This topic is locked
I tried searching for this through google but no luck on a removal tool. I see that most people run a program called dss so I did that and here are the logs. If anyone can help I would greatly appreciate this.
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel® Pentium® D CPU 2.80GHz
CPU 1: Intel® Pentium® D CPU 2.80GHz
Percentage of Memory in Use: 53%
Physical Memory (total/avail): 1022.07 MiB / 478.76 MiB
Pagefile Memory (total/avail): 2456.34 MiB / 1829.73 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1922.99 MiB
C: is Fixed (NTFS) - 144.31 GiB total, 93.78 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - ST3160812AS - 149.01 GiB - 3 partitions
\PARTITION0 - Unknown - 54.88 MiB
\PARTITION1 (bootable) - Installable File System - 144.31 GiB - C:
\PARTITION2 - Unknown - 4.64 GiB
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.
FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
UpdatesDisableNotify is set.
FW: Windows Live OneCare Firewall v1.0.0 (Microsoft Corporation)
AV: AVG Anti-Virus Free v8.0 (AVG Technologies)
AV: Windows Live OneCare v1.0.0 (Microsoft Corporation)
AV: ESET NOD32 Antivirus 3.0 v3.0 (ESET, spol. s r. o.)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\a la mode\\Sched\\eSched.exe"="C:\\Program Files\\a la mode\\Sched\\eSched.exe:*:Enabled:a la mode Assistant"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Documents and Settings\\T.J\\Local Settings\\Temp\\.tt41.tmp"="C:\\Documents and Settings\\T.J\\Local Settings\\Temp\\.tt41.tmp:*:Enabled:enable"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\T.J\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=D9WP9T91
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\T.J
LOGONSERVER=\\D9WP9T91
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0404
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\T.J\LOCALS~1\TEMP
TMP=C:\DOCUME~1\T.J\LOCALS~1\TEMP
USERDOMAIN=D9WP9T91
USERNAME=T.J
USERPROFILE=C:\Documents and Settings\T.J
windir=C:\WINDOWS
WT=w:
-- User Profiles ---------------------------------------------------------------
T.J (admin)
LogMeInRemoteUser (admin)
LogMeInRemoteUser.D9WP9T91 (admin)
Administrator (admin)
-- Add/Remove Programs ---------------------------------------------------------
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> MsiExec.exe /I{219B0DA4-8F1A-499D-8795-4A07C632521E}
--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
--> MsiExec.exe /I{644B991F-B109-4360-9DA3-40CDAD13961C}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat - Reader 6.0.2 Update --> MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe® Photoshop® Album Starter Edition 3.2 --> MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
AdwareAlert --> MsiExec.exe /X{B7F778DB-0CCE-425F-BAD5-299F1AC2198C}
American Greetings® Art & More Store --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Mindscape\Art & More Store\Uninst.isu"
AOLIcon --> MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Ask Toolbar --> rundll32 C:\PROGRA~1\AskSBar\bar\1.bin\AskSBar.dll,O
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Conexant D850 56K V.9x DFVc Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Corel Paint Shop Pro X --> MsiExec.exe /I{1A15507A-8551-4626-915D-3D5FA095CC1B}
Coupon Printer for Windows --> "C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml"
Deewoo Network Manager removal --> C:\WINDOWS\system32\lcntmtdm.exe -UPop
Dell CinePlayer --> MsiExec.exe /I{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}
Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Support 3.1 --> MsiExec.exe /X{548EEA8E-8299-497F-8057-811D2D7097DC}
Digital Blue QX5 Microscope --> MsiExec.exe /X{08786A53-D98F-484A-867C-3302BC5AE30D}
Digital Content Portal --> MsiExec.exe /I{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Dora Lost City --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{747C231B-062D-4586-8221-8E7870987D5B}\setup.exe" -l0x9 -uninst
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
ELIcon --> MsiExec.exe /I{4667B940-BB01-428B-986E-A0CC46497BF7}
Enhancement Browser Tools Gooochi --> C:\WINDOWS\system32\dpbybkqyhvedhks.exe
ESET NOD32 Antivirus --> MsiExec.exe /I{86A6E235-C08F-4A14-B14C-793C7D8844A0}
GemMaster Mystic --> "C:\Program Files\GemMaster\uninstallgemmaster.exe"
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Talk (remove only) --> "C:\Program Files\Google\Google Talk\uninstall.exe"
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
GTOneCare --> MsiExec.exe /X{8B21B9EF-6DBF-4F63-8CC7-9F6A56D1EE8E}
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
Intel® PRO Network Connections Drivers --> Prounstl.exe
Intel® PROSet for Wired Connections --> MsiExec.exe /I{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}
IRIS 2.2 --> C:\WINDOWS\UNWISE.EXE C:\WINDOWS\INSTALL.LOG
iTunes --> MsiExec.exe /I{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
LogMeIn --> MsiExec.exe /I{BA2D4D22-0B99-4D63-BCEE-D2EA4736F27F}
MCU --> MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
MicroBase Plus --> C:\WINDOWS\st6unst.exe -n "C:\MBWPlus\ST6UNST.LOG" MicroBase Plus (C:\MBWPLUS\) --> C:\WINDOWS\st6unst.exe -n "C:\MBWPlus\ST6UNST.000" Microsoft English TTS Engine --> MsiExec.exe /I{94824ADD-8F26-43D2-84DB-22E11F377E5E}
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Protection Service --> MsiExec.exe /I{85CFDC2D-710E-49D5-B799-F3743CA506BA}
Microsoft Streets & Trips 2007 --> MsiExec.exe /I{C82185E8-C27B-4EF4-2007-4444BC2C2B6D}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Web Publishing Wizard 1.52 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
Microsoft Windows Live OneCare Resources v2.5.2900.03 --> MsiExec.exe /I{5660022E-F3F2-4126-8CC5-9726C47150EB}
Microsoft Windows OneCare Live AntiSpyware and AntiVirus --> MsiExec.exe /I{AB65455A-059F-41C3-AAD6-2EFAFB38B19B}
Microsoft Windows OneCare Live v2.5.2900.03 --> MsiExec.exe /I{D07A8E7E-D324-4945-BA8C-E532AD008FF3}
Microsoft Windows OneCare Live v2.5.2900.03 Idcrl Install --> MsiExec.exe /I{3851147E-5A91-4469-BA4D-13FFFCC8A920}
Minigolf Space --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{A2F6B63B-01BA-4D18-BBE2-31743427D8A3}
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\T.J\Application Data\Move Networks\ie_bin\Uninst.exe
Move Networks Player for Internet Explorer --> "C:\Documents and Settings\T.J\Application Data\Move Networks\ie_bin\unins000.exe"
Mozilla Firefox (1.5.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\uninstall.exe /ua "1.5.0.12 (en-US)"
Mozilla Thunderbird (2.0.0.14) --> C:\PROGRA~1\Mozilla Thunderbird\uninstall\helper.exe
Mr. Potato Head Uninstaller --> C:\WINDOWS\uninst.exe -fC:\mrpotato\DeIsL1.isu
MSXML4 Parser --> MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
MySidesearch Search Assistant Adzgalore --> C:\WINDOWS\system32\itaswkecpvtbcwpbq.dll-uninst.exe
MySpaceIM --> C:\Program Files\MySpace\IM\Uninstall.exe
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
OpenOffice.org 2.1 --> MsiExec.exe /I{43983EB4-43DC-4C3D-9712-1EF592A31CA8}
Otto --> "C:\Program Files\EnglishOtto\uninstallotto.exe"
PDF-XChange 3 --> "C:\Program Files\Tracker Software\PDF-XChange 3\unins000.exe"
PrintMaster 7.00 --> c:\PROGRA~1\MINDSC~1\PRINTM~1\uninst32.exe /IFirst
Profile Editor --> "C:\PROGRA~1\Freeze.com\Profile Editor\UNINSTAL.EXE"
