Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Firefox is being redirected [RESOLVED]


  • This topic is locked This topic is locked

#1
Pharm74

Pharm74

    Member

  • Member
  • PipPip
  • 17 posts
After attempting to eradicate this problem for several months now I stumbled upon the geekstogo website and hopefully this can correct a problem which has been bugging me for some time now. My primary browser is Firefox and the problem is that my browser gets directed to various websites whenever I click on a link in Google, misc. websites, it doesn't seem to matter. It usually takes me to a auto insurance, loan refinancing, or a site called spyware-secure.com that wants to perform a scan on my system. Occasionally the browser is redirected when I'm not even sitting at the computer! The following is my Hijack this log that I ran this morning after performing all the tasks that were suggested. They didn't seem to make any difference. If someone can help me with this I would be most grateful.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:58:10 AM, on 6/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
Z:\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
Z:\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\VISION~1\ONETOU~2.EXE
Z:\Windows Defender\MSASCui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
Z:\AVGFRE~1\avgcc.exe
Z:\a-squared Free\a2service.exe
Z:\AVG Anti-Spyware 7.5\avgas.exe
Z:\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
Z:\AVGFRE~1\avgamsvr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
Z:\AVGFRE~1\avgupsvc.exe
Z:\Superantispyware\SUPERAntiSpyware.exe
Z:\AVGFRE~1\avgemc.exe
Z:\Diskeeper 8.0\DkService.exe
C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
Z:\NortonSW\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
Z:\NortonSW\SPEEDD~1\nopdb.exe
C:\WINDOWS\system32\svchost.exe
Z:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://Z:\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_BAND_SEARCHBAR_HTML
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - Z:\COPERN~1\COPERN~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - Z:\SPYBOT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - Z:\Copernic Agent\CopernicAgentExt.dll
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE
O4 - HKLM\..\Run: [amd_dc_opt] "Z:\Dual Core Optimizer\amd_dc_opt.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Windows Defender] "Z:\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [FlashIcon] C:\Program Files\Generic\USB Card Reader Driver v2.3\FlashIcon.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG7_CC] Z:\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "Z:\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [igndlm.exe] Z:\Download Manager\dlm.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [SUPERAntiSpyware] Z:\Superantispyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] Z:\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] Z:\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] Z:\Picasa\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] Z:\Picasa\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://Z:\OFFICE~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Search Using Copernic Agent - res://Z:\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - Z:\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - Z:\COPERN~1\COPERN~1.EXE
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - Z:\COPERN~1\COPERN~1.EXE
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Z:\SPYBOT~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Z:\SPYBOT~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com...p/PCPitStop.CAB
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - http://www.windowsvi...iveXClient1.cab
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft...tail/DASAct.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.c...driveragent.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcp.../pcpitstop2.dll
O20 - Winlogon Notify: !SASWinLogon - Z:\Superantispyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - Z:\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - Z:\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - Z:\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - Z:\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - Z:\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - Z:\AVGFRE~1\avgemc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - Z:\Diskeeper 8.0\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - Z:\NortonSW\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Speed Disk service - Symantec Corporation - Z:\NortonSW\SPEEDD~1\nopdb.exe

--
End of file - 10707 bytes
  • 0

Advertisements


#2
Gravity Gripp

Gravity Gripp

    Trusted Helper

  • Malware Removal
  • 1,813 posts
Hello Pharm74, Welcome to Geeks-To-Go.

My name is Gravity Gripp and I'll be working with you on these issues. For now, I will be reviewing your log and but will be responding back soon. Also, please note that I am still in training so there may be a slight delay in my responses because I will be working with an expert on this.

I look forward to working with you :)
  • 0

#3
Pharm74

Pharm74

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Sounds good. I look forward to any help you can provide.



Hello Pharm74, Welcome to Geeks-To-Go.

My name is Gravity Gripp and I'll be working with you on these issues. For now, I will be reviewing your log and but will be responding back soon. Also, please note that I am still in training so there may be a slight delay in my responses because I will be working with an expert on this.

I look forward to working with you :)


  • 0

#4
Gravity Gripp

Gravity Gripp

    Trusted Helper

  • Malware Removal
  • 1,813 posts
Pharm74,
First off, the log looks clean. However, I'd like to run a little more in-depth scan just in case there is something hiding. Also, I'd like to get an uninstall log from you.


STEP ONE

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.


STEP TWO
Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

In your next post, please include the following logs.

  • Deckards System Scanner Log
  • HijackThis Uninstall List

  • 0

#5
Pharm74

Pharm74

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Gravity Gripp,

The following is the scan from DSS and the uninstall list:
Deckard's System Scanner v20071014.68
Run by Phil on 2008-06-23 12:12:01
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 2 Restore Point(s) --
2: 2008-06-23 16:12:05 UTC - RP871 - Deckard's System Scanner Restore Point
1: 2008-06-22 19:46:18 UTC - RP870 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Phil.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:13:18 PM, on 6/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
Z:\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
Z:\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\VISION~1\ONETOU~2.EXE
C:\WINDOWS\system32\spoolsv.exe
Z:\Windows Defender\MSASCui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
Z:\AVGFRE~1\avgcc.exe
Z:\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
Z:\Superantispyware\SUPERAntiSpyware.exe
Z:\a-squared Free\a2service.exe
Z:\AVG Anti-Spyware 7.5\guard.exe
Z:\AVGFRE~1\avgamsvr.exe
Z:\AVGFRE~1\avgupsvc.exe
Z:\AVGFRE~1\avgemc.exe
Z:\Diskeeper 8.0\DkService.exe
C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
Z:\NortonSW\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
Z:\NortonSW\SPEEDD~1\nopdb.exe
C:\WINDOWS\system32\svchost.exe
V:\Downloads\dss.exe
Z:\HIJACK~1\Phil.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://Z:\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_BAND_SEARCHBAR_HTML
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - Z:\COPERN~1\COPERN~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - Z:\SPYBOT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - Z:\Copernic Agent\CopernicAgentExt.dll
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE
O4 - HKLM\..\Run: [amd_dc_opt] "Z:\Dual Core Optimizer\amd_dc_opt.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Windows Defender] "Z:\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [FlashIcon] C:\Program Files\Generic\USB Card Reader Driver v2.3\FlashIcon.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG7_CC] Z:\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "Z:\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [igndlm.exe] Z:\Download Manager\dlm.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [oqusyakyg] c:\documents and settings\phil\local settings\application data\oqusyakyg.exe oqusyakyg
O4 - HKCU\..\Run: [SUPERAntiSpyware] Z:\Superantispyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] Z:\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] Z:\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] Z:\Picasa\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] Z:\Picasa\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://Z:\OFFICE~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Search Using Copernic Agent - res://Z:\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - Z:\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - Z:\COPERN~1\COPERN~1.EXE
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - Z:\COPERN~1\COPERN~1.EXE
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Z:\SPYBOT~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Z:\SPYBOT~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com...p/PCPitStop.CAB
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - http://www.windowsvi...iveXClient1.cab
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft...tail/DASAct.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.c...driveragent.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcp.../pcpitstop2.dll
O20 - Winlogon Notify: !SASWinLogon - Z:\Superantispyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - Z:\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - Z:\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - Z:\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - Z:\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - Z:\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - Z:\AVGFRE~1\avgemc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - Z:\Diskeeper 8.0\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - Z:\NortonSW\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Speed Disk service - Symantec Corporation - Z:\NortonSW\SPEEDD~1\nopdb.exe

--
End of file - 10928 bytes

-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,-153
.ini - inifile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,-151
.js - JSFile - shell\open\command - NOTEPAD.EXE %1
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*
.txt - txtfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,-152
.vbs - VBSFile - shell\open\command - NOTEPAD.EXE %1


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys
R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys
R2 BUFADPT - c:\windows\system32\bufadpt.sys <Not Verified; BUFFALO INC.; BUFFALO Wireless LAN>
R2 lirsgt - c:\windows\system32\drivers\lirsgt.sys
R3 AmdTools (AMD Special Tools Driver) - c:\windows\system32\drivers\amdtools.sys <Not Verified; AMD, Inc.; Special Tools Driver>

S1 SASKUTIL - z:\saskutil.sys (file missing)
S3 EagleNT - c:\windows\system32\drivers\eaglent.sys <Not Verified; AhnLab, Inc.; AhnLab, Inc.>
S3 filter - c:\windows\system32\drivers\filter.sys <Not Verified; Walter Oney Software; >
S3 grmnusb - c:\windows\system32\drivers\grmnusb.sys <Not Verified; GARMIN Corp.; Garmin USB GPS>
S3 gtermddo - c:\docume~1\phil\locals~1\temp\gtermddo.sys (file missing)
S3 QDFSDRV - c:\windows\system32\drivers\qdfsdrv.sys <Not Verified; Symantec Corporation; Norton CleanSweep>
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Diskeeper - "z:\diskeeper 8.0\dkservice.exe" <Not Verified; Executive Software International, Inc.; Diskeeper ™ Disk Defragmenter>
R2 Speed Disk service - z:\nortonsw\speedd~1\nopdb.exe <Not Verified; Symantec Corporation; Norton Speed Disk>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: RAID Controller
Device ID: PCI\VEN_1095&DEV_3132&SUBSYS_81771043&REV_01\4&E2974D5&0&0010
Manufacturer:
Name: RAID Controller
PNP Device ID: PCI\VEN_1095&DEV_3132&SUBSYS_81771043&REV_01\4&E2974D5&0&0010
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-06-23 09:44:49 302 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-04-23 12:55:12 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-05-23 and 2008-06-23 -----------------------------

2008-06-21 12:34:50 0 d-------- C:\Program Files\QuickTime
2008-06-21 11:44:57 0 d-------- C:\Documents and Settings\Phil\Application Data\Auslogics
2008-06-20 12:53:28 0 d-------- C:\Program Files\Panda Security
2008-06-20 10:17:09 0 d-------- C:\Documents and Settings\Phil\Application Data\Malwarebytes
2008-06-20 10:17:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-08 19:45:15 111616 --a------ C:\WINDOWS\system32\LTIH30TB.DLL <Not Verified; Lernout & Hauspie; NLI for RTF and HTML>
2008-06-08 19:45:15 225280 --a------ C:\WINDOWS\system32\AWRTL30.DLL <Not Verified; WexTech Systems, Inc.; AnswerWorks>
2008-06-08 19:45:15 0 d-------- C:\Program Files\Common Files\WexTech Shared
2008-06-08 19:45:15 0 d-------- C:\Program Files\Common Files\LHSPF
2008-06-08 19:44:45 339968 --a------ C:\WINDOWS\system32\cdintf.dll <Not Verified; AMYUNI Consultants
http://www.amyuni.com; Amyuni Common Driver Interface>
2008-06-08 19:44:39 1694992 --a------ C:\WINDOWS\system32\vba6.dll <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2008-06-08 19:41:44 0 d-------- C:\WINDOWS\Intuit
2008-05-24 13:04:31 69632 --a------ C:\WINDOWS\system32\xmltok.dll
2008-05-24 13:04:31 36864 --a------ C:\WINDOWS\system32\xmlparse.dll
2008-05-24 13:04:31 24576 --a------ C:\WINDOWS\system32\msxml3a.dll <Not Verified; Microsoft Corporation; Microsoft XML Core Services>
2008-05-24 13:04:31 0 d-------- C:\Program Files\Ubisoft


-- Find3M Report ---------------------------------------------------------------

2008-06-23 10:37:00 0 d-------- C:\Documents and Settings\Phil\Application Data\Move Networks
2008-06-20 10:53:43 0 d-------- C:\Documents and Settings\Phil\Application Data\SUPERAntiSpyware.com
2008-06-20 10:51:52 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-20 08:24:47 55064 --a------ C:\Documents and Settings\Phil\Application Data\GDIPFONTCACHEV1.DAT
2008-06-18 12:22:04 0 d-------- C:\Documents and Settings\Phil\Application Data\Mozilla
2008-06-10 15:29:37 0 d-------- C:\Documents and Settings\Phil\Application Data\IGN_DLM
2008-06-09 18:42:59 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-08 19:45:15 0 d-------- C:\Program Files\Common Files
2008-06-08 19:45:08 0 d-------- C:\Program Files\Common Files\Intuit
2008-05-29 17:04:12 0 d-------- C:\Documents and Settings\Phil\Application Data\AVG7
2008-05-22 22:11:15 206 --a------ C:\WINDOWS\system32\effeacf3_z.dll
2008-05-14 19:52:48 0 d-------- C:\Documents and Settings\Phil\Application Data\FrostWire
2008-05-04 11:44:49 0 d-------- C:\Program Files\Shockwave.com
2008-05-02 22:46:00 1630208 --a------ C:\WINDOWS\system32\nwiz.exe
2008-05-02 22:46:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2008-05-02 22:46:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2008-05-02 22:46:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2008-05-02 22:46:00 1486848 --a------ C:\WINDOWS\system32\nview.dll
2008-05-02 22:46:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2008-05-02 22:46:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2008-05-02 22:46:00 425984 --a------ C:\WINDOWS\system32\keystone.exe
2008-04-27 22:39:12 0 d-------- C:\Program Files\Maxthon
2008-04-27 16:14:54 0 d-------- C:\Documents and Settings\Phil\Application Data\FloodLightGames
2008-04-25 09:02:32 0 d-------- C:\Documents and Settings\Phil\Application Data\MxBoost
2008-04-23 19:42:35 44968 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-04-23 12:55:10 0 d-------- C:\Program Files\Apple Software Update
2008-04-17 13:52:13 9780 --a------ C:\WINDOWS\mozver.dat
2008-04-17 12:14:47 884 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-04-06 07:45:54 0 --a------ C:\Program Files\temp01


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneTouch Monitor"="C:\PROGRA~1\VISION~1\ONETOU~2.EXE" [10/16/2001 08:08 AM]
"amd_dc_opt"="Z:\Dual Core Optimizer\amd_dc_opt.exe" [06/28/2006 03:42 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/02/2008 10:46 PM]
"nwiz"="nwiz.exe" [05/02/2008 10:46 PM C:\WINDOWS\system32\nwiz.exe]
"Windows Defender"="Z:\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"FlashIcon"="C:\Program Files\Generic\USB Card Reader Driver v2.3\FlashIcon.exe" [07/21/2004 07:48 AM]
"SoundMan"="SOUNDMAN.EXE" [04/16/2007 03:28 PM C:\WINDOWS\soundman.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"AVG7_CC"="Z:\AVGFRE~1\avgcc.exe" [04/15/2008 09:23 PM]
"!AVG Anti-Spyware"="Z:\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 05:25 AM]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [05/02/2008 10:46 PM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [05/27/2008 10:50 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [12/02/2006 10:55 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 AM]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" []
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" []
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [09/10/2006 10:56 PM]
"igndlm.exe"="Z:\Download Manager\dlm.exe" [03/05/2007 01:57 PM]
"oqusyakyg"="c:\documents and settings\phil\local settings\application data\oqusyakyg.exe" [06/19/2008 08:32 PM]
"SUPERAntiSpyware"="Z:\Superantispyware\SUPERAntiSpyware.exe" [05/28/2008 10:33 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Picasa Media Detector"=Z:\Picasa\Picasa2\PicasaMediaDetector.exe
"AVG7_Run"=Z:\AVGFRE~1\avgw.exe /RUNONCE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= Z:\Superantispyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
Z:\Superantispyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 Z:\Superantispyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=apitrap.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MightyFAX Controller.lnk]
backup=C:\WINDOWS\pss\MightyFAX Controller.lnkCommon Startup
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MightyFAX Controller.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Phil^Start Menu^Programs^Startup^Check for OneTouch Updates.lnk]
backup=C:\WINDOWS\pss\Check for OneTouch Updates.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hcsystray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
Z:\Download Manager\dlm.exe /windowsstart /startifwork

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
"C:\Program Files\Microsoft IntelliPoint\point32.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
Logi_MwX.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
Z:\Picasa\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerStrip]
z:\powerstrip\pstrip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPWebCap]
z:\SCANSO~1\PPWebCap.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QD FastAndSafe]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
V:\STEAM\\STEAM.EXE -SILENT

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\type32]
"C:\Program Files\Microsoft IntelliType Pro\type32.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
"Z:\Unlocker\UnlockerAssistant.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8520 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-06-23 12:13:52 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 X2 Dual Core Processor 4200+
CPU 1: AMD Athlon™ 64 X2 Dual Core Processor 4200+
Percentage of Memory in Use: 26%
Physical Memory (total/avail): 2047.23 MiB / 1494.53 MiB
Pagefile Memory (total/avail): 3940.24 MiB / 3340.66 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1925.92 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 23.89 GiB total, 11.52 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
V: is Fixed (NTFS) - 234.38 GiB total, 121.08 GiB free.
Z: is Fixed (NTFS) - 39.83 GiB total, 36.42 GiB free.

\\.\PHYSICALDRIVE0 - WDC WD3200KS-00PFB0 - 298.09 GiB - 3 partitions
\PARTITION0 (bootable) - Installable File System - 23.89 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 274.2 GiB - V: - Z:

\\.\PHYSICALDRIVE1 - Generic USB Storage-CFC USB Device

\\.\PHYSICALDRIVE4 - Generic USB Storage-MSC USB Device

\\.\PHYSICALDRIVE2 - Generic USB Storage-SDC USB Device

\\.\PHYSICALDRIVE3 - Generic USB Storage-SMC USB Device



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: AVG 7.5.524 v7.5.524 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\fxsclnt.exe"="C:\\WINDOWS\\system32\\fxsclnt.exe:*:Enabled:Microsoft Fax Console"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"Z:\\Turbotax 2006\\TurboTax Basic 2006\\32bit\\ttax.exe"="Z:\\Turbotax 2006\\TurboTax Basic 2006\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"Z:\\Turbotax 2006\\TurboTax Basic 2006\\32bit\\updatemgr.exe"="Z:\\Turbotax 2006\\TurboTax Basic 2006\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\\Program Files\\Microsoft Hardware\\Game Voice\\GameVoice.exe"="C:\\Program Files\\Microsoft Hardware\\Game Voice\\GameVoice.exe:*:Enabled:Game Voice"
"Z:\\LimeWire\\LimeWire.exe"="Z:\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Sierra On-Line\\SIGSPat.exe"="C:\\Program Files\\Sierra On-Line\\SIGSPat.exe:*:Enabled:SIGSPat"
"Z:\\Firefox\\Mozilla Firefox\\firefox.exe"="Z:\\Firefox\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"V:\\STUBINSTALLER.EXE"="V:\\STUBINSTALLER.EXE:*:ENABLED:LIMEWIRE SWARMED INSTALLER"
"V:\\DEMOS\\WORLD OF PADMAN\\WOP.EXE"="V:\\DEMOS\\WORLD OF PADMAN\\WOP.EXE:*:ENABLED:WOP"
"V:\\FALLOUT 3\\F3.EXE"="V:\\FALLOUT 3\\F3.EXE:*:ENABLED:F3"
"V:\\DEMOS\\STRANGLEHOLD\\BINARIES\\RETAIL-STRANGLEHOLD.EXE"="V:\\DEMOS\\STRANGLEHOLD\\BINARIES\\RETAIL-STRANGLEHOLD.EXE:*:ENABLED:STRANGLEHOLD DEMO"
"V:\\DOWNLOADS\\HL1110.EXE"="V:\\DOWNLOADS\\HL1110.EXE:*:ENABLED:HALF-LIFE UPDATE 1.1.1.0"
"V:\\DEMOS\\UNREAL TOURNAMENT 3\\BINARIES\\UT3DEMO.EXE"="V:\\DEMOS\\UNREAL TOURNAMENT 3\\BINARIES\\UT3DEMO.EXE:*:ENABLED:UNREAL TOURNAMENT 3 DEMO"
"V:\\DEMOS\\PAINKILLER OVERDOSE DEMO\\BIN\\OVERDOSEDEMO.EXE"="V:\\DEMOS\\PAINKILLER OVERDOSE DEMO\\BIN\\OVERDOSEDEMO.EXE:*:ENABLED:PAINKILLER OVERDOSE DEMO"
"V:\\WORLD OF PADMAN\\WOP.EXE"="V:\\WORLD OF PADMAN\\WOP.EXE:*:ENABLED:WOP"
"C:\\WINDOWS\\system32\\dxdiag.exe"="C:\\WINDOWS\\system32\\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool"
"V:\\Demos\\Empire Earth III\\EE3.exe"="V:\\Demos\\Empire Earth III\\EE3.exe:*:Enabled:Empire Earth III Public Demo"
"Z:\\FrostWire\\FrostWire.exe"="Z:\\FrostWire\\FrostWire.exe:*:Enabled:LimeWire"
"Z:\\Kaspersky AV\\setup.exe"="Z:\\Kaspersky AV\\setup.exe:*:Enabled:Kaspersky Anti-Virus 7.0 Setup"
"Z:\\Kaspersky AV\\avp.exe"="Z:\\Kaspersky AV\\avp.exe:*:Enabled:Kaspersky Anti-Virus"
"Z:\\AVG Free\\avginet.exe"="Z:\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"
"Z:\\AVG Free\\avgamsvr.exe"="Z:\\AVG Free\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"Z:\\AVG Free\\avgcc.exe"="Z:\\AVG Free\\avgcc.exe:*:Enabled:avgcc.exe"
"Z:\\AVG Free\\avgemc.exe"="Z:\\AVG Free\\avgemc.exe:*:Enabled:avgemc.exe"
"V:\\Crosus\\CrosuSApp.exe"="V:\\Crosus\\CrosuSApp.exe:*:Enabled:Crosus"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Phil\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PHILTH2
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Phil
LOGONSERVER=\\PHILTH2
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;Z:\Diskeeper 8.0;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 43 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2b01
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Phil\LOCALS~1\Temp
TMP=C:\DOCUME~1\Phil\LOCALS~1\Temp
USERDOMAIN=PHILTH2
USERNAME=Phil
USERPROFILE=C:\Documents and Settings\Phil
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Phil (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> MsiExec /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.42 --> "Z:\7-Zip\Uninstall.exe"
a-squared Free 3.0 --> "Z:\a-squared Free\unins000.exe"
A Tale of Two Kingdoms 1.2 --> C:\WINDOWS\iun504.exe V:\Free Games\A Tale of Two Kingdoms\irunin.ini
Acoustica MP3 To Wave Converter PLUS --> Z:\ACOUST~1\UNWISE.EXE Z:\ACOUST~1\INSTALL.LOG
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AGEIA PhysX v7.09.13 --> MsiExec.exe /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
AI RoboForm (All Users) --> "C:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe"
AMD Dual-Core Optimizer --> MsiExec.exe /X{886C92E6-4AF1-4290-BB86-4B5064A1BB7D}
Ancient Empires Lux Demo 1.0 --> "V:\DEMOS\ANCIENT EMPIRES LUX DEMO\UNINS000.EXE"
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Ashampoo Burning Studio 7.21 --> "Z:\Ashampoo Burning Studio 7\unins000.exe"
Athlon 64 Processor Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
AusLogics Disk Defrag --> "Z:\AusLogics Disk Defrag\unins000.exe"
AVG 7.5 --> Z:\AVG Free\setup.exe /UNINSTALL
AVG Anti-Rootkit Free --> Z:\AVG Anti-Rootkit Free\Uninstall.exe
AVG Anti-Spyware 7.5 --> Z:\AVG Anti-Spyware 7.5\Uninstall.exe
Bejeweled 2 Deluxe 1.1 --> V:\Bejeweled 2\Bejeweled 2 Deluxe\PopUninstall.exe "V:\Bejeweled 2\Bejeweled 2 Deluxe\Install.log"
Belarc Advisor 7.2 --> C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG
Beyond Good and Evil --> V:\BEYOND~1\UNWISE.EXE V:\BEYOND~1\INSTALL.LOG
BioShock --> C:\Program Files\InstallShield Installation Information\{E280923D-C5D9-4728-8C79-AC9A0DC75875}\Setup.exe -runfromtemp -l0x0009 -removeonly
Bossinabox 1.0 --> "V:\Free Games\Bossinabox\unins000.exe"
Brothers In Arms Demo --> V:\Demos\BrothersInArmsDemo\System\Setup.exe uninstall "BrothersInArmsDemo"
Canon PIXMA iP4000 --> C:\WINDOWS\system32\CNMCP64.exe "-PRINTERNAMECanon PIXMA iP4000" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP4000 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP4000 Installer\Inst2\cnmi0409.dll"
Canon Utilities Easy-PhotoPrint EX --> Z:\Canon Easy Photo Print\uninst.exe uninst.ini
CCleaner (remove only) --> "Z:\CCleaner\uninst.exe"
Civilization II: Test of Time --> V:\CIVILI~1\UNWISE.EXE V:\CIVILI~1\INSTALL.LOG
Company of Heroes Single Player Demo --> MsiExec.exe /X{6EA45FAC-6F5F-43EE-87D7-4688AF9E2F07}
Copernic Agent Personal --> "C:\WINDOWS\CopernicAgentUninstall(1).exe" /ARGSFILE="Z:\Copernic Agent\unwise.dat"
CrosuS --> V:\Crosus\uninstall.exe
Dead Man's Hand --> V:\DEADMA~1\UNWISE.EXE V:\DEADMA~1\INSTALL.LOG
Desktop Architect --> C:\WINDOWS\IsUninst.exe -f"z:\Desktop Architect\Uninst.isu"
Deus Ex --> V:\DeusEx\System\Setup.exe uninstall "Deus Ex"
Deus Ex Invisible War --> V:\DEUSEX~1\UNWISE.EXE V:\DEUSEX~1\INSTALL.LOG
Diskeeper Home Edition --> MsiExec.exe /X{10CA154D-A9D5-4CE9-B739-2361518108C7}
Doom 3 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}
Doomsday --> "V:\Demos\Doomsday Demo\unins000.exe"
EAX Unified --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\EAX Unified\Uninst.isu"
Empire Earth III Public Demo --> C:\Program Files\InstallShield Installation Information\{E80447AF-A31E-4F0C-9690-805284F9C45D}\setup.exe -runfromtemp -l0x0009 -removeonly
eXperience112 Demo --> C:\Program Files\InstallShield Installation Information\{55A978D7-141C-4573-BA07-22DC17ADB7DD}\setup.exe -runfromtemp -l0x0009 -removeonly
Far Cry -->
Far Cry --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}
Far Cry --> C:\Program Files\InstallShield Installation Information\{830AEB51-7904-4163-939D-2640E0E125BA}\setup.exe -runfromtemp -l0x0009 -removeonly
Forté Agent --> Z:\FORTEA~1\UNWISE.EXE Z:\FORTEA~1\INSTALL.LOG
Francesco's leveled creatures-items mod 3.3d --> "V:\OBLIVION\DATA\FRANCESCO'S MOD\UNISTALL DATA\MAIN FILES\UNINS000.EXE"
Francesco's optional new items/creatures 4.3b --> "V:\OBLIVION\DATA\FRANCESCO'S MOD\UNISTALL DATA\ADDONS\UNINS000.EXE"
FrostWire 4.13.5 --> Z:\FrostWire\Uninstall.exe
G-Zapper v1.42 --> Z:\G-Zapper\unins000.exe
GameTap --> C:\Program Files\InstallShield Installation Information\{67E158AF-8856-4337-B483-EA21930786AF}\setup.exe -runfromtemp -l0x0009 -removeonly
Garmin WebUpdater --> MsiExec.exe /X{366FFC89-C800-4366-B903-B9C4314109A5}
Generic USB Card Reader Driver v2.3 --> C:\WINDOWS\iun6002.exe "C:\Program Files\Generic\USB Card Reader Driver v2.3\irunin.ini"
Get a Life Final v1.0 --> "V:\STEAM\steamapps\SourceMods\Get_A_Life\unins000.exe"
GUN ™ --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{2DFF2906-52BB-4222-8062-1509259FC013}
Half-Life --> C:\WINDOWS\ISUNINST.EXE -F"V:\HALF LIFE\UNINST.ISU" -C"V:\HALF LIFE\HLUNINST.DLL"
Half-Life 2: Episode One --> "V:\STEAM\steam.exe" steam://uninstall/380
Half-Life 2: Episode Two --> "V:\STEAM\steam.exe" steam://uninstall/420
Half-Life 2: Lost Coast --> "V:\STEAM\STEAM.EXE" STEAM://UNINSTALL/340
Half-Life® 2 --> MsiExec.exe /I{D45EC259-4A19-4656-B588-C2C360DD18EA}
Half-Life: Blue Shift --> V:\BLUE-S~1\BSHIFT\UNWISE.EXE V:\BLUE-S~1\BSHIFT\INSTALL.LOG
Half-Life: Blue Shift Patch --> V:\BLUE-S~1\BSHIFT\UNWISE.EXE V:\BLUE-S~1\BSHIFT\INSTALL.LOG
Harpooned --> V:\Free Games\Harpooned\uninst.exe
HijackThis 2.0.2 --> "Z:\HijackThis\HijackThis.exe" /uninstall
Hitman 2: Silent Assassin --> V:\HITMAN~1\UNWISE.EXE V:\HITMAN~1\INSTALL.LOG
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
IGN Download Manager 2.2.1 --> Z:\Download Manager\uninst.exe
IrfanView (remove only) --> Z:\Irfanview\iv_uninstall.exe
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
King's Quest III --> V:\KING'S QUEST III\UNINSTALL KQ3.EXE
Lantern 3D Screensaver 1.0 --> "Z:\Screen Savers\Lantern 3D Screensaver\unins000.exe"
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Logitech MouseWare 9.75 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\setup.exe" -l0x9 -l0009 UNINSTALL
Logitech Resource Center --> Z:\Logitech\RESOUR~1\rem\UNWISE.EXE Z:\Logitech\RESOUR~1\rem\INSTALL.LOG
Loki - Demo Egyptian --> "V:\DEMOS\LOKI - DEMO EGYPTIAN\UNINS000.EXE"
Luxor 3 --> "V:\Demos\Luxor 3\ReflexiveArcade\unins000.exe"
Mafia Game --> C:\WINDOWS\system32\MafiaSetup.exe
Malwarebytes' Anti-Malware --> "Z:\Malwarebytes' Anti-Malware\unins000.exe"
Marvell Miniport Driver --> MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
MDK --> C:\WINDOWS\uninst.exe -fv:\MDK\DeIsL1.isu
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft IntelliPoint 5.2 -->
Microsoft IntelliType Pro 5.2 -->
Microsoft Office XP Media Content --> MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Professional --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0050048383C9}
Microsoft Reader --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B6F7DBE7-2FE2-458F-A738-B10832746036}\Setup.exe" -L0x9
Microsoft SQL Server Compact 3.5 Design Tools ENU --> MsiExec.exe /X{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}
Microsoft SQL Server Compact 3.5 ENU --> MsiExec.exe /I{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual Basic 2008 Express Edition - ENU --> MsiExec.exe /X{9C2DC81B-8114-37D9-A922-95E460A1FAFB}
Microsoft Visual Basic 2008 Express Edition - ENU --> Z:\Visual Basic Express\Microsoft Visual Basic 2008 Express Edition - ENU\setup.exe
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework --> MsiExec.exe /X{B4C0A315-07FB-39F9-85CD-8CE20C019350}
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32 --> MsiExec.exe /X{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}
Microsoft XNA Framework Redistributable 1.0 Refresh --> MsiExec.exe /I{311F799A-FCE9-4D9E-B5D2-CBB8859B40BB}
MightyFax --> Z:\MIGHTY~1\UnMighty.EXE
MozBackup 1.4.4 --> "Z:\MozBackup\unins000.exe"
Mozilla Firefox (2.0.0.14) --> Z:\Firefox\Mozilla Firefox\uninstall\helper.exe
Mozilla Firefox (3.0) --> Z:\Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.14) --> Z:\Thunderbird\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Mutant Demo 1.0 --> "V:\Demos\MutantDemo\unins000.exe"
myst --> C:\WINDOWS\system32\sdbinst.exe -u "C:\WINDOWS\AppPatch\Custom\{1662d9ab-812d-42e5-ba8c-c971d006b4b8}.sdb"
Mystery P.I. - The Lottery Ticket 1.0.0.4 --> C:\Program Files\PopCap Games\Mystery PI\PopUninstall.exe "C:\Program Files\PopCap Games\Mystery PI\Install.log"
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Norton SystemWorks 2002 --> MsiExec.exe /I{43C3D832-AC96-463A-8FE4-1B8D1BFA2FAS}
Norton Utilities 2002 for Windows -->
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
Oblivion --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly
OneTouch Version 3.0 --> C:\PROGRA~1\VISION~1\UNWISE.EXE C:\PROGRA~1\VISION~1\INSTALL.LOG
OpenAL --> "C:\Program Files\OpenAL\oalinst.exe" /U
Overclocked Demo --> V:\Demos\Overclocked Demo\uninst.exe
Painkiller Overdose --> "C:\Program Files\InstallShield Installation Information\{6C4765C5-7EED-40E1-A631-8263AF8B4508}\setup.exe" -runfromtemp -l0x0009 -removeonly
Painkiller Overdose Demo build 66 --> "V:\DEMOS\PAINKILLER OVERDOSE DEMO\UNINSTALL\UNINS000.EXE"
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PaperPort 7.02 --> C:\WINDOWS\IsUninst.exe -f"z:\Scansoft Paperport\Config\DeIsL1.isu" -y -c"z:\Scansoft Paperport\UnInstl2.dll"
Picasa 2 --> "Z:\Picasa\Picasa2\Uninstall.exe"
PowerQuest PartitionMagic 7.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1E5007FA-DA5E-4EDD-BDE5-14D128D66887}\setup.exe"
Prey --> "V:\STEAM\steam.exe" steam://uninstall/3970
Prince of Persia: The Sands of Time --> V:\PRINCE~1\UNWISE.EXE V:\PRINCE~1\INSTALL.LOG
Psi-Ops (remove only) --> V:\Psi-Ops\uninstall.exe
Psychonauts --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A129D1F2-CAC4-4AD7-B26D-3C6411B87DCC}\setup.exe" -l0x9 -removeonly
QuickBooks Pro Edition 2003 --> C:\Program Files\Installshield Installation Information\{237a4b22-78c2-11d6-a394-00104bd190b1}\QBReplace.exe {237a4b22-78c2-11d6-a394-00104bd190b1}#{AD46C591-FB19-11D5-A316-00104BD190B1}
Quicken 2004 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8} anything
QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
Rayman Raving Rabbids --> C:\Program Files\InstallShield Installation Information\{40A5DF56-329E-433C-8E79-99807E02F90F}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
Revo Uninstaller 1.71 --> Z:\Revo Uninstaller\uninst.exe
Safari --> MsiExec.exe /I{40589552-3892-409E-B92C-9F5032A4B2F0}
Sam and Max Episode 1 --> "V:\STEAM\STEAM.EXE" STEAM://UNINSTALL/8200
Sam and Max Episode 2 --> "V:\STEAM\STEAM.EXE" STEAM://UNINSTALL/8210
Sam and Max Episode 3 --> "V:\STEAM\STEAM.EXE" STEAM://UNINSTALL/8220
Sam and Max Episode 4 --> "V:\STEAM\STEAM.EXE" STEAM://UNINSTALL/8230
Sam and Max Episode 5 --> "V:\STEAM\STEAM.EXE" STEAM://UNINSTALL/8240
Sam and Max Episode 6 --> "V:\STEAM\STEAM.EXE" STEAM://UNINSTALL/8250
Shlongg Demo 1.01 --> "V:\Demos\Shlongg Demo\unins000.exe"
SideWinder Game Voice --> MsiExec.exe /I{49162FE8-25D2-4E64-BFF7-157514496778}
Sierra Utilities --> C:\Program Files\Sierra On-Line\sutil32.exe uninstall
Source SDK Base --> "V:\STEAM\STEAM.EXE" STEAM://UNINSTALL/215
Spybot - Search & Destroy --> "Z:\Spybot - Search & Destroy\Spybot - Search & Destroy\unins000.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"
STALKER: Shadow of Chernobyl --> "V:\STEAM\steam.exe" steam://uninstall/4500
Steam™ --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Stopple 1.00 (build 15) --> "V:\Free Games\Stopple\Stopple\unins000.exe"
Stranglehold Demo --> C:\Program Files\InstallShield Installation Information\{9F6AE5B6-B2ED-4157-8D28-1EC354F0D1B9}\Setup.exe -runfromtemp -l0x0009 -removeonly
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Symantec Technical Support Web Controls --> MsiExec.exe /X{DDC63227-BA06-4855-B002-BDB49E9F677E}
TBS WMP Plug-in --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{DB5F474C-B584-417F-810B-DEBBC1893C2A}
The Chosen DEMO (v1.11) --> "V:\DEMOS\THE CHOSEN DEMO\UNINS000.EXE"
The Graveyard --> "V:\Demos\The Graveyard\The Graveyard Trial\unins000.exe"
The Witcher Demo --> "C:\Program Files\InstallShield Installation Information\{52B94500-1782-411F-BFA5-EBAC312964DE}\setup.exe" -runfromtemp -l0x0009 -removeonly
Titan Quest --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79896C28-C277-42d5-990A-D98E10682654}\setup.exe" -l0x9
  • 0

#6
Gravity Gripp

Gravity Gripp

    Trusted Helper

  • Malware Removal
  • 1,813 posts
Pharm74, after reviewing your logs, I did find something that is of interest. I need you a couple of files for analysis so that I may better understand what's going on here.

STEP ONE
Jotti File Submission:
  • Please go to Jotti's malware scan
  • Copy and paste each file path into the "File to upload & scan"box on the top of the page, one at a time:

    • C:\WINDOWS\system32\effeacf3_z.dll
    • c:\documents and settings\phil\local settings\application data\oqusyakyg.exe
  • Click on the submit button
  • Please post the results in your next reply.

STEP TWO
Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#7
Pharm74

Pharm74

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
[quote name='Pharm74' post='1268181' date='Jun 23 2008, 12:25 PM']File: effeacf3_z.dll
Status:
OK
MD5: b14734c2b2e071356f9d0dee37e7cdbd
Packers detected:
-
Scanner results
Scan taken on 24 Jun 2008 12:58:47 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Ikarus
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing

I ran into a problem with the oqusyakyg.exe file. When I drill down to the local settings file the folder becomes a lighter color, same with the application data file, and then I can't find the oqusyakyg file. Am I doing something wrong?
Also, on the Kaspersky Webscanner site the instructions don't match up with the instuctions you provided and I can't find where you adjust the scan settings. Forgive my stupidity but please provide me with more basic instructions (like a 1st grader) on this application.


Gravity Gripp,

The following is the scan from DSS and the uninstall list:
Deckard's System Scanner v20071014.68
Run by Phil on 2008-06-23 12:12:01
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 2 Restore Point(s) --
2: 2008-06-23 16:12:05 UTC - RP871 - Deckard's System Scanner Restore Point
1: 2008-06-22 19:46:18 UTC - RP870 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Phil.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:13:18 PM, on 6/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
Z:\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
Z:\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\VISION~1\ONETOU~2.EXE
C:\WINDOWS\system32\spoolsv.exe
Z:\Windows Defender\MSASCui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
Z:\AVGFRE~1\avgcc.exe
Z:\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
Z:\Superantispyware\SUPERAntiSpyware.exe
Z:\a-squared Free\a2service.exe
Z:\AVG Anti-Spyware 7.5\guard.exe
Z:\AVGFRE~1\avgamsvr.exe
Z:\AVGFRE~1\avgupsvc.exe
Z:\AVGFRE~1\avgemc.exe
Z:\Diskeeper 8.0\DkService.exe
C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
Z:\NortonSW\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
Z:\NortonSW\SPEEDD~1\nopdb.exe
C:\WINDOWS\system32\svchost.exe
V:\Downloads\dss.exe
Z:\HIJACK~1\Phil.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://Z:\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_BAND_SEARCHBAR_HTML
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - Z:\COPERN~1\COPERN~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - Z:\SPYBOT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - Z:\Copernic Agent\CopernicAgentExt.dll
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE
O4 - HKLM\..\Run: [amd_dc_opt] "Z:\Dual Core Optimizer\amd_dc_opt.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Windows Defender] "Z:\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [FlashIcon] C:\Program Files\Generic\USB Card Reader Driver v2.3\FlashIcon.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG7_CC] Z:\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "Z:\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [igndlm.exe] Z:\Download Manager\dlm.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [oqusyakyg] c:\documents and settings\phil\local settings\application data\oqusyakyg.exe oqusyakyg
O4 - HKCU\..\Run: [SUPERAntiSpyware] Z:\Superantispyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] Z:\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] Z:\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] Z:\Picasa\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] Z:\Picasa\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://Z:\OFFICE~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Search Using Copernic Agent - res://Z:\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - Z:\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - Z:\COPERN~1\COPERN~1.EXE
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - Z:\COPERN~1\COPERN~1.EXE
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Z:\SPYBOT~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Z:\SPYBOT~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com...p/PCPitStop.CAB
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - http://www.windowsvi...iveXClient1.cab
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft...tail/DASAct.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.c...driveragent.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcp.../pcpitstop2.dll
O20 - Winlogon Notify: !SASWinLogon - Z:\Superantispyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - Z:\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - Z:\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - Z:\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - Z:\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - Z:\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - Z:\AVGFRE~1\avgemc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - Z:\Diskeeper 8.0\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - Z:\NortonSW\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Speed Disk service - Symantec Corporation - Z:\NortonSW\SPEEDD~1\nopdb.exe

--
End of file - 10928 bytes

-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,-153
.ini - inifile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,-151
.js - JSFile - shell\open\command - NOTEPAD.EXE %1
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*
.txt - txtfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,-152
.vbs - VBSFile - shell\open\command - NOTEPAD.EXE %1


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys
R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys
R2 BUFADPT - c:\windows\system32\bufadpt.sys <Not Verified; BUFFALO INC.; BUFFALO Wireless LAN>
R2 lirsgt - c:\windows\system32\drivers\lirsgt.sys
R3 AmdTools (AMD Special Tools Driver) - c:\windows\system32\drivers\amdtools.sys <Not Verified; AMD, Inc.; Special Tools Driver>

S1 SASKUTIL - z:\saskutil.sys (file missing)
S3 EagleNT - c:\windows\system32\drivers\eaglent.sys <Not Verified; AhnLab, Inc.; AhnLab, Inc.>
S3 filter - c:\windows\system32\drivers\filter.sys <Not Verified; Walter Oney Software; >
S3 grmnusb - c:\windows\system32\drivers\grmnusb.sys <Not Verified; GARMIN Corp.; Garmin USB GPS>
S3 gtermddo - c:\docume~1\phil\locals~1\temp\gtermddo.sys (file missing)
S3 QDFSDRV - c:\windows\system32\drivers\qdfsdrv.sys <Not Verified; Symantec Corporation; Norton CleanSweep>
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Diskeeper - "z:\diskeeper 8.0\dkservice.exe" <Not Verified; Executive Software International, Inc.; Diskeeper ™ Disk Defragmenter>
R2 Speed Disk service - z:\nortonsw\speedd~1\nopdb.exe <Not Verified; Symantec Corporation; Norton Speed Disk>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: RAID Controller
Device ID: PCI\VEN_1095&DEV_3132&SUBSYS_81771043&REV_01\4&E2974D5&0&0010
Manufacturer:
Name: RAID Controller
PNP Device ID: PCI\VEN_1095&DEV_3132&SUBSYS_81771043&REV_01\4&E2974D5&0&0010
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-06-23 09:44:49 302 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-04-23 12:55:12 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-05-23 and 2008-06-23 -----------------------------

2008-06-21 12:34:50 0 d-------- C:\Program Files\QuickTime
2008-06-21 11:44:57 0 d-------- C:\Documents and Settings\Phil\Application Data\Auslogics
2008-06-20 12:53:28 0 d-------- C:\Program Files\Panda Security
2008-06-20 10:17:09 0 d-------- C:\Documents and Settings\Phil\Application Data\Malwarebytes
2008-06-20 10:17:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-08 19:45:15 111616 --a------ C:\WINDOWS\system32\LTIH30TB.DLL <Not Verified; Lernout & Hauspie; NLI for RTF and HTML>
2008-06-08 19:45:15 225280 --a------ C:\WINDOWS\system32\AWRTL30.DLL <Not Verified; WexTech Systems, Inc.; AnswerWorks>
2008-06-08 19:45:15 0 d-------- C:\Program Files\Common Files\WexTech Shared
2008-06-08 19:45:15 0 d-------- C:\Program Files\Common Files\LHSPF
2008-06-08 19:44:45 339968 --a------ C:\WINDOWS\system32\cdintf.dll <Not Verified; AMYUNI Consultants
http://www.amyuni.com; Amyuni Common Driver Interface>
2008-06-08 19:44:39 1694992 --a------ C:\WINDOWS\system32\vba6.dll <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2008-06-08 19:41:44 0 d-------- C:\WINDOWS\Intuit
2008-05-24 13:04:31 69632 --a------ C:\WINDOWS\system32\xmltok.dll
2008-05-24 13:04:31 36864 --a------ C:\WINDOWS\system32\xmlparse.dll
2008-05-24 13:04:31 24576 --a------ C:\WINDOWS\system32\msxml3a.dll <Not Verified; Microsoft Corporation; Microsoft XML Core Services>
2008-05-24 13:04:31 0 d-------- C:\Program Files\Ubisoft


-- Find3M Report ---------------------------------------------------------------

2008-06-23 10:37:00 0 d-------- C:\Documents and Settings\Phil\Application Data\Move Networks
2008-06-20 10:53:43 0 d-------- C:\Documents and Settings\Phil\Application Data\SUPERAntiSpyware.com
2008-06-20 10:51:52 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-20 08:24:47 55064 --a------ C:\Documents and Settings\Phil\Application Data\GDIPFONTCACHEV1.DAT
2008-06-18 12:22:04 0 d-------- C:\Documents and Settings\Phil\Application Data\Mozilla
2008-06-10 15:29:37 0 d-------- C:\Documents and Settings\Phil\Application Data\IGN_DLM
2008-06-09 18:42:59 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-08 19:45:15 0 d-------- C:\Program Files\Common Files
2008-06-08 19:45:08 0 d-------- C:\Program Files\Common Files\Intuit
2008-05-29 17:04:12 0 d-------- C:\Documents and Settings\Phil\Application Data\AVG7
2008-05-22 22:11:15 206 --a------ C:\WINDOWS\system32\effeacf3_z.dll
2008-05-14 19:52:48 0 d-------- C:\Documents and Settings\Phil\Application Data\FrostWire
2008-05-04 11:44:49 0 d-------- C:\Program Files\Shockwave.com
2008-05-02 22:46:00 1630208 --a------ C:\WINDOWS\system32\nwiz.exe
2008-05-02 22:46:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2008-05-02 22:46:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2008-05-02 22:46:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2008-05-02 22:46:00 1486848 --a------ C:\WINDOWS\system32\nview.dll
2008-05-02 22:46:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2008-05-02 22:46:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2008-05-02 22:46:00 425984 --a------ C:\WINDOWS\system32\keystone.exe
2008-04-27 22:39:12 0 d-------- C:\Program Files\Maxthon
2008-04-27 16:14:54 0 d-------- C:\Documents and Settings\Phil\Application Data\FloodLightGames
2008-04-25 09:02:32 0 d-------- C:\Documents and Settings\Phil\Application Data\MxBoost
2008-04-23 19:42:35 44968 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-04-23 12:55:10 0 d-------- C:\Program Files\Apple Software Update
2008-04-17 13:52:13 9780 --a------ C:\WINDOWS\mozver.dat
2008-04-17 12:14:47 884 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-04-06 07:45:54 0 --a------ C:\Program Files\temp01


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneTouch Monitor"="C:\PROGRA~1\VISION~1\ONETOU~2.EXE" [10/16/2001 08:08 AM]
"amd_dc_opt"="Z:\Dual Core Optimizer\amd_dc_opt.exe" [06/28/2006 03:42 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/02/2008 10:46 PM]
"nwiz"="nwiz.exe" [05/02/2008 10:46 PM C:\WINDOWS\system32\nwiz.exe]
"Windows Defender"="Z:\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"FlashIcon"="C:\Program Files\Generic\USB Card Reader Driver v2.3\FlashIcon.exe" [07/21/2004 07:48 AM]
"SoundMan"="SOUNDMAN.EXE" [04/16/2007 03:28 PM C:\WINDOWS\soundman.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"AVG7_CC"="Z:\AVGFRE~1\avgcc.exe" [04/15/2008 09:23 PM]
"!AVG Anti-Spyware"="Z:\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 05:25 AM]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [05/02/2008 10:46 PM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [05/27/2008 10:50 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [12/02/2006 10:55 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 AM]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" []
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" []
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [09/10/2006 10:56 PM]
"igndlm.exe"="Z:\Download Manager\dlm.exe" [03/05/2007 01:57 PM]
"oqusyakyg"="c:\documents and settings\phil\local settings\application data\oqusyakyg.exe" [06/19/2008 08:32 PM]
"SUPERAntiSpyware"="Z:\Superantispyware\SUPERAntiSpyware.exe" [05/28/2008 10:33 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Picasa Media Detector"=Z:\Picasa\Picasa2\PicasaMediaDetector.exe
"AVG7_Run"=Z:\AVGFRE~1\avgw.exe /RUNONCE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= Z:\Superantispyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
Z:\Superantispyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 Z:\Superantispyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=apitrap.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MightyFAX Controller.lnk]
backup=C:\WINDOWS\pss\MightyFAX Controller.lnkCommon Startup
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MightyFAX Controller.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Phil^Start Menu^Programs^Startup^Check for OneTouch Updates.lnk]
backup=C:\WINDOWS\pss\Check for OneTouch Updates.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hcsystray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
Z:\Download Manager\dlm.exe /windowsstart /startifwork

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
"C:\Program Files\Microsoft IntelliPoint\point32.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
Logi_MwX.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
Z:\Picasa\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerStrip]
z:\powerstrip\pstrip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPWebCap]
z:\SCANSO~1\PPWebCap.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QD FastAndSafe]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
V:\STEAM\\STEAM.EXE -SILENT

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\type32]
"C:\Program Files\Microsoft IntelliType Pro\type32.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
"Z:\Unlocker\UnlockerAssistant.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8520 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-06-23 12:13:52 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 X2 Dual Core Processor 4200+
CPU 1: AMD Athlon™ 64 X2 Dual Core Processor 4200+
Percentage of Memory in Use: 26%
Physical Memory (total/avail): 2047.23 MiB / 1494.53 MiB
Pagefile Memory (total/avail): 3940.24 MiB / 3340.66 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1925.92 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 23.89 GiB total, 11.52 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
V: is Fixed (NTFS) - 234.38 GiB total, 121.08 GiB free.
Z: is Fixed (NTFS) - 39.83 GiB total, 36.42 GiB free.

\\.\PHYSICALDRIVE0 - WDC WD3200KS-00PFB0 - 298.09 GiB - 3 partitions
\PARTITION0 (bootable) - Installable File System - 23.89 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 274.2 GiB - V: - Z:

\\.\PHYSICALDRIVE1 - Generic USB Storage-CFC USB Device

\\.\PHYSICALDRIVE4 - Generic USB Storage-MSC USB Device

\\.\PHYSICALDRIVE2 - Generic USB Storage-SDC USB Device

\\.\PHYSICALDRIVE3 - Generic USB Storage-SMC USB Device



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: AVG 7.5.524 v7.5.524 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\fxsclnt.exe"="C:\\WINDOWS\\system32\\fxsclnt.exe:*:Enabled:Microsoft Fax Console"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"Z:\\Turbotax 2006\\TurboTax Basic 2006\\32bit\\ttax.exe"="Z:\\Turbotax 2006\\TurboTax Basic 2006\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"Z:\\Turbotax 2006\\TurboTax Basic 2006\\32bit\\updatemgr.exe"="Z:\\Turbotax 2006\\TurboTax Basic 2006\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\\Program Files\\Microsoft Hardware\\Game Voice\\GameVoice.exe"="C:\\Program Files\\Microsoft Hardware\\Game Voice\\GameVoice.exe:*:Enabled:Game Voice"
"Z:\\LimeWire\\LimeWire.exe"="Z:\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Sierra On-Line\\SIGSPat.exe"="C:\\Program Files\\Sierra On-Line\\SIGSPat.exe:*:Enabled:SIGSPat"
"Z:\\Firefox\\Mozilla Firefox\\firefox.exe"="Z:\\Firefox\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"V:\\STUBINSTALLER.EXE"="V:\\STUBINSTALLER.EXE:*:ENABLED:LIMEWIRE SWARMED INSTALLER"
"V:\\DEMOS\\WORLD OF PADMAN\\WOP.EXE"="V:\\DEMOS\\WORLD OF PADMAN\\WOP.EXE:*:ENABLED:WOP"
"V:\\FALLOUT 3\\F3.EXE"="V:\\FALLOUT 3\\F3.EXE:*:ENABLED:F3"
"V:\\DEMOS\\STRANGLEHOLD\\BINARIES\\RETAIL-STRANGLEHOLD.EXE"="V:\\DEMOS\\STRANGLEHOLD\\BINARIES\\RETAIL-STRANGLEHOLD.EXE:*:ENABLED:STRANGLEHOLD DEMO"
"V:\\DOWNLOADS\\HL1110.EXE"="V:\\DOWNLOADS\\HL1110.EXE:*:ENABLED:HALF-LIFE UPDATE 1.1.1.0"
"V:\\DEMOS\\UNREAL TOURNAMENT 3\\BINARIES\\UT3DEMO.EXE"="V:\\DEMOS\\UNREAL TOURNAMENT 3\\BINARIES\\UT3DEMO.EXE:*:ENABLED:UNREAL TOURNAMENT 3 DEMO"
"V:\\DEMOS\\PAINKILLER OVERDOSE DEMO\\BIN\\OVERDOSEDEMO.EXE"="V:\\DEMOS\\PAINKILLER OVERDOSE DEMO\\BIN\\OVERDOSEDEMO.EXE:*:ENABLED:PAINKILLER OVERDOSE DEMO"
"V:\\WORLD OF PADMAN\\WOP.EXE"="V:\\WORLD OF PADMAN\\WOP.EXE:*:ENABLED:WOP"
"C:\\WINDOWS\\system32\\dxdiag.exe"="C:\\WINDOWS\\system32\\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool"
"V:\\Demos\\Empire Earth III\\EE3.exe"="V:\\Demos\\Empire Earth III\\EE3.exe:*:Enabled:Empire Earth III Public Demo"
"Z:\\FrostWire\\FrostWire.exe"="Z:\\FrostWire\\FrostWire.exe:*:Enabled:LimeWire"
"Z:\\Kaspersky AV\\setup.exe"="Z:\\Kaspersky AV\\setup.exe:*:Enabled:Kaspersky Anti-Virus 7.0 Setup"
"Z:\\Kaspersky AV\\avp.exe"="Z:\\Kaspersky AV\\avp.exe:*:Enabled:Kaspersky Anti-Virus"
"Z:\\AVG Free\\avginet.exe"="Z:\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"
"Z:\\AVG Free\\avgamsvr.exe"="Z:\\AVG Free\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"Z:\\AVG Free\\avgcc.exe"="Z:\\AVG Free\\avgcc.exe:*:Enabled:avgcc.exe"
"Z:\\AVG Free\\avgemc.exe"="Z:\\AVG Free\\avgemc.exe:*:Enabled:avgemc.exe"
"V:\\Crosus\\CrosuSApp.exe"="V:\\Crosus\\CrosuSApp.exe:*:Enabled:Crosus"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Phil\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PHILTH2
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Phil
LOGONSERVER=\\PHILTH2
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;Z:\Diskeeper 8.0;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 43 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2b01
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Phil\LOCALS~1\Temp
TMP=C:\DOCUME~1\Phil\LOCALS~1\Temp
USERDOMAIN=PHILTH2
USERNAME=Phil
USERPROFILE=C:\Documents and Settings\Phil
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Phil (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> MsiExec /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.42 --> "Z:\7-Zip\Uninstall.exe"
a-squared Free 3.0 --> "Z:\a-squared Free\unins000.exe"
A Tale of Two Kingdoms 1.2 --> C:\WINDOWS\iun504.exe V:\Free Games\A Tale of Two Kingdoms\irunin.ini
Acoustica MP3 To Wave Converter PLUS --> Z:\ACOUST~1\UNWISE.EXE Z:\ACOUST~1\INSTALL.LOG
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AGEIA PhysX v7.09.13 --> MsiExec.exe /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
AI RoboForm (All Users) --> "C:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe"
AMD Dual-Core Optimizer --> MsiExec.exe /X{886C92E6-4AF1-4290-BB86-4B5064A1BB7D}
Ancient Empires Lux Demo 1.0 --> "V:\DEMOS\ANCIENT EMPIRES LUX DEMO\UNINS000.EXE"
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Ashampoo Burning Studio 7.21 --> "Z:\Ashampoo Burning Studio 7\unins000.exe"
Athlon 64 Processor Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
AusLogics Disk Defrag --> "Z:\AusLogics Disk Defrag\unins000.exe"
AVG 7.5 --> Z:\AVG Free\setup.exe /UNINSTALL
AVG Anti-Rootkit Free --> Z:\AVG Anti-Rootkit Free\Uninstall.exe
AVG Anti-Spyware 7.5 --> Z:\AVG Anti-Spyware 7.5\Uninstall.exe
Bejeweled 2 Deluxe 1.1 --> V:\Bejeweled 2\Bejeweled 2 Deluxe\PopUninstall.exe "V:\Bejeweled 2\Bejeweled 2 Deluxe\Install.log"
Belarc Advisor 7.2 --> C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG
Beyond Good and Evil --> V:\BEYOND~1\UNWISE.EXE V:\BEYOND~1\INSTALL.LOG
BioShock --> C:\Program Files\InstallShield Installation Information\{E280923D-C5D9-4728-8C79-AC9A0DC75875}\Setup.exe -runfromtemp -l0x0009 -removeonly
Bossinabox 1.0 --> "V:\Free Games\Bossinabox\unins000.exe"
Brothers In Arms Demo --> V:\Demos\BrothersInArmsDemo\System\Setup.exe uninstall "BrothersInArmsDemo"
Canon PIXMA iP4000 --> C:\WINDOWS\system32\CNMCP64.exe "-PRINTERNAMECanon PIXMA iP4000" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP4000 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP4000 Installer\Inst2\cnmi0409.dll"
Canon Utilities Easy-PhotoPrint EX --> Z:\Canon Easy Photo Print\uninst.exe uninst.ini
CCleaner (remove only) --> "Z:\CCleaner\uninst.exe"
Civilization II: Test of Time --> V:\CIVILI~1\UNWISE.EXE V:\CIVILI~1\INSTALL.LOG
Company of Heroes Single Player Demo --> MsiExec.exe /X{6EA45FAC-6F5F-43EE-87D7-4688AF9E2F07}
Copernic Agent Personal --> "C:\WINDOWS\CopernicAgentUninstall(1).exe" /ARGSFILE="Z:\Copernic Agent\unwise.dat"
CrosuS --> V:\Crosus\uninstall.exe
Dead Man's Hand --> V:\DEADMA~1\UNWISE.EXE V:\DEADMA~1\INSTALL.LOG
Desktop Architect --> C:\WINDOWS\IsUninst.exe -f"z:\Desktop Architect\Uninst.isu"
Deus Ex --> V:\DeusEx\System\Setup.exe uninstall "Deus Ex"
Deus Ex Invisible War --> V:\DEUSEX~1\UNWISE.EXE V:\DEUSEX~1\INSTALL.LOG
Diskeeper Home Edition --> MsiExec.exe /X{10CA154D-A9D5-4CE9-B739-2361518108C7}
Doom 3 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}
Doomsday --> "V:\Demos\Doomsday Demo\unins000.exe"
EAX Unified --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\EAX Unified\Uninst.isu"
Empire Earth III Public Demo --> C:\Program Files\InstallShield Installation Information\{E80447AF-A31E-4F0C-9690-805284F9C45D}\setup.exe -runfromtemp -l0x0009 -removeonly
eXperience112 Demo --> C:\Program Files\InstallShield Installation Information\{55A978D7-141C-4573-BA07-22DC17ADB7DD}\setup.exe -runfromtemp -l0x0009 -removeonly
Far Cry -->
Far Cry --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}
Far Cry --> C:\Program Files\InstallShield Installation Information\{830AEB51-7904-4163-939D-2640E0E125BA}\setup.exe -runfromtemp -l0x0009 -removeonly
Forté Agent --> Z:\FORTEA~1\UNWISE.EXE Z:\FORTEA~1\INSTALL.LOG
Francesco's leveled creatures-items mod 3.3d --> "V:\OBLIVION\DATA\FRANCESCO'S MOD\UNISTALL DATA\MAIN FILES\UNINS000.EXE"
Francesco's optional new items/creatures 4.3b --> "V:\OBLIVION\DATA\FRANCESCO'S MOD\UNISTALL DATA\ADDONS\UNINS000.EXE"
FrostWire 4.13.5 --> Z:\FrostWire\Uninstall.exe
G-Zapper v1.42 --> Z:\G-Zapper\unins000.exe
GameTap --> C:\Program Files\InstallShield Installation Information\{67E158AF-8856-4337-B483-EA21930786AF}\setup.exe -runfromtemp -l0x0009 -removeonly
Garmin WebUpdater --> MsiExec.exe /X{366FFC89-C800-4366-B903-B9C4314109A5}
Generic USB Card Reader Driver v2.3 --> C:\WINDOWS\iun6002.exe "C:\Program Files\Generic\USB Card Reader Driver v2.3\irunin.ini"
Get a Life Final v1.0 --> "V:\STEAM\steamapps\SourceMods\Get_A_Life\unins000.exe"
GUN ™ --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{2DFF2906-52BB-4222-8062-1509259FC013}
Half-Life --> C:\WINDOWS\ISUNINST.EXE -F"V:\HALF LIFE\UNINST.ISU" -C"V:\HALF LIFE\HLUNINST.DLL"
Half-Life 2: Episode One --> "V:\STEAM\steam.exe" steam://uninstall/380
Half-Life 2: Episode Two --> "V:\STEAM\steam.exe" steam://uninstall/420
Half-Life 2: Lost Coast --> "V:\STEAM\STEAM.EXE" STEAM://UNINSTALL/340
Half-Life® 2 --> MsiExec.exe /I{D45EC259-4A19-4656-B588-C2C360DD18EA}
Half-Life: Blue Shift --> V:\BLUE-S~1\BSHIFT\UNWISE.EXE V:\BLUE-S~1\BSHIFT\INSTALL.LOG
Half-Life: Blue Shift Patch --> V:\BLUE-S~1\BSHIFT\UNWISE.EXE V:\BLUE-S~1\BSHIFT\INSTALL.LOG
Harpooned --> V:\Free Games\Harpooned\uninst.exe
HijackThis 2.0.2 --> "Z:\HijackThis\HijackThis.exe" /uninstall
Hitman 2: Silent Assassin --> V:\HITMAN~1\UNWISE.EXE V:\HITMAN~1\INSTALL.LOG
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
IGN Download Manager 2.2.1 --> Z:\Download Manager\uninst.exe
IrfanView (remove only) --> Z:\Irfanview\iv_uninstall.exe
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
King's Quest III --> V:\KING'S QUEST III\UNINSTALL KQ3.EXE
Lantern 3D Screensaver 1.0 --> "Z:\Screen Savers\Lantern 3D Screensaver\unins000.exe"
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Logitech MouseWare 9.75 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\setup.exe" -l0x9 -l0009 UNINSTALL
Logitech Resource Center --> Z:\Logitech\RESOUR~1\rem\UNWISE.EXE Z:\Logitech\RESOUR~1\rem\INSTALL.LOG
Loki - Demo Egyptian --> "V:\DEMOS\LOKI - DEMO EGYPTIAN\UNINS000.EXE"
Luxor 3 --> "V:\Demos\Luxor 3\ReflexiveArcade\unins000.exe"
Mafia Game --> C:\WINDOWS\system32\MafiaSetup.exe
Malwarebytes' Anti-Malware --> "Z:\Malwarebytes' Anti-Malware\unins000.exe"
Marvell Miniport Driver --> MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
MDK --> C:\WINDOWS\uninst.exe -fv:\MDK\DeIsL1.isu
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft IntelliPoint 5.2 -->
Microsoft IntelliType Pro 5.2 -->
Microsoft Office XP Media Content --> MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Professional --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0050048383C9}
Microsoft Reader --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B6F7DBE7-2FE2-458F-A738-B10832746036}\Setup.exe" -L0x9
Microsoft SQL Server Compact 3.5 Design Tools ENU --> MsiExec.exe /X{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}
Microsoft SQL Server Compact 3.5 ENU --> MsiExec.exe /I{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual Basic 2008 Express Edition - ENU --> MsiExec.exe /X{9C2DC81B-8114-37D9-A922-95E460A1FAFB}
Microsoft Visual Basic 2008 Express Edition - ENU --> Z:\Visual Basic Express\Microsoft Visual Basic 2008 Express Edition - ENU\setup.exe
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework --> MsiExec.exe /X{B4C0A315-07FB-39F9-85CD-8CE20C019350}
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32 --> MsiExec.exe /X{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}
Microsoft XNA Framework Redistributable 1.0 Refresh --> MsiExec.exe /I{311F799A-FCE9-4D9E-B5D2-CBB8859B40BB}
MightyFax --> Z:\MIGHTY~1\UnMighty.EXE
MozBackup 1.4.4 --> "Z:\MozBackup\unins000.exe"
Mozilla Firefox (2.0.0.14) --> Z:\Firefox\Mozilla Firefox\uninstall\helper.exe
Mozilla Firefox (3.0) --> Z:\Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.14) --> Z:\Thunderbird\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Mutant Demo 1.0 --> "V:\Demos\MutantDemo\unins000.exe"
myst --> C:\WINDOWS\system32\sdbinst.exe -u "C:\WINDOWS\AppPatch\Custom\{1662d9ab-812d-42e5-ba8c-c971d006b4b8}.sdb"
Mystery P.I. - The Lottery Ticket 1.0.0.4 --> C:\Program Files\PopCap Games\Mystery PI\PopUninstall.exe "C:\Program Files\PopCap Games\Mystery PI\Install.log"
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Norton SystemWorks 2002 --> MsiExec.exe /I{43C3D832-AC96-463A-8FE4-1B8D1BFA2FAS}
Norton Utilities 2002 for Windows -->
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
Oblivion --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly
OneTouch Version 3.0 --> C:\PROGRA~1\VISION~1\UNWISE.EXE C:\PROGRA~1\VISION~1\INSTALL.LOG
OpenAL --> "C:\Program Files\OpenAL\oalinst.exe" /U
Overclocked Demo --> V:\Demos\Overclocked Demo\uninst.exe
Painkiller Overdose --> "C:\Program Files\InstallShield Installation Information\{6C4765C5-7EED-40E1-A631-8263AF8B4508}\setup.exe" -runfromtemp -l0x0009 -removeonly
Painkiller Overdose Demo build 66 --> "V:\DEMOS\PAINKILLER OVERDOSE DEMO\UNINSTALL\UNINS000.EXE"
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PaperPort 7.02 --> C:\WINDOWS\IsUninst.exe -f"z:\Scansoft Paperport\Config\DeIsL1.isu" -y -c"z:\Scansoft Paperport\UnInstl2.dll"
Picasa 2 --> "Z:\Picasa\Picasa2\Uninstall.exe"
PowerQuest PartitionMagic 7.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1E5007FA-DA5E-4EDD-BDE5-14D128D66887}\setup.exe"
Prey --> "V:\STEAM\steam.exe" steam://uninstall/3970
Prince of Persia: The Sands of Time --> V:\PRINCE~1\UNWISE.EXE V:\PRINCE~1\INSTALL.LOG
Psi-Ops (remove only) --> V:\Psi-Ops\uninstall.exe
Psychonauts --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A129D1F2-CAC4-4AD7-B26D-3C6411B87DCC}\setup.exe" -l0x9 -removeonly
QuickBooks Pro Edition 2003 --> C:\Program Files\Installshield Installation Information\{237a4b22-78c2-11d6-a394-00104bd190b1}\QBReplace.exe {237a4b22-78c2-11d6-a394-00104bd190b1}#{AD46C591-FB19-11D5-A316-00104BD190B1}
Quicken 2004 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8} anything
QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
Rayman Raving Rabbids --> C:\Program Files\InstallShield Installation Information\{40A5DF56-329E-433C-8E79-99807E02F90F}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
Revo Uninstaller 1.71 --> Z:\Revo Uninstaller\uninst.exe
Safari --> MsiExec.exe /I{40589552-3892-409E-B92C-9F5032A4B2F0}
Sam and Max Episode 1 --> "V:\STEAM\STEAM.EXE" STEAM://UNINSTALL/8200
Sam and Max Episode 2 --> "V:\STEAM\STEAM.EXE" STEAM://UNINSTALL/8210
Sam and Max Episode 3 --> "V:\STEAM\STEAM.EXE" STEAM://UNINSTALL/8220
Sam and Max Episode 4 --> "V:\STEAM\STEAM.EXE" STEAM://UNINSTALL/8230
Sam and Max Episode 5 --> "V:\STEAM\STEAM.EXE" STEAM://UNINSTALL/8240
Sam and Max Episode 6 --> "V:\STEAM\STEAM.EXE" STEAM://UNINSTALL/8250
Shlongg Demo 1.01 --> "V:\Demos\Shlongg Demo\unins000.exe"
SideWinder Game Voice --> MsiExec.exe /I{49162FE8-25D2-4E64-BFF7-157514496778}
Sierra Utilities --> C:\Program Files\Sierra On-Line\sutil32.exe uninstall
Source SDK Base --> "V:\STEAM\STEAM.EXE" STEAM://UNINSTALL/215
Spybot - Search & Destroy --> "Z:\Spybot - Search & Destroy
  • 0

#8
Pharm74

Pharm74

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Here's the results of my Kaspersky Webscanner:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, June 24, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, June 24, 2008 22:40:43
Records in database: 881538
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
V:\
Z:\

Scan statistics:
Files scanned: 157245
Threat name: 2
Infected objects: 3
Suspicious objects: 0
Duration of the scan: 01:52:57


File name / Threat name / Threats count
C:\Documents and Settings\Phil\Desktop\Apps\Navilog1.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
V:\Incomplete\Preview-T-3545425-animal trainer toad mountain.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
Z:\Navilog1\Navilog1.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1

The selected area was scanned.






[quote name='Pharm74' post='1268181' date='Jun 23 2008, 12:25 PM']Gravity Gripp,

The following is the scan from DSS and the uninstall list:
Deckard's System Scanner v20071014.68
Run by Phil on 2008-06-23 12:12:01
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 2 Restore Point(s) --
2: 2008-06-23 16:12:05 UTC - RP871 - Deckard's System Scanner Restore Point
1: 2008-06-22 19:46:18 UTC - RP870 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Phil.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:13:18 PM, on 6/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
Z:\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
Z:\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\VISION~1\ONETOU~2.EXE
C:\WINDOWS\system32\spoolsv.exe
Z:\Windows Defender\MSASCui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
Z:\AVGFRE~1\avgcc.exe
Z:\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
Z:\Superantispyware\SUPERAntiSpyware.exe
Z:\a-squared Free\a2service.exe
Z:\AVG Anti-Spyware 7.5\guard.exe
Z:\AVGFRE~1\avgamsvr.exe
Z:\AVGFRE~1\avgupsvc.exe
Z:\AVGFRE~1\avgemc.exe
Z:\Diskeeper 8.0\DkService.exe
C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
Z:\NortonSW\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
Z:\NortonSW\SPEEDD~1\nopdb.exe
C:\WINDOWS\system32\svchost.exe
V:\Downloads\dss.exe
Z:\HIJACK~1\Phil.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://Z:\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_BAND_SEARCHBAR_HTML
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - Z:\COPERN~1\COPERN~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - Z:\SPYBOT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - Z:\Copernic Agent\CopernicAgentExt.dll
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE
O4 - HKLM\..\Run: [amd_dc_opt] "Z:\Dual Core Optimizer\amd_dc_opt.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Windows Defender] "Z:\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [FlashIcon] C:\Program Files\Generic\USB Card Reader Driver v2.3\FlashIcon.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG7_CC] Z:\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "Z:\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [igndlm.exe] Z:\Download Manager\dlm.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [oqusyakyg] c:\documents and settings\phil\local settings\application data\oqusyakyg.exe oqusyakyg
O4 - HKCU\..\Run: [SUPERAntiSpyware] Z:\Superantispyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] Z:\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] Z:\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] Z:\Picasa\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] Z:\Picasa\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://Z:\OFFICE~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Search Using Copernic Agent - res://Z:\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - Z:\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - Z:\COPERN~1\COPERN~1.EXE
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - Z:\COPERN~1\COPERN~1.EXE
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Z:\SPYBOT~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Z:\SPYBOT~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com...p/PCPitStop.CAB
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - http://www.windowsvi...iveXClient1.cab
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft...tail/DASAct.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.c...driveragent.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcp.../pcpitstop2.dll
O20 - Winlogon Notify: !SASWinLogon - Z:\Superantispyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - Z:\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - Z:\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - Z:\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - Z:\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - Z:\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - Z:\AVGFRE~1\avgemc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - Z:\Diskeeper 8.0\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - Z:\NortonSW\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Speed Disk service - Symantec Corporation - Z:\NortonSW\SPEEDD~1\nopdb.exe

--
End of file - 10928 bytes

-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,-153
.ini - inifile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,-151
.js - JSFile - shell\open\command - NOTEPAD.EXE %1
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*
.txt - txtfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,-152
.vbs - VBSFile - shell\open\command - NOTEPAD.EXE %1


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys
R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys
R2 BUFADPT - c:\windows\system32\bufadpt.sys <Not Verified; BUFFALO INC.; BUFFALO Wireless LAN>
R2 lirsgt - c:\windows\system32\drivers\lirsgt.sys
R3 AmdTools (AMD Special Tools Driver) - c:\windows\system32\drivers\amdtools.sys <Not Verified; AMD, Inc.; Special Tools Driver>

S1 SASKUTIL - z:\saskutil.sys (file missing)
S3 EagleNT - c:\windows\system32\drivers\eaglent.sys <Not Verified; AhnLab, Inc.; AhnLab, Inc.>
S3 filter - c:\windows\system32\drivers\filter.sys <Not Verified; Walter Oney Software; >
S3 grmnusb - c:\windows\system32\drivers\grmnusb.sys <Not Verified; GARMIN Corp.; Garmin USB GPS>
S3 gtermddo - c:\docume~1\phil\locals~1\temp\gtermddo.sys (file missing)
S3 QDFSDRV - c:\windows\system32\drivers\qdfsdrv.sys <Not Verified; Symantec Corporation; Norton CleanSweep>
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Diskeeper - "z:\diskeeper 8.0\dkservice.exe" <Not Verified; Executive Software International, Inc.; Diskeeper ™ Disk Defragmenter>
R2 Speed Disk service - z:\nortonsw\speedd~1\nopdb.exe <Not Verified; Symantec Corporation; Norton Speed Disk>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: RAID Controller
Device ID: PCI\VEN_1095&DEV_3132&SUBSYS_81771043&REV_01\4&E2974D5&0&0010
Manufacturer:
Name: RAID Controller
PNP Device ID: PCI\VEN_1095&DEV_3132&SUBSYS_81771043&REV_01\4&E2974D5&0&0010
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-06-23 09:44:49 302 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-04-23 12:55:12 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-05-23 and 2008-06-23 -----------------------------

2008-06-21 12:34:50 0 d-------- C:\Program Files\QuickTime
2008-06-21 11:44:57 0 d-------- C:\Documents and Settings\Phil\Application Data\Auslogics
2008-06-20 12:53:28 0 d-------- C:\Program Files\Panda Security
2008-06-20 10:17:09 0 d-------- C:\Documents and Settings\Phil\Application Data\Malwarebytes
2008-06-20 10:17:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-08 19:45:15 111616 --a------ C:\WINDOWS\system32\LTIH30TB.DLL <Not Verified; Lernout & Hauspie; NLI for RTF and HTML>
2008-06-08 19:45:15 225280 --a------ C:\WINDOWS\system32\AWRTL30.DLL <Not Verified; WexTech Systems, Inc.; AnswerWorks>
2008-06-08 19:45:15 0 d-------- C:\Program Files\Common Files\WexTech Shared
2008-06-08 19:45:15 0 d-------- C:\Program Files\Common Files\LHSPF
2008-06-08 19:44:45 339968 --a------ C:\WINDOWS\system32\cdintf.dll <Not Verified; AMYUNI Consultants
http://www.amyuni.com; Amyuni Common Driver Interface>
2008-06-08 19:44:39 1694992 --a------ C:\WINDOWS\system32\vba6.dll <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2008-06-08 19:41:44 0 d-------- C:\WINDOWS\Intuit
2008-05-24 13:04:31 69632 --a------ C:\WINDOWS\system32\xmltok.dll
2008-05-24 13:04:31 36864 --a------ C:\WINDOWS\system32\xmlparse.dll
2008-05-24 13:04:31 24576 --a------ C:\WINDOWS\system32\msxml3a.dll <Not Verified; Microsoft Corporation; Microsoft XML Core Services>
2008-05-24 13:04:31 0 d-------- C:\Program Files\Ubisoft


-- Find3M Report ---------------------------------------------------------------

2008-06-23 10:37:00 0 d-------- C:\Documents and Settings\Phil\Application Data\Move Networks
2008-06-20 10:53:43 0 d-------- C:\Documents and Settings\Phil\Application Data\SUPERAntiSpyware.com
2008-06-20 10:51:52 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-20 08:24:47 55064 --a------ C:\Documents and Settings\Phil\Application Data\GDIPFONTCACHEV1.DAT
2008-06-18 12:22:04 0 d-------- C:\Documents and Settings\Phil\Application Data\Mozilla
2008-06-10 15:29:37 0 d-------- C:\Documents and Settings\Phil\Application Data\IGN_DLM
2008-06-09 18:42:59 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-08 19:45:15 0 d-------- C:\Program Files\Common Files
2008-06-08 19:45:08 0 d-------- C:\Program Files\Common Files\Intuit
2008-05-29 17:04:12 0 d-------- C:\Documents and Settings\Phil\Application Data\AVG7
2008-05-22 22:11:15 206 --a------ C:\WINDOWS\system32\effeacf3_z.dll
2008-05-14 19:52:48 0 d-------- C:\Documents and Settings\Phil\Application Data\FrostWire
2008-05-04 11:44:49 0 d-------- C:\Program Files\Shockwave.com
2008-05-02 22:46:00 1630208 --a------ C:\WINDOWS\system32\nwiz.exe
2008-05-02 22:46:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2008-05-02 22:46:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2008-05-02 22:46:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2008-05-02 22:46:00 1486848 --a------ C:\WINDOWS\system32\nview.dll
2008-05-02 22:46:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2008-05-02 22:46:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2008-05-02 22:46:00 425984 --a------ C:\WINDOWS\system32\keystone.exe
2008-04-27 22:39:12 0 d-------- C:\Program Files\Maxthon
2008-04-27 16:14:54 0 d-------- C:\Documents and Settings\Phil\Application Data\FloodLightGames
2008-04-25 09:02:32 0 d-------- C:\Documents and Settings\Phil\Application Data\MxBoost
2008-04-23 19:42:35 44968 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-04-23 12:55:10 0 d-------- C:\Program Files\Apple Software Update
2008-04-17 13:52:13 9780 --a------ C:\WINDOWS\mozver.dat
2008-04-17 12:14:47 884 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-04-06 07:45:54 0 --a------ C:\Program Files\temp01


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneTouch Monitor"="C:\PROGRA~1\VISION~1\ONETOU~2.EXE" [10/16/2001 08:08 AM]
"amd_dc_opt"="Z:\Dual Core Optimizer\amd_dc_opt.exe" [06/28/2006 03:42 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/02/2008 10:46 PM]
"nwiz"="nwiz.exe" [05/02/2008 10:46 PM C:\WINDOWS\system32\nwiz.exe]
"Windows Defender"="Z:\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"FlashIcon"="C:\Program Files\Generic\USB Card Reader Driver v2.3\FlashIcon.exe" [07/21/2004 07:48 AM]
"SoundMan"="SOUNDMAN.EXE" [04/16/2007 03:28 PM C:\WINDOWS\soundman.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"AVG7_CC"="Z:\AVGFRE~1\avgcc.exe" [04/15/2008 09:23 PM]
"!AVG Anti-Spyware"="Z:\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 05:25 AM]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [05/02/2008 10:46 PM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [05/27/2008 10:50 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [12/02/2006 10:55 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 AM]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" []
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" []
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [09/10/2006 10:56 PM]
"igndlm.exe"="Z:\Download Manager\dlm.exe" [03/05/2007 01:57 PM]
"oqusyakyg"="c:\documents and settings\phil\local settings\application data\oqusyakyg.exe" [06/19/2008 08:32 PM]
"SUPERAntiSpyware"="Z:\Superantispyware\SUPERAntiSpyware.exe" [05/28/2008 10:33 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Picasa Media Detector"=Z:\Picasa\Picasa2\PicasaMediaDetector.exe
"AVG7_Run"=Z:\AVGFRE~1\avgw.exe /RUNONCE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= Z:\Superantispyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
Z:\Superantispyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 Z:\Superantispyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=apitrap.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MightyFAX Controller.lnk]
backup=C:\WINDOWS\pss\MightyFAX Controller.lnkCommon Startup
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MightyFAX Controller.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Phil^Start Menu^Programs^Startup^Check for OneTouch Updates.lnk]
backup=C:\WINDOWS\pss\Check for OneTouch Updates.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hcsystray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
Z:\Download Manager\dlm.exe /windowsstart /startifwork

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
"C:\Program Files\Microsoft IntelliPoint\point32.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
Logi_MwX.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
Z:\Picasa\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerStrip]
z:\powerstrip\pstrip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPWebCap]
z:\SCANSO~1\PPWebCap.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QD FastAndSafe]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
V:\STEAM\\STEAM.EXE -SILENT

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\type32]
"C:\Program Files\Microsoft IntelliType Pro\type32.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
"Z:\Unlocker\UnlockerAssistant.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8520 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-06-23 12:13:52 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 X2 Dual Core Processor 4200+
CPU 1: AMD Athlon™ 64 X2 Dual Core Processor 4200+
Percentage of Memory in Use: 26%
Physical Memory (total/avail): 2047.23 MiB / 1494.53 MiB
Pagefile Memory (total/avail): 3940.24 MiB / 3340.66 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1925.92 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 23.89 GiB total, 11.52 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
V: is Fixed (NTFS) - 234.38 GiB total, 121.08 GiB free.
Z: is Fixed (NTFS) - 39.83 GiB total, 36.42 GiB free.

\\.\PHYSICALDRIVE0 - WDC WD3200KS-00PFB0 - 298.09 GiB - 3 partitions
\PARTITION0 (bootable) - Installable File System - 23.89 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 274.2 GiB - V: - Z:

\\.\PHYSICALDRIVE1 - Generic USB Storage-CFC USB Device

\\.\PHYSICALDRIVE4 - Generic USB Storage-MSC USB Device

\\.\PHYSICALDRIVE2 - Generic USB Storage-SDC USB Device

\\.\PHYSICALDRIVE3 - Generic USB Storage-SMC USB Device



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: AVG 7.5.524 v7.5.524 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\fxsclnt.exe"="C:\\WINDOWS\\system32\\fxsclnt.exe:*:Enabled:Microsoft Fax Console"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"Z:\\Turbotax 2006\\TurboTax Basic 2006\\32bit\\ttax.exe"="Z:\\Turbotax 2006\\TurboTax Basic 2006\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"Z:\\Turbotax 2006\\TurboTax Basic 2006\\32bit\\updatemgr.exe"="Z:\\Turbotax 2006\\TurboTax Basic 2006\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\\Program Files\\Microsoft Hardware\\Game Voice\\GameVoice.exe"="C:\\Program Files\\Microsoft Hardware\\Game Voice\\GameVoice.exe:*:Enabled:Game Voice"
"Z:\\LimeWire\\LimeWire.exe"="Z:\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Sierra On-Line\\SIGSPat.exe"="C:\\Program Files\\Sierra On-Line\\SIGSPat.exe:*:Enabled:SIGSPat"
"Z:\\Firefox\\Mozilla Firefox\\firefox.exe"="Z:\\Firefox\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"V:\\STUBINSTALLER.EXE"="V:\\STUBINSTALLER.EXE:*:ENABLED:LIMEWIRE SWARMED INSTALLER"
"V:\\DEMOS\\WORLD OF PADMAN\\WOP.EXE"="V:\\DEMOS\\WORLD OF PADMAN\\WOP.EXE:*:ENABLED:WOP"
"V:\\FALLOUT 3\\F3.EXE"="V:\\FALLOUT 3\\F3.EXE:*:ENABLED:F3"
"V:\\DEMOS\\STRANGLEHOLD\\BINARIES\\RETAIL-STRANGLEHOLD.EXE"="V:\\DEMOS\\STRANGLEHOLD\\BINARIES\\RETAIL-STRANGLEHOLD.EXE:*:ENABLED:STRANGLEHOLD DEMO"
"V:\\DOWNLOADS\\HL1110.EXE"="V:\\DOWNLOADS\\HL1110.EXE:*:ENABLED:HALF-LIFE UPDATE 1.1.1.0"
"V:\\DEMOS\\UNREAL TOURNAMENT 3\\BINARIES\\UT3DEMO.EXE"="V:\\DEMOS\\UNREAL TOURNAMENT 3\\BINARIES\\UT3DEMO.EXE:*:ENABLED:UNREAL TOURNAMENT 3 DEMO"
"V:\\DEMOS\\PAINKILLER OVERDOSE DEMO\\BIN\\OVERDOSEDEMO.EXE"="V:\\DEMOS\\PAINKILLER OVERDOSE DEMO\\BIN\\OVERDOSEDEMO.EXE:*:ENABLED:PAINKILLER OVERDOSE DEMO"
"V:\\WORLD OF PADMAN\\WOP.EXE"="V:\\WORLD OF PADMAN\\WOP.EXE:*:ENABLED:WOP"
"C:\\WINDOWS\\system32\\dxdiag.exe"="C:\\WINDOWS\\system32\\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool"
"V:\\Demos\\Empire Earth III\\EE3.exe"="V:\\Demos\\Empire Earth III\\EE3.exe:*:Enabled:Empire Earth III Public Demo"
"Z:\\FrostWire\\FrostWire.exe"="Z:\\FrostWire\\FrostWire.exe:*:Enabled:LimeWire"
"Z:\\Kaspersky AV\\setup.exe"="Z:\\Kaspersky AV\\setup.exe:*:Enabled:Kaspersky Anti-Virus 7.0 Setup"
"Z:\\Kaspersky AV\\avp.exe"="Z:\\Kaspersky AV\\avp.exe:*:Enabled:Kaspersky Anti-Virus"
"Z:\\AVG Free\\avginet.exe"="Z:\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"
"Z:\\AVG Free\\avgamsvr.exe"="Z:\\AVG Free\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"Z:\\AVG Free\\avgcc.exe"="Z:\\AVG Free\\avgcc.exe:*:Enabled:avgcc.exe"
"Z:\\AVG Free\\avgemc.exe"="Z:\\AVG Free\\avgemc.exe:*:Enabled:avgemc.exe"
"V:\\Crosus\\CrosuSApp.exe"="V:\\Crosus\\CrosuSApp.exe:*:Enabled:Crosus"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Phil\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PHILTH2
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Phil
LOGONSERVER=\\PHILTH2
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;Z:\Diskeeper 8.0;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 43 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2b01
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Phil\LOCALS~1\Temp
TMP=C:\DOCUME~1\Phil\LOCALS~1\Temp
USERDOMAIN=PHILTH2
USERNAME=Phil
USERPROFILE=C:\Documents and Settings\Phil
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Phil (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> MsiExec /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.42 --> "Z:\7-Zip\Uninstall.exe"
a-squared Free 3.0 --> "Z:\a-squared Free\unins000.exe"
A Tale of Two Kingdoms 1.2 --> C:\WINDOWS\iun504.exe V:\Free Games\A Tale of Two Kingdoms\irunin.ini
Acoustica MP3 To Wave Converter PLUS --> Z:\ACOUST~1\UNWISE.EXE Z:\ACOUST~1\INSTALL.LOG
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AGEIA PhysX v7.09.13 --> MsiExec.exe /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
AI RoboForm (All Users) --> "C:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe"
AMD Dual-Core Optimizer --> MsiExec.exe /X{886C92E6-4AF1-4290-BB86-4B5064A1BB7D}
Ancient Empires Lux Demo 1.0 --> "V:\DEMOS\ANCIENT EMPIRES LUX DEMO\UNINS000.EXE"
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Ashampoo Burning Studio 7.21 --> "Z:\Ashampoo Burning Studio 7\unins000.exe"
Athlon 64 Processor Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
AusLogics Disk Defrag --> "Z:\AusLogics Disk Defrag\unins000.exe"
AVG 7.5 --> Z:\AVG Free\setup.exe /UNINSTALL
AVG Anti-Rootkit Free --> Z:\AVG Anti-Rootkit Free\Uninstall.exe
AVG Anti-Spyware 7.5 --> Z:\AVG Anti-Spyware 7.5\Uninstall.exe
Bejeweled 2 Deluxe 1.1 --> V:\Bejeweled 2\Bejeweled 2 Deluxe\PopUninstall.exe "V:\Bejeweled 2\Bejeweled 2 Deluxe\Install.log"
Belarc Advisor 7.2 --> C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG
Beyond Good and Evil --> V:\BEYOND~1\UNWISE.EXE V:\BEYOND~1\INSTALL.LOG
BioShock --> C:\Program Files\InstallShield Installation Information\{E280923D-C5D9-4728-8C79-AC9A0DC75875}\Setup.exe -runfromtemp -l0x0009 -removeonly
Bossinabox 1.0 --> "V:\Free Games\Bossinabox\unins000.exe"
Brothers In Arms Demo --> V:\Demos\BrothersInArmsDemo\System\Setup.exe uninstall "BrothersInArmsDemo"
Canon PIXMA iP4000 --> C:\WINDOWS\system32\CNMCP64.exe "-PRINTERNAMECanon PIXMA iP4000" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP4000 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP4000 Installer\Inst2\cnmi0409.dll"
Canon Utilities Easy-PhotoPrint EX --> Z:\Canon Easy Photo Print\uninst.exe uninst.ini
CCleaner (remove only) --> "Z:\CCleaner\uninst.exe"
Civilization II: Test of Time --> V:\CIVILI~1\UNWISE.EXE V:\CIVILI~1\INSTALL.LOG
Company of Heroes Single Player Demo --> MsiExec.exe /X{6EA45FAC-6F5F-43EE-87D7-4688AF9E2F07}
Copernic Agent Personal --> "C:\WINDOWS\CopernicAgentUninstall(1).exe" /ARGSFILE="Z:\Copernic Agent\unwise.dat"
CrosuS --> V:\Crosus\uninstall.exe
Dead Man's Hand --> V:\DEADMA~1\UNWISE.EXE V:\DEADMA~1\INSTALL.LOG
Desktop Architect --> C:\WINDOWS\IsUninst.exe -f"z:\Desktop Architect\Uninst.isu"
Deus Ex --> V:\DeusEx\System\Setup.exe uninstall "Deus Ex"
Deus Ex Invisible War --> V:\DEUSEX~1\UNWISE.EXE V:\DEUSEX~1\INSTALL.LOG
Diskeeper Home Edition --> MsiExec.exe /X{10CA154D-A9D5-4CE9-B739-2361518108C7}
Doom 3 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}
Doomsday --> "V:\Demos\Doomsday Demo\unins000.exe"
EAX Unified --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\EAX Unified\Uninst.isu"
Empire Earth III Public Demo --> C:\Program Files\InstallShield Installation Information\{E80447AF-A31E-4F0C-9690-805284F9C45D}\setup.exe -runfromtemp -l0x0009 -removeonly
eXperience112 Demo --> C:\Program Files\InstallShield Installation Information\{55A978D7-141C-4573-BA07-22DC17ADB7DD}\setup.exe -runfromtemp -l0x0009 -removeonly
Far Cry -->
Far Cry --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}
Far Cry --> C:\Program Files\InstallShield Installation Information\{830AEB51-7904-4163-939D-2640E0E125BA}\setup.exe -runfromtemp -l0x0009 -removeonly
Forté Agent --> Z:\FORTEA~1\UNWISE.EXE Z:\FORTEA~1\INSTALL.LOG
Francesco's leveled creatures-items mod 3.3d --> "V:\OBLIVION\DATA\FRANCESCO'S MOD\UNISTALL DATA\MAIN FILES\UNINS000.EXE"
Francesco's optional new items/creatures 4.3b --> "V:\OBLIVION\DATA\FRANCESCO'S MOD\UNISTALL DATA\ADDONS\UNINS000.EXE"
FrostWire 4.13.5 --> Z:\FrostWire\Uninstall.exe
G-Zapper v1.42 --> Z:\G-Zapper\unins000.exe
GameTap --> C:\Program Files\InstallShield Installation Information\{67E158AF-8856-4337-B483-EA21930786AF}\setup.exe -runfromtemp -l0x0009 -removeonly
Garmin WebUpdater --> MsiExec.exe /X{366FFC89-C800-4366-B903-B9C4314109A5}
Generic USB Card Reader Driver v2.3 --> C:\WINDOWS\iun6002.exe "C:\Program Files\Generic\USB Card Reader Driver v2.3\irunin.ini"
Get a Life Final v1.0 --> "V:\STEAM\steamapps\SourceMods\Get_A_Life\unins000.exe"
GUN ™ --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{2DFF2906-52BB-4222-8062-1509259FC013}
Half-Life --> C:\WINDOWS\ISUNINST.EXE -F"V:\HALF LIFE\UNINST.ISU" -C"V:\HALF LIFE\HLUNINST.DLL"
Half-Life 2: Episode One --> "V:\STEAM\steam.exe" steam://uninstall/380
Half-Life 2: Episode Two --> "V:\STEAM\steam.exe" steam://uninstall/420
Half-Life 2: Lost Coast --> "V:\STEAM\STEAM.EXE" STEAM://UNINSTALL/340
Half-Life® 2 --> MsiExec.exe /I{D45EC259-4A19-4656-B588-C2C360DD18EA}
Half-Life: Blue Shift --> V:\BLUE-S~1\BSHIFT\UNWISE.EXE V:\BLUE-S~1\BSHIFT\INSTALL.LOG
Half-Life: Blue Shift Patch --> V:\BLUE-S~1\BSHIFT\UNWISE.EXE V:\BLUE-S~1\BSHIFT\INSTALL.LOG
Harpooned --> V:\Free Games\Harpooned\uninst.exe
HijackThis 2.0.2 --> "Z:\HijackThis\HijackThis.exe" /uninstall
Hitman 2: Silent Assassin --> V:\HITMAN~1\UNWISE.EXE V:\HITMAN~1\INSTALL.LOG
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
IGN Download Manager 2.2.1 --> Z:\Download Manager\uninst.exe
IrfanView (remove only) --> Z:\Irfanview\iv_uninstall.exe
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
King's Quest III --> V:\KING'S QUEST III\UNINSTALL KQ3.EXE
Lantern 3D Screensaver 1.0 --> "Z:\Screen Savers\Lantern 3D Screensaver\unins000.exe"
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Logitech MouseWare 9.75 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\setup.exe" -l0x9 -l0009 UNINSTALL
Logitech Resource Center --> Z:\Logitech\RESOUR~1\rem\UNWISE.EXE Z:\Logitech\RESOUR~1\rem\INSTALL.LOG
Loki - Demo Egyptian --> "V:\DEMOS\LOKI - DEMO EGYPTIAN\UNINS000.EXE"
Luxor 3 --> "V:\Demos\Luxor 3\ReflexiveArcade\unins000.exe"
Mafia Game --> C:\WINDOWS\system32\MafiaSetup.exe
Malwarebytes' Anti-Malware --> "Z:\Malwarebytes' Anti-Malware\unins000.exe"
Marvell Miniport Driver --> MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
MDK --> C:\WINDOWS\uninst.exe -fv:\MDK\DeIsL1.isu
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft IntelliPoint 5.2 -->
Microsoft IntelliType Pro 5.2 -->
Microsoft Office XP Media Content --> MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Professional --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0050048383C9}
Microsoft Reader --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B6F7DBE7-2FE2-458F-A738-B10832746036}\Setup.exe" -L0x9
Microsoft SQL Server Compact 3.5 Design Tools ENU --> MsiExec.exe /X{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}
Microsoft SQL Server Compact 3.5 ENU --> MsiExec.exe /I{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual Basic 2008 Express Edition - ENU --> MsiExec.exe /X{9C2DC81B-8114-37D9-A922-95E460A1FAFB}
Microsoft Visual Basic 2008 Express Edition - ENU --> Z:\Visual Basic Express\Microsoft Visual Basic 2008 Express Edition - ENU\setup.exe
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework --> MsiExec.exe /X{B4C0A315-07FB-39F9-85CD-8CE20C019350}
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32 --> MsiExec.exe /X{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}
Microsoft XNA Framework Redistributable 1.0 Refresh --> MsiExec.exe /I{311F799A-FCE9-4D9E-B5D2-CBB8859B40BB}
MightyFax --> Z:\MIGHTY~1\UnMighty.EXE
MozBackup 1.4.4 --> "Z:\MozBackup\unins000.exe"
Mozilla Firefox (2.0.0.14) --> Z:\Firefox\Mozilla Firefox\uninstall\helper.exe
Mozilla Firefox (3.0) --> Z:\Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.14) --> Z:\Thunderbird\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Mutant Demo 1.0 --> "V:\Demos\MutantDemo\unins000.exe"
myst --> C:\WINDOWS\system32\sdbinst.exe -u "C:\WINDOWS\AppPatch\Custom\{1662d9ab-812d-42e5-ba8c-c971d006b4b8}.sdb"
Mystery P.I. - The Lottery Ticket 1.0.0.4 --> C:\Program Files\PopCap Games\Mystery PI\PopUninstall.exe "C:\Program Files\PopCap Games\Mystery PI\Install.log"
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Norton SystemWorks 2002 --> MsiExec.exe /I{43C3D832-AC96-463A-8FE4-1B8D1BFA2FAS}
Norton Utilities 2002 for Windows -->
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
Oblivion --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly
OneTouch Version 3.0 --> C:\PROGRA~1\VISION~1\UNWISE.EXE C:\PROGRA~1\VISION~1\INSTALL.LOG
OpenAL --> "C:\Program Files\OpenAL\oalinst.exe" /U
Overclocked Demo --> V:\Demos\Overclocked Demo\uninst.exe
Painkiller Overdose --> "C:\Program Files\InstallShield Installation Information\{6C4765C5-7EED-40E1-A631-8263AF8B4508}\setup.exe" -runfromtemp -l0x0009 -removeonly
Painkiller Overdose Demo build 66 --> "V:\DEMOS\PAINKILLER OVERDOSE DEMO\UNINSTALL\UNINS000.EXE"
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PaperPort 7.02 --> C:\WINDOWS\IsUninst.exe -f"z:\Scansoft Paperport\Config\DeIsL1.isu" -y -c"z:\Scansoft Paperport\UnInstl2.dll"
Picasa 2 --> "Z:\Picasa\Picasa2\Uninstall.exe"
PowerQuest PartitionMagic 7.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1E5007FA-DA5E-4EDD-BDE5-14D128D66887}\setup.exe"
Prey --> "V:\STEAM\steam.exe" steam://uninstall/3970
Prince of Persia: The Sands of Time --> V:\PRINCE~1\UNWISE.EXE V:\PRINCE~1\INSTALL.LOG
Psi-Ops (remove only) --> V:\Psi-Ops\uninstall.exe
Psychonauts --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A129D1F2-CAC4-4AD7-B26D-3C6411B87DCC}\setup.exe" -l0x9 -removeonly
QuickBooks Pro Edition 2003 --> C:\Program Files\Installshield Installation Information\{237a4b22-78c2-11d6-a394-00104bd190b1}\QBReplace.exe {237a4b22-78c2-11d6-a394-00104bd190b1}#{AD46C591-FB19-11D5-A316-00104BD190B1}
Quicken 2004 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8} anything
QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
Rayman Raving Rabbids --> C:\Program Files\InstallShield Installation Information\{40A5DF56-329E-433C-8E79-99807E02F90F}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
Revo Uninstaller 1.71 --> Z:\Revo Uninstaller\uninst.exe
Safari --> MsiExec.exe /I{40589552-3892-409E-B92C-9F5032A4B2F0}
Sam and Max Episode 1 --> "V:\STEAM\STEAM.EXE" STEAM://UNINSTALL/8200
Sam and Max Episode 2 --> "V:\STEAM\STEAM.EXE" STEAM://UNINSTALL/8210
Sam and Max Episode 3 --> "V:\STEAM\STEAM.EXE" STEAM://UNINSTALL/8220
Sam and Max Episode 4 --> "V:\STEAM\STEAM.EXE" STEAM://UNINSTALL/8230
Sam and Max Episode 5 --> "V:\STEAM\STEAM.EXE" STEAM://UNINSTALL/8240
Sam and Max Episode 6 --> "V:\STEAM\STEAM.EXE" STEAM://UNINSTALL/8250
Shlongg Demo 1.01 --> "V:\Demos\Shlongg Demo\unins000.exe"
SideWinder Game Voice --> MsiExec.exe /I{49162FE8-25D2-4E64-BFF7-157514496778}
Sierra Utilities --> C:\Program Files\Sierra On-Line\sutil32.exe uninstall
Source SDK Base --> "V:\STEAM\STEAM.EXE" STEAM://UNINSTALL/215
Spybot - Search & Destroy --> "Z:\Spybot - Search &
  • 0

#9
Gravity Gripp

Gravity Gripp

    Trusted Helper

  • Malware Removal
  • 1,813 posts
Pharm74,
Regarding Jotti, if you will just copy and paste this next line into the submit box, it should be able to find it without you having to search for it.

c:\documents and settings\phil\local settings\application data\oqusyakyg.exe

Please provide the log for Jotti in your next reply.

Edit: I see that you did the Kaspersky scan. That part has been removed from this post.

Edited by Gravity Gripp, 25 June 2008 - 07:16 AM.

  • 0

#10
Pharm74

Pharm74

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Gravity Gripp,
It's been two weeks now since I last had a posting from you. While I realize that these things take time I would also like to know if any progress is being made in solving my problem. Please let me know something so I don't waste any time going to another forum for help. This problem is still driving me crazy.

Pharm74





Pharm74,
Regarding Jotti, if you will just copy and paste this next line into the submit box, it should be able to find it without you having to search for it.

c:\documents and settings\phil\local settings\application data\oqusyakyg.exe

Please provide the log for Jotti in your next reply.

Edit: I see that you did the Kaspersky scan. That part has been removed from this post.


  • 0

Advertisements


#11
Gravity Gripp

Gravity Gripp

    Trusted Helper

  • Malware Removal
  • 1,813 posts
Pharm74, I was waiting for the results of the file upload that I had asked you to do. However, since it has been two weeks, lets start out with a fresh DSS log.

STEP ONE
  • Click on Start, click on Run
  • copy and paste the following in bold in the open window and then click OK
  • "%userprofile%\desktop\dss.exe" /config
  • This will open up DSS configuration
  • click on Check All
  • click Scan
  • DSS will now run again when finished
  • Please post back both logs that open in notepad
  • Main txt and extra txt

  • 0

#12
Pharm74

Pharm74

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Sorry, I didn't realize you were waiting for more information. In any case here are the results of the Deckard scan.

Deckard's System Scanner v20071014.68
Run by Phil on 2008-07-10 09:29:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
10: 2008-07-10 13:29:56 UTC - RP895 - Deckard's System Scanner Restore Point
9: 2008-07-09 13:25:40 UTC - RP894 - Software Distribution Service 3.0
8: 2008-07-08 21:24:54 UTC - RP893 - System Checkpoint
7: 2008-07-07 21:08:02 UTC - RP892 - System Checkpoint
6: 2008-07-06 21:02:46 UTC - RP891 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-07-05 14:17:04 UTC - RP886 - System Checkpoint


Performed disk cleanup.



-- HijackThis (run as Phil.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:30:09 AM, on 7/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
Z:\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
Z:\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\VISION~1\ONETOU~2.EXE
Z:\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
Z:\AVGFRE~1\avgcc.exe
Z:\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
Z:\Superantispyware\SUPERAntiSpyware.exe
Z:\a-squared Free\a2service.exe
Z:\AVG Anti-Spyware 7.5\guard.exe
Z:\AVGFRE~1\avgamsvr.exe
Z:\AVGFRE~1\avgupsvc.exe
Z:\AVGFRE~1\avgemc.exe
Z:\Diskeeper 8.0\DkService.exe
C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
Z:\NortonSW\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
Z:\NortonSW\SPEEDD~1\nopdb.exe
C:\WINDOWS\system32\svchost.exe
Z:\Firefox\firefox.exe
C:\Documents and Settings\Phil\desktop\dss.exe
Z:\HIJACK~1\Phil.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://Z:\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_BAND_SEARCHBAR_HTML
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - Z:\COPERN~1\COPERN~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - Z:\SPYBOT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - Z:\Copernic Agent\CopernicAgentExt.dll
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE
O4 - HKLM\..\Run: [amd_dc_opt] "Z:\Dual Core Optimizer\amd_dc_opt.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Windows Defender] "Z:\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [FlashIcon] C:\Program Files\Generic\USB Card Reader Driver v2.3\FlashIcon.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG7_CC] Z:\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "Z:\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [igndlm.exe] Z:\Download Manager\dlm.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [SUPERAntiSpyware] Z:\Superantispyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [mcwyscw] c:\documents and settings\phil\local settings\application data\mcwyscw.exe mcwyscw
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] Z:\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] Z:\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] Z:\Picasa\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] Z:\Picasa\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://Z:\OFFICE~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Search Using Copernic Agent - res://Z:\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - Z:\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - Z:\COPERN~1\COPERN~1.EXE
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - Z:\COPERN~1\COPERN~1.EXE
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Z:\SPYBOT~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Z:\SPYBOT~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com...p/PCPitStop.CAB
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - http://www.windowsvi...iveXClient1.cab
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft...tail/DASAct.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.c...driveragent.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcp.../pcpitstop2.dll
O20 - Winlogon Notify: !SASWinLogon - Z:\Superantispyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - Z:\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - Z:\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - Z:\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - Z:\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - Z:\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - Z:\AVGFRE~1\avgemc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - Z:\Diskeeper 8.0\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - Z:\NortonSW\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Speed Disk service - Symantec Corporation - Z:\NortonSW\SPEEDD~1\nopdb.exe

--
End of file - 11005 bytes

-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,-153
.ini - inifile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,-151
.js - JSFile - shell\open\command - NOTEPAD.EXE %1
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*
.txt - txtfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,-152
.vbs - VBSFile - shell\open\command - NOTEPAD.EXE %1


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys
R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys
R2 BUFADPT - c:\windows\system32\bufadpt.sys <Not Verified; BUFFALO INC.; BUFFALO Wireless LAN>
R2 lirsgt - c:\windows\system32\drivers\lirsgt.sys
R3 AmdTools (AMD Special Tools Driver) - c:\windows\system32\drivers\amdtools.sys <Not Verified; AMD, Inc.; Special Tools Driver>

S1 SASKUTIL - z:\saskutil.sys (file missing)
S3 EagleNT - c:\windows\system32\drivers\eaglent.sys <Not Verified; AhnLab, Inc.; AhnLab, Inc.>
S3 filter - c:\windows\system32\drivers\filter.sys <Not Verified; Walter Oney Software; >
S3 grmnusb - c:\windows\system32\drivers\grmnusb.sys <Not Verified; GARMIN Corp.; Garmin USB GPS>
S3 gtermddo - c:\docume~1\phil\locals~1\temp\gtermddo.sys (file missing)
S3 QDFSDRV - c:\windows\system32\drivers\qdfsdrv.sys <Not Verified; Symantec Corporation; Norton CleanSweep>
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Diskeeper - "z:\diskeeper 8.0\dkservice.exe" <Not Verified; Executive Software International, Inc.; Diskeeper ™ Disk Defragmenter>
R2 Speed Disk service - z:\nortonsw\speedd~1\nopdb.exe <Not Verified; Symantec Corporation; Norton Speed Disk>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: RAID Controller
Device ID: PCI\VEN_1095&DEV_3132&SUBSYS_81771043&REV_01\4&E2974D5&0&0010
Manufacturer:
Name: RAID Controller
PNP Device ID: PCI\VEN_1095&DEV_3132&SUBSYS_81771043&REV_01\4&E2974D5&0&0010
Service:


-- Process Modules -------------------------------------------------------------

C:\WINDOWS\system32\winlogon.exe (pid 1032)
2001-08-09 17:30:26 86016 --a------ C:\WINDOWS\system32\apitrap.dll <Not Verified; Symantec Corporation; Norton CleanSweep>
2007-04-19 13:41:36 294912 --a------ Z:\Superantispyware\SASWINLO.dll <Not Verified; SUPERAntiSpyware.com; SUPERAntiSpyware WinLogon Processor>

C:\WINDOWS\system32\svchost.exe (pid 1252)
2001-08-09 17:30:26 86016 --a------ C:\WINDOWS\system32\apitrap.dll <Not Verified; Symantec Corporation; Norton CleanSweep>

C:\WINDOWS\system32\svchost.exe (pid 1488)
2001-08-09 17:30:26 86016 --a------ C:\WINDOWS\system32\apitrap.dll <Not Verified; Symantec Corporation; Norton CleanSweep>

C:\WINDOWS\explorer.exe (pid 212)
2001-08-09 17:30:26 86016 --a------ C:\WINDOWS\system32\apitrap.dll <Not Verified; Symantec Corporation; Norton CleanSweep>
2008-05-13 10:13:36 77824 --a------ Z:\Superantispyware\SASSEH.DLL <Not Verified; SuperAdBlocker.com; SuperAntiSpyware>
2004-12-17 09:00:00 5120 --a------ Z:\WinZip\WZSHLSTB.DLL <Not Verified; WinZip Computing, Inc.; WinZip>
2006-12-03 14:53:06 126464 --a------ Z:\Winrar\RarExt.dll
2006-05-14 00:23:40 138752 --a------ Z:\7-Zip\7-zip.dll

C:\WINDOWS\system32\rundll32.exe (pid 636)
2001-08-09 17:30:26 86016 --a------ C:\WINDOWS\system32\apitrap.dll <Not Verified; Symantec Corporation; Norton CleanSweep>

C:\WINDOWS\system32\svchost.exe (pid 764)
2001-08-09 17:30:26 86016 --a------ C:\WINDOWS\system32\apitrap.dll <Not Verified; Symantec Corporation; Norton CleanSweep>


-- Scheduled Tasks -------------------------------------------------------------

2008-07-10 09:17:57 302 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-04-23 12:55:12 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-06-10 and 2008-07-10 -----------------------------

2008-07-06 11:59:44 0 d-------- C:\WINDOWS\system32\Adobe
2008-06-21 12:34:50 0 d-------- C:\Program Files\QuickTime
2008-06-21 11:44:57 0 d-------- C:\Documents and Settings\Phil\Application Data\Auslogics
2008-06-20 12:53:28 0 d-------- C:\Program Files\Panda Security
2008-06-20 10:17:09 0 d-------- C:\Documents and Settings\Phil\Application Data\Malwarebytes
2008-06-20 10:17:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes


-- Find3M Report ---------------------------------------------------------------

2008-07-09 10:02:34 0 d-------- C:\Documents and Settings\Phil\Application Data\Move Networks
2008-07-06 13:19:11 0 d-------- C:\Documents and Settings\Phil\Application Data\Adobe
2008-07-05 20:03:35 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-05 10:58:17 0 d-------- C:\Documents and Settings\Phil\Application Data\IGN_DLM
2008-06-20 10:53:43 0 d-------- C:\Documents and Settings\Phil\Application Data\SUPERAntiSpyware.com
2008-06-20 10:51:52 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-20 08:24:47 55064 --a------ C:\Documents and Settings\Phil\Application Data\GDIPFONTCACHEV1.DAT
2008-06-18 12:22:04 0 d-------- C:\Documents and Settings\Phil\Application Data\Mozilla
2008-06-08 19:45:15 0 d-------- C:\Program Files\Common Files
2008-06-08 19:45:15 0 d-------- C:\Program Files\Common Files\WexTech Shared
2008-06-08 19:45:15 0 d-------- C:\Program Files\Common Files\LHSPF
2008-06-08 19:45:08 0 d-------- C:\Program Files\Common Files\Intuit
2008-05-29 17:04:12 0 d-------- C:\Documents and Settings\Phil\Application Data\AVG7
2008-05-24 13:04:31 0 d-------- C:\Program Files\Ubisoft
2008-05-22 22:11:15 206 --a------ C:\WINDOWS\system32\effeacf3_z.dll
2008-05-14 19:52:48 0 d-------- C:\Documents and Settings\Phil\Application Data\FrostWire
2008-05-02 22:46:00 1630208 --a------ C:\WINDOWS\system32\nwiz.exe
2008-05-02 22:46:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2008-05-02 22:46:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2008-05-02 22:46:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2008-05-02 22:46:00 1486848 --a------ C:\WINDOWS\system32\nview.dll
2008-05-02 22:46:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2008-05-02 22:46:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2008-05-02 22:46:00 425984 --a------ C:\WINDOWS\system32\keystone.exe
2008-04-23 19:42:35 44968 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-04-17 13:52:13 9780 --a------ C:\WINDOWS\mozver.dat
2008-04-17 12:14:47 884 --a------ C:\WINDOWS\system32\d3d8caps.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneTouch Monitor"="C:\PROGRA~1\VISION~1\ONETOU~2.EXE" [10/16/2001 08:08 AM]
"amd_dc_opt"="Z:\Dual Core Optimizer\amd_dc_opt.exe" [06/28/2006 03:42 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/02/2008 10:46 PM]
"nwiz"="nwiz.exe" [05/02/2008 10:46 PM C:\WINDOWS\system32\nwiz.exe]
"Windows Defender"="Z:\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"FlashIcon"="C:\Program Files\Generic\USB Card Reader Driver v2.3\FlashIcon.exe" [07/21/2004 07:48 AM]
"SoundMan"="SOUNDMAN.EXE" [04/16/2007 03:28 PM C:\WINDOWS\soundman.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"AVG7_CC"="Z:\AVGFRE~1\avgcc.exe" [06/27/2008 09:23 PM]
"!AVG Anti-Spyware"="Z:\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 05:25 AM]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [05/02/2008 10:46 PM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [05/27/2008 10:50 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [12/02/2006 10:55 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 AM]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" []
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" []
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [09/10/2006 10:56 PM]
"igndlm.exe"="Z:\Download Manager\dlm.exe" [03/05/2007 01:57 PM]
"SUPERAntiSpyware"="Z:\Superantispyware\SUPERAntiSpyware.exe" [05/28/2008 10:33 AM]
"mcwyscw"="c:\documents and settings\phil\local settings\application data\mcwyscw.exe" [07/09/2008 09:04 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Picasa Media Detector"=Z:\Picasa\Picasa2\PicasaMediaDetector.exe
"AVG7_Run"=Z:\AVGFRE~1\avgw.exe /RUNONCE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= Z:\Superantispyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
Z:\Superantispyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 Z:\Superantispyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=apitrap.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MightyFAX Controller.lnk]
backup=C:\WINDOWS\pss\MightyFAX Controller.lnkCommon Startup
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MightyFAX Controller.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Phil^Start Menu^Programs^Startup^Check for OneTouch Updates.lnk]
backup=C:\WINDOWS\pss\Check for OneTouch Updates.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hcsystray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
Z:\Download Manager\dlm.exe /windowsstart /startifwork

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
"C:\Program Files\Microsoft IntelliPoint\point32.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
Logi_MwX.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
Z:\Picasa\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerStrip]
z:\powerstrip\pstrip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPWebCap]
z:\SCANSO~1\PPWebCap.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QD FastAndSafe]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
V:\STEAM\\STEAM.EXE -SILENT

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\type32]
"C:\Program Files\Microsoft IntelliType Pro\type32.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
"Z:\Unlocker\UnlockerAssistant.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8520 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-07-10 09:31:02 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 X2 Dual Core Processor 4200+
CPU 1: AMD Athlon™ 64 X2 Dual Core Processor 4200+
Percentage of Memory in Use: 30%
Physical Memory (total/avail): 2047.23 MiB / 1430.23 MiB
Pagefile Memory (total/avail): 3940.24 MiB / 3300.63 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1917.92 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 23.89 GiB total, 10.85 GiB free.
D: is CDROM (CDFS)
E: is CDROM (No Media)
V: is Fixed (NTFS) - 234.38 GiB total, 119.07 GiB free.
Z: is Fixed (NTFS) - 39.83 GiB total, 36.45 GiB free.

\\.\PHYSICALDRIVE0 - WDC WD3200KS-00PFB0 - 298.09 GiB - 3 partitions
\PARTITION0 (bootable) - Installable File System - 23.89 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 274.2 GiB - V: - Z:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntivirusOverride is set.

AV: AVG 7.5.526 v7.5.526 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\fxsclnt.exe"="C:\\WINDOWS\\system32\\fxsclnt.exe:*:Enabled:Microsoft Fax Console"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"Z:\\Turbotax 2006\\TurboTax Basic 2006\\32bit\\ttax.exe"="Z:\\Turbotax 2006\\TurboTax Basic 2006\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"Z:\\Turbotax 2006\\TurboTax Basic 2006\\32bit\\updatemgr.exe"="Z:\\Turbotax 2006\\TurboTax Basic 2006\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\\Program Files\\Microsoft Hardware\\Game Voice\\GameVoice.exe"="C:\\Program Files\\Microsoft Hardware\\Game Voice\\GameVoice.exe:*:Enabled:Game Voice"
"Z:\\LimeWire\\LimeWire.exe"="Z:\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Sierra On-Line\\SIGSPat.exe"="C:\\Program Files\\Sierra On-Line\\SIGSPat.exe:*:Enabled:SIGSPat"
"Z:\\Firefox\\Mozilla Firefox\\firefox.exe"="Z:\\Firefox\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"V:\\STUBINSTALLER.EXE"="V:\\STUBINSTALLER.EXE:*:ENABLED:LIMEWIRE SWARMED INSTALLER"
"V:\\DEMOS\\WORLD OF PADMAN\\WOP.EXE"="V:\\DEMOS\\WORLD OF PADMAN\\WOP.EXE:*:ENABLED:WOP"
"V:\\FALLOUT 3\\F3.EXE"="V:\\FALLOUT 3\\F3.EXE:*:ENABLED:F3"
"V:\\DEMOS\\STRANGLEHOLD\\BINARIES\\RETAIL-STRANGLEHOLD.EXE"="V:\\DEMOS\\STRANGLEHOLD\\BINARIES\\RETAIL-STRANGLEHOLD.EXE:*:ENABLED:STRANGLEHOLD DEMO"
"V:\\DOWNLOADS\\HL1110.EXE"="V:\\DOWNLOADS\\HL1110.EXE:*:ENABLED:HALF-LIFE UPDATE 1.1.1.0"
"V:\\DEMOS\\UNREAL TOURNAMENT 3\\BINARIES\\UT3DEMO.EXE"="V:\\DEMOS\\UNREAL TOURNAMENT 3\\BINARIES\\UT3DEMO.EXE:*:ENABLED:UNREAL TOURNAMENT 3 DEMO"
"V:\\DEMOS\\PAINKILLER OVERDOSE DEMO\\BIN\\OVERDOSEDEMO.EXE"="V:\\DEMOS\\PAINKILLER OVERDOSE DEMO\\BIN\\OVERDOSEDEMO.EXE:*:ENABLED:PAINKILLER OVERDOSE DEMO"
"V:\\WORLD OF PADMAN\\WOP.EXE"="V:\\WORLD OF PADMAN\\WOP.EXE:*:ENABLED:WOP"
"C:\\WINDOWS\\system32\\dxdiag.exe"="C:\\WINDOWS\\system32\\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool"
"V:\\Demos\\Empire Earth III\\EE3.exe"="V:\\Demos\\Empire Earth III\\EE3.exe:*:Enabled:Empire Earth III Public Demo"
"Z:\\FrostWire\\FrostWire.exe"="Z:\\FrostWire\\FrostWire.exe:*:Enabled:LimeWire"
"Z:\\Kaspersky AV\\setup.exe"="Z:\\Kaspersky AV\\setup.exe:*:Enabled:Kaspersky Anti-Virus 7.0 Setup"
"Z:\\Kaspersky AV\\avp.exe"="Z:\\Kaspersky AV\\avp.exe:*:Enabled:Kaspersky Anti-Virus"
"Z:\\AVG Free\\avginet.exe"="Z:\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"
"Z:\\AVG Free\\avgamsvr.exe"="Z:\\AVG Free\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"Z:\\AVG Free\\avgcc.exe"="Z:\\AVG Free\\avgcc.exe:*:Enabled:avgcc.exe"
"Z:\\AVG Free\\avgemc.exe"="Z:\\AVG Free\\avgemc.exe:*:Enabled:avgemc.exe"
"V:\\Crosus\\CrosuSApp.exe"="V:\\Crosus\\CrosuSApp.exe:*:Enabled:Crosus"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Phil\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PHILTH2
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Phil
LOGONSERVER=\\PHILTH2
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;Z:\Diskeeper 8.0;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 43 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2b01
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Phil\LOCALS~1\Temp
TMP=C:\DOCUME~1\Phil\LOCALS~1\Temp
USERDOMAIN=PHILTH2
USERNAME=Phil
USERPROFILE=C:\Documents and Settings\Phil
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Phil (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> MsiExec /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.42 --> "Z:\7-Zip\Uninstall.exe"
a-squared Free 3.0 --> "Z:\a-squared Free\unins000.exe"
A Tale of Two Kingdoms 1.2 --> C:\WINDOWS\iun504.exe V:\Free Games\A Tale of Two Kingdoms\irunin.ini
Acoustica MP3 To Wave Converter PLUS --> Z:\ACOUST~1\UNWISE.EXE Z:\ACOUST~1\INSTALL.LOG
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Reader 8.1.2 Security Update 1 (KB403742) -->
Adobe Shockwave Player --> C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
AGEIA PhysX v7.09.13 --> MsiExec.exe /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
AI RoboForm (All Users) --> "C:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe"
AMD Dual-Core Optimizer --> MsiExec.exe /X{886C92E6-4AF1-4290-BB86-4B5064A1BB7D}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Armed and Dangerous --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{37D422FE-0E44-4595-9ADF-BE4C1B70318F}\Setup.exe" -l0x9
Ashampoo Burning Studio 7.21 --> "Z:\Ashampoo Burning Studio 7\unins000.exe"
Athlon 64 Processor Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
AusLogics Disk Defrag --> "Z:\AusLogics Disk Defrag\unins000.exe"
AVG 7.5 --> Z:\AVG Free\setup.exe /UNINSTALL
AVG Anti-Rootkit Free --> Z:\AVG Anti-Rootkit Free\Uninstall.exe
AVG Anti-Spyware 7.5 --> Z:\AVG Anti-Spyware 7.5\Uninstall.exe
Bejeweled 2 Deluxe 1.1 --> V:\Bejeweled 2\Bejeweled 2 Deluxe\PopUninstall.exe "V:\Bejeweled 2\Bejeweled 2 Deluxe\Install.log"
Belarc Advisor 7.2 --> C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG
Beyond Good and Evil --> V:\BEYOND~1\UNWISE.EXE V:\BEYOND~1\INSTALL.LOG
BioShock --> C:\Program Files\InstallShield Installation Information\{E280923D-C5D9-4728-8C79-AC9A0DC75875}\Setup.exe -runfromtemp -l0x0009 -removeonly
Bossinabox 1.0 --> "V:\Free Games\Bossinabox\unins000.exe"
Brothers In Arms Demo --> V:\Demos\BrothersInArmsDemo\System\Setup.exe uninstall "BrothersInArmsDemo"
Canon PIXMA iP4000 --> C:\WINDOWS\system32\CNMCP64.exe "-PRINTERNAMECanon PIXMA iP4000" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP4000 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP4000 Installer\Inst2\cnmi0409.dll"
Canon Utilities Easy-PhotoPrint EX --> Z:\Canon Easy Photo Print\uninst.exe uninst.ini
CCleaner (remove only) --> "Z:\CCleaner\uninst.exe"
Civilization II: Test of Time --> V:\CIVILI~1\UNWISE.EXE V:\CIVILI~1\INSTALL.LOG
Company of Heroes Single Player Demo --> MsiExec.exe /X{6EA45FAC-6F5F-43EE-87D7-4688AF9E2F07}
Copernic Agent Personal --> "C:\WINDOWS\CopernicAgentUninstall(1).exe" /ARGSFILE="Z:\Copernic Agent\unwise.dat"
CrosuS --> V:\Crosus\uninstall.exe
Dead Man's Hand --> V:\DEADMA~1\UNWISE.EXE V:\DEADMA~1\INSTALL.LOG
Desktop Architect --> C:\WINDOWS\IsUninst.exe -f"z:\Desktop Architect\Uninst.isu"
Deus Ex --> V:\DeusEx\System\Setup.exe uninstall "Deus Ex"
Deus Ex Invisible War --> V:\DEUSEX~1\UNWISE.EXE V:\DEUSEX~1\INSTALL.LOG
Diskeeper Home Edition --> MsiExec.exe /X{10CA154D-A9D5-4CE9-B739-2361518108C7}
Doom 3 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}
Doomsday --> "V:\Demos\Doomsday Demo\unins000.exe"
EAX Unified --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\EAX Unified\Uninst.isu"
Empire Earth III Public Demo --> C:\Program Files\InstallShield Installation Information\{E80447AF-A31E-4F0C-9690-805284F9C45D}\setup.exe -runfromtemp -l0x0009 -removeonly
eXperience112 Demo --> C:\Program Files\InstallShield Installation Information\{55A978D7-141C-4573-BA07-22DC17ADB7DD}\setup.exe -runfromtemp -l0x0009 -removeonly
Far Cry -->
Far Cry --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}
Far Cry --> C:\Program Files\InstallShield Installation Information\{830AEB51-7904-4163-939D-2640E0E125BA}\setup.exe -runfromtemp -l0x0009 -removeonly
Forté Agent --> Z:\FORTEA~1\UNWISE.EXE Z:\FORTEA~1\INSTALL.LOG
Francesco's leveled creatures-items mod 3.3d --> "V:\OBLIVION\DATA\FRANCESCO'S MOD\UNISTALL DATA\MAIN FILES\UNINS000.EXE"
Francesco's optional new items/creatures 4.3b --> "V:\OBLIVION\DATA\FRANCESCO'S MOD\UNISTALL DATA\ADDONS\UNINS000.EXE"
FrostWire 4.13.5 --> Z:\FrostWire\Uninstall.exe
G-Zapper v1.42 --> Z:\G-Zapper\unins000.exe
GameTap --> C:\Program Files\InstallShield Installation Information\{67E158AF-8856-4337-B483-EA21930786AF}\setup.exe -runfromtemp -l0x0009 -removeonly
Garmin WebUpdater --> MsiExec.exe /X{366FFC89-C800-4366-B903-B9C4314109A5}
Generic USB Card Reader Driver v2.3 --> C:\WINDOWS\iun6002.exe "C:\Program Files\Generic\USB Card Reader Driver v2.3\irunin.ini"
Get a Life Final v1.0 --> "V:\STEAM\steamapps\SourceMods\Get_A_Life\unins000.exe"
Grand Theft Auto --> C:\WINDOWS\IsUninst.exe -fv:\gta\Uninst.isu
GUN ™ --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{2DFF2906-52BB-4222-8062-1509259FC013}
Half-Life --> C:\WINDOWS\ISUNINST.EXE -F"V:\HALF LIFE\UNINST.ISU" -C"V:\HALF LIFE\HLUNINST.DLL"
Half-Life 2: Episode One --> "V:\STEAM\steam.exe" steam://uninstall/380
Half-Life 2: Episode Two --> "V:\STEAM\steam.exe" steam://uninstall/420
Half-Life 2: Lost Coast --> "V:\STEAM\STEAM.EXE" STEAM://UNINSTALL/340
Half-Life® 2 --> MsiExec.exe /I{D45EC259-4A19-4656-B588-C2C360DD18EA}
Half-Life: Blue Shift --> V:\BLUE-S~1\BSHIFT\UNWISE.EXE V:\BLUE-S~1\BSHIFT\INSTALL.LOG
Half-Life: Blue Shift Patch --> V:\BLUE-S~1\BSHIFT\UNWISE.EXE V:\BLUE-S~1\BSHIFT\INSTALL.LOG
Happy Tree Friends - False Alarm --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F8582C8F-8717-2456-8164-CE0FA5FC16E3}\setup.exe" -l0x9 -removeonly
Harpooned --> V:\Free Games\Harpooned\uninst.exe
HijackThis 2.0.2 --> "Z:\HijackThis\HijackThis.exe" /uninstall
Hitman 2: Silent Assassin --> V:\HITMAN~1\UNWISE.EXE V:\HITMAN~1\INSTALL.LOG
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
IGN Download Manager 2.2.1 --> Z:\Download Manager\uninst.exe
IrfanView (remove only) --> Z:\Irfanview\iv_uninstall.exe
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
King's Quest III --> V:\KING'S QUEST III\UNINSTALL KQ3.EXE
Lantern 3D Screensaver 1.0 --> "Z:\Screen Savers\Lantern 3D Screensaver\unins000.exe"
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Logitech MouseWare 9.75 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\setup.exe" -l0x9 -l0009 UNINSTALL
Logitech Resource Center --> Z:\Logitech\RESOUR~1\rem\UNWISE.EXE Z:\Logitech\RESOUR~1\rem\INSTALL.LOG
Loki - Demo Egyptian --> "V:\DEMOS\LOKI - DEMO EGYPTIAN\UNINS000.EXE"
Luxor 3 --> "V:\Demos\Luxor 3\ReflexiveArcade\unins000.exe"
Mafia Game --> C:\WINDOWS\system32\MafiaSetup.exe
Malwarebytes' Anti-Malware --> "Z:\Malwarebytes' Anti-Malware\unins000.exe"
Marvell Miniport Driver --> MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
MDK --> C:\WINDOWS\uninst.exe -fv:\MDK\DeIsL1.isu
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft IntelliPoint 5.2 -->
Microsoft IntelliType Pro 5.2 -->
Microsoft Office XP Media Content --> MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Professional --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0050048383C9}
Microsoft Reader --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B6F7DBE7-2FE2-458F-A738-B10832746036}\Setup.exe" -L0x9
Microsoft SQL Server Compact 3.5 Design Tools ENU --> MsiExec.exe /X{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}
Microsoft SQL Server Compact 3.5 ENU --> MsiExec.exe /I{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual Basic 2008 Express Edition - ENU --> MsiExec.exe /X{9C2DC81B-8114-37D9-A922-95E460A1FAFB}
Microsoft Visual Basic 2008 Express Edition - ENU --> Z:\Visual Basic Express\Microsoft Visual Basic 2008 Express Edition - ENU\setup.exe
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework --> MsiExec.exe /X{B4C0A315-07FB-39F9-85CD-8CE20C019350}
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32 --> MsiExec.exe /X{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}
Microsoft XNA Framework Redistributable 1.0 Refresh --> MsiExec.exe /I{311F799A-FCE9-4D9E-B5D2-CBB8859B40BB}
MightyFax --> Z:\MIGHTY~1\UnMighty.EXE
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\Phil\Application Data\Move Networks\ie_bin\Uninst.exe
MozBackup 1.4.4 --> "Z:\MozBackup\unins000.exe"
Mozilla Firefox (2.0.0.14) --> Z:\Firefox\Mozilla Firefox\uninstall\helper.exe
Mozilla Firefox (3.0) --> Z:\Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.14) --> Z:\Thunderbird\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Mutant Demo 1.0 --> "V:\Demos\MutantDemo\unins000.exe"
myst --> C:\WINDOWS\system32\sdbinst.exe -u "C:\WINDOWS\AppPatch\Custom\{1662d9ab-812d-42e5-ba8c-c971d006b4b8}.sdb"
Mystery P.I. - The Lottery Ticket 1.0.0.4 --> C:\Program Files\PopCap Games\Mystery PI\PopUninstall.exe "C:\Program Files\PopCap Games\Mystery PI\Install.log"
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Norton SystemWorks 2002 --> MsiExec.exe /I{43C3D832-AC96-463A-8FE4-1B8D1BFA2FAS}
Norton Utilities 2002 for Windows -->
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
Oblivion --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly
OneTouch Version 3.0 --> C:\PROGRA~1\VISION~1\UNWISE.EXE C:\PROGRA~1\VISION~1\INSTALL.LOG
OpenAL --> "C:\Program Files\OpenAL\oalinst.exe" /U
Overclocked Demo --> V:\Demos\Overclocked Demo\uninst.exe
Painkiller Overdose --> "C:\Program Files\InstallShield Installation Information\{6C4765C5-7EED-40E1-A631-8263AF8B4508}\setup.exe" -runfromtemp -l0x0009 -removeonly
Painkiller Overdose Demo build 66 --> "V:\DEMOS\PAINKILLER OVERDOSE DEMO\UNINSTALL\UNINS000.EXE"
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PaperPort 7.02 --> C:\WINDOWS\IsUninst.exe -f"z:\Scansoft Paperport\Config\DeIsL1.isu" -y -c"z:\Scansoft Paperport\UnInstl2.dll"
Picasa 2 --> "Z:\Picasa\Picasa2\Uninstall.exe"
PowerQuest PartitionMagic 7.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1E5007FA-DA5E-4EDD-BDE5-14D128D66887}\setup.exe"
Prey --> "V:\STEAM\steam.exe" steam://uninstall/3970
Prince of Persia: The Sands of Time --> V:\PRINCE~1\UNWISE.EXE V:\PRINCE~1\INSTALL.LOG
Psi-Ops (remove only) --> V:\Psi-Ops\uninstall.exe
Psychonauts --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A129D1F2-CAC4-4AD7-B26D-3C6411B87DCC}\setup.exe" -l0x9 -removeonly
QuickBooks Pro Edition 2003 --> C:\Program Files\Installshield Installation Information\{237a4b22-78c2-11d6-a394-00104bd190b1}\QBReplace.exe {237a4b22-78c2-11d6-a394-00104bd190b1}#{AD46C591-FB19-11D5-A316-00104BD190B1}
Quicken 2004 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8} anything
QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
Rayman Raving Rabbids --> C:\Program Files\InstallShield Installation Information\{40A5DF56-329E-433C-8E79-99807E02F90F}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
Revo Uninstaller 1.71 --> Z:\Revo Uninstaller\uninst.exe
Safari --> MsiExec.exe /I{40589552-3892-409E-B92C-9F5032A4B2F0}
Sam and Max Episode 1 --> "V:\STEAM\STEAM.EXE" STEAM://UNINSTALL/8200
Sam and Max Episode 2 --> "V:\STEAM\STEAM.EXE" STEAM://UNINSTALL/8210
Sam and Max Episode 3 --> "V:\STEAM\STEAM.EXE" STEAM://UNINSTALL/8220
Sam and Max Episode 4 --> "V:\STEAM\STEAM.EXE" STEAM://UNINSTALL/8230
Sam and Max Episode 5 --> "V:\STEAM\STEAM.EXE" STEAM://UNINSTALL/8240
Sam and Max Episode 6 --> "V:\STEAM\STEAM.EXE" STEAM://UNINSTALL/8250
Shlongg Demo 1.01 --> "V:\Demos\Shlongg Demo\unins000.exe"
SideWinder Game Voice --> MsiExec.exe /I{49162FE8-25D2-4E64-BFF7-157514496778}
Sierra Utilities --> C:\Program Files\Sierra On-Line\sutil32.exe uninstall
Source SDK Base --> "V:\STEAM\STEAM.EXE" STEAM://UNINSTALL/215
Spybot - Search & Destroy --> "Z:\Spybot - Search & Destroy\Spybot - Search & Destroy\unins000.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"
STALKER: Shadow of Chernobyl --> "V:\STEAM\steam.exe" steam://uninstall/4500
  • 0

#13
Gravity Gripp

Gravity Gripp

    Trusted Helper

  • Malware Removal
  • 1,813 posts
Pharm74, I see a couple of things here that we need to take care of.

STEP ONE
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O4 - HKCU\..\Run: [mcwyscw] c:\documents and settings\phil\local settings\application data\mcwyscw.exe mcwyscw

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. Reboot into safe mode.

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 6
Java™ 6 Update 3
Java™ 6 Update 5


Please note any other programs that you dont recognize in that list in your next response

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    gtermddo <delete service>
    c:\documents and settings\phil\local settings\application data\mcwyscw.exe
    C:\WINDOWS\system32\effeacf3_z.dll
    purity
    EmptyTemp
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

STEP TWO
Upgrading Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 7.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 7 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u6-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right cklick on the jre-6u6-windows-i586-p.exe and select "Run as an Administrator.")


Also, please provide a new DSS log with your next post.
  • 0

#14
Pharm74

Pharm74

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Explorer killed successfully
Service not present: gtermddo.
File/Folder c:\documents and settings\phil\local settings\application data\mcwyscw.exe not found.
File/Folder C:\WINDOWS\system32\effeacf3_z.dll not found.
< purity >
< EmptyTemp >
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_66c.dat scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07102008_212625

Files moved on Reboot...
C:\WINDOWS\temp\Perflib_Perfdata_66c.dat moved successfully.

HijackThis didn't find the "mcwyscw" entry when I ran a scan so I was unable to fix that.

Pharm74, I see a couple of things here that we need to take care of.

STEP ONE
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O4 - HKCU\..\Run: [mcwyscw] c:\documents and settings\phil\local settings\application data\mcwyscw.exe mcwyscw

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. Reboot into safe mode.

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 6
Java™ 6 Update 3
Java™ 6 Update 5


Please note any other programs that you dont recognize in that list in your next response

Please download the OTMoveIt2 by OldTimer.

  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    gtermddo <delete service>
    c:\documents and settings\phil\local settings\application data\mcwyscw.exe
    C:\WINDOWS\system32\effeacf3_z.dll
    purity
    EmptyTemp
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

STEP TWO
Upgrading Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 7.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 7 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u6-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right cklick on the jre-6u6-windows-i586-p.exe and select "Run as an Administrator.")


Also, please provide a new DSS log with your next post.


  • 0

#15
Pharm74

Pharm74

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Here's a new DSS log----
Deckard's System Scanner v20071014.68
Run by Phil on 2008-07-10 21:40:30
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Phil.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:40:34 PM, on 7/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
Z:\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
Z:\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
Z:\a-squared Free\a2service.exe
Z:\AVG Anti-Spyware 7.5\guard.exe
Z:\AVGFRE~1\avgamsvr.exe
Z:\AVGFRE~1\avgupsvc.exe
Z:\AVGFRE~1\avgemc.exe
Z:\Diskeeper 8.0\DkService.exe
C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
Z:\NortonSW\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
Z:\NortonSW\SPEEDD~1\nopdb.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\VISION~1\ONETOU~2.EXE
Z:\Windows Defender\MSASCui.exe
C:\WINDOWS\SOUNDMAN.EXE
Z:\AVGFRE~1\avgcc.exe
Z:\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
Z:\Superantispyware\SUPERAntiSpyware.exe
C:\Documents and Settings\Phil\Desktop\dss.exe
Z:\HIJACK~1\Phil.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://Z:\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_BAND_SEARCHBAR_HTML
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - Z:\COPERN~1\COPERN~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - Z:\SPYBOT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - Z:\Copernic Agent\CopernicAgentExt.dll
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE
O4 - HKLM\..\Run: [amd_dc_opt] "Z:\Dual Core Optimizer\amd_dc_opt.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Windows Defender] "Z:\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [FlashIcon] C:\Program Files\Generic\USB Card Reader Driver v2.3\FlashIcon.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG7_CC] Z:\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "Z:\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [igndlm.exe] Z:\Download Manager\dlm.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [SUPERAntiSpyware] Z:\Superantispyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [mcwyscw] c:\documents and settings\phil\local settings\application data\mcwyscw.exe mcwyscw
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] Z:\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] Z:\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] Z:\Picasa\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] Z:\Picasa\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://Z:\OFFICE~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Search Using Copernic Agent - res://Z:\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - Z:\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - Z:\COPERN~1\COPERN~1.EXE
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - Z:\COPERN~1\COPERN~1.EXE
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Z:\SPYBOT~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Z:\SPYBOT~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com...p/PCPitStop.CAB
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - http://www.windowsvi...iveXClient1.cab
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft...tail/DASAct.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.c...driveragent.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcp.../pcpitstop2.dll
O20 - Winlogon Notify: !SASWinLogon - Z:\Superantispyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - Z:\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - Z:\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - Z:\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - Z:\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - Z:\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - Z:\AVGFRE~1\avgemc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - Z:\Diskeeper 8.0\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - Z:\NortonSW\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Speed Disk service - Symantec Corporation - Z:\NortonSW\SPEEDD~1\nopdb.exe

--
End of file - 10981 bytes

-- Files created between 2008-06-10 and 2008-07-10 -----------------------------

2008-07-10 19:50:58 0 d-------- C:\Program Files\Common Files\Java
2008-07-06 11:59:44 0 d-------- C:\WINDOWS\system32\Adobe
2008-06-21 12:34:50 0 d-------- C:\Program Files\QuickTime
2008-06-21 11:44:57 0 d-------- C:\Documents and Settings\Phil\Application Data\Auslogics
2008-06-20 12:53:28 0 d-------- C:\Program Files\Panda Security
2008-06-20 10:17:09 0 d-------- C:\Documents and Settings\Phil\Application Data\Malwarebytes
2008-06-20 10:17:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes


-- Find3M Report ---------------------------------------------------------------

2008-07-10 19:51:22 0 d-------- C:\Program Files\Java
2008-07-10 19:50:58 0 d-------- C:\Program Files\Common Files
2008-07-09 10:02:34 0 d-------- C:\Documents and Settings\Phil\Application Data\Move Networks
2008-07-06 13:19:11 0 d-------- C:\Documents and Settings\Phil\Application Data\Adobe
2008-07-05 20:03:35 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-05 10:58:17 0 d-------- C:\Documents and Settings\Phil\Application Data\IGN_DLM
2008-06-20 10:53:43 0 d-------- C:\Documents and Settings\Phil\Application Data\SUPERAntiSpyware.com
2008-06-20 10:51:52 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-20 08:24:47 55064 --a------ C:\Documents and Settings\Phil\Application Data\GDIPFONTCACHEV1.DAT
2008-06-18 12:22:04 0 d-------- C:\Documents and Settings\Phil\Application Data\Mozilla
2008-06-08 19:45:15 0 d-------- C:\Program Files\Common Files\WexTech Shared
2008-06-08 19:45:15 0 d-------- C:\Program Files\Common Files\LHSPF
2008-06-08 19:45:08 0 d-------- C:\Program Files\Common Files\Intuit
2008-05-29 17:04:12 0 d-------- C:\Documents and Settings\Phil\Application Data\AVG7
2008-05-24 13:04:31 0 d-------- C:\Program Files\Ubisoft
2008-05-14 19:52:48 0 d-------- C:\Documents and Settings\Phil\Application Data\FrostWire
2008-05-02 22:46:00 1630208 --a------ C:\WINDOWS\system32\nwiz.exe
2008-05-02 22:46:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2008-05-02 22:46:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2008-05-02 22:46:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2008-05-02 22:46:00 1486848 --a------ C:\WINDOWS\system32\nview.dll
2008-05-02 22:46:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2008-05-02 22:46:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2008-05-02 22:46:00 425984 --a------ C:\WINDOWS\system32\keystone.exe
2008-04-23 19:42:35 44968 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-04-17 13:52:13 9780 --a------ C:\WINDOWS\mozver.dat
2008-04-17 12:14:47 884 --a------ C:\WINDOWS\system32\d3d8caps.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneTouch Monitor"="C:\PROGRA~1\VISION~1\ONETOU~2.EXE" [10/16/2001 08:08 AM]
"amd_dc_opt"="Z:\Dual Core Optimizer\amd_dc_opt.exe" [06/28/2006 03:42 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/02/2008 10:46 PM]
"nwiz"="nwiz.exe" [05/02/2008 10:46 PM C:\WINDOWS\system32\nwiz.exe]
"Windows Defender"="Z:\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"FlashIcon"="C:\Program Files\Generic\USB Card Reader Driver v2.3\FlashIcon.exe" [07/21/2004 07:48 AM]
"SoundMan"="SOUNDMAN.EXE" [04/16/2007 03:28 PM C:\WINDOWS\soundman.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"AVG7_CC"="Z:\AVGFRE~1\avgcc.exe" [06/27/2008 09:23 PM]
"!AVG Anti-Spyware"="Z:\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 05:25 AM]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [05/02/2008 10:46 PM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [05/27/2008 10:50 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [12/02/2006 10:55 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 AM]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" []
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" []
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [09/10/2006 10:56 PM]
"igndlm.exe"="Z:\Download Manager\dlm.exe" [03/05/2007 01:57 PM]
"SUPERAntiSpyware"="Z:\Superantispyware\SUPERAntiSpyware.exe" [05/28/2008 10:33 AM]
"mcwyscw"="c:\documents and settings\phil\local settings\application data\mcwyscw.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Picasa Media Detector"=Z:\Picasa\Picasa2\PicasaMediaDetector.exe
"AVG7_Run"=Z:\AVGFRE~1\avgw.exe /RUNONCE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= Z:\Superantispyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
Z:\Superantispyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 Z:\Superantispyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=apitrap.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MightyFAX Controller.lnk]
backup=C:\WINDOWS\pss\MightyFAX Controller.lnkCommon Startup
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MightyFAX Controller.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Phil^Start Menu^Programs^Startup^Check for OneTouch Updates.lnk]
backup=C:\WINDOWS\pss\Check for OneTouch Updates.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hcsystray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
Z:\Download Manager\dlm.exe /windowsstart /startifwork

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
"C:\Program Files\Microsoft IntelliPoint\point32.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
Logi_MwX.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
Z:\Picasa\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerStrip]
z:\powerstrip\pstrip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPWebCap]
z:\SCANSO~1\PPWebCap.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QD FastAndSafe]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
V:\STEAM\\STEAM.EXE -SILENT

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\type32]
"C:\Program Files\Microsoft IntelliType Pro\type32.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
"Z:\Unlocker\UnlockerAssistant.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc




-- End of Deckard's System Scanner: finished at 2008-07-10 21:40:53 ------------




Explorer killed successfully
Service not present: gtermddo.
File/Folder c:\documents and settings\phil\local settings\application data\mcwyscw.exe not found.
File/Folder C:\WINDOWS\system32\effeacf3_z.dll not found.
< purity >
< EmptyTemp >
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_66c.dat scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07102008_212625

Files moved on Reboot...
C:\WINDOWS\temp\Perflib_Perfdata_66c.dat moved successfully.

HijackThis didn't find the "mcwyscw" entry when I ran a scan so I was unable to fix that.

Pharm74, I see a couple of things here that we need to take care of.

STEP ONE
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O4 - HKCU\..\Run: [mcwyscw] c:\documents and settings\phil\local settings\application data\mcwyscw.exe mcwyscw

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. Reboot into safe mode.

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 6
Java™ 6 Update 3
Java™ 6 Update 5


Please note any other programs that you dont recognize in that list in your next response

Please download the OTMoveIt2 by OldTimer.

  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    gtermddo <delete service>
    c:\documents and settings\phil\local settings\application data\mcwyscw.exe
    C:\WINDOWS\system32\effeacf3_z.dll
    purity
    EmptyTemp
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

STEP TWO
Upgrading Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 7.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 7 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u6-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right cklick on the jre-6u6-windows-i586-p.exe and select "Run as an Administrator.")


Also, please provide a new DSS log with your next post.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP