Hi and Thanks for the reply!
I got really concerned today when I noticed on the Recent Documents that the Windows Address Book had been accessed, so I called the phone company to ask if I should be concerned about spam being sent or something like that. They told me that for a very small fee they could clean both computers for me. I had them go ahead and do that.
They told me that they found a virus on the other computer and on this one just some cookies. I watched part of the cleaning process as they did it remotely and I noticed they cleaned off some stuff. The thing I don't understand is when I saw them going to the Add/Remove programs the notes next to the spyware that I had on there said that I hadn't accessed the program since the day I got my computers back. So there must have been something that attached itself to that as well as I had run numerous scans with AVG. They also added the PC Defender. I went ahead and did the dss scans and will post the logs here. I don't think there should be anything left.
However, at about 3:50 pm when they were almost finished cleaning and getting ready to put on the antivirus stuff, the connection was suddenly terminated. That was about the same time yesterday that I seemed to be connected to something else. At the end, we pretty much decided that something had taken over the wireless router connection - again, makes no sense to me as we live was out in the country. I did go in and change the router settings and this time the username and password stuck, but after I turned the wireless back on, and started to walk away with the computer, it said that it was connected (unsecure).
Of course, when I mentioned this to the last guy that I talked to and asked what it might be, he said he had no idea - he'd never seen that before. I've also been duly admonished as a 'normal computer user' that everything is fine, 'my computer is clean and there is no conspiracy' and that I should basically quit looking around in places where I don't belong and I should not mess with the router settings. I wanted 2b queen of my computer
So, for right now, the wireless is off. Maybe I should go to another forum to ask for help on how to make sure I set it up correctly...but that will have to wait until tomorrow.
Anyway, here are the logs - I'm not sure what you'll see now - everything should be fine.
I do appreciate your help and taking the time to have a look-see. I sure would like to be unwired again!
-------
Main.txt
-------
Deckard's System Scanner v20071014.68
Run by Administrator on 2008-06-20 22:56:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
50: 2008-06-21 02:57:02 UTC - RP50 - Deckard's System Scanner Restore Point
49: 2008-06-20 20:21:22 UTC - RP49 - psc 7.03 build 110 Installation
48: 2008-06-20 19:34:41 UTC - RP48 - Installed AVG Free 8.0
47: 2008-06-20 19:34:20 UTC - RP47 - Removed AVG Free 8.0
46: 2008-06-20 00:25:01 UTC - RP46 - Installed SUPERAntiSpyware Free Edition
-- First Restore Point --
1: 2008-06-03 16:25:03 UTC - RP1 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
Total Physical Memory: 511 MiB (512 MiB recommended).-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-20 22:58:12
Platform: Windows XP Service Pack 3 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\PC Defender\Anti-Virus\fsgk32st.exe
C:\Program Files\PC Defender\Common\FSMA32.EXE
C:\Program Files\PC Defender\Anti-Virus\fsgk32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\PC Defender\Common\FSMB32.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\rpcnet.exe
C:\WINDOWS\explorer.exe
C:\Program Files\PC Defender\Common\FCH32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Defender\Common\FAMEH32.EXE
C:\Program Files\PC Defender\Anti-Virus\fsqh.exe
C:\Program Files\PC Defender\FSAUA\program\fsaua.exe
C:\Program Files\PC Defender\FWES\program\fsdfwd.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\PC Defender\Anti-Virus\fssm32.exe
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe
C:\Program Files\PC Defender\Common\FSM32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\PC Defender\FSGUI\fsguidll.exe
C:\Program Files\PC Defender\FSAUA\program\fsus.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\PC Defender\Anti-Virus\fsav32.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.gateway.c...h...B&M=Gateway M685