PX Engine --> MsiExec.exe /I{6513E869-647F-40FD-A55D-CFC92579B9BA}
QuickTime --> MsiExec.exe /I{E0D51394-1D45-460A-B62D-383BC4F8B335}
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Roxio DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Roxio MyDVD LE --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Roxio RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Search Assist --> MsiExec.exe /X{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}
Serif DrawPlus 3.0 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Serif\dp30\DrawPlus_uninst.isu"
Sonic Activation Module --> MsiExec.exe /I{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}
Sonic Encoders --> MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
The Land Before Time Kindergarten Adventure --> C:\Lbtkind\UNWISE.EXE C:\Lbtkind\INSTALL.LOG
The Weather Channel Desktop 6 --> C:\Program Files\The Weather Channel FW\Desktop\TheWeatherChannelCustomUninstall.exe
TTS Wrapper --> MsiExec.exe /I{97D0C0A1-7E64-4B05-A2EE-61D2CE23F154}
Update Rollup 2 for Windows XP Media Center Edition 2005 --> C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
URL Assistant --> regsvr32 /u /s "c:\Program Files\BAE\BAE.dll"
Vuze --> C:\Program Files\Vuze\uninstall.exe
Weather Services --> C:\WINDOWS\system32\control.exe C:\PROGRA~1\THEWEA~1\FRAMEW~1\wxfw.cpl,4
WebCyberCoach 3.2 Dell --> "C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"
Windows Driver Package - Digital Blue (marsqx5) Image (04/04/2007 1.0.0.0) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\marsqx5_935523B763FD8C83A319DA72299E127DF607B108\marsqx5.inf
Windows Live OneCare --> "C:\Program Files\Microsoft Windows OneCare Live\OCSetup.exe" /u
Windows XP Media Center Edition 2005 KB908246 --> "C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB914548 --> "C:\WINDOWS\$NtUninstallKB914548$\spuninst\spuninst.exe"
WordPerfect Office 12 --> MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}
-- Application Event Log -------------------------------------------------------
Event Record #/Type3030 / Error
Event Submitted/Written: 07/09/2008 03:37:06 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application services.exe, version 5.1.2600.2180, faulting module services.exe, version 5.1.2600.2180, fault address 0x00008e40.
Processing media-specific event for [services.exe!ws!]
Event Record #/Type3011 / Warning
Event Submitted/Written: 07/09/2008 03:29:27 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
Event Record #/Type2998 / Warning
Event Submitted/Written: 07/09/2008 09:59:09 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
Event Record #/Type2984 / Error
Event Submitted/Written: 07/09/2008 03:33:46 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application services.exe, version 5.1.2600.2180, faulting module services.exe, version 5.1.2600.2180, fault address 0x00008e40.
Processing media-specific event for [services.exe!ws!]
Event Record #/Type2971 / Error
Event Submitted/Written: 07/09/2008 03:25:48 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application services.exe, version 5.1.2600.2180, faulting module services.exe, version 5.1.2600.2180, fault address 0x00008e40.
Processing media-specific event for [services.exe!ws!]
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type24264 / Error
Event Submitted/Written: 07/09/2008 05:04:01 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.
Event Record #/Type24244 / Warning
Event Submitted/Written: 07/09/2008 04:50:25 PM
Event ID/Source: 3004 / OneCareMP
Event Description:
%D9WP9T9129 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %D9WP9T9129 can't undo changes that you allow.
For more information please see the following:
%D9WP9T91295
Scan ID: {F453AA76-7921-4BBE-9EF4-F519606A7EE9}
Agent: %D9WP9T9143
User: D9WP9T91\T.J
Name: %D9WP9T91291
ID: %D9WP9T91292
Severity: 1.5.1955.05
Category: 1.5.1955.06
Path Found: %D9WP9T91296
Alert Type: %D9WP9T91298
Process Name: C:\PROGRA~1\AVG\AVG8\avgtray.exe
Detection Type: 1.5.1955.02
Status: 1.5.1955.00
Event Record #/Type24211 / Warning
Event Submitted/Written: 07/08/2008 07:31:05 PM
Event ID/Source: 3004 / OneCareMP
Event Description:
%D9WP9T9129 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %D9WP9T9129 can't undo changes that you allow.
For more information please see the following:
%D9WP9T91295
Scan ID: {394E3DBF-127B-4B6F-B11C-85ABF562260F}
Agent: %D9WP9T9143
User: D9WP9T91\T.J
Name: %D9WP9T91291
ID: %D9WP9T91292
Severity: 1.5.1955.05
Category: 1.5.1955.06
Path Found: %D9WP9T91296
Alert Type: %D9WP9T91298
Process Name: C:\WINDOWS\explorer.exe
Detection Type: 1.5.1955.02
Status: 1.5.1955.00
Event Record #/Type24209 / Error
Event Submitted/Written: 07/08/2008 07:31:05 PM
Event ID/Source: 3006 / OneCareMP
Event Description:
%D9WP9T9129 Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software.
For more information please see the following:
%D9WP9T91295
Scan ID: {1B910C84-C788-4FEC-9A9F-E52574527B1E}
User: D9WP9T91\T.J
Name: %D9WP9T91291
ID: %D9WP9T91292
Severity: 1.5.1955.05
Category: 1.5.1955.06
Path: %D9WP9T91296
Alert Type: %D9WP9T91298
Action: 1.5.1955.00
Error Code: 1.5.1955.01
Error description: 1.5.1955.02
Event Record #/Type24208 / Warning
Event Submitted/Written: 07/08/2008 07:31:02 PM
Event ID/Source: 3004 / OneCareMP
Event Description:
%NT AUTHORITY29 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %NT AUTHORITY29 can't undo changes that you allow.
For more information please see the following:
%NT AUTHORITY295
Scan ID: {E1D32C97-4816-452D-BBD6-EF16BD41CA0F}
Agent: %NT AUTHORITY43
User: NT AUTHORITY\SYSTEM
Name: %NT AUTHORITY291
ID: %NT AUTHORITY292
Severity: 1.5.1955.05
Category: 1.5.1955.06
Path Found: %NT AUTHORITY296
Alert Type: %NT AUTHORITY298
Process Name: C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
Detection Type: 1.5.1955.02
Status: 1.5.1955.00
-- End of Deckard's System Scanner: finished at 2008-07-09 17:07:41 ------------
next one
Deckard's System Scanner v20071014.68
Run by T.J on 2008-07-09 17:04:11
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
-- Last 4 Restore Point(s) --
4: 2008-07-09 20:25:22 UTC - RP7 - Deckard's System Scanner Restore Point
3: 2008-07-09 17:50:24 UTC - RP6 - Installed AVG Free 8.0
2: 2008-07-09 07:42:56 UTC - RP5 - Last good restore point
1: 2008-07-09 07:42:39 UTC - RP4 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-09 17:06:06
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\DLA\DLACTRLW.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\LogMeIn\x86\ramaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.bin
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG8\avgemc.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\AVG\AVG8\aAvgApi.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\T.J\Desktop\dss.exe
C:\WINDOWS\system32\svchost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...l...&channel=us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?linkid=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.co...l...&channel=us
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {36953122-9f7c-4461-af35-e23242461fd7} - C:\WINDOWS\system32\xxyaxYqr.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
O2 - BHO: (no name) - {5350fcd9-5a0c-495f-8e97-fa925d68f5bd} - C:\WINDOWS\system32\yaywtULB.dll (file missing)
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: mysidesearch search enhancer - {942f9ded-e62a-0100-86ee-93e9d6be1fd5} - C:\WINDOWS\system32\itaswkecpvtbcwpbq.dll
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: AVG Security Toolbar - {a057a204-bacc-4d26-9990-79a187e2698e} - C:\Program Files\AVG\AVG8\avgtoolbar.dll
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: (no name) - {a94c97a3-818a-48bc-9a1a-500f36eb445d} - C:\WINDOWS\system32\iifgFXQj.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll
O2 - BHO: (no name) - {acb17d13-44a2-4839-9499-46fa0459c0b2} - C:\WINDOWS\system32\ssqNFUNe.dll (file missing)
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: gooochi browser optimizer - {ba41c9e8-376e-11cc-b3bc-75607e242267} - C:\WINDOWS\system32\qqapnalwywl.dll
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [{99fa2547-da8c-ffd6-5067-b94a415e033e}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\qqapnalwywl.dll" DllStart
O4 - HKLM\..\Run: [sysrest32.exe] C:\WINDOWS\system32\sysrest32.exe
O4 - HKLM\..\Run: [sunjavaupdatesched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [smrhcguqj0e92c] C:\Program Files\rhcguqj0e92c\rhcguqj0e92c.exe
O4 - HKLM\..\Run: [sigmatelsystrayapp] stsystra.exe
O4 - HKLM\..\Run: [realtray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [quicktime task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [onecareui] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [new.net startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s
O4 - HKLM\..\Run: [msserv] C:\WINDOWS\msserv.exe s
O4 - HKLM\..\Run: [mskdetectorexe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [lphcluqj0e92c] C:\WINDOWS\system32\lphcluqj0e92c.exe
O4 - HKLM\..\Run: [logmein gui] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [ituneshelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [isusscheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [isuspm startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [google desktop search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ehtray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [dmxlauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [brwdiag] C:\WINDOWS\system32\brwconf.exe
O4 - HKLM\..\Run: [audiag] C:\WINDOWS\system32\audconf.exe
O4 - HKLM\..\Run: [atipta] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [adobe photo downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [myspaceim] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [msmsgs] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [dw6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://online.musicmatch.com (HKLM)
O15 - Trusted Zone: *.amaena.com (HKCU)
O15 - ProtocolDefaults: Unknown 'pctools-rep' protocol is in My Computer Zone (HKLM)
O15 - ProtocolDefaults: Unknown 'pctools-rep' protocol is in My Computer Zone (HKCU)
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://mfr.mlxchange...ectComboBox.cab
