Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Vista Problems - Please Help [CLOSED]


  • This topic is locked This topic is locked

#16
triality

triality

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
I am not getting an extra.txt to open, only the main.txt

Deckard's System Scanner v20071014.68
Run by Jordan on 2008-07-27 17:59:59
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 0.13 GiB (less than 15%) free.


-- HijackThis (run as Jordan.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:00:01 PM, on 7/27/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Common Files\AOL\1158549145\ee\aolsoftware.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Users\Jordan\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Jordan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.leanbulk.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] F:\Programs\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [googletalk] C:\Users\Jordan\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: VPN Client.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - (no file)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - Gopher Prefix:
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - http://update.micros...b?1158335228702
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10142 bytes

-- Files created between 2008-06-27 and 2008-07-27 -----------------------------

2008-07-27 14:09:49 0 d-------- C:\Users\All Users\Logitech
2008-07-27 14:09:42 0 d-------- C:\Program Files\Common Files\Logishrd
2008-07-27 14:09:37 0 d-------- C:\Program Files\Logitech
2008-07-27 14:09:18 0 d-------- C:\Users\All Users\LogiShrd
2008-07-24 19:04:58 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-24 19:04:35 0 d-------- C:\Program Files\Windows Live
2008-07-24 19:03:26 0 d-------- C:\Users\All Users\WLInstaller
2008-07-21 19:26:01 0 d-------- C:\Users\All Users\acccore
2008-07-21 19:25:20 0 d-------- C:\Program Files\AIM6
2008-07-21 17:45:15 0 d-------- C:\327882R2FWJFW
2008-07-21 13:09:46 0 d-------- C:\Users\All Users\Malwarebytes
2008-07-21 13:09:43 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-21 12:51:38 0 d-------- C:\Program Files\iTunes
2008-07-21 12:51:12 0 d-------- C:\Program Files\Trend Micro
2008-07-21 12:40:45 0 d-------- C:\Program Files\Safari
2008-07-20 15:39:22 0 d-------- C:\Windows\system32\N360_BACKUP
2008-07-20 14:15:04 0 d-------- C:\Program Files\Norton 360
2008-07-20 14:09:01 0 d-------- C:\Program Files\Symantec
2008-07-19 20:09:59 0 d-------- C:\Program Files\Panda Security
2008-07-19 19:38:40 0 d-------- C:\Windows\BDOSCAN8
2008-07-19 19:30:33 65536 --a------ C:\Users\Jordan\gzip.exe
2008-07-15 17:27:35 0 d-------- C:\Windows\Sun
2008-07-14 15:55:33 0 d-------- C:\Program Files\MySQL
2008-07-14 15:51:09 0 d-------- C:\Program Files\Bullzip
2008-07-13 18:07:08 0 d-------- C:\Users\All Users\AOL OCP
2008-07-08 12:50:25 0 d-------- C:\Users\Jordan\vbseo3.2


-- Find3M Report ---------------------------------------------------------------

2008-07-27 14:13:51 0 d-------- C:\Users\Jordan\AppData\Roaming\Logitech
2008-07-27 14:13:38 0 d-------- C:\Users\Jordan\AppData\Roaming\Leadertech
2008-07-27 14:09:44 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-27 14:09:42 0 d-------- C:\Program Files\Common Files
2008-07-24 16:01:50 0 d-------- C:\Users\Jordan\AppData\Roaming\LimeWire
2008-07-21 13:09:51 0 d-------- C:\Users\Jordan\AppData\Roaming\Malwarebytes
2008-07-21 13:09:33 0 d-------- C:\Users\Jordan\AppData\Roaming\Download Manager
2008-07-21 12:51:43 0 d-------- C:\Program Files\iPod
2008-07-21 12:48:38 0 d-------- C:\Program Files\Bonjour
2008-07-20 15:31:51 0 d-------- C:\Users\Jordan\AppData\Roaming\Symantec
2008-07-20 15:30:13 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-20 14:49:54 478656 --a------ C:\Windows\system32\perfh01D.dat
2008-07-20 14:49:54 83000 --a------ C:\Windows\system32\perfc01D.dat
2008-07-19 13:33:19 0 d-------- C:\Users\Jordan\AppData\Roaming\Vso
2008-07-10 03:11:43 174 --ahs---- C:\Program Files\desktop.ini
2008-07-10 03:01:11 0 d-------- C:\Program Files\Windows Mail
2008-07-03 01:57:14 0 d-------- C:\Program Files\Full Tilt Poker
2008-06-25 14:52:46 0 d-------- C:\Users\Jordan\AppData\Roaming\Azureus
2008-06-21 20:23:02 0 d-------- C:\Program Files\PowerQuest
2008-06-21 16:58:57 0 d-------- C:\Program Files\Azureus
2008-06-16 19:41:24 0 d-------- C:\Program Files\QuickTime
2008-06-16 19:35:54 0 d-------- C:\Program Files\Apple Software Update


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
06/30/2008 01:44 PM 349552 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
07/20/2008 02:16 PM 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll [06/30/2008 01:44 PM 349552]

[-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [07/10/2007 10:08 AM]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [10/27/2004 04:21 PM C:\Windows\System32\HdAShCut.exe]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [02/17/2006 11:59 AM]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [12/18/2006 08:34 AM]
"PWRISOVM.EXE"="F:\Programs\PowerISO\PWRISOVM.EXE" []
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [08/24/2007 07:00 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [03/14/2007 03:43 AM]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [01/02/2008 06:07 PM]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [01/02/2008 06:06 PM]
"Persistence"="C:\Windows\system32\igfxpers.exe" [01/02/2008 06:07 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [05/27/2008 10:50 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [02/18/2008 02:37 PM]
"osCheck"="C:\Program Files\Norton 360\osCheck.exe" [02/26/2008 09:50 AM]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [07/10/2008 09:47 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [07/10/2008 10:51 AM]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [09/21/2007 03:10 AM C:\Windows\KHALMNPR.Exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [09/21/2007 03:10 AM C:\Windows\KHALMNPR.Exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [01/09/2008 04:01 AM]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [11/02/2006 07:34 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [01/21/2008 02:01 AM]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [01/19/2007 01:54 PM]
"googletalk"="C:\Users\Jordan\AppData\Roaming\Google\Google Talk\googletalk.exe" [01/01/2007 04:22 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 07:33 AM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [06/19/2008 12:51 PM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [4/6/2003 1:17:18 AM]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [4/6/2003 1:06:58 AM]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [7/27/2008 2:10:08 PM]
VPN Client.lnk - C:\Windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2/4/2008 11:17:32 PM]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [4/28/2008 11:20:00 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^E-Color.lnk]
backup=C:\WINDOWS\pss\E-Color.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1158549145\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveMonitor]
C:\Program Files\MSI\Live Update 2\LMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e143ae1a-fe96-11d5-9ae6-806d6172696f}]
AutoRun\command- E:\setup.exe

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-07-27 18:00:36 ------------
  • 0

Advertisements


#17
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Right it looks like you have run DSS before - so I will need you to run it now in a special mode

Make sure that DSS.exe is located on your Desktop.
Click on your START button, then choose Run. A little box will appear.
Now copy and paste all the following in bold (including the "" marks) into the run box and click OK.

"%userprofile%\desktop\dss.exe" /config

When the dialog opens up select all the options and DSS will then run and produce an Extra.txt plus the driver dump
  • 0

#18
triality

triality

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Deckard's System Scanner v20071014.68
Run by Jordan on 2008-07-28 15:08:06
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.
Performed disk cleanup.

System Drive C: has 0.12 GiB (less than 15%) free.


-- HijackThis (run as Jordan.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:09:32 PM, on 7/28/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Common Files\AOL\1158549145\ee\aolsoftware.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Users\Jordan\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Jordan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.leanbulk.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] F:\Programs\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [googletalk] C:\Users\Jordan\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: VPN Client.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - (no file)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - Gopher Prefix:
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - http://update.micros...b?1158335228702
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10068 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 AFS2K - c:\windows\system32\drivers\afs2k.sys <Not Verified; Oak Technology Inc.; AFS>
R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys <Not Verified; PowerQuest Corporation; PowerQuest product>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>

S3 WEBNTACCESS - \??\c:\windows\system32\ntaccess.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA


-- Process Modules -------------------------------------------------------------

All modules okay.


-- Scheduled Tasks -------------------------------------------------------------

2007-09-11 17:23:24 344 --a------ C:\Windows\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1161198188.job


-- Files created between 2008-06-28 and 2008-07-28 -----------------------------

2008-07-27 14:09:49 0 d-------- C:\Users\All Users\Logitech
2008-07-27 14:09:42 0 d-------- C:\Program Files\Common Files\Logishrd
2008-07-27 14:09:37 0 d-------- C:\Program Files\Logitech
2008-07-27 14:09:18 0 d-------- C:\Users\All Users\LogiShrd
2008-07-24 19:04:58 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-24 19:04:35 0 d-------- C:\Program Files\Windows Live
2008-07-24 19:03:26 0 d-------- C:\Users\All Users\WLInstaller
2008-07-21 19:26:01 0 d-------- C:\Users\All Users\acccore
2008-07-21 19:25:20 0 d-------- C:\Program Files\AIM6
2008-07-21 17:45:15 0 d-------- C:\327882R2FWJFW
2008-07-21 13:09:46 0 d-------- C:\Users\All Users\Malwarebytes
2008-07-21 13:09:43 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-21 12:51:38 0 d-------- C:\Program Files\iTunes
2008-07-21 12:51:12 0 d-------- C:\Program Files\Trend Micro
2008-07-21 12:40:45 0 d-------- C:\Program Files\Safari
2008-07-20 15:39:22 0 d-------- C:\Windows\system32\N360_BACKUP
2008-07-20 14:15:04 0 d-------- C:\Program Files\Norton 360
2008-07-20 14:09:01 0 d-------- C:\Program Files\Symantec
2008-07-19 20:09:59 0 d-------- C:\Program Files\Panda Security
2008-07-19 19:38:40 0 d-------- C:\Windows\BDOSCAN8
2008-07-19 19:30:33 65536 --a------ C:\Users\Jordan\gzip.exe
2008-07-15 17:27:35 0 d-------- C:\Windows\Sun
2008-07-14 15:55:33 0 d-------- C:\Program Files\MySQL
2008-07-14 15:51:09 0 d-------- C:\Program Files\Bullzip
2008-07-13 18:07:08 0 d-------- C:\Users\All Users\AOL OCP
2008-07-08 12:50:25 0 d-------- C:\Users\Jordan\vbseo3.2


-- Find3M Report ---------------------------------------------------------------

2008-07-27 19:02:48 0 d-------- C:\Program Files\MSN Messenger
2008-07-27 14:13:51 0 d-------- C:\Users\Jordan\AppData\Roaming\Logitech
2008-07-27 14:13:38 0 d-------- C:\Users\Jordan\AppData\Roaming\Leadertech
2008-07-27 14:09:44 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-27 14:09:42 0 d-------- C:\Program Files\Common Files
2008-07-24 16:01:50 0 d-------- C:\Users\Jordan\AppData\Roaming\LimeWire
2008-07-21 13:09:51 0 d-------- C:\Users\Jordan\AppData\Roaming\Malwarebytes
2008-07-21 13:09:33 0 d-------- C:\Users\Jordan\AppData\Roaming\Download Manager
2008-07-21 12:51:43 0 d-------- C:\Program Files\iPod
2008-07-21 12:48:38 0 d-------- C:\Program Files\Bonjour
2008-07-20 15:31:51 0 d-------- C:\Users\Jordan\AppData\Roaming\Symantec
2008-07-20 15:30:13 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-20 14:49:54 478656 --a------ C:\Windows\system32\perfh01D.dat
2008-07-20 14:49:54 83000 --a------ C:\Windows\system32\perfc01D.dat
2008-07-19 13:33:19 0 d-------- C:\Users\Jordan\AppData\Roaming\Vso
2008-07-10 03:11:43 174 --ahs---- C:\Program Files\desktop.ini
2008-07-10 03:01:11 0 d-------- C:\Program Files\Windows Mail
2008-07-03 01:57:14 0 d-------- C:\Program Files\Full Tilt Poker
2008-06-25 14:52:46 0 d-------- C:\Users\Jordan\AppData\Roaming\Azureus
2008-06-21 20:23:02 0 d-------- C:\Program Files\PowerQuest
2008-06-21 16:58:57 0 d-------- C:\Program Files\Azureus
2008-06-16 19:41:24 0 d-------- C:\Program Files\QuickTime
2008-06-16 19:35:54 0 d-------- C:\Program Files\Apple Software Update


