16:49:33 248 -r-h----- C:\Program Files\selectrebates
2008-06-28 16:49:33 234 -r-h----- C:\Program Files\searchnet
2008-06-28 16:49:33 240 -r-h----- C:\Program Files\searchlocate
2008-06-28 16:49:33 236 -r-h----- C:\Program Files\screenview
2008-06-28 16:49:33 226 -r-h----- C:\Program Files\p4p
2008-06-28 16:49:33 234 -r-h----- C:\Program Files\ietoolbar
2008-06-28 16:49:33 242 -r-h----- C:\Program Files\dynamic toolbar
2008-06-28 16:49:33 226 -r-h----- C:\Program Files\Common Files\sogou pxp
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\wserver.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\winlogon.scr
2008-06-28 16:49:32 0 d-------- C:\WINDOWS\winlogon.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\visualguard.exe
2008-06-28 16:49:32 0 d-------- C:\WINDOWS\userconfig9x.dll
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\xpfirewall.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\wpwmgrs.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\winvnc.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\wintasker.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\winsyscfg.exe
2008-06-28 16:49:32 0 d-------- C:\WINDOWS\system32\winsys32.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\winsys.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\winsvc32.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\winstart.pif
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\winnt.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\wininfo.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\winhlpapi.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\wingmt32.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\winds.exe
2008-06-28 16:49:32 0 d-------- C:\WINDOWS\system32\windowz.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\windowsfirewall.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\windasz-updote.exe
2008-06-28 16:49:32 0 d-------- C:\WINDOWS\system32\win32.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\win24.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\wid32.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\wfdmgr.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\wfdgmr.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\wdns33.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\w32ntupdt.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\w1nt5k.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\vlcx052.dll
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\twunk_65.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\timemanager.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\taskgmr32.exe
2008-06-28 16:49:32 0 d-------- C:\WINDOWS\system32\taskgmr.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\taskgamr.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\tagmr.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\sysconf.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\sword.exe
2008-06-28 16:49:32 0 d-------- C:\WINDOWS\system32\svshost.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\stagmr.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\speeder.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\sp2winfix.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\sp2fx.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\slpube03.dll
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\shnlog.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\rlvknlg.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\rkinstaller.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\rk.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\optserve.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\optserve.dll
2008-06-28 16:49:32 0 d-------- C:\WINDOWS\system32\mstc.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\msplus4.dll
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\msplus3.dll
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\msplus2.dll
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\msplus1.dll
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\msplus.dll
2008-06-28 16:49:32 0 d-------- C:\WINDOWS\system32\msclt.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\mrkscr.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\lp.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\lp.dll
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\intmon.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\system32\auole4.dll
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\sysmonxp.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\symav.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\switpb.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\switpa.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\skynetave.exe
2008-06-28 16:49:32 0 d-------- C:\WINDOWS\services.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\rundil32.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\rundil.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\phantom.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\pandaavengine.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\netmedia.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\napatch.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\msnmsgrs.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\maja.exe
2008-06-28 16:49:32 0 d-------- C:\WINDOWS\lsasss.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\lansas.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\kasperskyaveng.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\jammer2nd.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\infodll.dll
2008-06-28 16:49:32 0 d-------- C:\WINDOWS\fvprotect.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\fooding.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\firewallsvr.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\easyav.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\diskmonitor.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\comp.cpl
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\cfg32s.dll
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\cfg32r.dll
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\cfg32o.dll
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\cfg32.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\avserve3.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\avserve2.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\avprotect9x.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\avprotect.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\avpguard.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\avguard.exe
2008-06-28 16:49:32 0 dr-hs---- C:\WINDOWS\avbgle.exe
2008-06-28 16:49:32 234 -r-h----- C:\Program Files\startup mechanic
2008-06-28 16:49:32 230 -r-h----- C:\Program Files\savenow
2008-06-28 16:49:32 234 -r-h----- C:\Program Files\rxtoolbar
2008-06-28 16:49:32 250 -r-h----- C:\Program Files\relevantknowledge
2008-06-28 16:49:32 234 -r-h----- C:\Program Files\rax search helper
2008-06-28 16:49:32 228 -r-h----- C:\Program Files\psupport
2008-06-28 16:49:32 234 -r-h----- C:\Program Files\need2find
2008-06-28 16:49:32 226 -r-h----- C:\Program Files\ncase
2008-06-28 16:49:32 232 -r-h----- C:\Program Files\navexcel
2008-06-28 16:49:32 232 -r-h----- C:\Program Files\navexcel search toolbar
2008-06-28 16:49:32 238 -r-h----- C:\Program Files\mywebsearch
2008-06-28 16:49:32 230 -r-h----- C:\Program Files\ezthemes_whenusavenow_installer
2008-06-28 16:49:32 228 -r-h----- C:\Program Files\exolon
2008-06-28 16:49:32 234 -r-h----- C:\Program Files\ddr
2008-06-28 16:49:32 236 -r-h----- C:\Program Files\Common Files\nsis
2008-06-28 16:49:32 234 -r-h----- C:\Program Files\arcade!
2008-06-28 16:49:31 0 dr-hs---- C:\winssystem.exe
2008-06-28 16:49:31 240 -r-h----- C:\WINDOWS\wintrim
2008-06-28 16:49:31 240 -r-h----- C:\WINDOWS\winmgts
2008-06-28 16:49:31 240 -r-h----- C:\WINDOWS\wincomp
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\unstall.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\winnb60.dll
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\winnb58.dll
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\winnb57.dll
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\winnb56.dll
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\winnb52.dll
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\winnb51.dll
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\winnb42.dll
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\winnb41.dll
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\winnb40.dll
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\windmy.dll
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\winats.dll
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\vtlbar1.dll
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\tubby.dll
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\tbc.dll
2008-06-28 16:49:31 0 d-------- C:\WINDOWS\system32\sys.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\skybot.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\shell.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\service5.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\sd.exe
2008-06-28 16:49:31 0 d-------- C:\WINDOWS\system32\scvhost32.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\scrigz.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\scalpe91.exe
2008-06-28 16:49:31 0 d-------- C:\WINDOWS\system32\rundll.exe
2008-06-28 16:49:31 0 d-------- C:\WINDOWS\system32\remote.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\protection.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\plugnplay32.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\picx.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\phantom.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\patch31345.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\osalogbe.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\nn_bar31.dll
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\nn_bar22.dll
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\nn_bar21.dll
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\nn_bar.dll
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\netcog.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\nas.dll
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\myaccess.dll
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\mtrnqs.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\mtc.dll
2008-06-28 16:49:31 0 d-------- C:\WINDOWS\system32\mswins.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\mssck.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\msplus32.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\msnl.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\msmgrxp.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\msklive.dll
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\msgmr.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\msegcompid.dll
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\msdev32.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\msapasrc.dll
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\msa64chk.dll
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\mouse.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\microupdate.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\microsystem.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\memloader.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\mcscn.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\mapisvc32.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\mailinfo.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\madise.dll
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\logitechwls.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\logic.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\lienvdk.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\lienvandekelder.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\lientjeuh.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\lien vd kelder.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\lien vande kelder.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\lien Van de kelderrr.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\lien van de kelder.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\lcd32.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\jusched32.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\itunegui.exe
2008-06-28 16:49:31 0 d-------- C:\WINDOWS\system32\internet.exe
2008-06-28 16:49:31 0 d-------- C:\WINDOWS\system32\iexplorer.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\hostdrvxp.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\hbmail.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\gothica.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\fixupdattr.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\evil.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\ds.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\dll.dll
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\dcomuser.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\coolbot.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\ccsrs.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\avpr.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\adv.dll
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\abs.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\666.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\1hellbot.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\system32\0.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\patch31345.exe
2008-06-28 16:49:31 240 -r-h----- C:\WINDOWS\navpmc
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\msnarrator.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\mrhop.dll
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\mpgcom.dll
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\mmups.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\mm63.ocx
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\mm21.ocx
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\mm20.ocx
2008-06-28 16:49:31 240 -r-h----- C:\WINDOWS\mc
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\imgurla.exe
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\iempg2.dll
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\iempg.dll
2008-06-28 16:49:31 0 dr-hs---- C:\WINDOWS\a64sddd.exe
2008-06-28 16:49:31 236 -r-h----- C:\Program Files\support software
2008-06-28 16:49:31 236 -r-h----- C:\Program Files\network essentials
2008-06-28 16:49:31 236 -r-h----- C:\Program Files\medialoads
2008-06-28 16:49:31 236 -r-h----- C:\Program Files\medialoads enhanced
2008-06-28 16:49:31 242 -r-h----- C:\Program Files\media gateway
2008-06-28 16:49:31 232 -r-h----- C:\Program Files\md
2008-06-28 16:49:31 0 dr-hs---- C:\hellmsn.exe
2008-06-28 16:49:30 0 dr-hs---- C:\WINDOWS\xwrm.exe
2008-06-28 16:49:30 232 -r-h----- C:\WINDOWS\wqzq
2008-06-28 16:49:30 0 d-------- C:\WINDOWS\winserv.exe
2008-06-28 16:49:30 0 dr-hs---- C:\WINDOWS\winobject.dll
2008-06-28 16:49:30 0 dr-hs---- C:\WINDOWS\wdskctl.exe
2008-06-28 16:49:30 232 -r-h----- C:\WINDOWS\wcby
2008-06-28 16:49:30 0 dr-hs---- C:\WINDOWS\ts.exe
2008-06-28 16:49:30 0 dr-hs---- C:\WINDOWS\system32\zopenssl.dll
2008-06-28 16:49:30 0 dr-hs---- C:\WINDOWS\system32\yvsvga.sys
2008-06-28 16:49:30 0 dr-hs---- C:\WINDOWS\system32\yvsvga.dll
2008-06-28 16:49:30 0 dr-hs---- C:\WINDOWS\system32\yvprgb.dll
2008-06-28 16:49:30 0 dr-hs---- C:\WINDOWS\system32\yvpp02.sys
2008-06-28 16:49:30 0 dr-hs---- C:\WINDOWS\system32\xcdmfree.dll
2008-06-28 16:49:30 0 dr-hs---- C:\WINDOWS\system32\wndtx1.dll
2008-06-28 16:49:30 0 dr-hs---- C:\WINDOWS\system32\winstart001.exe
2008-06-28 16:49:30 0 dr-hs---- C:\WINDOWS\system32\winstart.exe
2008-06-28 16:49:30 0 dr-hs---- C:\WINDOWS\system32\winsrm32.dll
2008-06-28 16:49:30 0 dr-hs---- C:\WINDOWS\system32\winenc32.dll
2008-06-28 16:49:30 0 dr-hs---- C:\WINDOWS\system32\windowsie.dll
2008-06-28 16:49:30 0 dr-hs---- C:\WINDOWS\system32\windec32.dll
2008-06-28 16:49:30 0 d-------- C:\WINDOWS\system32\wgavm.exe
2008-06-28 16:49:30 0 d-------- C:\WINDOWS\system32\wgareg.exe
2008-06-28 16:49:30 0 dr-hs---- C:\WINDOWS\system32\waeb.dll
2008-06-28 16:49:30 0 dr-hs---- C:\WINDOWS\system32\version.exe
2008-06-28 16:49:30 0 dr-hs---- C:\WINDOWS\system32\updtscheduler.exe
2008-06-28 16:49:30 0 dr-hs---- C:\WINDOWS\system32\update_rsp.DLL
2008-06-28 16:49:30 0 dr-hs---- C:\WINDOWS\system32\update_removeold.dll
2008-06-28 16:49:30 0 dr-hs---- C:\WINDOWS\system32\update_hosts.dll
2008-06-28 16:49:30 0 dr-hs---- C:\WINDOWS\system32\update_com.dll
2008-06-28 16:49:30 0 dr-hs---- C:\WINDOWS\system32\update_bho.dll
2008-06-28 16:49:30 0 dr-hs---- C:\WINDOWS\system32\toolbar.dll
2008-06-28 16:49:30 0 dr-hs---- C:\WINDOWS\system32\tcpwrk.dll
2008-06-28 16:49:30 0 dr-hs---- C:\WINDOWS\system32\tcpgdc.dll
2008-06-28 16:49:30 0 dr-hs---- C:\WINDOWS\system32\tcpg4t.dll
2008-06-28 16:49:30 0 dr-hs---- C:\WINDOWS\system32\sksdll.dll
2008-06-28 16:49:30 0 dr-hs---- C:\WINDOWS\system32\sks2drvr.sys
2008-06-28 16:49:30 0 dr-hs---- C:\WINDOWS\system32\se633mxx.dll
2008-06-28 16:49:30 0 dr-hs---- C:\WINDOWS\system32\se500mdm.dll
2008-06-28 16:49:30 0 dr-hs---- C
  • 0

Advertisements

#197
kelkay
Posted 04 July 2008 - 12:40 PM

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 X2 Dual Core Processor 4200+
Percentage of Memory in Use: 42%
Physical Memory (total/avail): 958.48 MiB / 552.65 MiB
Pagefile Memory (total/avail): 2311.87 MiB / 2009.04 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1909.22 MiB

C: is Fixed (NTFS) - 224.03 GiB total, 119.26 GiB free.
D: is Fixed (FAT32) - 8.84 GiB total, 0.6 GiB free.
E: is CDROM (CDFS)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)

\\.\PHYSICALDRIVE0 - WDC WD2500JS-60NCB1 - 232.88 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 224.03 GiB - C:
\PARTITION1 - Unknown - 8.85 GiB - D:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Kelly\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=YOUR-4DACD0EA75
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Kelly
LOGONSERVER=\\YOUR-4DACD0EA75
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;c:\Python22;C:\Program Files\Common Files\GTK\2.0\bin;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared;C:\Program Files\QuickTime\QTSystem;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625;C:\PROGRA~1\COMMON~1\MUVEET~1\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 75 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4b02
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Kelly\LOCALS~1\Temp
TMP=C:\DOCUME~1\Kelly\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=YOUR-4DACD0EA75
USERNAME=Kelly
USERPROFILE=C:\Documents and Settings\Kelly
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Kelly (admin)
Kayla
Kyle
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\BZEdit1.6.5TankGame\uninstall.exe"
--> "C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /nolog/l0x0009
--> "C:\Program Files\Creative Installation Information\CTCMSGO\Setup.exe" /remove /nolog/l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_NET_CONTENT_U\Setup.exe" /remove /nolog/l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_CDBURNER_U\Setup.exe" /remove /nolog/l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_MINIDISC_U\Setup.exe" /remove /nolog/l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_MTP_U\Setup.exe" /remove /nolog/l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_MUSICPLAYER_MSS_U\Setup.exe" /remove /nolog/l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_NOMADJUKEBOXTYPE2_U\Setup.exe" /remove /nolog/l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_ONLINESTORE_U\Setup.exe" /remove /nolog/l0x0009
--> "C:\Program Files\Creative Installation Information\MEDIASOURCE_PLAYER_SKINPACK_U\Setup.exe" /remove /nolog/l0x0009
--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {F80239D8-7811-4D5E-B033-0D0BBFE32920}
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNNMP.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8DF9BF77-7E10-4973-965E-3B7013ABEA6D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8DF9BF77-7E10-4973-965E-3B7013ABEA6D}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C029DB0E-C59F-417A-90F8-88FD5B2C4AE7}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.57 --> "C:\Program Files\7-Zip\Uninstall.exe"
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AOL Coach Version 2.0(Build:20041026.5 en) --> C:\Program Files\Common Files\AolCoach\en_en\AolCInUn.exe -lang=en_en -ext=UDP
AOL Toolbar --> "C:\Program Files\AOL Toolbar\UNWISE.EXE" /u "C:\Program Files\AOL Toolbar\INSTALL.LOG"
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ArcSoft PhotoImpression 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{069364A0-8F64-4691-8719-B3CC728BFD6C}\Setup.exe" -l0x9
ArcSoft PhotoPrinter 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{65D30520-CFB9-4E46-A101-68C0AADAE40C}\Setup.exe" -l0x9
Ashampoo Burning Studio 2007 --> "C:\Program Files\Ashampoo\Ashampoo Burning Studio 2007\Uninstall\1010_Uninstall.EXE"
Ashampoo Burning Studio 5 --> "C:\Program Files\Ashampoo\Ashampoo Burning Studio 5\Uninstall\BS5_Uninstall.EXE"
Ashampoo Burning Studio 6 --> "C:\Program Files\Ashampoo\Ashampoo Burning Studio 6\Uninstall\BS6_Uninstall.EXE"
Ashampoo Music Studio 3 --> "C:\Program Files\Ashampoo\Ashampoo Music Studio 3\Uninstall\0230_Uninstall.EXE"
Ashampoo PowerUP XP Platinum 2 --> C:\Program Files\Ashampoo\Ashampoo PowerUp XP Platinum 2\Uninstall\PowerUp_Uninstall.EXE
Ashampoo WinOptimizer Platinum 3 --> "C:\Program Files\Ashampoo\Ashampoo WinOptimizer Platinum 3\Uninstall\WOP3_Uninstall.exe"
Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"
AudibleManager --> C:\Program Files\Audible\Bin\Upgrade.exe /Uninstall
Career Direct --> C:\PROGRA~1\CAREER~1\UNWISE.EXE C:\PROGRA~1\CAREER~1\INSTALL.LOG
CCleaner (remove only) --> "C:\Program Files\CCleaner137\uninst.exe"
Click'N Design 3D (V5) --> C:\PROGRA~1\CLICK'~1\UNWISE.EXE C:\PROGRA~1\CLICK'~1\INSTALL.LOG
Creative MediaSource 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\SETUP.EXE" -l0x9 /remove
Creative Removable Disk Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9 /remove
Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Creative ZEN Vision M Series --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{31C44235-A613-4E95-B297-207BF6C6A8C1}\SETUP.EXE" -l0x9 /remove
Data Fax SoftModem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\HXFSETUP.EXE -U -ITrx200Ck.inf
DiskTools ImageMaker 1.1 Version 1.1 --> "C:\Program Files\DiskTools\ImageMaker\unins000.exe"
DropMyRights --> MsiExec.exe /I{E5B72007-07C9-4E67-B29E-696073F45704}
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
e-Sword --> MsiExec.exe /I{87791AF4-4D4C-43DC-97BF-05EEEE5187F2}
Enhanced Multimedia Keyboard Solution --> C:\HP\KBD\Install.exe /u
Error Messages for Windows --> C:\WINDOWS\SDUnInst.exe c:\program files\software by design\mswinerr.uni
ESET NOD32 Antivirus --> MsiExec.exe /I{86A6E235-C08F-4A14-B14C-793C7D8844A0}
Fish Tycoon --> "C:\Program Files\Oberon Media\Fish Tycoon\Uninstall.exe" "C:\Program Files\Oberon Media\Fish Tycoon\install.log"
Free CD to MP3 Converter --> C:\PROGRA~1\CDTOMP~1\UNWISE.EXE C:\PROGRA~1\CDTOMP~1\INSTALL.LOG
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Video Player --> "C:\Program Files\Google\Google Video Player\Uninstall.exe"
GTK+ 2.10.13 runtime environment --> "C:\Program Files\Common Files\GTK\2.0\setup\unins000.exe"
HD Tune 2.53 --> "C:\Program Files\HD Tune\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Boot Optimizer --> MsiExec.exe /X{1341D838-719C-4A05-B50F-49420CA1B4BB}
HP Customer Participation Program 7.0 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP DigitalMedia Archive --> MsiExec.exe /X{F80239D8-7811-4D5E-B033-0D0BBFE32920}
HP DVD Play 2.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
HP Imaging Device Functions 7.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart and Deskjet 7.0 Software --> C:\Program Files\HP\Digital Imaging\{D2A3C9D5-0B56-4656-8277-7EDC65D62B6E}\setup\hpzscr01.exe -datfile hphscr12.dat -showdisconnect -forcereboot
HP Photosmart Essential --> MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F}
HP Photosmart for Media Center PC --> c:\Program Files\HP\Digital Imaging\bin\mcpc\setupmcl.exe /u
HP Photosmart Premier Software 6.5 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Solution Center 7.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update --> MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
HP Web Helper --> regsvr32 /u /s "C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll"
IObit SmartDefrag Beta1.1 --> "C:\Program Files\IObit\IObit SmartDefrag\unins000.exe"
iTunes --> MsiExec.exe /I{9F70BF98-003C-491D-81FC-FF9792206AF0}
iVocalize Web Conference 4 --> rundll32 C:\WINDOWS\system32\iv4.dll,uninstall
Java™ 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
JGsoft EditPad Lite 6.2.1 --> C:\WINDOWS\UnDeploy.exe "C:\Program Files\JGsoft\EditPadLite\Deploy.log"
Legacy 6.0 --> C:\Legacy\UNWISE.EXE /U C:\Legacy\Install.log
Logitech MouseWare 9.79 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\setup.exe" -l0x9 -l0009 UNINSTALL
Malware Immunizer 1.5 --> C:\PROGRA~1\MALWAR~1\MI.exe /remove /q0
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Media Center Karaoke Plug-in --> MsiExec.exe /I{348054A0-6F9A-4EF9-BBB0-827C14C20D86}
MediaCoder 0.5.1 --> C:\Program Files\MediaCoder\uninst.exe
MediaMonkey 2.5 --> "C:\Program Files\MediaMonkey\unins000.exe"
Microsoft Age of Empires II --> "C:\Program Files\Microsoft Games\Age of Empires II\UNINSTAL.EXE" /runtemp /uninstall
Microsoft Age of Empires II: The Conquerors Expansion --> "C:\Program Files\Microsoft Games\Age of Empires II\UNINSTALX.EXE" /runtemp /addremove
Microsoft Away Mode -->
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mozilla Firefox (2.0.0.15) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
muvee autoProducer 5.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB4740B3-2530-452D-A825-F7AB246CA7DF}\setup.exe" -l0x9
muvee autoProducer unPlugged 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5FDD0538-C67A-4F67-B3F8-09D1AAF04D99}\setup.exe" -l0x9
Napster --> C:\Program Files\InstallShield Installation Information\{BBBCAE4B-B416-4182-A6F2-438180894A81}\setup.exe -runfromtemp -l0x0009 -removeonly
Napster Burn Engine --> MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
Napster Label Creator --> MsiExec.exe /X{16FD907B-FA72-4F3C-B959-E076C8238F80}
Nero Suite --> C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
NVIDIA Drivers --> C:\WINDOWS\system32\nvunrm.exe UninstallGUI
OMN --> MsiExec.exe /X{65150683-D155-485A-A037-690087DE2271}
OpenOffice.org 2.3 --> MsiExec.exe /I{83C03FBE-4492-4133-BBAB-421CD88ADA32}
OpenTalk v3.20 --> "C:\Program Files\OpenTalk\unins000.exe"
PaltalkScene --> "C:\WINDOWS\Paltalk Messenger\uninstall.exe" "/U:C:\Program Files\Paltalk Messenger\irunin.xml"
PC-Doctor 5 for Windows --> C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
REA's TESTware for CLEP Western Civilization I --> MsiExec.exe /I{1FCD61C5-E3A9-4B11-8651-ED29B35C1B9E}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver --> RtlUpd.exe -r -m
Registry Mechanic 6.0 --> "C:\Program Files\Registry Mechanic\unins000.exe"
RootsMagic 3.2.5.0 --> "C:\Program Files\RootsMagic\unins000.exe"
Samsung Digital Camera --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B79684C-6DAC-438C-8F30-10DF65C2068F}\Setup.exe"
Samsung Master --> C:\Program Files\InstallShield Installation Information\{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}\Setup.exe -runfromtemp -l0x0009 -removeonly
Sansa Media Converter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2A0F8F4-CE50-4857-A21C-3061682B2E87}\Setup.exe" -l0x9
Sansa Updater --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E2D7E05E-C8C7-45F4-8D89-D6696075E0B7}\setup.exe" -l0x9 -removeonly
SeaMonkey (1.1.9) --> C:\WINDOWS\SeaMonkeyUninstall.exe /ua "1.1.9 (en)"
SelectSoft Championship Chess --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{871EFABF-ED09-42A0-8C4C-000000000027}\Setup.exe"
SpeedFan (remove only) --> "C:\Program Files\SpeedFan\uninstall.exe"
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
SpywareGuard v2.2 --> "C:\Program Files\SpywareGuard\unins000.exe"
SureThing CD Labeler --> C:\WINDOWS\MVUNINST\App1\unwise.exe C:\WINDOWS\MVUNINST\APP1\INSTALL.LOG "SureThing CD Labeler Uninstall"
The GIMP 2.2.17 --> "C:\Program Files\GIMP-2.0\unins000.exe"
The Sims Deluxe Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{10798AE3-DCBB-43C3-9C93-C23512427E25}\setup.exe" -l0009
TheSage --> "C:\Program Files\TheSage\uninstall.exe"
Unreal Streaming Media Player v 4.0 --> MsiExec.exe /I{ECB9FA96-3E03-411A-AFDB-1FC4686E5099}
Update Rollup 2 for Windows XP Media Center Edition 2005 -->
Updates from HP (remove only) --> C:\WINDOWS\HPCPCUninstall-9972322\HPBWSetup.exe -appid 9972322 -uninstall
WebFerret --> C:\WINDOWS\WebFerretUninstall.exe C:\Program Files\FerretSoft\WebFerret
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinUpdatesList --> C:\WINDOWS\zipinst.exe /uninst "C:\Program Files\WinUpdatesList\uninst1~.nsu"
WordWeb --> C:\Program Files\WordWeb\uninst.exe
XML Paper Specification Shared Components Pack 1.0 -->
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
ZENcast Organizer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C029DB0E-C59F-417A-90F8-88FD5B2C4AE7}\setup.exe" -l0x9 /remove
ZoneAlarm Pro --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
Zoo Tycoon 2 --> "C:\Program Files\Microsoft Games\Zoo Tycoon 2\UNINSTAL.EXE" /runtemp /uninstall
ZVUE Portable MP3 Player --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05698A5C-23A7-4EC2-945C-66F1F0DE4856}\setup.exe" -l0x9


-- Application Event Log -------------------------------------------------------

Event Record #/Type11299 / Error
Event Submitted/Written: 07/02/2008 10:27:33 PM
Event ID/Source: 0 /
Event Description:
7

Event Record #/Type11298 / Error
Event Submitted/Written: 07/02/2008 10:27:33 PM
Event ID/Source: 0 /
Event Description:
6

Event Record #/Type11297 / Error
Event Submitted/Written: 07/02/2008 10:27:33 PM
Event ID/Source: 0 /
Event Description:
1

Event Record #/Type11296 / Error
Event Submitted/Written: 07/02/2008 10:27:33 PM
Event ID/Source: 0 /
Event Description:
1

Event Record #/Type11295 / Error
Event Submitted/Written: 07/02/2008 10:27:33 PM
Event ID/Source: 0 /
Event Description:
1



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type16948 / Error
Event Submitted/Written: 07/04/2008 01:29:50 PM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 192.168.1.64 for the Network Card with network address 0018F3A58C43 has been
denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

Event Record #/Type16934 / Error
Event Submitted/Written: 07/04/2008 01:27:52 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
ftsata2

Event Record #/Type16916 / Error
Event Submitted/Written: 07/04/2008 11:13:53 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
ftsata2

Event Record #/Type16915 / Error
Event Submitted/Written: 07/04/2008 11:13:53 AM
Event ID/Source: 7022 / Service Control Manager
Event Description:
The KService service hung on starting.

Event Record #/Type16913 / Error
Event Submitted/Written: 07/04/2008 11:09:17 AM / 07/04/2008 11:10:14 AM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk0\D, has a bad block.



-- End of Deckard's System Scanner: finished at 2008-07-04 13:38:44 ------------
  • 0

#198
kelkay
Posted 04 July 2008 - 12:50 PM

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
On a step you had me do last night or the night before it said to re-immunize Spyware Blaster, and MVPHosts file. I did the Spyware Blaster one, but cannot see where the MVPHosts file is in order to update it, or even look at it. I did a search on file, but it does not show up by typing MVPHosts. Also if you go to start, programs...it does not show MVPHosts file at all.

Edited by kelkay, 04 July 2008 - 01:10 PM.

  • 0

#199
kelkay
Posted 04 July 2008 - 01:05 PM

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
I downloaded HostsMan to help with the hosts file.
  • 0

#200
koko_crunch
Posted 04 July 2008 - 07:54 PM

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
3% isn't too much right? Actually, it depends on where the 3% bad block is located.
Hostsman is ok. I use it myself, makes it easier to upload the list. Did you disable DNS?

Question, are you running every tool I asked you to run via Dropmyrights?
  • 0

#201
kelkay
Posted 04 July 2008 - 07:58 PM

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
I did not disable DNS. I saw it on one of the programs you had me run, it said to do this when it finished. As far as DropMyRights...I do not know what you are asking. I don't remember you saying anything about DropMyRights. I ran all the programs I saw you request though.
  • 0

#202
kelkay
Posted 04 July 2008 - 08:06 PM

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
I should add that I have noticed this afternoon that since I did the error scan...the browsing has slowed back down to about what it was doing. It is not fast like it was. Do you want me to do another HD Tune test now?
  • 0

#203
koko_crunch
Posted 04 July 2008 - 11:03 PM

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
No need. I think I may have found the source.

Download haxfix.exe
and save it to your desktop.
  • Double click on haxfix.exe to install haxfix. (standard installation path is c:\program Files\haxfix)
  • Checkmark "Create a desktop icon"
  • Click "Next"
  • When the installation is completed, make sure that the checkmark "Launch HaxFix" is placed
  • Click "Finish"

A red "dos window" (dos box) will open with options:
1. Make logfile
2. Run auto fix
3. Run manual fix
E. Exit Haxfix

  • Select option 1. Make logfile by typing 1 and then pressing Enter
  • Haxfix will start scanning the computer. When it is finished a logfile will open: haxlog.txt > (c:\haxfix.txt)
  • Copy the contents of that logfile and paste it into this thread.

  • 0

#204
koko_crunch
Posted 04 July 2008 - 11:31 PM

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Hey kelly,

I have some more bad news.

Your system is badly infected and there are some more lying around.
I was looking at different issues on your system that I failed to notice this earlier.

One of the file identified is a Backdoor Trojan.
You may be a victim of identity theft.

  • Contact your bank and credit card company for contingency measures.
  • Do not use this system for secure transactions until we rid of the infection.
  • Using another (clean) computer, change the password of all accounts you may have accessed on this system.
    Examples of which are emails and forum accounts.

  • 0

#205
kelkay
Posted 05 July 2008 - 09:56 AM

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
Oh my this is horrible news. ESET ENOD32 and Superantispyware show no infection at all. I don't know if I can trust anything anymore. Thanks for the warning. Oh I am just sick.

As far as a clean machine, I don't know who may have one. Would a library have a clean machine do you think?

Edited by kelkay, 05 July 2008 - 09:59 AM.

  • 0

Advertisements

#206
kelkay
Posted 05 July 2008 - 10:03 AM

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
I was so shocked by what I read I forgot to tell you what happened when I turned on the computer this morning. I noticed the screen said Checking File System on C:
The type of file system is NTFS. Volume label is HP_Pavilion. One of your disks needs to be checked for consistency. You may cancel the disk check, but it is strongly recommended you continue. Windows will now check the disk.

I let the disk check run. It gave no results and went back to the regular screen when it finished scanning.
  • 0

#207
kelkay
Posted 05 July 2008 - 10:12 AM

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
I installed the haxfix and it went to the desktop. When you double click it ...it goes automatically to the red screen, without me doing anything else. There was no check mark to launch it, it went on it's own. When I pressed a key to continue it did allow me the option of make logfile...so I will continue with it. The run auto fix, and manual auto fix were not an option. (This must be an updated version?)

Edited by kelkay, 05 July 2008 - 10:24 AM.

  • 0

#208
kelkay
Posted 05 July 2008 - 10:23 AM

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
HAXFIX logfile - by Marckie

version 5.01.1
Sat 07/05/2008 11:13:40.45
running from C:\HaxFix

--- Checking for Haxdoor ---

checking for a3d files
a3d files not found

checking for matching notify keys
no matching notify keys found

checking for matching services
matching services found
ASPI32

checking for matching safeboot services
no matching safeboot services found


--- Checking for Goldun ---

checking for SSODL keys
no ssodl keys found

checking for notify keys
no notify keys found

checking for services
no services found

checking iexplore.exe
iexplore.exe is not infected


--- Checking for other Goldun and Haxdoor files ---
C:\WINDOWS\system32\bdod.bin
C:\WINDOWS\system32\C3.DLL
C:\WINDOWS\system32\C3.SYS
C:\WINDOWS\system32\C4.SYS
C:\WINDOWS\system32\fuxx32.dll
C:\WINDOWS\system32\klo5.sys
C:\WINDOWS\system32\qo.dll
C:\WINDOWS\system32\qo.sys
C:\WINDOWS\system32\qy.sys
C:\WINDOWS\system32\qz.dll
C:\WINDOWS\system32\qz.sys
C:\WINDOWS\system32\yvpp01.dll
C:\WINDOWS\system32\yvpp02.sys


--- Catchme logfile - thank you Gmer ---

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-05 11:14:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


--- Analysing Catchme logfile ---

no matching regkeys found


Finished!
  • 0

#209
kelkay
Posted 05 July 2008 - 12:21 PM

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
I am going to be gone all day now. I will see what you have to say next, this evening when I get home.
  • 0

#210
koko_crunch
Posted 05 July 2008 - 09:45 PM

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts

As far as a clean machine, I don't know who may have one. Would a library have a clean machine do you think?


I wouldn't trust a public computer.

(This must be an updated version?)


Yup, sorry about that. I pasted the old instruction.
Let's run the fix along with another tool.


Moving on...

Option 2 autofix
  • Open this folder program files > haxfix and double click on fix.bat (or double click on fix.bat desktop icon)
  • Close all other open windows since this step requires a reboot
  • Select option 2. Run auto fix by typing 2 and then pressing Enter
If an infection is found, you'll get a message to close all other open windows.

  • Close all open windows except the red dos window from haxfix and then press Enter
  • The computer will reboot
  • After reboot a logfile will open > (c:\haxfix.txt)
  • Post the contents of that logfile along with a new HijackThis log.

Then,

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download AproposFix from here:
http://swandog46.gee.../aproposfix.exe

Save it to your desktop but do NOT run it yet.

Then please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.


Once in Safe Mode, please double-click aproposfix.exe and unzip it to the desktop. Open the aproposfix folder on your desktop and run RunThis.bat. Follow the prompts.

When the tool is finished, please reboot back into normal mode, and post a new HijackThis log, along with the entire contents of the log.txt file in the aproposfix folder.

Logs required on next post.

- Haxfix log
- Apropos log
- New DSS main log
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP