[jhim23]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:17:00 PM, on 6/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [BM530101e3] Rundll32.exe "C:\WINDOWS\system32\usivhbyt.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Program Files\Trend Micro\HijackThis\HijackThis.exe /startupscan
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: WinNt32 - C:\WINDOWS\SYSTEM32\WinNt32.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

--
End of file - 5161 bytes

[Advertisements]

Hello

• Download FixIEDef.exe by ShadowPuterDude to the Desktop.
  
• Double-click FixIEDef.exe.
  
  
• Click the Extract Button.
  
  
• There will be a new folder on your desktop. Locate the FixIEDef folder and double click.
  
  
• Locate FixIEDef.bat and double-click on it.
  
  
  WARNING: FixIEDef will kill all copies of Internet Explorer and Explorer that are running. The icons and Start Menu on your Desktop will not be visible while FixIEDef is running. This is necessary to remove parts of the infection that would otherwise not be removed. FixIEDef will re-start Explorer at the end of the removal process
  
  NOTE: You will need to temporarily disable any programs you have running that will block attempts to edit the registry. As FixIEDef calls REGEDIT to delete registry keys added by Zlob, Trojan.Downloader.Delf, AntiSpyPro, and IE Defender.
  
  FixIEDef will now run.
  
  
• You can safely close the Command Console after Explorer has restarted.
  
  Note: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. See: http://www.beyondlog...processutil.htm

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  Extended (if available otherwise Standard)
  
  • Scan Options:
  Scan Archives
  Scan Mail Bases
• Click OK
• Now under select a target to scan:Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post.

[Rorschach112]

Hello

• Download FixIEDef.exe by ShadowPuterDude to the Desktop.
  
• Double-click FixIEDef.exe.
  
  
• Click the Extract Button.
  
  
• There will be a new folder on your desktop. Locate the FixIEDef folder and double click.
  
  
• Locate FixIEDef.bat and double-click on it.
  
  
  WARNING: FixIEDef will kill all copies of Internet Explorer and Explorer that are running. The icons and Start Menu on your Desktop will not be visible while FixIEDef is running. This is necessary to remove parts of the infection that would otherwise not be removed. FixIEDef will re-start Explorer at the end of the removal process
  
  NOTE: You will need to temporarily disable any programs you have running that will block attempts to edit the registry. As FixIEDef calls REGEDIT to delete registry keys added by Zlob, Trojan.Downloader.Delf, AntiSpyPro, and IE Defender.
  
  FixIEDef will now run.
  
  
• You can safely close the Command Console after Explorer has restarted.
  
  Note: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. See: http://www.beyondlog...processutil.htm

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  Extended (if available otherwise Standard)
  
  • Scan Options:
  Scan Archives
  Scan Mail Bases
• Click OK
• Now under select a target to scan:Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post.

[jhim23]

Deckard's System Scanner v20071014.68
Run by personal on 2008-06-16 20:26:33
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...failed; access is denied.


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 1.52 GiB (less than 15%) free.


-- HijackThis (run as personal.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:27:55 PM, on 6/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Program Files\Common Files\AOL\1193488164\EE\aolsoftware.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\personal.JHIMBO\Desktop\dss.exe
C:\Program Files\Common Files\AOL\1193488164\EE\anotify.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\personal.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [BM530101e3] Rundll32.exe "C:\WINDOWS\system32\usivhbyt.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{2F2A10BC-7DBD-41F9-92D1-4B99840CB01C}: NameServer = 198.81.1.134
O17 - HKLM\System\CS1\Services\Tcpip\..\{2F2A10BC-7DBD-41F9-92D1-4B99840CB01C}: NameServer = 198.81.1.134
O20 - Winlogon Notify: WinNt32 - C:\WINDOWS\SYSTEM32\WinNt32.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