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
06/30/2008 01:44 PM 349552 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
07/20/2008 02:16 PM 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll [06/30/2008 01:44 PM 349552]

[-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [07/10/2007 10:08 AM]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [10/27/2004 04:21 PM C:\Windows\System32\HdAShCut.exe]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [02/17/2006 11:59 AM]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [12/18/2006 08:34 AM]
"PWRISOVM.EXE"="F:\Programs\PowerISO\PWRISOVM.EXE" []
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [08/24/2007 07:00 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [03/14/2007 03:43 AM]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [01/02/2008 06:07 PM]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [01/02/2008 06:06 PM]
"Persistence"="C:\Windows\system32\igfxpers.exe" [01/02/2008 06:07 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [05/27/2008 10:50 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [02/18/2008 02:37 PM]
"osCheck"="C:\Program Files\Norton 360\osCheck.exe" [02/26/2008 09:50 AM]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [07/10/2008 09:47 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [07/10/2008 10:51 AM]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [09/21/2007 03:10 AM C:\Windows\KHALMNPR.Exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [09/21/2007 03:10 AM C:\Windows\KHALMNPR.Exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [01/09/2008 04:01 AM]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [11/02/2006 07:34 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [01/21/2008 02:01 AM]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [01/19/2007 01:54 PM]
"googletalk"="C:\Users\Jordan\AppData\Roaming\Google\Google Talk\googletalk.exe" [01/01/2007 04:22 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 07:33 AM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [06/19/2008 12:51 PM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [4/6/2003 1:17:18 AM]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [4/6/2003 1:06:58 AM]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [7/27/2008 2:10:08 PM]
VPN Client.lnk - C:\Windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2/4/2008 11:17:32 PM]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [4/28/2008 11:20:00 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^E-Color.lnk]
backup=C:\WINDOWS\pss\E-Color.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1158549145\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveMonitor]
C:\Program Files\MSI\Live Update 2\LMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e143ae1a-fe96-11d5-9ae6-806d6172696f}]
AutoRun\command- E:\setup.exe

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-07-28 15:10:33 ------------



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Ultimate (build 6000)
Architecture: X86; Language: English

CPU 0: Intel® Core™2 CPU 6400 @ 2.13GHz
Percentage of Memory in Use: 43%
Physical Memory (total/avail): 2038.56 MiB / 1160.57 MiB
Pagefile Memory (total/avail): 4295.61 MiB / 3426.72 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1919.94 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 32.65 GiB total, 0.12 GiB free.
D: is Fixed (NTFS) - 24.61 GiB total, 22.1 GiB free.
E: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - Maxtor 6Y060L0 ATA Device - 57.27 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 32.65 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 24.61 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FW: Norton 360 v2007 (SYMANTEC Corporation)
AV: Norton 360 v2007 (SYMANTEC Corperation) Disabled
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation) Disabled
AS: Norton 360 v2007 (Symantec Corporation) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Common Files\\AOL\\1158549145\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1158549145\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Common Files\\AOL\\1158549145\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1158549145\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\myTunes Redux\\mDNSResponder.exe"="C:\\Program Files\\myTunes Redux\\mDNSResponder.exe:*:Enabled:mDNSResponder"
"C:\\Program Files\\Pure Networks\\Network Magic\\nmsrvc.exe"="C:\\Program Files\\Pure Networks\\Network Magic\\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Network Magic Service"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Jordan\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JORDAN-61OITUGC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Jordan
LOCALAPPDATA=C:\Users\Jordan\AppData\Local
LOGONSERVER=\\JORDAN-61OITUGC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f02
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Jordan\AppData\Local\Temp
TMP=C:\Users\Jordan\AppData\Local\Temp
USERDOMAIN=JORDAN-61OITUGC
USERNAME=Jordan
USERPROFILE=C:\Users\Jordan
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Jordan
postgres
QBDataServiceUser18