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://mfr.mlxchange...ClientUtils.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://mfr.mlxchange...ol/IRCSharc.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai...5/installer.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...trl.cab?lmi=100
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,confaud.dll,audstat.dll,wuapsecu.dll,confbrw.dll,brwstat.dll,a
vgrsstx.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: audmgr - C:\WINDOWS\system32\audmgr32.dll (file missing)
O20 - Winlogon Notify: cfgbrasr - C:\WINDOWS\system32\cfgbrasr.dll (file missing)
O20 - Winlogon Notify: osunuxth - C:\WINDOWS\system32\
O20 - Winlogon Notify: xxyaxyqr - C:\WINDOWS\system32\xxyaxYqr.dll (file missing)
O20 - Winlogon Notify: zlcocard - C:\WINDOWS\system32\zlcocard.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgwdsvc.exe
O23 - Service: Command Service (cmdservice) - Unknown owner - C:\WINDOWS\VC5K\command.exe
O23 - Service: Eset HTTP Server (ehttpsrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\ramaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O24 - Desktop Component 0: - http://images.google...-Hottest.jpgO24 - Desktop Component 1: - http://www.wwe.com/s...rphotos/999.jpg
--
End of file - 15974 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
S2 cmdservice (Command Service) - c:\windows\vc5k\command.exe (file missing)
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2008-07-03 12:15:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
-- Files created between 2008-06-09 and 2008-07-09 -----------------------------
2008-07-09 13:56:07 0 d--h----- C:\$AVG8.VAULT$
2008-07-09 13:50:39 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-09 13:50:39 0 d-------- C:\Documents and Settings\T.J\Application Data\AVGTOOLBAR
2008-07-09 13:50:25 0 d-------- C:\Program Files\AVG
2008-07-09 13:50:24 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-09 03:09:02 94208 --a------ C:\WINDOWS\system32\pphcluqj0e92c.exe
2008-07-08 19:19:24 0 d-------- C:\WINDOWS\system32\bits
2008-07-08 19:14:51 0 d-------- C:\Program Files\Microsoft Windows OneCare Live
2008-07-08 00:21:40 0 d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-07-07 23:48:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-07-07 23:48:39 0 d-------- C:\Documents and Settings\T.J\Application Data\Azureus
2008-07-07 20:36:50 0 d-------- C:\Program Files\Alwil Software
2008-07-07 20:27:55 617815 --ahs---- C:\WINDOWS\system32\eNUFNqss.ini2
2008-07-07 20:06:34 18176 --a------ C:\WINDOWS\y.exe
2008-07-07 20:06:34 14592 --a------ C:\WINDOWS\x.exe
2008-07-07 20:06:34 16640 --a------ C:\WINDOWS\winmgnt.exe
2008-07-07 20:06:34 20480 --a------ C:\WINDOWS\window.exe
2008-07-07 20:06:34 28160 --a------ C:\WINDOWS\winajbm.dll
2008-07-07 20:06:33 11008 --a------ C:\WINDOWS\win64.exe
2008-07-07 20:06:33 32768 --a------ C:\WINDOWS\win32e.exe
2008-07-07 20:06:33 22272 --a------ C:\WINDOWS\users32.exe
2008-07-07 20:06:33 10752 --a------ C:\WINDOWS\systemcritical.exe
2008-07-07 20:06:33 32000 --a------ C:\WINDOWS\systeem.exe
2008-07-07 20:06:32 19456 --a------ C:\WINDOWS\olehelp.exe
2008-07-07 20:06:32 9216 --a------ C:\WINDOWS\notepad32.exe
2008-07-07 20:06:32 11264 --a------ C:\WINDOWS\mtwirl32.dll
2008-07-07 20:06:32 30464 --a------ C:\WINDOWS\msupdate.exe
2008-07-07 20:06:32 17152 --a------ C:\WINDOWS\mssys.exe