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://tds.netR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.gateway.c...h...B&M=Gateway M685
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)
O4 - HKLM\..\Run: [Gateway Extended Warranty] "C:\Program Files\Gateway\GWCares\GWCares.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Lexmark 4200 Series] "C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\PC Defender\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\PC Defender\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
http://fpdownload.ma...director/sw.cabO16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
http://download.bitd...can8/oscan8.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.mi...b?1212510378069O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.mi...b?1212510495116O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () -
http://fpdownload.ma...t/ultrashim.cabO18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\PC Defender\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\PC Defender\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\PC Defender\FWES\program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\PC Defender\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
--
End of file - 9146 bytes
-- File Associations -----------------------------------------------------------
.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 FSFW (F-Secure Firewall Driver) - c:\windows\system32\drivers\fsdfw.sys <Not Verified; F-Secure Corporation; F-Secure Internet Shield>
R1 F-Secure HIPS - c:\program files\pc defender\hips\fshs.sys
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.5.3.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.5.3.0>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 RegSrvc (Intel® PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel® PROSet/Wireless Registry Service>
R2 rpcnet (Remote Procedure Call (RPC) Net) - c:\windows\system32\rpcnet.exe <Not Verified; Absolute Software Corp.; Installation/Management Application>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\81000EBBE0B806
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\81000EBBE0B806
Service: NIC1394
-- Scheduled Tasks -------------------------------------------------------------
2008-06-20 22:53:37 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-06-20 22:44:00 270 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
-- Files created between 2008-05-20 and 2008-06-20 -----------------------------
2008-06-20 16:22:26 51072 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys <Not Verified; F-Secure Corporation; F-Secure Internet Shield>
2008-06-20 16:22:25 30016 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys <Not Verified; F-Secure Corporation; F-Secure Internet Shield>
2008-06-20 16:22:02 0 d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2008-06-20 16:21:23 0 d-------- C:\Program Files\PC Defender
2008-06-20 16:21:06 0 d-------- C:\Documents and Settings\All Users\Application Data\fssg
2008-06-20 15:34:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-06-20 14:54:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-20 12:58:06 0 d-------- C:\WINDOWS\BDOSCAN8
2008-06-20 12:54:42 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-06-20 12:53:21 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-06-20 11:40:05 0 d-------- C:\Documents and Settings\LocalService\Application Data\SUPERAntiSpyware.com
2008-06-20 11:20:45 0 d-------- C:\WINDOWS\CSC
2008-06-20 10:52:20 50688 --ah----- C:\ATFcleaner.exe <Not Verified; Atribune.org; ATF Cleaner>
2008-06-20 10:52:05 0 d--h----- C:\Documents and Settings\LocalService\NetHood
2008-06-20 10:51:29 0 d-------- C:\Program Files\Yahoo!
2008-06-20 10:51:16 0 d-------- C:\Program Files\CCleaner
2008-06-20 10:51:16 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-06-20 10:51:16 0 d-------- C:\Documents and Settings\LocalService\Desktop
2008-06-20 10:47:42 0 d-------- C:\WINDOWS\LMI1.tmp
2008-06-19 21:44:42 0 d-------- C:\Program Files\Panda Security