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
3Deep --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\E-Color\3Deep\TDPunins.isu" -c"C:\PROGRA~1\E-Color\3Deep\tdpunins.dll" ProdName3Deep
7-Zip 4.57 --> "C:\Program Files\7-Zip\Uninstall.exe"
Acoustica MP3 Audio Mixer --> C:\PROGRA~1\ACOUST~2\UNWISE.EXE C:\PROGRA~1\ACOUST~2\INSTALL.LOG
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings --> MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{77D2A9D3-5800-43E3-B274-87841BC87DB2}
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Setup --> MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup --> MsiExec.exe /I{8AE03988-8C8C-40EE-BDC7-76781BEF1B1D}
Adobe Setup --> MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AIM Toolbar 5.0 --> "C:\Program Files\AOL\AIM Toolbar 5.0\uninstall.exe"
AnyCount, Version 6.0 --> "C:\Program Files\AnyCount 6.0\unins000.exe"
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Mobile Device Support --> MsiExec.exe /I{35B91753-5789-4517-9CF1-2CCE3A8CF4F1}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Attansic Giga Ethernet Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F698102-5739-441E-96F0-74F4EA540F06}\setup.exe" -l0x9
Attansic L1 Gigabit Ethernet Driver --> rundll32.exe C:\WINDOWS\system32\Attansic\L1\atcInst.dll,AtcUninst C:\WINDOWS\system32\Attansic\L1 x86 1969 1048 L1
Attansic L1 Gigabit Ethernet Driver --> rundll32.exe C:\Windows\system32\Attansic\L1\atcInst.dll,VisUninst C:\Windows\system32\Attansic\L1 x86 pci\ven_1969&dev_1048
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
Azureus Vuze --> C:\Program Files\Azureus\uninstall.exe
Backup --> MsiExec.exe /I{24DF7221-644B-4C3A-A478-459502D40522}
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
ccCommon --> MsiExec.exe /I{B24E05CC-46FF-4787-BBB8-5CD516AFB118}
CDDRV_Installer --> MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
Cisco Systems VPN Client 5.0.00.0340 --> MsiExec.exe /X{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}
Compare Two HTML Files or Web Sites Software 6.0 --> "C:\Program Files\Compare Two HTML Files or Web Sites Software\unins000.exe"
CuteFTP 8 Professional --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{91F34319-08DE-457A-99C0-0BCDFAC145B9}\Setup.exe" -l0x9
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
DVDFab HD Decrypter 4.0.5.0 --> "C:\Program Files\DVDFab HD Decrypter 4\unins000.exe"
DVDFab Platinum 4.0.1.0 --> "C:\Program Files\DVDFab Platinum 4\unins000.exe"
dvdSanta 4.00 --> "C:\Program Files\dvdSanta\unins000.exe"
E-Color Indicator --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\E-Color\E-Color Indicator\Uninst.isu" -c"C:\Program Files\E-Color\E-Color Indicator\TICUninstall.dll"
Easy GIF Animator 4.5 --> "C:\Program Files\Easy GIF Animator\unins000.exe"
erLT --> MsiExec.exe /I{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}
Express Burn --> C:\Program Files\NCH Swift Sound\ExpressBurn\uninst.exe
Full Tilt Poker --> "C:\Program Files\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -runfromtemp -l0x0009 -removeonly
GearDrvs --> MsiExec.exe /I{206FD69B-F9FE-4164-81BD-D52552BC9C23}
Google Talk (remove only) --> "C:\Users\Jordan\AppData\Roaming\Google\Google Talk\uninstall.exe"
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Photo and Imaging 2.0 - All-in-One --> MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
HP Photo and Imaging 2.0 - All-in-One Drivers --> MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
HP Photo and Imaging 2.0 - hp psc 1200 series --> C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
hp psc 1200 series --> MsiExec.exe /X{C900EF06-2E76-49C7-8DB0-41F629B21DC5}
i-Speeder --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MSI\i-Speeder\Uninst.isu"
ImgBurn (Remove Only) --> "C:\Program Files\ImgBurn\uninstall.exe"
Intel® Graphics Media Accelerator Driver --> C:\Windows\system32\igxpun.exe -uninstall
iTunes --> MsiExec.exe /I{EF6C4600-306D-4F6A-A119-C2A877D25B4A}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Juniper Networks Network Connect 6.0.0 --> "C:\Program Files\Juniper Networks\Network Connect 6.0.0\uninstall.exe"
Juniper Networks Setup Client --> "C:\Users\Jordan\AppData\Roaming\Juniper Networks\Setup Client\uninstall.exe"
KhalInstallWrapper --> MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