2008-07-07 20:06:32 13824 --a------ C:\WINDOWS\loader.exe
2008-07-07 20:06:32 12800 --a------ C:\WINDOWS\iexplorer.exe
2008-07-07 20:06:32 31232 --a------ C:\WINDOWS\iedll.exe
2008-07-07 20:06:31 14080 --a------ C:\WINDOWS\clrssn.exe
2008-07-07 20:06:31 20224 --a------ C:\WINDOWS\avpcc.dll
2008-07-07 20:06:31 23040 --a------ C:\WINDOWS\accesss.exe
2008-07-07 18:40:59 613414 --ahs---- C:\WINDOWS\system32\jQXFgfii.ini2
2008-07-07 17:05:31 0 d-------- C:\ Program Files
2008-07-07 13:55:49 859 --a------ C:\WINDOWS\system32\winpfz33.sys
2008-07-07 13:53:10 18176 --a------ C:\WINDOWS\sistem.exe
2008-07-07 13:53:10 20480 --a------ C:\WINDOWS\rundll16.exe
2008-07-07 13:53:10 23296 --a------ C:\WINDOWS\quicken.exe
2008-07-07 13:53:10 30976 --a------ C:\WINDOWS\qttasks.exe
2008-07-07 13:53:09 24576 --a------ C:\WINDOWS\msconfd.dll
2008-07-07 13:53:08 32256 --a------ C:\WINDOWS\explore.exe
2008-07-07 13:53:07 13568 --a------ C:\WINDOWS\editpad.exe
2008-07-07 13:53:07 15872 --a------ C:\WINDOWS\ctrlpan.dll
2008-07-07 13:09:10 0 d-------- C:\WINDOWS\system32\4808
2008-07-07 12:38:52 64332 --a------ C:\WINDOWS\system32\dpbybkqyhvedhks.exe
2008-07-07 12:38:40 152184 --a------ C:\WINDOWS\system32\g87.exe
2008-07-07 12:26:20 9728 --a------ C:\WINDOWS\xplugin.dll
2008-07-07 12:26:19 8960 --a------ C:\WINDOWS\waol.exe
2008-07-07 12:26:19 14848 --a------ C:\WINDOWS\time.exe
2008-07-07 12:26:18 26880 --a------ C:\WINDOWS\svcinit.exe
2008-07-07 12:26:18 16640 --a------ C:\WINDOWS\svchost32.exe
2008-07-07 12:26:18 29952 --a------ C:\WINDOWS\searchword.dll
2008-07-07 12:26:16 30208 --a------ C:\WINDOWS\mswsc20.dll
2008-07-07 12:26:16 14848 --a------ C:\WINDOWS\mswsc10.dll
2008-07-07 12:26:15 32512 --a------ C:\WINDOWS\msspi.dll
2008-07-07 12:26:15 16128 --a------ C:\WINDOWS\internet.exe
2008-07-07 12:26:15 16640 --a------ C:\WINDOWS\inetinf.exe
2008-07-07 12:26:14 15616 --a------ C:\WINDOWS\helpcvs.exe
2008-07-07 12:26:14 25600 --a------ C:\WINDOWS\gfmnaaa.dll
2008-07-07 12:26:14 20224 --a------ C:\WINDOWS\funny.exe
2008-07-07 12:26:14 27136 --a------ C:\WINDOWS\funniest.exe
2008-07-07 12:26:13 13568 --a------ C:\WINDOWS\explorer32.exe
2008-07-07 12:26:13 26112 --a------ C:\WINDOWS\dnsrelay.dll
2008-07-07 12:26:13 17920 --a------ C:\WINDOWS\directx32.exe
2008-07-07 12:26:12 11776 --a------ C:\WINDOWS\ctfmon32.exe
2008-07-07 12:26:12 15616 --a------ C:\WINDOWS\cpan.dll
2008-07-07 12:11:19 0 d-------- C:\Program Files\AskSBar
2008-07-07 12:10:17 0 d-------- C:\Program Files\Vuze
2008-07-07 12:07:10 614550 --ahs---- C:\WINDOWS\system32\BLUtwyay.ini2
2008-07-07 12:05:43 0 d-------- C:\Program Files\AntiSpywareMaster
2008-07-07 12:02:20 0 d-------- C:\WINDOWS\S?mantec
2008-07-07 12:02:15 88961 --a------ C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
2008-07-07 12:02:09 0 d--hs---- C:\WINDOWS\VC5K
2008-07-07 12:02:04 0 d-------- C:\WINDOWS\system32\tfig
2008-07-07 12:02:04 0 d-------- C:\WINDOWS\system32\net
2008-07-07 12:02:04 0 d-------- C:\WINDOWS\system32\cREG
2008-07-07 12:02:04 0 d-------- C:\WINDOWS\system32\1030
2008-07-07 12:02:04 0 d-------- C:\Program Files\??crosoft
2008-07-07 12:02:00 0 d-------- C:\WINDOWS\system32\olixds01
2008-07-07 12:02:00 0 d-------- C:\Temp
2008-07-07 10:49:03 0 d-------- C:\ kav
2008-07-06 22:14:57 0 d-------- C:\Program Files\Spyware Doctor Enterprise Server
2008-07-06 22:13:41 0 d-------- C:\PC Tools Spyware Doctor Enterprise
2008-07-06 21:59:14 0 d-------- C:\Program Files\XoftSpySE
2008-07-06 21:35:24 0 d-------- C:\Program Files\CyberDefender
2008-07-06 21:30:46 0 d-------- C:\Documents and Settings\T.J\Application Data\rhcguqj0e92c
2008-07-06 21:19:56 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-07-06 21:18:59 0 d-------- C:\WINDOWS\system32\734914
2008-07-06 21:18:39 0 d-------- C:\Documents and Settings\LocalService\Application Data\rhcguqj0e92c
2008-07-06 21:18:25 58476 --a------ C:\WINDOWS\system32\drivers\cd2e4d3f.sys
2008-07-06 21:18:23 0 d-------- C:\Program Files\rhcguqj0e92c
2008-07-06 21:18:15 60928 --a------ C:\WINDOWS\system32\blphcluqj0e92c.scr <Not Verified; Sysinternals; Sysinternals Blue Screen>
2008-07-03 10:45:24 364544 --a------ C:\WINDOWS\system32\itaswkecpvtbcwpbq.dll
2008-07-02 09:52:48 158208 --a------ C:\WINDOWS\system32\qqapnalwywl.dll
2008-07-02 09:52:48 158208 --a------ C:\WINDOWS\system32\_qqapnalwywl.dll
2008-06-26 11:20:17 0 d-------- C:\WINDOWS\Cache
2008-06-26 11:20:17 0 d-------- C:\Program Files\Coupons
2008-06-19 09:53:19 0 d-------- C:\Documents and Settings\All Users\Application Data\LogMeIn
-- Find3M Report ---------------------------------------------------------------
2008-07-09 17:02:48 0 d-------- C:\Documents and Settings\T.J\Application Data\OpenOffice.org2
2008-07-09 16:20:31 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-07-09 03:08:06 0 d-------- C:\Program Files\LogMeIn
2008-07-08 17:21:33 0 d-------- C:\Documents and Settings\T.J\Application Data\AdobeUM
2008-07-08 02:52:10 0 d-------- C:\Program Files\Kodak
2008-07-08 02:51:42 0 d-------- C:\Program Files\Common Files
2008-07-08 00:14:03 0 d-------- C:\Program Files\Kaspersky Lab
2008-07-07 21:17:47 0 d-------- C:\Program Files\??crosoft
2008-06-29 15:54:19 6686 --a------ C:\WINDOWS\system32\KGyGaAvL.sys
2008-06-29 15:54:17 104 -rahs---- C:\WINDOWS\system32\DCD8B5840E.sys
2008-06-28 20:07:56 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-06-18 13:32:53 278528 -----n--- C:\WINDOWS\MBWSetup.exe <Not Verified; MicroDecisions, Inc.; MicroBase Setup>
2008-06-18 13:32:52 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-06-16 10:24:15 0 d-------- C:\Program Files\The Weather Channel FW
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{36953122-9f7c-4461-af35-e23242461fd7}]
C:\WINDOWS\system32\xxyaxYqr.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5350fcd9-5a0c-495f-8e97-fa925d68f5bd}]
C:\WINDOWS\system32\yaywtULB.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{942f9ded-e62a-0100-86ee-93e9d6be1fd5}]
07/03/2008 10:45 AM 364544 --a------ C:\WINDOWS\system32\itaswkecpvtbcwpbq.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a057a204-bacc-4d26-9990-79a187e2698e}]
07/09/2008 01:50 PM 2055960 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a94c97a3-818a-48bc-9a1a-500f36eb445d}]
C:\WINDOWS\system32\iifgFXQj.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{acb17d13-44a2-4839-9499-46fa0459c0b2}]
C:\WINDOWS\system32\ssqNFUNe.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba41c9e8-376e-11cc-b3bc-75607e242267}]
07/02/2008 09:52 AM 158208 --a------ C:\WINDOWS\system32\qqapnalwywl.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c}]
[HKEY_LOCAL_MACHINE
Sign In
Create Account