2008-06-19 20:25:18 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-19 20:25:02 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-19 20:25:02 0 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-06-19 19:58:10 0 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-06-19 19:55:51 0 d-------- C:\Program Files\Common Files\Download Manager
2008-06-19 19:38:22 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-19 19:38:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-19 16:49:13 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-19 16:36:12 0 d-------- C:\OldSys
2008-06-19 16:36:00 0 d-------- C:\Program Files\Lavasoft
2008-06-16 14:11:45 0 d-------- C:\Program Files\Lavasoft(2)
2008-06-11 12:27:07 0 d-------- C:\Program Files\Windows Live(2)
2008-06-11 08:24:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2008-06-11 08:24:15 0 d-------- C:\Program Files\Windows Live Toolbar
2008-06-11 08:03:38 0 d-------- C:\Program Files\Windows Live Safety Center
2008-06-10 21:02:47 0 d-------- C:\Program Files\Common Files\Adobe(2)
2008-06-10 20:47:08 0 d-------- C:\Cabs
2008-06-10 11:13:29 0 d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-06-10 11:13:16 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-06-05 11:18:22 0 d-------- C:\Documents and Settings\Administrator\Contacts
2008-06-05 11:02:33 0 d------c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-05 11:02:07 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-05 10:03:42 0 d-------- C:\Documents and Settings\Administrator\Application Data\4200Series
2008-06-04 16:00:27 0 d-------- C:\Documents and Settings\All Users\Application Data\4200Series
2008-06-04 16:00:19 1572864 --a------ C:\Documents and Settings\Administrator\NTUSER.DAT
2008-06-04 15:59:25 0 d-------- C:\Program Files\ABBYY FineReader 5.0 Sprint
2008-06-04 15:58:03 0 d-------- C:\Program Files\Lexmark 4200 Series
2008-06-04 15:56:32 299520 --a------ C:\WINDOWS\uninst.exe <Not Verified; InstallShield Corporation, Inc.; InstallShield unInstaller>
2008-06-04 15:45:21 0 d-------- C:\Program Files\Microsoft IntelliPoint
2008-06-04 11:39:38 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-06-03 17:03:01 0 d-------- C:\Documents and Settings\Administrator\Application Data\CyberLink
2008-06-03 17:00:07 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-06-03 16:32:16 0 d-------- C:\Program Files\Windows Defender
2008-06-03 16:25:59 0 d-------- C:\Program Files\EZBackitup
2008-06-03 16:10:28 0 d-------- C:\WINDOWS\Prefetch
2008-06-03 16:03:30 0 d-------- C:\WINDOWS\system32\scripting
2008-06-03 16:03:29 0 d-------- C:\WINDOWS\l2schemas
2008-06-03 16:03:28 0 d-------- C:\WINDOWS\system32\en
2008-06-03 16:03:28 0 d-------- C:\WINDOWS\system32\bits
2008-06-03 16:00:12 0 d-------- C:\WINDOWS\ServicePackFiles
2008-06-03 14:48:55 0 d-------- C:\WINDOWS\pss
2008-06-03 14:48:01 0 d-------- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
2008-06-03 14:47:55 0 d-------- C:\Documents and Settings\Administrator\Application Data\McAfee.com Personal Firewall
2008-06-03 14:22:29 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-06-03 14:19:29 0 d-------- C:\WINDOWS\system32\Adobe
2008-06-03 14:15:31 47104 --a------ C:\WINDOWS\system32\rpcnet.dll <Not Verified; Absolute Software Corp.; Installation/Management Application>
2008-06-03 14:14:58 0 d-------- C:\Documents and Settings\Administrator\Application Data\Google
2008-06-03 14:14:56 47104 --a------ C:\WINDOWS\system32\rpcnet.exe <Not Verified; Absolute Software Corp.; Installation/Management Application>
2008-06-03 14:13:27 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-06-03 14:09:19 0 d-------- C:\Program Files\Microsoft Silverlight
2008-06-03 14:09:13 0 d-------- C:\temp
2008-06-03 13:57:37 0 d-------- C:\WINDOWS\network diagnostic
2008-06-03 13:56:10 20480 --a------ C:\WINDOWS\system32\Marker32.exe <Not Verified; Gateway; Marker32>
2008-06-03 13:54:48 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-06-03 13:54:18 0 d-------- C:\Documents and Settings\Owner\Application Data
2008-06-03 13:54:18 0 d-------- C:\Documents and Settings\Owner\Application Data\Intel
2008-06-03 13:54:18 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Intel
2008-06-03 13:54:18 0 d-------- C:\Documents and Settings\LocalService\Application Data\Intel
2008-06-03 13:54:18 0 d-------- C:\Documents and Settings\Default User\Application Data\Intel
2008-06-03 13:54:18 0 d-------- C:\Documents and Settings\Administrator\Application Data\Intel
2008-06-03 13:54:14 21419 --a------ C:\WINDOWS\system32\drivers\AegisP.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.5.3.0>
2008-06-03 13:53:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Intel
2008-06-03 13:52:45 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
2008-06-03 13:50:47 0 d-------- C:\Program Files\Microsoft Streets and Trips
2008-06-03 13:50:45 0 d-------- C:\Documents and Settings\Administrator\Application Data\Leadertech
2008-06-03 13:50:35 743936 --a------ C:\WINDOWS\system32\GTW1.exe <Not Verified; Leader Technologies; PowerReg>
2008-06-03 13:49:25 23552 --a------ C:\WINDOWS\system32\jesterss.dll
2008-06-03 13:49:25 1239209 --a------ C:\WINDOWS\system32\gtw_logo.scr
2008-06-03 13:49:25 0 d-------- C:\Program Files\gtw_logo
2008-06-03 13:49:25 0 d-------- C:\Documents and Settings\Owner\Favorites
2008-06-03 13:47:57 0 d-------- C:\Program Files\Motorola
2008-06-03 13:47:32 1003520 --a------ C:\WINDOWS\system32\stlang.dll <Not Verified; SigmaTel, Inc.; C-Major Audio>
2008-06-03 13:47:32 282624 --a------ C:\WINDOWS\stsystra.exe <Not Verified; SigmaTel, Inc.; C-Major Audio>
2008-06-03 13:47:08 0 d-------- C:\Program Files\SigmaTel
2008-06-03 13:47:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Pure Networks
2008-06-03 13:46:56 368912 --a------ C:\WINDOWS\system32\vbar332.dll <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2008-06-03 13:46:56 102400 --a------ C:\WINDOWS\system32\SimpleRegistry.dll <Not Verified; 4Developers LLC; SimpleRegistry Control>
2008-06-03 13:46:56 10752 --a------ C:\WINDOWS\system32\aamd532.dll <Not Verified; Almeida & Andrade Ltda; MD5 Maker DLL>
2008-06-03 13:46:53 0 d-------- C:\WINDOWS\occache
2008-06-03 13:46:53 0 d-------- C:\Program Files\Pure Networks
2008-06-03 13:46:53 0 d-------- C:\Program Files\Learn2.com
2008-06-03 13:46:53 0 d-------- C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
2008-06-03 13:46:52 0 d-------- C:\Program Files\Viewpoint
2008-06-03 13:46:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-06-03 13:46:50 86016 --a------ C:\WINDOWS\unvise32qt.exe <Not Verified; MindVision; Installer VISE 2.8.3>
2008-06-03 13:46:45 0 d-------- C:\WINDOWS\system32\QuickTime
2008-06-03 13:46:45 0 d-------- C:\Program Files\QuickTime
2008-06-03 13:46:45 0 d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
2008-06-03 13:46:41 0 d-------- C:\Program Files\Common Files\Nullsoft
2008-06-03 13:46:37 8552 --a------ C:\WINDOWS\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
2008-06-03 13:46:37 0 d-------- C:\My Music
2008-06-03 13:46:34 0 d-------- C:\Program Files\Real
2008-06-03 13:46:34 0 d-------- C:\Program Files\Common Files\Real
2008-06-03 13:46:20 1044480 --a------ C:\WINDOWS\system32\roboex32.dll <Not Verified; eHelp Corporation.; RoboHELP for WinHelp 9>
2008-06-03 13:46:20 54784 --a------ C:\WINDOWS\system32\Inetwh32.dll <Not Verified; Blue Sky Software Corporation.; Blue Sky Software - INETWH32>
2008-06-03 13:46:01 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL
2008-06-03 13:45:53 0 d-------- C:\Program Files\Common Files\AOL
2008-06-03 13:45:52 335 --a------ C:\WINDOWS\nsreg.dat
2008-06-03 13:45:45 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-06-03 13:45:45 0 d-------- C:\Program Files\Texas Instruments Inc
2008-06-03 13:45:34 0 d-------- C:\Program Files\MSN Encarta Plus
2008-06-03 13:45:23 0 d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2008-06-03 13:45:16 0 d-------- C:\WINDOWS\nview
2008-06-03 13:44:51 0 d-------- C:\Program Files\Microsoft Money 2005
2008-06-03 13:44:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-06-03 13:44:22 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-06-03 13:44:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Napster
2008-06-03 13:44:12 0 d-------- C:\Program Files\Napster
2008-06-03 13:43:49 0 d-------- C:\Program Files\Windows Media Connect 2
2008-06-03 13:43:01 0 d-------- C:\Program Files\Intel
2008-06-03 13:41:37 0 d-------- C:\WINDOWS\SHELLNEW
2008-06-03 13:41:35 189952 --a------ C:\WINDOWS\system32\WISPTIS.EXE <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-03 13:41:34 40960 --a------ C:\WINDOWS\system32\VBAME.DLL <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2008-06-03 13:41:34 15872 --a------ C:\WINDOWS\system32\SCP32.DLL <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2008-06-03 13:41:34 151552 --a------ C:\WINDOWS\system32\RDOCURS.DLL <Not Verified; Microsoft Corporation; Microsoft RDO Client Cursor Library>
2008-06-03 13:41:34 94208 --a------ C:\WINDOWS\system32\MSSTKPRP.DLL <Not Verified; Microsoft Corporation; msprop32>
2008-06-03 13:41:34 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
2008-06-03 13:41:34 397312 --a------ C:\WINDOWS\system32\MSRDO20.DLL <Not Verified; Microsoft Corporation; Microsoft Corporation Remote Data Object>
2008-06-03 13:41:34 204800 --a------ C:\WINDOWS\system32\INKED.DLL <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-03 13:41:34 0 d-------- C:\Program Files\Microsoft.NET
2008-06-03 13:41:30 0 d-------- C:\WINDOWS\system32\LogFiles
2008-06-03 13:41:30 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-06-03 13:41:05 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-06-03 13:40:22 0 dr-h----- C:\MSOCache
2008-06-03 13:40:18 46433 --a------ C:\WINDOWS\WBODA34I.DLL <Not Verified; Wilson WindowWare, Inc.; WIL OLE DLL>
2008-06-03 13:40:18 351526 --a------ C:\WINDOWS\WBDDA34I.DLL <Not Verified; Wilson WindowWare, Inc.; WIL DLL>
2008-06-03 13:40:15 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-06-03 13:40:12 0 d-------- C:\Program Files\Synaptics
2008-06-03 13:40:10 94208 --a------ C:\WINDOWS\system32\bae.dll <Not Verified; Gateway Inc.; Browser Address Error Redirector>
2008-06-03 13:40:03 0 d-------- C:\Program Files\BigFix
2008-06-03 13:40:01 67072 --a------ C:\WINDOWS\POWERCFG.EXE <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-03 13:39:30 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-03 13:39:30 0 d-------- C:\Program Files\CyberLink
2008-06-03 13:39:25 0 d-------- C:\Program Files\Common Files\InstallShield
2008-06-03 13:39:18 2 --a------ C:\AUDIT_INSTALL_IN_PROGRESS
2008-06-03 13:39:15 17408 --a------ C:\WINDOWS\system32\rpcnetp.dll
2008-06-03 13:38:28 0 d-------- C:\Documents and Settings\Default User\WINDOWS
2008-06-03 13:38:28 0 d-------- C:\Documents and Settings\Default User\Application Data\Identities
2008-06-03 13:38:24 262144 --a------ C:\Documents and Settings\All Users\NTUSER.DAT
2008-06-03 13:38:22 518520 --a------ C:\WINDOWS\vidres.exe <Not Verified; ; resolution>
2008-06-03 13:34:17 0 d-------- C:\WINDOWS\Downloaded Installations
2008-06-03 13:34:17 0 d-------- C:\Program Files\Gateway
2008-06-03 13:32:05 0 d-------- C:\Program Files\Google
2008-06-03 13:31:41 0 d-------- C:\Program Files\Microsoft Picture It! 10
2008-06-03 13:31:23 0 d-------- C:\Program Files\Java
2008-06-03 13:31:22 0 d-------- C:\Program Files\Common Files\Java
2008-06-03 13:30:39 0 d-------- C:\Program Files\MSBuild
2008-06-03 13:29:11 2 -r-hs---- C:\USER
2008-06-03 13:29:11 0 --a------ C:\REQUEST_OEMRESET_ENDUSER
2008-06-03 13:27:53 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-06-03 13:27:20 0 d--hs---- C:\System Volume Information
2008-06-03 13:27:12 0 d-------- C:\Program Files\Reference Assemblies
2008-06-03 13:26:59 17408 --a------ C:\WINDOWS\system32\rpcnetp.exe
2008-06-03 13:26:16 60 --a------ C:\WINDOWS\system32\SYSDRV.DAT
2008-06-03 13:26:15 0 d-------- C:\WINDOWS\creator
2008-06-03 13:26:06 0 d-------- C:\WINDOWS\SMINST
2008-06-03 13:25:44 0 d-------- C:\609272de880ff4d868
2008-06-03 13:25:43 0 dr------- C:\Program Files
2008-06-03 13:25:30 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-06-03 13:25:30 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-06-03 13:25:30 0 d--h----- C:\Documents and Settings\Default User\Local Settings
2008-06-03 13:25:30 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-06-03 13:25:30 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-06-03 13:25:29 0 dr------- C:\Documents and Settings\All Users\Documents
2008-06-03 13:25:29 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-06-03 13:25:29 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-06-03 13:25:29 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-06-03 13:25:29 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-06-03 13:25:29 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-06-03 13:25:29 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-06-03 13:25:29 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-06-03 13:24:58 0 dr------- C:\WINDOWS\Offline Web Pages
2008-06-03 13:22:31 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-06-03 13:18:37 0 d-------- C:\Program Files\MSXML 6.0
2008-06-03 12:50:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-06-03 12:49:54 0 d-------- C:\WINDOWS\system32\PreInstall
2008-06-03 12:47:47 0 d-------- C:\Program Files\CDBurnerXP Pro 3
2008-06-03 12:27:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-03 12:26:49 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-03 12:26:47 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-06-03 12:26:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-06-03 12:26:01 0 d--hs---- C:\Documents and Settings\Administrator\UserData
2008-06-03 12:24:59 262144 --a------ C:\Documents and Settings\Owner\NTUSER.DAT
2008-06-03 12:24:56 0 d-------- C:\Documents and Settings\Default User\Application Data\You've Got Pictures Screensaver
2008-06-03 12:24:56 0 d-------- C:\Documents and Settings\Default User\Application Data\SampleView
2008-06-03 12:24:56 0 d-------- C:\Documents and Settings\Default User\Application Data\Leadertech
2008-05-22 11:17:50 23040 --a------ C:\WINDOWS\system32\instg32.exe <Not Verified; Absolute Software Corp.; instm32>
2008-05-22 11:16:58 3584 --a------ C:\WINDOWS\system32\wceprv.dll
2008-05-22 11:16:57 32256 --a------ C:\WINDOWS\system32\identprv.dll <Not Verified; Absolute Software Corporation; Installation/Management Application>
-- Find3M Report ---------------------------------------------------------------
2008-06-20 16:25:39 0 d-------- C:\Program Files\Common Files
2008-06-03 16:03:59 0 d-------- C:\Program Files\Messenger
2008-06-03 16:03:28 0 d-------- C:\Program Files\Movie Maker
2008-06-03 15:59:54 0 d-------- C:\Program Files\Windows NT
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gateway Extended Warranty"="C:\Program Files\Gateway\GWCares\GWCares.exe" [02/08/2004 07:30 PM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [01/12/2005 06:01 AM]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [11/05/2004 12:47 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [11/05/2004 12:47 PM]
"Reminder"="%WINDIR%\Creator\Remind_XP.exe" []
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [08/02/2006 03:38 AM]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [08/02/2006 03:32 AM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 06:20 PM]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [03/23/2005 07:26 PM]
"Lexmark 4200 Series"="C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe" [01/16/2004 06:04 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [07/20/2006 09:58 PM]
"F-Secure Manager"="C:\Program Files\PC Defender\Common\FSM32.exe" [02/13/2008 06:38 AM]
"F-Secure TNB"="C:\Program Files\PC Defender\FSGUI\TNBUtil.exe" [02/13/2008 06:38 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 08:12 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [05/28/2008 10:33 AM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McafWelcome]
c:\PROGRA~1\mcafee.com\agent\mcwelcom.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McRegWiz]
c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet /nodetect
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
C:\Program Files\McAfee.com\VSO\oasclnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
NA
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
stsystra.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
"C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)
"CiSvc"=3 (0x3)
"avg8emc"=2 (0x2)
"AOL ACS"=2 (0x2)
"aawservice"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc
-- End of Deckard's System Scanner: finished at 2008-06-20 23:01:23 ------------
-----
extra.txt
-----
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English
CPU 0: Genuine Intel® CPU T2400 @ 1.83GHz
Percentage of Memory in Use: 60%
Physical Memory (total/avail): 510.04 MiB / 199.79 MiB
Pagefile Memory (total/avail): 2011.61 MiB / 1499.21 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1858.91 MiB
C: is Fixed (NTFS) - 68.66 GiB total, 49.64 GiB free.
D: is Fixed (FAT32) - 5.85 GiB total, 1.49 GiB free.
E: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - FUJITSU MHV2080BH - 74.53 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 68.66 GiB - C:
\PARTITION1 - Unknown - 5.86 GiB - D:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=YOUR-FD471686E2
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator
LOGONSERVER=\\YOUR-FD471686E2
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0e08
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
USERDOMAIN=YOUR-FD471686E2
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Administrator
(admin)-- Add/Remove Programs ---------------------------------------------------------
--> "C:\Program Files\PC Defender\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware Scanner"
--> "C:\Program Files\PC Defender\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware"
--> "C:\Program Files\PC Defender\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus Client Security Installer"
--> "C:\Program Files\PC Defender\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus"
--> "C:\Program Files\PC Defender\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Automatic Update Agent"
--> "C:\Program Files\PC Defender\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure DAAS"
--> "C:\Program Files\PC Defender\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Diagnostics"
--> "C:\Program Files\PC Defender\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure E-mail Scanning"
--> "C:\Program Files\PC Defender\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure FWES"
--> "C:\Program Files\PC Defender\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GateKeeper Interface"
--> "C:\Program Files\PC Defender\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Gemini"
--> "C:\Program Files\PC Defender\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GUI"
--> "C:\Program Files\PC Defender\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Help"
--> "C:\Program Files\PC Defender\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure HIPS"
--> "C:\Program Files\PC Defender\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Internet Shield"
--> "C:\Program Files\PC Defender\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Localization API"
--> "C:\Program Files\PC Defender\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent"
--> "C:\Program Files\PC Defender\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Pegasus Engine"
--> "C:\Program Files\PC Defender\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Protocol Scanner"
--> "C:\Program Files\PC Defender\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Control"
--> "C:\Program Files\PC Defender\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Scanner"
--> "C:\Program Files\PC Defender\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure TNB"
--> "C:\Program Files\PC Defender\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Uninstall"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 5.0 Sprint Plus --> MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
Ad-Aware 2007 --> MsiExec.exe /X{E31C348B-63A9-4CBF-8D7F-D932ABB63244}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
Adobe Shockwave Player 11 --> C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CDBurnerXP Pro 3 --> MsiExec.exe /I{896D642C-7125-44F0-AC49-A23ABF82209C}
DVD Solution --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
EZBack-it-up 2.0.1 --> "C:\Program Files\EZBackitup\unins000.exe"
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
gtw_logo --> C:\WINDOWS\system32\gtw_logo.scr /UNINSTALL "C:\WINDOWS\system32\gtw_logo.log"
GWCares --> MsiExec.exe /I{82EF8297-C8B2-4CA8-9430-FF2BC8C40414}
HijackThis 2.0.2 --> "C:\Documents and Settings\Administrator\Desktop\HiJackThis\HijackThis.exe" /uninstall
Intel® PRO Network Connections Drivers --> Prounstl.exe
Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
Java 2 Runtime Environment, SE v1.4.2 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
Java 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
Lexmark 4200 Series --> C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBMUN5C.EXE -dLexmark 4200 Series
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver --> MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
mDrWiFi --> MsiExec.exe /I{90CC4231-94AC-45CD-991A-0253BFAC0650}
mHelp --> MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Money 2005 --> C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Microsoft Picture It! Premium 10 --> "C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=PREM
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Streets and Trips 2005 --> MsiExec.exe /I{67E4EE98-59F4-4210-89A6-A20AF5BEC689}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Motorola SM56 Data Fax Modem --> rundll32.exe sm56coin.dll,SM56UnInstaller
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Napster --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBBCAE4B-B416-4182-A6F2-438180894A81}\setup.exe" -l0x9
Napster Burn Engine --> MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
PC Defender --> "C:\Program Files\PC Defender\FSGUI\PostInstall.exe" /tUnInstall
Power2Go 4.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Security Update for Step By Step Interactive Training (KB898458) -->
SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Fil