Ok - I've got my feet firmly on the ground!
main.txtDeckard's System Scanner v20071014.68
Run by stevehorrigan on 2008-08-05 17:22:01
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
24: 2008-08-05 16:22:12 UTC - RP24 - Deckard's System Scanner Restore Point
23: 2008-08-05 13:31:01 UTC - RP23 - ComboFix created restore point
22: 2008-08-05 11:12:43 UTC - RP22 - Installed Opera 9.51
21: 2008-08-05 08:09:49 UTC - RP21 - 5 Aug - before geekstogo
20: 2008-08-05 07:54:06 UTC - RP20 - Installed Java 6 Update 7
-- First Restore Point --
1: 2008-07-18 07:54:53 UTC - RP1 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as stevehorrigan.exe) ---------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:24, on 2008-08-05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe
C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
C:\Program Files\Xobni Insight\XobniService.exe
C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\Program Files\HP\HP UT\bin\hppusg.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\RssReader\RssReader.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Documents and Settings\Steve Horrigan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Steve Horrigan\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Documents and Settings\Steve Horrigan\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\stevehorrigan.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.procurementleaders.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk
R3 - URLSearchHook: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
O1 - Hosts: 83.137.131.202 w01-sigaria.exalia.net
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {5305AC16-1BE7-4D68-BB6B-A3BECC3A0BBd} - C:\WINDOWS\system32\jacjssgu.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\Citrix\GoToMyPC\g2svc.exe -logon
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /systrayIcon:on
O4 - HKLM\..\Run: [HPUsageTracking] "C:\Program Files\HP\HP UT\bin\hppusg.exe" "C:\Program Files\HP\HP UT\"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [RssReader] C:\Program Files\RssReader\RssReader.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Hfsaewq] "C:\Documents and Settings\Steve Horrigan\Application Data\F?nts\r?ndll32.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Steve Horrigan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\Steve Horrigan\Application Data\Mozilla\Firefox\Profiles\zm8rtlxk.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Steve Horrigan\Application Data\Mozilla\Firefox\Profiles/zm8rtlxk.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: YouTube Uploader.lnk = C:\Documents and Settings\Steve Horrigan\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PhoneManager.lnk = C:\Program Files\Avaya\IP Office\Phone Manager\PhoneManager.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Evernote - res://C:\Program Files\Evernote\Evernote3\enbar.dll/2000
O8 - Extra context menu item: Add to Windows &Live Favorites -
http://favorites.liv...m/quickadd.aspxO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?a49df7613ae54a03bf53fad90ffab44d
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?a49df7613ae54a03bf53fad90ffab44d
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll
O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} (NSHelp Class) -
http://sbserver/conn...uter/nshelp.dllO16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) -
http://upload.facebo...otoUploader.cabO16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) -
http://sbserver/tsweb/msrdp.cabO16 - DPF: {AA299E98-6FB5-409F-99D3-D30D749F4864} (kasRmtHlp Class) -
http://www.sahelp.co...c/kaxRemote.dllO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.m...ash/swflash.cabO16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) -
http://awards.europe...vex/XUpload.ocxO17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Sigaria.local
O17 - HKLM\Software\..\Telephony: DomainName = Sigaria.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Sigaria.local
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ddccayy - ddccayy.dll (file missing)
O20 - Winlogon Notify: wudb - C:\WINDOWS\system32\wudb.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DM1Service - OLYMPUS Corporation - C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
O23 - Service: EngineServer - Unknown owner - C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe (file missing)
O23 - Service: GoToMyPC - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToMyPC\g2svc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Virus and Spyware Protection Service (myAgtSvc) - Unknown owner - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Stuffit Archive Name Service - Smith Micro Software, Inc. - C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe
O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
O23 - Service: XobniService - Xobni Corporation - C:\Program Files\Xobni Insight\XobniService.exe
--
End of file - 17095 bytes
-- File Associations -----------------------------------------------------------
.js - JSFile - DefaultIcon - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe",2.js - JSFile - shell\open\command - unable to read value.reg - regfile - shell\open\command - regedit.exe "%1" %*.scr - scrfile - shell\open\command - "%1" %*-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R2 TM_CFW (Common Firewall Driver) - c:\program files\trend micro\client server security agent\tm_cfw.sys <Not Verified; Trend Micro Inc.; Trend Micro Common Firewall Module 1.2>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
S3 ASPI (Advanced SCSI Programming Interface Driver) - c:\windows\system32\drivers\aspi32.sys <Not Verified; Adaptec; Adaptec's ASPI Layer>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 DM1Service - c:\program files\olympus\devicedetector\dm1service.exe <Not Verified; OLYMPUS Corporation; DM1Service Module>
R2 OfcPfwSvc (Trend Micro Client/Server Security Agent Personal Firewall) - c:\program files\trend micro\client server security agent\ofcpfwsvc.exe <Not Verified; Trend Micro Inc.; Trend Micro Client/Server/Messaging Security for SMB>
R2 XobniService - "c:\program files\xobni insight\xobniservice.exe" <Not Verified; Xobni Corporation; XobniService>
S2 EngineServer - "c:\program files\mcafee\managed virusscan\vscan\engineserver.exe" (file missing)
S2 myAgtSvc (McAfee Virus and Spyware Protection Service) - "c:\program files\mcafee\managed virusscan\agent\myagtsvc.exe" /servicestart (file missing)
S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler>
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2008-08-05 17:20:00 440 --ah----- C:\WINDOWS\Tasks\User_Feed_Synchronization-{2A63CCDE-2F85-49D2-A012-E4009DC620EF}.job
2008-08-05 16:53:00 256 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2008-07-31 23:33:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
-- Files created between 2008-07-05 and 2008-08-05 -----------------------------
2008-08-05 14:29:22 68096 --a------ C:\WINDOWS\zip.exe
2008-08-05 14:29:22 49152 --a------ C:\WINDOWS\VFind.exe
2008-08-05 14:29:22 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-08-05 14:29:22 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-08-05 14:29:22 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-08-05 14:29:22 98816 --a------ C:\WINDOWS\sed.exe
2008-08-05 14:29:22 80412 --a------ C:\WINDOWS\grep.exe
2008-08-05 14:29:22 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-08-05 12:12:46 0 d-------- C:\Program Files\Opera
2008-08-05 09:11:01 0 d-------- C:\Documents and Settings\Steve Horrigan\Application Data\Malwarebytes
2008-08-05 09:10:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-05 09:10:50 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-05 09:10:30 0 d-------- C:\Program Files\Common Files\Download Manager
2008-08-02 09:02:29 114176 --a------ C:\WINDOWS\system32\smtmohwe.dll
2008-08-02 09:02:29 114176 --a------ C:\WINDOWS\system32\nrborl.dll
2008-08-01 12:24:11 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-08-01 12:24:11 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-08-01 12:24:11 81920 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-08-01 12:22:39 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-01 12:22:29 0 d-------- C:\Program Files\Spyware Doctor
2008-08-01 12:22:29 0 d-------- C:\Documents and Settings\Steve Horrigan\Application Data\PC Tools
2008-08-01 09:03:21 105472 --a------ C:\WINDOWS\system32\vjhrrn.dll
2008-08-01 09:03:20 105472 --a------ C:\WINDOWS\system32\fomkedqk.dll
2008-07-31 14:53:56 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-07-30 09:01:07 105472 --a------ C:\WINDOWS\system32\qebwwgjn.dll
2008-07-30 09:01:07 105472 --a------ C:\WINDOWS\system32\hvvgkl.dll
2008-07-29 09:04:08 105472 --a------ C:\WINDOWS\system32\vbtepsod.dll
2008-07-29 09:04:08 105472 --a------ C:\WINDOWS\system32\riumpq.dll
2008-07-26 09:39:49 105472 --a------ C:\WINDOWS\system32\zsjswb.dll
2008-07-26 09:39:47 105472 --a------ C:\WINDOWS\system32\srktlkur.dll
2008-07-25 14:50:00 0 d-------- C:\Documents and Settings\Steve Horrigan\Application Data\XdriveDesktopLite.D42DF930FC57DEEBEFA7CACA53E3816427CD6B50.1
2008-07-25 14:49:49 0 d-------- C:\Program Files\Xdrive Desktop Lite
2008-07-25 14:49:45 0 d-------- C:\Program Files\Common Files\Adobe AIR
2008-07-25 09:40:10 105472 --a------ C:\WINDOWS\system32\agnecr.dll
2008-07-25 09:40:09 105472 --a------ C:\WINDOWS\system32\alvydhvh.dll
2008-07-24 09:42:09 105312 --a------ C:\WINDOWS\system32\frxccv.dll
2008-07-24 09:42:08 105312 --a------ C:\WINDOWS\system32\lttxnjad.dll
2008-07-22 09:41:05 105216 --a------ C:\WINDOWS\system32\tkvlch.dll
2008-07-22 09:41:05 105216 --a------ C:\WINDOWS\system32\jwsprurl.dll
2008-07-18 09:44:53 105168 --a------ C:\WINDOWS\system32\ctdnnakp.dll
2008-07-18 09:44:53 105168 --a------ C:\WINDOWS\system32\bjsldf.dll
2008-07-17 17:11:51 0 d--h----- C:\Documents and Settings\Steve Horrigan.SIGARIA07\Templates
2008-07-17 17:11:51 0 dr------- C:\Documents and Settings\Steve Horrigan.SIGARIA07\Start Menu
2008-07-17 17:11:51 0 dr-h----- C:\Documents and Settings\Steve Horrigan.SIGARIA07\SendTo
2008-07-17 17:11:51 0 dr-h----- C:\Documents and Settings\Steve Horrigan.SIGARIA07\Recent
2008-07-17 17:11:51 0 d--h----- C:\Documents and Settings\Steve Horrigan.SIGARIA07\PrintHood
2008-07-17 17:11:51 1048576 --ah----- C:\Documents and Settings\Steve Horrigan.SIGARIA07\NTUSER.DAT
2008-07-17 17:11:51 0 d--h----- C:\Documents and Settings\Steve Horrigan.SIGARIA07\NetHood
2008-07-17 17:11:51 0 dr------- C:\Documents and Settings\Steve Horrigan.SIGARIA07\My Documents
2008-07-17 17:11:51 0 d--h----- C:\Documents and Settings\Steve Horrigan.SIGARIA07\Local Settings
2008-07-17 17:11:51 0 dr------- C:\Documents and Settings\Steve Horrigan.SIGARIA07\Favorites
2008-07-17 17:11:51 0 d-------- C:\Documents and Settings\Steve Horrigan.SIGARIA07\Desktop
2008-07-17 17:11:51 0 d--hs---- C:\Documents and Settings\Steve Horrigan.SIGARIA07\Cookies
2008-07-17 17:11:51 0 dr-h----- C:\Documents and Settings\Steve Horrigan.SIGARIA07\Application Data
2008-07-17 17:11:51 0 d-------- C:\Documents and Settings\Steve Horrigan.SIGARIA07\Application Data\You've Got Pictures Screensaver
2008-07-17 17:11:51 0 d-------- C:\Documents and Settings\Steve Horrigan.SIGARIA07\Application Data\Sun
2008-07-17 17:11:51 0 d---s---- C:\Documents and Settings\Steve Horrigan.SIGARIA07\Application Data\Microsoft
2008-07-17 17:11:51 0 d-------- C:\Documents and Settings\Steve Horrigan.SIGARIA07\Application Data\Identities
2008-07-17 17:11:51 0 d--h----- C:\Documents and Settings\Steve Horrigan.SIGARIA07\Application Data\Gtek
2008-07-17 17:11:51 0 d-------- C:\Documents and Settings\Steve Horrigan.SIGARIA07\Application Data\Corel
2008-07-17 17:11:51 0 d-------- C:\Documents and Settings\Steve Horrigan.SIGARIA07\Application Data\AOL
2008-07-17 14:21:22 0 d-------- C:\Program Files\Evernote
2008-07-16 08:49:59 10752 --a------ C:\WINDOWS\DCEBoot.exe
2008-07-15 17:33:01 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-15 08:59:08 0 d-------- C:\VundoFix Backups
2008-07-10 17:29:35 0 d-------- C:\Program Files\Trend Micro
2008-07-10 17:17:22 617484 --ahs---- C:\WINDOWS\system32\CJRCffii.ini2
2008-07-09 17:07:18 1495040 --a------ C:\Documents and Settings\McAfeeMVSUser\NTUSER.DAT
2008-07-09 17:07:18 716800 --a------ C:\Documents and Settings\__sbs_netsetup__\NTUSER.DAT
2008-07-09 17:07:17 2797568 --a------ C:\Documents and Settings\Mark Perera\NTUSER.DAT
2008-07-09 17:01:25 0 d-------- C:\WINDOWS\system32\olixds01
2008-07-08 16:58:48 66560 --a------ C:\WINDOWS\MOTA113.exe
2008-07-08 16:58:48 217073 --a------ C:\WINDOWS\meta4.exe
2008-07-08 16:58:11 216064 -rahs---- C:\WINDOWS\system32\nbDX.dll <Not Verified; MONOGRAM Multimedia, s.r.o.; MONOGRAM AMR Filter Pack>
2008-07-08 16:58:09 31232 -rahs---- C:\WINDOWS\system32\msfDX.dll <Not Verified; Hans Mayerl; msfDX.dll>
2008-07-08 16:58:08 163328 -rahs---- C:\WINDOWS\system32\flvDX.dll <Not Verified; Gabest; FLV Splitter>
2008-07-08 16:57:32 0 d-------- C:\Program Files\eRightSoft
-- Find3M Report ---------------------------------------------------------------
2008-08-05 17:20:37 0 d-------- C:\Documents and Settings\Steve Horrigan\Application Data\Skype
2008-08-05 16:11:34 0 d-------- C:\Documents and Settings\Steve Horrigan\Application Data\Apple Computer
2008-08-05 15:07:20 0 d-------- C:\Documents and Settings\Steve Horrigan\Application Data\Mozilla
2008-08-05 12:13:05 0 d-------- C:\Documents and Settings\Steve Horrigan\Application Data\Opera
2008-08-05 12:12:49 0 d-------- C:\Documents and Settings\Steve Horrigan\Application Data\FileZilla
2008-08-05 09:10:30 0 d-------- C:\Program Files\Common Files
2008-08-05 08:55:33 0 d-------- C:\Program Files\Java
2008-08-01 12:26:50 3736 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-25 14:48:45 0 d-------- C:\Documents and Settings\Steve Horrigan\Application Data\Adobe
2008-07-21 21:13:16 0 d-------- C:\Program Files\Xobni Insight
2008-07-17 14:21:21 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-03 19:51:53 0 d-------- C:\Program Files\Replay Converter
2008-07-03 19:47:29 0 d-------- C:\Program Files\Freecorder
2008-07-03 19:47:28 0 d-------- C:\Program Files\Conduit
2008-07-03 19:45:55 0 d-------- C:\Program Files\Freecorder Toolbar
2008-07-03 19:45:09 0 d-------- C:\Program Files\Replay Media Catcher
2008-07-03 19:43:58 0 d-------- C:\Documents and Settings\Steve Horrigan\Application Data\GetRightToGo
2008-07-03 19:43:53 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-07-03 19:41:45 0 d-------- C:\Program Files\FLV Player
2008-07-02 09:25:30 0 d-------- C:\Program Files\Macromedia
2008-07-02 09:25:15 1 --a------ C:\WINDOWS\system32\FlashPaper2PrinterPort
2008-07-02 09:14:14 0 d-------- C:\Program Files\FileZilla FTP Client
2008-07-02 08:47:29 0 d-------- C:\Documents and Settings\Steve Horrigan\Application Data\InstallShield Installation Information
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5305AC16-1BE7-4D68-BB6B-A3BECC3A0BBd}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 20:49]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 20:46]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 20:50]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 23:20 C:\WINDOWS\stsystra.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 07:56]
"ISUSPM Startup"="c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 17:30]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 17:30]
"GoToMyPC"="C:\Program Files\Citrix\GoToMyPC\g2svc.exe" [2007-01-12 18:45]
"ToolBoxFX"="C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2005-11-21 16:55]
"HPUsageTracking"="C:\Program Files\HP\HP UT\bin\hppusg.exe" [2005-09-29 15:50]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41]
"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-10-30 09:00]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 17:33]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 17:37]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-15 08:46]
"OfficeScanNT Monitor"="C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" [2007-10-29 12:17]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-07-16 09:16]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 02:24]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2004-07-19 07:51]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54]
"RssReader"="C:\Program Files\RssReader\RssReader.exe" [2004-04-04 17:21]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-03-23 13:52]
"Hfsaewq"="C:\Documents and Settings\Steve Horrigan\Application Data\F?nts\r?ndll32.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-20 22:36]
"Google Update"="C:\Documents and Settings\Steve Horrigan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-07-16 23:41]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"FFTI"=C:\Documents and Settings\Steve Horrigan\Application Data\Mozilla\Firefox\Profiles\zm8rtlxk.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Steve Horrigan\Application Data\Mozilla\Firefox\Profiles/zm8rtlxk.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
C:\Documents and Settings\Steve Horrigan\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50]
YouTube Uploader.lnk - C:\Documents and Settings\Steve Horrigan\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe [2007-11-09 13:33:08]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2008-04-24 15:59:30]
Device Detector 3.lnk - C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe [2007-04-23 17:28:30]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-07-12 09:45:53]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 08:56:20]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
PhoneManager.lnk - C:\Program Files\Avaya\IP Office\Phone Manager\PhoneManager.exe [2007-07-26 13:01:18]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytools"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddccayy]
ddccayy.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToMyPC]
C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll 2007-01-12 18:45 10800 C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wudb]
C:\WINDOWS\system32\wudb.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{115e9319-391f-11dd-9e57-00123fc96a1d}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL 4CAssociates.pdf
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d3ce9b9-b221-11dc-9e35-00123fc96a1d}]
AutoRun\command- wd_windows_tools\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82be44da-2253-11dd-9e51-00123fc96a1d}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL 4CAssociates.pdf
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82be44de-2253-11dd-9e51-00123fc96a1d}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL 4CAssociates.pdf
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82be44df-2253-11dd-9e51-00123fc96a1d}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL 4CAssociates.pdf
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82be44e0-2253-11dd-9e51-00123fc96a1d}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL 4CAssociates.pdf
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82be44e1-2253-11dd-9e51-00123fc96a1d}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL 4CAssociates.pdf
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82be44e3-2253-11dd-9e51-00123fc96a1d}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL 4CAssociates.pdf
-- Hosts -----------------------------------------------------------------------
83.137.131.202 w01-sigaria.exalia.net
192.168.1.113 NPI8B3280
-- End of Deckard's System Scanner: finished at 2008-08-05 17:25:49 ------------
extra.txtDeckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel® Pentium® D CPU 3.00GHz
CPU 1: Intel® Pentium® D CPU 3.00GHz
Percentage of Memory in Use: 29%
Physical Memory (total/avail): 3318.07 MiB / 2324.23 MiB
Pagefile Memory (total/avail): 4679.34 MiB / 3477.7 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1917.36 MiB
C: is Fixed (NTFS) - 145.96 GiB total, 21.82 GiB free.
D: is CDROM (No Media)
M: is Network (NTFS)
S: is Network (NTFS)
U: is Network (NTFS)
\\.\PHYSICALDRIVE0 - ST3160812AS - 149.01 GiB - 3 partitions
\PARTITION0 - Unknown - 39.19 MiB
\PARTITION1 (bootable) - Installable File System - 145.96 GiB - C:
\PARTITION2 - Unknown - 3 GiB
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
FirstRunDisabled is set.
FW: Trend Micro Client-Server Security Agent Firewall v7.6.1161 (TrendFirewall)
DisabledAV: Trend Micro Client-Server Security Agent AntiVirus v7.6.1161 (TrendAntiVirus)
AV: Total Protection for Small Business v4.7.0.566 (McAfee, Inc.)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\McAfee\\Managed VirusScan\\Agent\\myAgtSvc.exe"="C:\\Program Files\\McAfee\\Managed VirusScan\\Agent\\myAgtSvc.exe:*:Enabled:Managed Services Agent"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe"="C:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe:*:Enabled:Dreamweaver MX 2004"
"C:\\Program Files\\Avaya\\IP Office\\Phone Manager\\PhoneManager.exe"="C:\\Program Files\\Avaya\\IP Office\\Phone Manager\\PhoneManager.exe:*:Enabled:Phone Manager Pro Application"
"C:\\Documents and Settings\\Steve Horrigan\\Application Data\\TimeBridge\\TimeBridge Connector for Outlook\\TimeBridgeConnectorForOutlook.exe"="C:\\Documents and Settings\\Steve Horrigan\\Application Data\\TimeBridge\\TimeBridge Connector for Outlook\\TimeBridgeConnectorForOutlook.exe:*:Enabled:TimeBridge Connector for Outlook "
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"="C:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe:*:Enabled:Dreamweaver 8"
"C:\\Documents and Settings\\Steve Horrigan\\Local Settings\\Temp\\KRlyCLis.exe"="C:\\Documents and Settings\\Steve Horrigan\\Local Settings\\Temp\\KRlyCLis.exe:*:Enabled:Kaseya Remote Control Relay Client - Listener"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"D:\\setup\\HPZNET01.EXE"="D:\\setup\\HPZNET01.EXE:*:Enabled:hpznet01.exe"
"D:\\setup\\hppapd.exe"="D:\\setup\\hppapd.exe:*:Enabled:hppapd.exe"
"D:\\setup\\HPPNICIFS01.EXE"="D:\\setup\\HPPNICIFS01.EXE:*:Enabled:hppnicifs01.exe"
"D:\\setup\\HPNTWKEXE.EXE"="D:\\setup\\HPNTWKEXE.EXE:*:Enabled:hpntwkexe.exe"
"D:\\setup\\hppSetBOD.exe"="D:\\setup\\hppSetBOD.exe:*:Enabled:hppsetbod.exe"
"D:\\setup\\HPPNAC01.EXE"="D:\\setup\\HPPNAC01.EXE:*:Enabled:hppnac01.exe"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\McAfee\\Managed VirusScan\\Agent\\myAgtSvc.exe"="C:\\Program Files\\McAfee\\Managed VirusScan\\Agent\\myAgtSvc.exe:*:Enabled:Managed Services Agent"
"C:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe"="C:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe:*:Enabled:Macromedia Dreamweaver MX 2004"
"C:\\Program Files\\FileZilla\\FileZilla.exe"="C:\\Program Files\\FileZilla\\FileZilla.exe:*:Enabled:FileZilla"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Documents and Settings\\Steve Horrigan\\Application Data\\TimeBridge\\TimeBridge Connector for Outlook\\TimeBridgeConnectorForOutlook.exe"="C:\\Documents and Settings\\Steve Horrigan\\Application Data\\TimeBridge\\TimeBridge Connector for Outlook\\TimeBridgeConnectorForOutlook.exe:*:Enabled:TimeBridge Connector for Outlook "
"C:\\Program Files\\SopCast\\SopCast.exe"="C:\\Program Files\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\\Documents and Settings\\Steve Horrigan\\Local Settings\\Temp\\KRlyCLis.exe"="C:\\Documents and Settings\\Steve Horrigan\\Local Settings\\Temp\\KRlyCLis.exe:*:Enabled:Kaseya Remote Control Relay Client - Listener"
"C:\\Program Files\\Avaya\\IP Office\\Phone Manager\\PhoneManager.exe"="C:\\Program Files\\Avaya\\IP Office\\Phone Manager\\PhoneManager.exe:*:Enabled:Phone Manager Pro Application"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Steve Horrigan\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=SIGARIA07
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Steve Horrigan
LOGONSERVER=\\SBSERVER
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared;C:\Program Files\Smart Projects\IsoBuster;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 6 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0604
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SBSSERVER=SBSERVER
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\STEVEH~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\STEVEH~1\LOCALS~1\Temp
USERDNSDOMAIN=SIGARIA.LOCAL
USERDOMAIN=SIGARIA
USERNAME=stevehorrigan
USERPROFILE=C:\Documents and Settings\Steve Horrigan
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI
-- User Profiles ---------------------------------------------------------------
Mark Perera
(admin)Patricia Cullen
McAfeeMVSUser
Steve Horrigan.SIGARIA07
(admin)Mark Perera.SIGARIA07
(admin)McAfeeMVSUser.SIGARIA07
__sbs_netsetup__
(new local, admin)Administrator
(admin)Steve Horrigan
(admin)administrator.SIGARIA
(new local, admin, net ready)-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.ex