--
End of file - 5493 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080614-220220-176 O20 - Winlogon Notify: efcbATMg - efcbATMg.dll (file missing)
backup-20080614-220220-257 O17 - HKLM\System\CCS\Services\Tcpip\..\{2F2A10BC-7DBD-41F9-92D1-4B99840CB01C}: NameServer = 198.81.1.4
backup-20080614-220220-276 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
backup-20080614-220220-325 O2 - BHO: (no name) - {663656DF-6BAE-460C-A612-8133DF519346} - (no file)
backup-20080614-220220-366 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
backup-20080614-220220-532 O17 - HKLM\System\CS1\Services\Tcpip\..\{2F2A10BC-7DBD-41F9-92D1-4B99840CB01C}: NameServer = 198.81.1.4
backup-20080614-220220-571 O2 - BHO: (no name) - {3803156A-EF80-4E92-A339-C7362D52FA44} - (no file)
backup-20080614-220220-577 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
backup-20080614-220220-586 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
backup-20080614-220220-598 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
backup-20080614-220220-818 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
backup-20080614-220220-852 O20 - Winlogon Notify: WinNt32 - C:\WINDOWS\SYSTEM32\WinNt32.dll
backup-20080614-220220-901 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
backup-20080614-220220-909 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
backup-20080614-220220-993 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
backup-20080614-220504-686 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
backup-20080614-220504-764 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
backup-20080614-221502-467 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
backup-20080614-221502-677 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
backup-20080615-170238-581 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
backup-20080615-170238-801 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
backup-20080615-170238-884 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
backup-20080615-170251-636 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
backup-20080615-170251-822 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
backup-20080615-181350-267 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
backup-20080615-181350-818 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 Mru25 - c:\windows\system32\drivers\mru25.sys
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R2 CDRPDACC (Quinnware CDDA Driver (by InfinaDyne)) - c:\program files\quintessential player\cdrpdacc.sys <Not Verified; Arrowkey; CD Device Access>
R3 3xHybrid (3xHybrid service) - c:\windows\system32\drivers\3xhybrid.sys <Not Verified; Philips Semiconductors GmbH; Philips Semiconductors 3xHybrid>
R3 Ptserial (W2K Pctel Serial Device Driver) - c:\windows\system32\drivers\ptserial.sys <Not Verified; PCTEL, INC.; HSP Modem Serial Device>
R3 Vmodem (W2K Vmodem) - c:\windows\system32\drivers\vmodem.sys <Not Verified; PCTEL, INC.; HSP Modem Modem Device>
R3 Vpctcom (W2K Vpctcom) - c:\windows\system32\drivers\vpctcom.sys <Not Verified; PCtel, Inc.; HSP Modem Virtual Control Device>
R3 Vvoice (W2K Vvoice) - c:\windows\system32\drivers\vvoice.sys <Not Verified; PCtel, Inc.; PCTEL HSP Modem Voice Device>

S0 Rwa71 - c:\windows\system32\drivers\rwa71.sys (file missing)
S3 usbsermptxp (Motorola USB Modem Driver for MPT XP) - c:\windows\system32\drivers\usbsermptxp.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S3 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" <Not Verified; Nero AG; Nero Home>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-16 20:01:54 444 --a------ C:\WINDOWS\Tasks\RegCure Program Check.job
2008-06-05 03:19:15 378 --a------ C:\WINDOWS\Tasks\RegCure.job


-- Files created between 2008-05-16 and 2008-06-16 -----------------------------

2008-06-15 17:57:08 0 d-------- C:\VundoFix Backups
2008-06-15 17:01:32 0 dr-h----- C:\Documents and Settings\personal.JHIMBO\Recent
2008-06-14 21:40:48 0 d-------- C:\Program Files\Trend Micro
2008-06-14 14:20:03 0 d-------- C:\Program Files\Plugins
2008-06-14 14:07:10 0 d-------- C:\Lyrics
2008-06-14 14:06:27 0 d-------- C:\Documents and Settings\personal.JHIMBO\Application Data\MiniLyrics
2008-06-14 14:05:45 0 d-------- C:\Program Files\Minilyrics
2008-06-05 21:50:30 0 d-------- C:\Documents and Settings\personal.JHIMBO\.thumbnails
2008-06-05 21:46:36 0 d-------- C:\Documents and Settings\personal.JHIMBO\Application Data\Blender Foundation
2008-06-05 21:46:30 0 d-------- C:\Program Files\Blender Foundation
2008-06-05 21:44:03 0 d-------- C:\Documents and Settings\personal.JHIMBO\.gimp-2.4
2008-06-05 21:43:21 0 d-------- C:\Program Files\GIMP-2.0
2008-06-05 21:39:38 0 d-------- C:\Documents and Settings\personal.JHIMBO\Application Data\Inkscape
2008-06-05 21:36:19 0 d-------- C:\Program Files\Inkscape
2008-05-31 17:24:32 0 d--h----- C:\WINDOWS\$hf_mig$
2008-05-31 16:58:07 0 d-------- C:\WINDOWS\system32\appmgmt
2008-05-31 16:21:09 12800 --a------ C:\WINDOWS\system32\WinNt32.dll
2008-05-31 05:57:42 115712 --a------ C:\WINDOWS\system32\uxxvurtb.dll
2008-05-31 05:56:57 125440 --a------ C:\WINDOWS\system32\usivhbyt.dll
2008-05-30 05:55:08 116224 --a------ C:\WINDOWS\system32\vjjubdhi.dll
2008-05-30 05:54:54 126976 --a------ C:\WINDOWS\system32\nqbwxori.dll
2008-05-30 03:28:42 0 d-------- C:\Documents and Settings\personal.JHIMBO\Application Data\vlc
2008-05-30 03:26:25 0 d-------- C:\Program Files\VideoLAN
2008-05-29 23:08:09 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-05-29 23:08:09 765952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-05-29 23:08:09 0 d-------- C:\Program Files\Xvid
2008-05-29 05:29:15 257295 --ahs---- C:\WINDOWS\system32\FPYxwyay.ini2
2008-05-29 03:52:29 27776 --a------ C:\WINDOWS\system32\drivers\Mru25.sys
2008-05-28 19:06:11 0 d-------- C:\Documents and Settings\personal.JHIMBO\Application Data\BitTorrent
2008-05-28 19:05:59 0 d-------- C:\Program Files\BitTorrent


-- Find3M Report ---------------------------------------------------------------

2008-06-16 20:06:43 0 d-------- C:\Documents and Settings\personal.JHIMBO\Application Data\AVG7
2008-06-15 21:19:29 0 d-------- C:\Program Files\Incomplete
2008-06-15 21:19:29 0 d-------- C:\Documents and Settings\personal.JHIMBO\Application Data\LimeWire
2008-06-15 19:42:26 0 d-------- C:\Program Files\LimeWire
2008-06-14 14:06:24 0 d-------- C:\Program Files\Winamp
2008-06-06 15:27:44 24 --a------ C:\WINDOWS\popcinfo.dat
2008-06-05 03:18:55 0 d-------- C:\Program Files\RegCure
2008-06-01 07:40:28 0 d-------- C:\Program Files\America Online 9.0a
2008-05-31 15:21:47 0 d-------- C:\Documents and Settings\personal.JHIMBO\Application Data\DivX
2008-05-31 15:19:01 0 d-------- C:\Program Files\DivX
2008-05-31 14:15:04 0 d-------- C:\Program Files\ASAP Utilities
2008-05-19 21:58:39 0 d-------- C:\Program Files\Common Files\DVDVideoSoft
2008-05-19 21:58:32 0 d-------- C:\Program Files\DVDVideoSoft
2008-05-14 21:48:00 0 d-------- C:\Program Files\CD to MP3 Freeware
2008-05-13 09:53:16 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-13 09:50:16 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-13 09:50:16 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-13 09:50:08 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-13 09:50:08 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-13 09:50:08 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-05-13 09:50:08 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-13 09:50:06 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-13 09:49:02 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-11 20:17:32 1536 --a------ C:\WINDOWS\system32\TrueSoft.dat
2008-05-07 23:22:49 0 d-------- C:\Program Files\DVD Shrink
2008-05-07 22:41:10 0 d-------- C:\Program Files\JetAudio
2008-05-07 22:34:54 0 d-------- C:\Program Files\Plato Video To PSP Converter
2008-05-03 12:40:43 0 d-------- C:\Program Files\Common Files\AOL
2008-04-30 08:18:00 0 d-------- C:\Program Files\123 Free Solitaire
2008-04-18 08:52:07 0 d-------- C:\Program Files\Avanquest update
2008-04-18 08:52:05 0 d-------- C:\Documents and Settings\personal.JHIMBO\Application Data\InstallShield
2008-04-18 08:49:16 0 d-------- C:\Program Files\Motorola Phone Tools
2008-04-18 08:48:00 0 d--h----- C:\Program Files\InstallShield Installation Information


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BM530101e3"="C:\WINDOWS\system32\usivhbyt.dll" [05/31/2008 05:57 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 06:56 AM]
"AOL Fast Start"="C:\Program Files\America Online 9.0a\AOL.exe" [07/12/2005 06:17 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WinNt32]
WinNt32.dll 06/16/2008 08:00 PM 12800 C:\WINDOWS\system32\WinNt32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\yaywxYPF

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Mru25.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Rwa71.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Remote Control.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Remote Control.lnk
backup=C:\WINDOWS\pss\Remote Control.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^JIM^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\JIM\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^personal.JHIMBO^Start Menu^Programs^Startup^AOL Desktop.lnk]
path=C:\Documents and Settings\personal.JHIMBO\Start Menu\Programs\Startup\AOL Desktop.lnk
backup=C:\WINDOWS\pss\AOL Desktop.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^personal.JHIMBO^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\personal.JHIMBO\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\5032327f]
rundll32.exe "C:\WINDOWS\system32\uxxvurtb.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
"C:\Program Files\America Online 9.0a\AOL.EXE" -b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
"C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
"C:\Program Files\DNA\btdna.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM530101e3]
Rundll32.exe "C:\WINDOWS\system32\usivhbyt.dll",s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Center Agent]
C:\Program Files\KWorld Multimedia\HyperMediaCenter\DTVR\Scheduled.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cool title]
C:\DOCUME~1\PERSON~1.JHI\APPLIC~1\THISBI~1\EqBodyLive.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\flockbox]
C:\Program Files\My Lockbox\flockbox.exe /a

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1193488164\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
C:\Program Files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\memo site kind that]
C:\Documents and Settings\All Users.WINDOWS\Application Data\Grid Blue Memo Site\fast store.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTVOICE]
pctspk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PV92TRAY]
PV92Tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zango]
c:\program files\zango\zango.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b4f28ac-2013-11dd-951e-00038a000015}]
AutoRun\command- es.exe
explore\Command- es.exe
open\Command- es.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c599795-a8aa-11dc-9e49-00038a000015}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b4114e1-8549-11dc-9dcc-00038a000015}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe8e58be-d97b-11dc-93aa-00038a000015}]
AutoRun\command- H:\setupSNK.exe




-- Hosts -----------------------------------------------------------------------

127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD

8026 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-06-16 20:28:37 ------------

[jhim23]

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Sempron™ 2200+
Percentage of Memory in Use: 45%
Physical Memory (total/avail): 959.48 MiB / 526.95 MiB
Pagefile Memory (total/avail): 1163.19 MiB / 823.95 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1926.79 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 24.41 GiB total, 1.52 GiB free.
D: is Fixed (NTFS) - 232.88 GiB total, 188.23 GiB free.
E: is Fixed (NTFS) - 12.88 GiB total, 9.3 GiB free.
F: is CDROM (CDFS)
G: is CDROM (CDFS)

\\.\PHYSICALDRIVE1 - SAMSUNG SP0411N - 37.31 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 24.41 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 12.88 GiB - E:

\\.\PHYSICALDRIVE0 - ST3250820A - 232.88 GiB - 1 partition
\PARTITION0 - Logical Disk Manager - 232.88 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

AV: AVG 7.5.524 v7.5.524 (Grisoft) Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe:*:Disabled:backWeb-8876480"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Application Loader"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0a\\waol.exe"="C:\\Program Files\\America Online 9.0a\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\1193488164\\EE\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1193488164\\EE\\AOLServiceHost.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"="C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"="C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe:*:Enabled:AOL"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe:*:Enabled:AOL TopSpeed"
"C:\\Program Files\\Common Files\\AOL\\1193488164\\EE\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1193488164\\EE\\aolsoftware.exe:*:Enabled:AOL Shared Components"
"C:\\Program Files\\Common Files\\AOL\\1193488164\\EE\\AOLDesktop.exe"="C:\\Program Files\\Common Files\\AOL\\1193488164\\EE\\AOLDesktop.exe:*:Enabled:AOL Desktop"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS
APPDATA=C:\Documents and Settings\personal.JHIMBO\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JHIMBO
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\personal.JHIMBO
LOGONSERVER=\\JHIMBO
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\PERSON~1.JHI\LOCALS~1\Temp
TMP=C:\DOCUME~1\PERSON~1.JHI\LOCALS~1\Temp
USERDOMAIN=JHIMBO
USERNAME=personal
USERPROFILE=C:\Documents and Settings\personal.JHIMBO
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

JIM (admin)
personal.JHIMBO (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
123 Free Memory Card Games --> C:\PROGRA~1\123FRE~3\UNWISE.EXE C:\PROGRA~1\123FRE~3\INSTALL.LOG
123 Free Puzzle --> C:\PROGRA~1\123FRE~2\UNWISE.EXE C:\PROGRA~1\123FRE~2\INSTALL.LOG
123 Free Solitaire --> C:\PROGRA~1\123FRE~1\UNWISE.EXE C:\PROGRA~1\123FRE~1\INSTALL.LOG
3GP Player 2007 --> "C:\Program Files\3GP Player\unins000.exe"
3GP Video Converter 3 --> C:\Program Files\ImTOO\3GP Video Converter 3\Uninstall.exe
5 Line Slots from GameHouse --> C:\PROGRA~1\GAMEHO~1\Slots\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\Slots\INSTALL.LOG
A-one PSP Video Convertor 2.15 --> "C:\Program Files\A-one PSP Video Convertor\unins000.exe"
Absolute Video Converter 2.6.2 --> "C:\Program Files\Absolute Video Converter\unins000.exe"
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
America Online (Choose which version to remove) --> C:\Program Files\Common Files\aolshare\aolunins_us.exe
Amor SWF to Video Converter 2.0 --> "C:\Program Files\Amor SWF to Video Converter\unins000.exe"
AnalogX Vocal Remover (WinAmp) --> C:\Program Files\Winamp\Plugins\wavremu.exe
Any Video Converter 2.1.0 --> "C:\Program Files\Any Video Converter\unins000.exe"
AOL Coach Version 2.0(Build:20041026.5 en) --> C:\Program Files\Common Files\AolCoach\en_en\AolCInUn.exe -lang=en_en -ext=UDP
AOL Deskbar --> "C:\Program Files\AOL Deskbar\UNWISE.EXE" /u "C:\Program Files\AOL Deskbar\INSTALL.LOG"
AOL Registration --> "C:\Program Files\AOL\RC\uninstall.exe"
AOL Spyware Protection --> C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\UNWISE.EXE C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\INSTALL.LOG
AOL Toolbar 5.0 --> "C:\Program Files\AOL\AOL Toolbar 5.0\uninstall.exe"
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
AOL You've Got Pictures Screensaver --> C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe
Applian FLV Player --> "C:\WINDOWS\Applian FLV Player\uninstall.exe" "/U:C:\Program Files\FLV Player\Uninstall\uninstall.xml"
Arrows Puzzle 1.0 --> "C:\Program Files\Arrows Puzzle\unins000.exe"
Avanquest update --> C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe -runfromtemp -l0x0009 -removeonly
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
AVI MPEG WMV RM to MP3 Converter 1.4.8 --> "C:\Program Files\AVI MPEG WMV RM to MP3 Converter\unins000.exe"
BitTorrent --> "C:\Program Files\BitTorrent\BitTorrent.exe" /UNINSTALL
Blender (remove only) --> "C:\Program Files\Blender Foundation\Blender\uninstall.exe"
BookWorm Deluxe 1.02 --> C:\Program Files\PopCap Games\BookWorm Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\BookWorm Deluxe\Install.log"
BookWorm Deluxe 1.03 --> C:\Program Files\PopCap Games\BookWorm Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\BookWorm Deluxe\Install.log"
Candy Cruncher --> C:\PROGRA~1\GAMEHO~1\Candy\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\Candy\INSTALL.LOG
Canon PhotoRecord --> MsiExec.exe /X{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}
Canon PIXMA iP1000 --> C:\WINDOWS\system32\CNMCP6e.exe "-PRINTERNAMECanon PIXMA iP1000" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP1000 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP1000 Installer\Inst2\cnmi0409.dll"
Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe C:\Program Files\Canon\Easy-PhotoPrint\uninst.ini
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
COWON Media Center - jetAudio Basic --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}\setup.exe" -l0x9 -removeonly
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
E.M. Magic Swf2Avi 2008 build 5.0.8.315 --> "C:\Program Files\Magic Swf2Avi 2008\unins000.exe"
Easy-WebPrint --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
Flash Slideshow Maker Pro 4.62 --> C:\Program Files\Flash Slideshow Maker Professional\uninst.exe
Folder Latch version 4.0.0.0 --> "C:\Program Files\Folder Latch\unins000.exe"
Free Solitaire 3D 2.0 --> "C:\Program Files\Free Solitaire 3D\unins000.exe"
Free Video to Flash Converter version 3.2 --> "C:\Program Files\DVDVideoSoft\Free Video to Flash Converter\unins000.exe"
Free Video to Mp3 Converter version 2.9 --> "C:\Program Files\DVDVideoSoft\Free Video to Mp3 Converter\unins000.exe"
Free WMA to MP3 Converter 1.16 --> "C:\Program Files\Free WMA to MP3 Converter\unins000.exe"
Free YouTube Uploader version 2.1 --> "C:\Program Files\DVDVideoSoft\Free YouTube Uploader\unins000.exe"
Fun Morph 3.0 --> "C:\Program Files\Zeallsoft\Fun Morph\unins000.exe"
GIMP 2.4.5 --> "C:\Program Files\GIMP-2.0\setup\unins000.exe"
GOM Player --> "C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HangARoo v2.05 --> "C:\Program Files\NCBuy\HangARoo\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HSP56 Modem Drivers --> ptuninst.exe
HyperMediaCenter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6AE9A059-6372-435D-A5FE-0568A3B67F19}\Setup.exe" -l0x9
Inkscape 0.46 --> C:\Program Files\Inkscape\Uninstall.exe
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
KM400/KN400 Display Driver and Utilities --> C:\PROGRA~1\S3\S3\s3setvga.exe -s -fC:\PROGRA~1\S3\S3\S3.uns
KWorld TV Tuner Card Utilities --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{49F864F5-1A85-4E69-8764-C7E4EABD8BA0}\Setup.exe" -l0x9 -uninst
KWorld TV713X BDA Driver --> C:\WINDOWS\p3xunist.exe
Letter Linker --> C:\PROGRA~1\GAMEHO~1\LETTER~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\LETTER~1\INSTALL.LOG
LimeWire 4.16.6 --> "C:\Program Files\LimeWire\uninstall.exe"
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x9 UNINSTALL
Logitech QuickCam --> MsiExec.exe /I{26AA53D5-1307-48F9-A80F-A4D25F5849D4}
Microsoft Office 2003 Resource Kit --> MsiExec.exe /I{90240409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Access MUI Edition (English) 12 [pre-release] --> MsiExec.exe /X{10120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI Edition (English) 12 [pre-release] --> MsiExec.exe /X{10120000-0016-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI Edition (English) 12 [pre-release] --> MsiExec.exe /X{10120000-0044-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI Edition (English) 12 [pre-release] --> MsiExec.exe /X{10120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI Edition (English) 12 [pre-release] --> MsiExec.exe /X{10120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Edition 12 [pre-release] --> MsiExec.exe /X{10120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Enterprise Edition 12 [pre-release] --> "C:\Program Files\Common Files\Microsoft Shared\Office Setup Controller\setup.exe" /uninstall PRO
Microsoft Office Proof Edition (English) 12 [pre-release] --> MsiExec.exe /X{10120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI Edition (English) 12 [pre-release] --> MsiExec.exe /X{10120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI Edition (English) 12 [pre-release] --> MsiExec.exe /X{10120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Sounds --> MsiExec.exe /I{10CE1EA2-12E9-11D3-825E-00C04F6843FE}
Microsoft Office Word MUI Edition (English) 12 [pre-release] --> MsiExec.exe /X{10120000-001B-0409-0000-0000000FF1CE}
Minilyrics(remove only) --> "C:\Program Files\Minilyrics\uninst-ml.exe"
Motorola Driver Installation --> MsiExec.exe /I{3324A5DC-C7F6-430A-ACC8-F251CD8F4FC7}
Motorola Phone Tools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe" -l0x9 -removeonly
Mozilla Firefox (2.0.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
My Lockbox 1.2 for Windows 2000/XP --> "C:\Program Files\My Lockbox\unins000.exe"
Nero 7 Essentials --> MsiExec.exe /X{1C00A3F1-6DA0-49F8-94E4-01AB6FC01033}
Plato Video To PSP Converter Free 3.66 --> "C:\Program Files\Plato Video To PSP Converter\unins000.exe"
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PSP Video 9 2.25 --> C:\Program Files\Red Kawa\Video Converter\uninstaller.exe
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
Quintessential Player --> "C:\Program Files\Quintessential Player\uninst.exe"
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
RegCure 1.3.0.2 --> C:\Program Files\RegCure\uninst.exe
S3 S3Display --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Display'
S3 S3Gamma2 --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Gamma2'
S3 S3Info2 --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Info2'
S3 S3Overlay --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Overlay'
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Super Bounce Out! from GameHouse --> C:\PROGRA~1\GAMEHO~1\BOUNCE~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\BOUNCE~1\INSTALL.LOG
Super Collapse! from GameHouse --> C:\PROGRA~1\GAMEHO~1\Collapse\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\Collapse\INSTALL.LOG
Super GameHouse Solitaire --> C:\PROGRA~1\GAMEHO~1\SOLITA~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\SOLITA~1\INSTALL.LOG
Super Gem Drop --> C:\PROGRA~1\GAMEHO~1\GemDrop\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\GemDrop\INSTALL.LOG
Super Nisqually from GameHouse --> C:\PROGRA~1\GAMEHO~1\NISQUA~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\NISQUA~1\INSTALL.LOG
Super TextTwist --> C:\PROGRA~1\GAMEHO~1\TEXTTW~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\TEXTTW~1\INSTALL.LOG
Super WhatWord from GameHouse --> C:\PROGRA~1\GAMEHO~1\WhatWord\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\WhatWord\INSTALL.LOG
Uninstall 1.0.0.0 --> "C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
VIA Audio Driver Setup Program --> RunDll32.exe UnAudioNT.dll,UninstallAudio C:\WINDOWS\IsUninst.exe -y-f"C:\PROGRA~1\VIAudioi\SBASetup\Uninst.isu"
VideoLAN VLC media player 0.8.6f --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WebCam for MSN Messenger --> Rundll32.exe setupapi,InstallHinfSection DefaultUnInstall 128 C:\WINDOWS\INF\Athena.inf
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Xvid 1.1.3 final uninstall --> "C:\Program Files\Xvid\unins000.exe"
XviD Video Codec 1.1.2-01022007 --> C:\Program Files\XviD\uninst.exe
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Zuma Deluxe 1.0 --> C:\Program Files\PopCap Games\Zuma Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Zuma Deluxe\Install.log"


-- Application Event Log -------------------------------------------------------

Event Record #/Type4504 / Error
Event Submitted/Written: 06/16/2008 08:15:14 PM
Event ID/Source: 10005 / MsiInstaller
Event Description:
Product: Microsoft Office Professional Edition 2003 -- Error 25090. Office Setup encountered a problem with the Office Source Engine, system error: -2147023170. Please open C:\Program Files\Microsoft Office\OFFICE11\1033\SETUP.CHM and look for "Office Source Engine" for information on how to resolve this problem.

Event Record #/Type4503 / Error
Event Submitted/Written: 06/16/2008 08:15:14 PM
Event ID/Source: 11311 / MsiInstaller
Event Description:
Product: Microsoft Office Professional Edition 2003 -- Error 1311. Source file not found(cabinet): F:\Office11 - Disc 1 - Professional\SKU011.CAB. Verify that the file exists and that you can access it.

Event Record #/Type4501 / Error
Event Submitted/Written: 06/16/2008 08:14:19 PM
Event ID/Source: 11311 / MsiInstaller
Event Description:
Product: Microsoft Office Professional Edition 2003 -- Error 1311. Source file not found(cabinet): F:\Office11 - Disc 1 - Professional\SKU011.CAB. Verify that the file exists and that you can access it.

Event Record #/Type4499 / Error
Event Submitted/Written: 06/16/2008 08:13:20 PM
Event ID/Source: 11311 / MsiInstaller
Event Description:
Product: Microsoft Office Professional Edition 2003 -- Error 1311. Source file not found(cabinet): F:\Office11 - Disc 1 - Professional\SKU011.CAB. Verify that the file exists and that you can access it.

Event Record #/Type4497 / Error
Event Submitted/Written: 06/16/2008 08:12:50 PM
Event ID/Source: 11311 / MsiInstaller
Event Description:
Product: Microsoft Office Professional Edition 2003 -- Error 1311. Source file not found(cabinet): F:\Office11 - Disc 1 - Professional\SKU011.CAB. Verify that the file exists and that you can access it.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type28505 / Error
Event Submitted/Written: 06/16/2008 08:00:43 PM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 192.168.1.3 for the Network Card with network address 00138F254CBA has been
denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

Event Record #/Type28482 / Error
Event Submitted/Written: 06/16/2008 11:44:37 AM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 192.168.1.3 for the Network Card with network address 00138F254CBA has been
denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

Event Record #/Type28459 / Error
Event Submitted/Written: 06/16/2008 10:04:03 AM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 192.168.1.3 for the Network Card with network address 00138F254CBA has been
denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

Event Record #/Type28455 / Warning
Event Submitted/Written: 06/16/2008 04:02:45 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type28454 / Warning
Event Submitted/Written: 06/15/2008 10:35:17 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.



-- End of Deckard's System Scanner: finished at 2008-06-16 20:28:37 ------------

[Rorschach112]

Hello

* I notice that you have no firewall on your PC, this is extremely dangerous and leaves your PC open to vulnerabilities, so please download and install one of the following programs : ZoneAlarm, Comodo, or
Outpost
Make sure you only use one firewall though. A tutorial on understanding and using firewalls may be found here.



Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.



Also post the Kaspersky log

Edited by Rorschach112, 16 June 2008 - 06:44 AM.

[Rorschach112]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.