LimeWire 4.16.7 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate (Symantec Corporation) --> MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\ProgramData\LuUninstall.LiveUpdate"
LiveUpdate (Symantec Corporation) --> MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
Logitech SetPoint --> C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0009 -removeonly
Magic ISO Maker v5.4 (build 0239) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Windows XP Video Decoder Checkup Utility --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\DECCHECK.inf,Uninstall
Microsoft XML Parser and SDK --> MsiExec.exe /I{3E908702-AF35-4611-9518-955DA24B7E07}
mIRC --> C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
Move Networks Media Player for Internet Explorer --> C:\Users\Jordan\AppData\Roaming\Move Networks\ie_bin\Uninst.exe
Mozilla Firefox (2.0.0.16) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
MS Access to MySQL 3.0.0.66 --> "C:\Program Files\Bullzip\MS Access to MySQL\unins000.exe"
MSXML 4.0 SP2 (KB925672) --> MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 Parser and SDK --> MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MySQL Connector/ODBC 5.1 --> MsiExec.exe /I{29042B1C-0713-4575-B7CA-5C8E7B0899D4}
myTunes Redux 1.0 --> "C:\Program Files\myTunes Redux\unins000.exe"
Nic's XviD Decoder --> "C:\Windows\system32\UninstXviDDec.exe"
Norton 360 --> MsiExec.exe /I{21829177-4DED-4209-AD08-490B3AC9C01A}
Norton 360 --> MsiExec.exe /I{2D617065-1C52-4240-B5BC-C0AE12157777}
Norton 360 --> MsiExec.exe /I{40DA9A54-48CA-4A2C-AEAF-F67715BB046E}
Norton 360 (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{2D617065-1C52-4240-B5BC-C0AE12157777}_2_0_0_242\Setup.exe" /X
Norton 360 HTMLHelp --> MsiExec.exe /I{0BDD3FAD-61CD-4BF3-B9C4-4CEFD43F53F8}
Norton Confidential Core --> MsiExec.exe /I{55A6283C-638A-4EE0-B491-51118554BDA2}
NVIDIA Windows 2000/XP Display Drivers --> rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nv4_disp.inf
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PokerTracker 3 (remove only) --> "C:\Program Files\PokerTracker 3\uninstall.exe"
PowerISO --> "F:\Programs\PowerISO\uninstall.exe"
PowerQuest PartitionMagic 8.0 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}
psqlODBC --> MsiExec.exe /I{838E187D-8B7A-473D-B93C-C8E970B15D2B}
QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RTLSetup 2.50.503 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}\Setup.exe" -l0x9 REMOVE
Safari --> MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}
Samsung USB Driver (MCCI 4.24 WHQL) --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{439E56F4-F8CC-4886-B7A4-E8024ED39C6C}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Visio 2007 (KB947590) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
SmartFTP Client --> MsiExec.exe /I{C169D3BB-9A27-43F5-9979-09A0D65FE95C}
SoundMAX --> C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe -runfromtemp -l0x0009 -removeonly
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Super DVD Creator 8.0 --> "C:\Program Files\Super DVD Creator 8.0\unins000.exe"
SupportSoft Assisted Service --> MsiExec.exe /I{5A3F6A80-7913-475E-8B96-477A952CFA43}
Symantec Real Time Storage Protection Component --> MsiExec.exe /I{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}
Symantec Technical Support Controls --> MsiExec.exe /I{45690715-80A6-4445-B61D-ADEC5888E8CD}
TradeDominator version 3.0d --> "C:\FBG\TradeDominator\unins000.exe"
Update for Microsoft Office Outlook 2007 (KB952142) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb953463) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1B78D541-9FF1-4330-ADD8-CED14F0C1E8E}
Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
VZAccess Manager for RIM --> MsiExec.exe /X{41E993EE-14C3-413D-A922-4A941AB2BCC1}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
WinRAR archiver --> D:\winrar\uninstall.exe
WinZip 11.2 --> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B6}
Xvid 1.1.3 final uninstall --> "C:\Program Files\Xvid\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type35716 / Success
Event Submitted/Written: 07/28/2008 02:40:42 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type35696 / Error
Event Submitted/Written: 07/28/2008 11:44:06 AM
Event ID/Source: 8210 / System Restore
Event Description:
The scheduled restore point could not be created. Additional information: (0x8004231f).

Event Record #/Type35695 / Error
Event Submitted/Written: 07/28/2008 11:44:06 AM
Event ID/Source: 8193 / System Restore
Event Description:
Failed to create restore point on volume (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Descripton = Scheduled Checkpoint; Hr = 0x8004231f).

Event Record #/Type35685 / Success
Event Submitted/Written: 07/28/2008 10:56:01 AM
Event ID/Source: 5617 / WinMgmt
Event Description:
Windows Management Instrumentation Service subsystems initialized successfully

Event Record #/Type35684 / Success
Event Submitted/Written: 07/28/2008 10:56:01 AM
Event ID/Source: 5615 / WinMgmt
Event Description:
Windows Management Instrumentation Service started sucessfully



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type11889467 / Error
Event Submitted/Written: 07/28/2008 10:56:47 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
i8042prt

Event Record #/Type11889416 / Error
Event Submitted/Written: 07/28/2008 10:56:47 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Network Magic Wireless Driver service failed to start due to the following error:
%%2

Event Record #/Type11889385 / Error
Event Submitted/Written: 07/28/2008 10:55:13 AM
Event ID/Source: 6008 / EventLog
Event Description:
The previous system shutdown at 10:53:30 AM on 7/28/2008 was unexpected.

Event Record #/Type11889348 / Error
Event Submitted/Written: 07/27/2008 04:26:44 PM
Event ID/Source: 6008 / EventLog
Event Description:
The previous system shutdown at 4:24:08 PM on 7/27/2008 was unexpected.

Event Record #/Type11889333 / Warning
Event Submitted/Written: 07/27/2008 02:22:29 PM
Event ID/Source: 57 / volmgr
Event Description:
The system failed to flush data to the transaction log. Corruption may occur.



-- End of Deckard's System Scanner: finished at 2008-07-28 15:10:33 ------------
  • 0

#19
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Curiouser and curiouser, only one folder jumps out that will need to be deleted but the remainder looks legit. I see your Antivirus is disabled, did you do this ?

  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\327882R2FWJFW
    Purity
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

THEN

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.

  • 0

#20
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#21
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Did you run the otmoveit programme ?
  • 0

#22
triality

triality

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
C:\327882R2FWJFW moved successfully.
< Purity >

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08052008_182238


The CSV from Dr. Web can be found at http://www.leanbulk.com/DrWeb.csv - Said I am not permitted to upload this type of file.

My hard drive space keeps fluctuating from 0 bytes to around 200mb depending on the time of day. Not sure what is going on here either.

Thanks
  • 0

#23
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi it has been suggested by another expert that we try and run combofix in safe mode, it will complain but the majority of the functions will work

As you already have the programme reboot into safe mode (pressing F8 at start untill the menu appears)

Accept all warnings and complaints. Let me know if it runs

Also are you permanently connected to the net ?
  • 0

#24
triality

triality

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
ComboFix will not run in safe mode either :)
  • 0

#25
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Curiouser and curiouser - are you using your computer to back up or use offline your website.

My hard drive space keeps fluctuating from 0 bytes to around 200mb depending on the time of day. Not sure what is going on here either.

what times are we looking at here, is it at night or during the day. Are they during the times you are performing a backup ?
  • 0

Advertisements


#26
triality

triality

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
It doesnt seem to correlate to any time of day. After a system reboot my hard drive will have space on it, but give it a few hours and all the space will be gone. To the point that it says it has "0 bytes" then reboot and suddenly have 200mb or more.
  • 0

#27
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I am starting to feel now that this is not malware related. However, to be truly sure I would like to run a rootkit scan

Please Download Avast Rootkit Cleaner to your desktop

Close all running programmes

Run the ASWAR file and select Scan Now



On completion of the scan you will then have this screen up


Now close the programme and on the desktop will be a text file called ASWAR please post that. Do not fix anything yet

The programme will take from 3 to 5 minutes to run.
  • 0

#28
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP