HJT Log - Xiej - Trojans, Viruses, and Malware Oh My

Xiej · Joined: Jun 14, 2005 Posts: 8

So for about a month know net speed has come to a crawl once again (Gotta blame the other fam members Very Happy

), and I've been running a plethora of anti-malware recently. I haven't been around for a bit so I'd expect a somewhat dirty PC. The blue screen of death has also made a comeback, usually when running Anti-malware programs. I ran Kaspersky and it found 20 infected files; 1 Trojan, 1 email virus, a few malware/spyware and a couple other things. I also ran Spybot, Ad-Aware, Spyware Doctor, and Bazooka Scanner, all of which found a decent amount of spyware. I used CCleaner to delete all the temp net files. And each time I rerun an anti-spyware prog it still finds more. So if you guys could help me narrow it down it would be great. My HJT Log is posted below.

Logfile of HijackThis v1.99.1
Scan saved at 10:33:50 AM, on 1/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\program files\steam\steam.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\lotus\wordpro\ltsstart.exe
C:\lotus\smartctr\suitest.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Shawn\My Documents\Unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {CA4F0D8D-5F2B-4F16-838A-8D52249EAB21} - C:\WINDOWS\system32\opnmlmn.dll (file missing)
O4 - HKLM\..\Run: [Launch Ai Booster] C:\Program Files\ASUS\Ai Booster\OverClk.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [MediaGateway] C:\Program Files\MediaGateway\MediaGateway.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_5
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoRun.lnk = D:\AutoRun.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Lotus QuickStart.lnk = C:\lotus\wordpro\ltsstart.exe
O4 - Global Startup: Lotus SuiteStart 97.lnk = C:\lotus\smartctr\suitest.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.devoclan.com
O15 - Trusted Zone: http://gallery.myfuncards.com
O15 - Trusted Zone: http://www.pandasoftware.com
O15 - Trusted Zone: http://www.tremor.com
O15 - Trusted Zone: http://housecall60.trendmicro.com
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/clien...uweb_si
O16 - DPF: {73F7A062-8829-11D1-B550-006097242D8D} (Voxware MetaSound Audio Decoder) - http://support.ninthhouse.com/updates/installers/voxacm.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popc...oader_v
O17 - HKLM\System\CCS\Services\Tcpip\..\{FAB2FE2C-C23C-41F7-B1C0-558208A352A2}: NameServer = 192.168.0.1
O20 - Winlogon Notify: opnmlmn - opnmlmn.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe" -r (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

greyknight17 · Joined: Feb 03, 2003 Posts: 5058 Location: Brooklyn, NY

Keep your antivirus program to one only Wink

Uninstall Kaspersky or Avast. I recommend uninstalling both of them since they both seem to be having problems there. Make sure you have the antivirus install file handy. Disconnect your computer from the internet and then uninstall. Restart the computer and then reinstall the one you want to keep back. Connect back to the internet.

Uninstall Ewido and install the latest version (now called AVG AntiVirus) here.

Please print the below instructions or copy them to Notepad.

Restart your computer and boot into Safe Mode (if you don't know how, go to http://www.bleepingcomputer.com/forums/index.php?showtutorial=61 ). Make sure to close any internet browsers that may still be open.

Uninstall the following via the Add/Remove Panel (Start->Settings->Control Panel->Add/Remove Programs) if found:

MediaGateway

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
O2 - BHO: (no name) - {CA4F0D8D-5F2B-4F16-838A-8D52249EAB21} - C:\WINDOWS\system32\opnmlmn.dll (file missing)
O4 - HKLM\..\Run: [MediaGateway] C:\Program Files\MediaGateway\MediaGateway.exe
O20 - Winlogon Notify: opnmlmn - opnmlmn.dll (file missing)

Locate the following Files/Folders and delete them if they exist (if no location given, just do a search for them):

C:\Program Files\MediaGateway\

Restart.

1. Download combofix at http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
2. Double-click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply.

Note:
Do not click on combofix's window while it's running. That may cause it to stall.

Run a new HijackThis scan and post the new log here.

Xiej · Joined: Jun 14, 2005 Posts: 8

I get an error when trying to open combofix.exe

'Combofix.exe is not a valid Win32 operation'

But heres the HJT Log:
Logfile of HijackThis v1.99.1
Scan saved at 5:09:27 PM, on 1/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\program files\steam\steam.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Shawn\My Documents\Unzipped\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: BndBlock4 BHO Class - {8F9E2BE3-766D-4831-BB0E-766D5B819995} - C:\Program Files\QdrDrive\QdrDrive9.dll
O4 - HKLM\..\Run: [Launch Ai Booster] C:\Program Files\ASUS\Ai Booster\OverClk.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_5
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoRun.lnk = D:\AutoRun.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.devoclan.com
O15 - Trusted Zone: http://gallery.myfuncards.com
O15 - Trusted Zone: http://www.pandasoftware.com
O15 - Trusted Zone: http://www.tremor.com
O15 - Trusted Zone: http://housecall60.trendmicro.com
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/clien...uweb_si
O16 - DPF: {73F7A062-8829-11D1-B550-006097242D8D} (Voxware MetaSound Audio Decoder) - http://support.ninthhouse.com/updates/installers/voxacm.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popc...oader_v
O17 - HKLM\System\CCS\Services\Tcpip\..\{FAB2FE2C-C23C-41F7-B1C0-558208A352A2}: NameServer = 192.168.0.1
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Security Service (VFVO) - Unknown owner - C:\WINDOWS\system32\svcd\svchost.exe (file missing)

greyknight17 · Joined: Feb 03, 2003 Posts: 5058 Location: Brooklyn, NY

Please print the below instructions or copy them to Notepad.

Uninstall the following via the Add/Remove Panel (Start->Settings->Control Panel->Add/Remove Programs) if found:

QdrDrive

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

O2 - BHO: BndBlock4 BHO Class - {8F9E2BE3-766D-4831-BB0E-766D5B819995} - C:\Program Files\QdrDrive\QdrDrive9.dll
O23 - Service: Security Service (VFVO) - Unknown owner - C:\WINDOWS\system32\svcd\svchost.exe (file missing)

Go to Start->Run and type in notepad and hit OK. Then copy and paste the following into Notepad:

sc stop VFVO
sc delete VFVO
del delete.bat

Save the file as "delete.bat". Make sure to save it with the quotes. Double click on it.

Locate the following Files/Folders and delete them if they exist (if no location given, just do a search for them):

C:\Program Files\QdrDrive\
C:\WINDOWS\system32\svcd\

Restart the computer.

Download Deckard's System Scanner at http://deckard.geekstogo.com/dss.exe to your Desktop.

- Close all applications and windows.
- Double-click on DSS.exe to run it, and follow the prompts.
- The scan may take a minute. When the scan is complete, two text files will open - Main.txt and Extra.txt

Note: When running DSS, some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so. Also, it may happen that your Antivirus flags DSS as suspicious. Please allow the Deckard's System Scanner to run and don't let your Antivirus delete it. In this case, it may be better to temporary disable your Antivirus.

Post the main.txt and extra.txt from the C:\Deckard\System Scanner folder into your next reply.

Also post a new HijackThis log here when ready.

Xiej · Joined: Jun 14, 2005 Posts: 8

Most of everything ran smoothly this round. I couldn't find QdrDrive in the Add/Remove Panel though. I also found folders called QdrModule and QdrPack in my program files as well.

Main.txt
Deckard's System Scanner v20071014.68
Run by Shawn on 2008-01-18 18:07:58
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
109: 2008-01-18 23:08:09 UTC - RP1087 - Deckard's System Scanner Restore Point
108: 2008-01-18 19:29:54 UTC - RP1086 - System Checkpoint
107: 2008-01-17 18:00:56 UTC - RP1085 - System Checkpoint
106: 2008-01-16 15:12:23 UTC - RP1084 - System Checkpoint
105: 2008-01-14 20:55:07 UTC - RP1083 - Installed AVG 7.5

-- First Restore Point --
1: 2007-10-20 23:16:56 UTC - RP979 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

System Drive C: has 3.73 GiB (less than 15%) free.

-- HijackThis (run as Shawn.exe) -----------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-01-18 18:10:05
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Documents and Settings\Shawn\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [Launch Ai Booster] C:\Program Files\ASUS\Ai Booster\OverClk.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_5
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoRun.lnk = D:\AutoRun.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\nwprovau.dll
O15 - Trusted Zone: http://www.devoclan.com (HKCU)
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com (HKCU)
O15 - Trusted Zone: https://*.windowsupdate.microsoft.com (HKCU)
O15 - Trusted Zone: http://windowsupdate.microsoft.com (HKCU)
O15 - Trusted Zone: *.www.microsoft.com (HKCU)
O15 - Trusted Zone: http://gallery.myfuncards.com (HKCU)
O15 - Trusted Zone: http://www.pandasoftware.com (HKCU)
O15 - Trusted Zone: http://www.tremor.com (HKCU)
O15 - Trusted Zone: http://housecall60.trendmicro.com (HKCU)
O15 - Trusted Zone: http://windowsupdate.com (HKCU)
O15 - Trusted Zone: http://pepsi.yahoo.com (HKCU)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/clien...uweb_si
O16 - DPF: {73F7A062-8829-11D1-B550-006097242D8D} (Voxware MetaSound Audio Decoder) - http://support.ninthhouse.com/updates/installers/voxacm.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popc...oader_v
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{FAB2FE2C-C23C-41F7-B1C0-558208A352A2}: NameServer = 192.168.0.1
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - C:\Program Files\RcvSystem\httpdchk.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O21 - SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - (no file)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

--
End of file - 8108 bytes

-- HijackThis Fixed Entries (C:\DOCUME~1\Shawn\MYDOCU~1\Unzipped\HIJACK~1\backups\) --------------------------------------------------------------------------------

backup-20050615-153411-194 O2 - BHO: (no name) - {C1C90EE2-C222-ECD0-2931-C9A93EE95AE7} - C:\WINDOWS\system32\fsmqd.dll
backup-20050615-153411-220 O4 - HKLM\..\Run: [Antivirus Installer] C:\ed.exe
backup-20050615-153411-415 R3 - URLSearchHook: (no name) - {0199DF25-9820-4bd5-9FEE-5A765AB4371E} - (no file)
backup-20050615-153411-483 O4 - HKLM\..\Run: [WinUpgrader] C:\fa.exe
backup-20050615-153411-538 O2 - BHO: (no name) - {C9C90CE1-C22A-98D6-2935-CBA93EEA5A9B} - C:\WINDOWS\system32\fsmqd.dll
backup-20050615-153411-556 O4 - HKCU\..\Run: [Zws] C:\WINDOWS\system32\??rss.exe
backup-20050615-153411-622 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
backup-20050615-153411-729 O4 - HKLM\..\Run: [Adware removal Tool] C:\xa.exe
backup-20050615-153411-735 O4 - HKLM\..\Run: [Adware Remover] C:\ct.exe
backup-20050615-153411-867 O4 - HKLM\..\Run: [MMC] C:\WINDOWS\inisys.exe
backup-20050615-153411-903 O2 - BHO: (no name) - {C9C90CE0-C22A-98D6-2935-CBA93E9C5AE3} - C:\WINDOWS\system32\fsmqd.dll
backup-20050615-153411-986 O4 - HKCU\..\Run: [Mdos] C:\Program Files\iodt\ouco.exe
backup-20051130-190513-217 O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
backup-20051130-190513-232 O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
backup-20051130-190513-265 O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
backup-20051130-190513-281 O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
backup-20051130-190513-298 O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
backup-20051130-190513-360 O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe /r
backup-20051130-190513-385 O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
backup-20051130-190513-462 O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
backup-20051130-190513-485 O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
backup-20051130-190513-552 O4 - HKLM\..\Run: [Anti] c:\xdf.exe
backup-20051130-190513-573 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
backup-20051130-190513-580 O4 - HKLM\..\Run: [PhilipsDM] "C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe"
backup-20051130-190513-629 O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
backup-20051130-190513-648 O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
backup-20051130-190513-660 O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
backup-20051130-190513-757 O4 - HKCU\..\Run: [PhilipsLime] "C:\Program Files\Philips\Philips Lime Service\bin\LimeAlive.exe"
backup-20051130-190513-766 O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Keyboard Mouse Tool\MMKEYBD.exe
backup-20051130-190513-815 O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
backup-20051130-190513-858 O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
backup-20051130-190513-894 O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
backup-20051130-190513-900 O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
backup-20051130-190513-909 O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
backup-20051130-190513-943 O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Keyboard Mouse Tool\mouse32a.exe
backup-20051130-190611-695 O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
backup-20080114-165716-448 O2 - BHO: (no name) - {CA4F0D8D-5F2B-4F16-838A-8D52249EAB21} - C:\WINDOWS\system32\opnmlmn.dll (file missing)
backup-20080114-165716-530 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
backup-20080114-165716-666 O4 - HKLM\..\Run: [MediaGateway] C:\Program Files\MediaGateway\MediaGateway.exe
backup-20080114-165716-999 O20 - Winlogon Notify: opnmlmn - opnmlmn.dll (file missing)
backup-20080118-175219-196 O2 - BHO: BndBlock4 BHO Class - {8F9E2BE3-766D-4831-BB0E-766D5B819995} - C:\Program Files\QdrDrive\QdrDrive9.dll
backup-20080118-175219-802 O23 - Service: Security Service (VFVO) - Unknown owner - C:\WINDOWS\system32\svcd\svchost.exe (file missing)
backup-20080118-175253-538 O23 - Service: Security Service (VFVO) - Unknown owner - C:\WINDOWS\system32\svcd\svchost.exe (file missing)

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 AsIO - c:\windows\system32\drivers\asio.sys
R1 aslm75 - c:\windows\system32\drivers\aslm75.sys
R1 oreans32 - c:\windows\system32\drivers\oreans32.sys
R3 MTsensor (ATK0110 ACPI UTILITY) - c:\windows\system32\drivers\asacpi.sys <Not Verified; ; ATK0100 ACPI Utility>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

S3 ASNDIS5 (ASNDIS5 Protocol Driver) - c:\windows\system32\asndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 cmudax (C-Media High Definition Audio Interface) - c:\windows\system32\drivers\cmudax.sys <Not Verified; C-Media Inc; C-Media Audio Driver (WDM)>
S3 pfsvgae - c:\docume~1\shawn\locals~1\temp\pfsvgae.sys (file missing)
S3 uisp (Motorola USB ICP driver) - c:\windows\system32\drivers\usbicp.sys (file missing)
S3 W8100XP (Marvell Libertas 802.11b/g SoftAP Driver for Windows XP ) - c:\windows\system32\drivers\mrv8ka51.sys <Not Verified; Marvell Semiconductor, Inc; Device driver for Marvell 802.11 NIC>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: ASUS 802.11b/g Wireless LAN Card
Device ID: PCI\VEN_11AB&DEV_1FA7&SUBSYS_138F1043&REV_07\4&23C0B1C&0&00F0
Manufacturer: Marvell
Name: ASUS 802.11b/g Wireless LAN Card
PNP Device ID: PCI\VEN_11AB&DEV_1FA7&SUBSYS_138F1043&REV_07\4&23C0B1C&0&00F0
Service: W8100XP

Class GUID: {4D36E97B-E325-11CE-BFC1-08002BE10318}
Description: ITE IT8211 ATA/ATAPI Controller
Device ID: PCI\VEN_1283&DEV_8212&SUBSYS_813A1043&REV_13\4&23C0B1C&0&20F0
Manufacturer: ITE Tech, Inc.
Name: ITE IT8211 ATA/ATAPI Controller
PNP Device ID: PCI\VEN_1283&DEV_8212&SUBSYS_813A1043&REV_13\4&23C0B1C&0&20F0
Service: iteatapi

-- Scheduled Tasks -------------------------------------------------------------

2008-01-10 10:39:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

-- Files created between 2007-12-18 and 2008-01-18 -----------------------------

2008-01-18 13:29:03 0 d-------- C:\Documents and Settings\Candace\Application Data\Sun
2008-01-18 10:45:02 0 d-------- C:\Documents and Settings\Candace\Application Data\Aim
2008-01-18 10:44:53 0 d-------- C:\Program Files\Viewpoint
2008-01-18 10:41:28 0 d-------- C:\Documents and Settings\Candace\Application Data\Macromedia
2008-01-18 10:41:28 0 d-------- C:\Documents and Settings\Candace\Application Data\Adobe
2008-01-18 10:40:02 0 d-------- C:\Documents and Settings\Candace\Application Data\Talkback
2008-01-17 14:09:19 0 d-------- C:\Documents and Settings\Candace\Application Data\Mozilla
2008-01-17 13:42:52 0 d-------- C:\Documents and Settings\Candace\Application Data\Grisoft
2008-01-17 13:42:47 0 d-------- C:\Documents and Settings\Candace\Application Data\AVG7
2008-01-17 13:42:28 0 d-------- C:\Documents and Settings\Candace\Application Data\Identities
2008-01-17 13:42:10 0 d--h----- C:\Documents and Settings\Candace\Templates
2008-01-17 13:42:10 0 dr------- C:\Documents and Settings\Candace\Start Menu
2008-01-17 13:42:10 0 dr-h----- C:\Documents and Settings\Candace\SendTo
2008-01-17 13:42:10 0 dr-h----- C:\Documents and Settings\Candace\Recent
2008-01-17 13:42:10 0 d--h----- C:\Documents and Settings\Candace\PrintHood
2008-01-17 13:42:10 786432 --ah----- C:\Documents and Settings\Candace\NTUSER.DAT
2008-01-17 13:42:10 0 d--h----- C:\Documents and Settings\Candace\NetHood
2008-01-17 13:42:10 0 dr------- C:\Documents and Settings\Candace\My Documents
2008-01-17 13:42:10 0 d--h----- C:\Documents and Settings\Candace\Local Settings
2008-01-17 13:42:10 0 dr------- C:\Documents and Settings\Candace\Favorites
2008-01-17 13:42:10 0 d-------- C:\Documents and Settings\Candace\Desktop
2008-01-17 13:42:10 0 d---s---- C:\Documents and Settings\Candace\Cookies
2008-01-17 13:42:10 0 dr-h----- C:\Documents and Settings\Candace\Application Data
2008-01-17 13:42:10 0 d---s---- C:\Documents and Settings\Candace\Application Data\Microsoft
2008-01-15 13:05:27 0 d-------- C:\Documents and Settings\Sarah\Application Data\Grisoft
2008-01-15 13:05:22 0 d-------- C:\Documents and Settings\Sarah\Application Data\AVG7
2008-01-14 19:56:04 0 d-------- C:\Program Files\RcvSystem
2008-01-14 19:55:55 0 d-------- C:\Documents and Settings\Candace & Sarah\Application Data\Grisoft
2008-01-14 19:55:54 0 d-------- C:\Documents and Settings\Candace & Sarah\Application Data\AVG7
2008-01-14 19:14:26 0 d-------- C:\Documents and Settings\VTMet\Application Data\Grisoft
2008-01-14 19:14:22 0 d-------- C:\Documents and Settings\VTMet\Application Data\AVG7
2008-01-14 16:18:23 0 dr-h----- C:\$VAULT$.AVG
2008-01-14 16:02:54 0 d-------- C:\Documents and Settings\Shawn\Application Data\Grisoft
2008-01-14 15:55:44 0 d-------- C:\Documents and Settings\Shawn\Application Data\AVG7
2008-01-14 15:55:28 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-14 15:55:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-12 23:40:04 0 d-------- C:\Documents and Settings\VTMet\Application Data\FunWebProducts
2008-01-12 23:32:37 0 d-------- C:\Program Files\FunWebProducts
2008-01-12 23:32:35 0 d-------- C:\Program Files\MyWebSearch
2008-01-12 19:33:12 114 --a------ C:\WINDOWS\system32\url3
2008-01-12 19:33:12 102 --a------ C:\WINDOWS\system32\url2
2008-01-12 19:33:12 102 --a------ C:\WINDOWS\system32\url1
2008-01-12 19:33:12 8 --a------ C:\WINDOWS\system32\CID
2008-01-12 19:33:11 4 --a------ C:\WINDOWS\system32\SvcNm
2008-01-12 19:33:06 34816 --a------ C:\winevzq.exe
2008-01-12 12:59:43 39424 --a------ C:\WINDOWS\system32\ssqnnnk.dll
2008-01-12 12:59:00 39424 --a------ C:\WINDOWS\system32\ljjkhii.dll
2008-01-12 12:58:48 39424 --a------ C:\WINDOWS\system32\nnnklki.dll
2008-01-12 12:58:48 39424 --a------ C:\WINDOWS\system32\jkklkjh.dll
2008-01-12 12:31:27 0 d-------- C:\Program Files\QdrPack
2008-01-12 12:31:21 0 d-------- C:\Program Files\QdrModule
2008-01-12 12:31:20 0 d-------- C:\Program Files\ISM
2008-01-11 10:30:11 0 d-------- C:\spoolerlogs
2008-01-10 15:33:49 338432 --a------ C:\WINDOWS\system32\mljgf.dll
2008-01-10 15:02:33 0 d-------- C:\WINDOWS\SxsCaPendDel
2008-01-10 14:26:10 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-01-10 14:23:28 0 dr-h----- C:\Documents and Settings\Shawn\Recent
2008-01-10 13:00:52 338432 --a------ C:\WINDOWS\system32\vtstq.dll
2008-01-10 12:12:47 90144 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-10 12:12:47 10719776 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-10 12:07:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-10 12:06:30 0 d-------- C:\KAV
2008-01-10 09:52:04 338432 --a------ C:\WINDOWS\system32\jkkji.dll
2008-01-10 07:11:49 338432 --a------ C:\WINDOWS\system32\ddaby.dll
2008-01-08 19:57:10 332800 --a------ C:\WINDOWS\system32\awtqq.dll
2008-01-08 19:00:17 332800 --a------ C:\WINDOWS\system32\gebcb.dll
2008-01-08 08:59:26 332800 --a------ C:\WINDOWS\system32\vturq.dll
2008-01-07 20:56:38 332288 --a------ C:\WINDOWS\system32\mljjj.dll
2008-01-07 19:48:29 332288 --a------ C:\WINDOWS\system32\ddayy.dll
2008-01-07 18:43:34 332288 --a------ C:\WINDOWS\system32\jkkjk.dll
2008-01-07 17:07:11 332288 --a------ C:\WINDOWS\system32\geeby.dll
2008-01-07 05:53:16 332288 --a------ C:\WINDOWS\system32\ddccd.dll
2008-01-06 22:42:05 329728 --a------ C:\WINDOWS\system32\mljgg.dll
2008-01-04 21:16:03 0 d-------- C:\Program Files\Disney
2008-01-02 20:38:38 0 d-------- C:\Documents and Settings\Sarah\.limewire
2007-12-28 15:18:34 0 d-------- C:\Documents and Settings\Guest\Application Data\Macromedia
2007-12-28 15:18:34 0 d-------- C:\Documents and Settings\Guest\Application Data\Adobe
2007-12-28 15:18:17 0 d-------- C:\Documents and Settings\Guest\Application Data\Talkback
2007-12-28 15:18:01 0 d-------- C:\Documents and Settings\Guest\Application Data\Mozilla
2007-12-28 15:17:52 0 d-------- C:\Documents and Settings\Guest\Application Data\Logitech
2007-12-28 15:17:41 0 d-------- C:\Documents and Settings\Guest\Application Data\Identities
2007-12-28 15:17:27 0 d--h----- C:\Documents and Settings\Guest\Templates
2007-12-28 15:17:27 0 dr------- C:\Documents and Settings\Guest\Start Menu
2007-12-28 15:17:27 0 dr-h----- C:\Documents and Settings\Guest\SendTo
2007-12-28 15:17:27 0 dr-h----- C:\Documents and Settings\Guest\Recent
2007-12-28 15:17:27 0 d--h----- C:\Documents and Settings\Guest\PrintHood
2007-12-28 15:17:27 630784 --a------ C:\Documents and Settings\Guest\NTUSER.DAT
2007-12-28 15:17:27 0 d--h----- C:\Documents and Settings\Guest\NetHood
2007-12-28 15:17:27 0 dr------- C:\Documents and Settings\Guest\My Documents
2007-12-28 15:17:27 0 d--h----- C:\Documents and Settings\Guest\Local Settings
2007-12-28 15:17:27 0 dr------- C:\Documents and Settings\Guest\Favorites
2007-12-28 15:17:27 0 d-------- C:\Documents and Settings\Guest\Desktop
2007-12-28 15:17:27 0 d---s---- C:\Documents and Settings\Guest\Cookies
2007-12-28 15:17:27 0 dr-h----- C:\Documents and Settings\Guest\Application Data
2007-12-28 15:17:27 0 d---s---- C:\Documents and Settings\Guest\Application Data\Microsoft
2007-12-27 20:04:04 0 d-------- C:\Documents and Settings\VTMet\Contacts
2007-12-27 19:22:22 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2007-12-27 19:21:46 0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-12-27 19:17:53 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-27 19:17:48 0 d-------- C:\Program Files\Windows Live
2007-12-27 19:17:35 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-22 00:54:36 286288 --a------ C:\WINDOWS\system32\000080.exe
2007-12-18 17:07:03 0 d-------- C:\Documents and Settings\VTMet\Application Data\Viewpoint

-- Find3M Report ---------------------------------------------------------------

2008-01-18 18:00:48 0 d-------- C:\Program Files\Steam
2008-01-18 18:00:47 0 d-------- C:\Documents and Settings\Shawn\Application Data\AdobeUM
2008-01-18 17:52:15 0 d-------- C:\Documents and Settings\Shawn\Application Data\BitTorrent
2008-01-18 10:45:01 0 d-------- C:\Program Files\AIM
2008-01-18 10:44:52 0 d-------- C:\Program Files\AOD
2008-01-14 15:35:40 0 d-------- C:\Program Files\ewido anti-malware
2008-01-11 10:29:59 0 d-------- C:\Program Files\Microsoft AntiSpyware
2008-01-11 10:29:30 0 d-------- C:\Program Files\Spyware Doctor
2008-01-10 14:56:09 0 d-------- C:\Program Files\Yahoo!
2008-01-10 14:44:54 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-10 14:28:09 0 d-------- C:\Program Files\Common Files\stardock
2008-01-10 14:25:01 0 d-------- C:\Program Files\Common Files\AOL
2008-01-02 22:30:56 0 d-------- C:\Program Files\LimeWire
2007-12-30 11:59:55 0 d-------- C:\Program Files\Last.fm
2007-12-28 11:25:10 0 d-------- C:\Program Files\Common Files\Real
2007-12-28 11:25:02 0 d-------- C:\Program Files\Common Files
2007-12-28 11:18:00 0 d-------- C:\Program Files\MySpace
2007-12-12 14:19:33 0 d-------- C:\Program Files\BitTorrent
2007-12-06 08:00:06 0 d-------- C:\Program Files\Java
2007-11-27 21:04:35 0 d-------- C:\Program Files\Apple Software Update
2007-11-23 17:46:03 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch Ai Booster"="C:\Program Files\ASUS\Ai Booster\OverClk.exe" [07/02/2004 10:33 AM]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 01:00 AM]
"nwiz"="nwiz.exe" [03/09/2006 02:29 PM C:\WINDOWS\system32\nwiz.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [07/22/2005 11:25 PM C:\WINDOWS\KHALMNPR.Exe]
"CTHelper"="CTHELPER.EXE" [03/19/2004 03:33 AM C:\WINDOWS\system32\CTHELPER.EXE]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [09/01/2006 03:57 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [01/12/2006 04:40 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [03/09/2006 02:29 PM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [01/14/2008 03:58 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 04:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WebCamRT.exe"="" []
"Steam"="c:\program files\steam\steam.exe" [12/12/2007 02:03 PM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 04:45 PM]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [09/07/2007 06:01 PM]

C:\Documents and Settings\Shawn\Start Menu\Programs\Startup\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [8/15/2007 5:35:15 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [1/11/2005 6:31:11 PM]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Lotus QuickStart.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Lotus QuickStart.lnk
backup=C:\WINDOWS\pss\Lotus QuickStart.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Lotus SuiteStart 97.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Lotus SuiteStart 97.lnk
backup=C:\WINDOWS\pss\Lotus SuiteStart 97.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsgCenterExe]
"C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

-- End of Deckard's System Scanner: finished at 2008-01-18 18:11:09 ------------

Extra.txt
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 3.20GHz
CPU 1: Intel(R) Pentium(R) 4 CPU 3.20GHz
Percentage of Memory in Use: 42%
Physical Memory (total/avail): 1023.29 MiB / 591.67 MiB
Pagefile Memory (total/avail): 2463.58 MiB / 2167.71 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1925.11 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 111.78 GiB total, 3.73 GiB free.
D: is CDROM (No Media)
E: is Removable (No Media)

\\.\PHYSICALDRIVE0 - WDC WD1200JD-00HBB0 - 111.79 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 111.78 GiB - C:

\\.\PHYSICALDRIVE1 - HP PSC 2355xi USB Device

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: AVG 7.5.516 v7.5.516 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1197508903\\ee\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1197508903\\ee\\AOLServiceHost.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Shawn\\Local Settings\\Temp\\MAGIX music maker 2004 deLuxe\\muma2004.exe"="C:\\Documents and Settings\\Shawn\\Local Settings\\Temp\\MAGIX music maker 2004 deLuxe\\muma2004.exe:*:Enabled:MAGIX music maker 2004 deLuxe"
"C:\\Program Files\\LimeWire\\LimeWire 4.2.4\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire 4.2.4\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Windows Media Player\\mplayer2.exe"="C:\\Program Files\\Windows Media Player\\mplayer2.exe:*:Enabled:mplayer2"
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:wmplayer"
"C:\\Program Files\\Movie Maker\\moviemk.exe"="C:\\Program Files\\Movie Maker\\moviemk.exe:*:Enabled:Windows Movie Maker"
"C:\\Program Files\\America's Army\\System\\ArmyOps.exe"="C:\\Program Files\\America's Army\\System\\ArmyOps.exe:*:Enabled:ArmyOps"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\HLSW\\hlsw.exe"="C:\\Program Files\\HLSW\\hlsw.exe:*:Enabled:HLSW"
"C:\\Program Files\\Eyeball\\Eyeball Chat\\EyeballChat.exe"="C:\\Program Files\\Eyeball\\Eyeball Chat\\EyeballChat.exe:*:Enabled:Eyeball Chat"
"C:\\Program Files\\ASUS\\WLAN Card Utilities\\Wizard.exe"="C:\\Program Files\\ASUS\\WLAN Card Utilities\\Wizard.exe:*:Enabled:One Touch Wizard"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\BitTorrent\\btdownloadgui.exe"="C:\\Program Files\\BitTorrent\\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\\Program Files\\Steam\\SteamApps\\xiej\\day of defeat\\hl.exe"="C:\\Program Files\\Steam\\SteamApps\\xiej\\day of defeat\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"="C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe:*:Enabled:Battlefield 2"
"C:\\Program Files\\Steam\\SteamApps\\xiej\\counter-strike\\hl.exe"="C:\\Program Files\\Steam\\SteamApps\\xiej\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Common Files\\AOL\\1138321868\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1138321868\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1138321868\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1138321868\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Steam\\SteamApps\\xiej\\day of defeat source\\hl2.exe"="C:\\Program Files\\Steam\\SteamApps\\xiej\\day of defeat source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\VentSrv\\ventrilo_srv.exe"="C:\\Program Files\\VentSrv\\ventrilo_srv.exe:*:Enabled:ventrilo_srv"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Disabled:Firefox"
"C:\\Program Files\\Last.fm\\LastFM.exe"="C:\\Program Files\\Last.fm\\LastFM.exe:*:Enabled:LastFM"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Common Files\\AOL\\1197508903\\ee\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1197508903\\ee\\AOLServiceHost.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Shawn\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=SHAWNS
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Shawn
LOGONSERVER=\\SHAWNS
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0304
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Shawn\LOCALS~1\Temp
TMP=C:\DOCUME~1\Shawn\LOCALS~1\Temp
USERDOMAIN=SHAWNS
USERNAME=Shawn
USERPROFILE=C:\Documents and Settings\Shawn
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

Shawn (admin)
VTMet (admin)
Candace & Sarah (admin)
Sarah (admin)
triumph (admin)
Candace (admin)
Administrator (admin)
Guest (new local, guest)

-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative\SBAudigy2\Program\SETUP.EXE" /S /U /W
--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1494984B-9AC5-4F16-B61A-C21D5EFCC1C4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1494984B-9AC5-4F16-B61A-C21D5EFCC1C4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{169F8893-C1C5-4847-972C-EA1E008112AC}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{169F8893-C1C5-4847-972C-EA1E008112AC}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{25EF00C6-F17B-11D6-88EA-000476CD2443}\Setup.exe" -l0x9 UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{266F8C74-5DC6-4405-B79B-4EB82B2FC684}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{266F8C74-5DC6-4405-B79B-4EB82B2FC684}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{869D88A5-BD6C-4E39-8536-D95259EAD7E8}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{869D88A5-BD6C-4E39-8536-D95259EAD7E8}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{87499F38-FD69-4A2B-B41A-BAB8DE9B94FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9154ED7C-926E-49CC-B677-0CF3C5267457}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9154ED7C-926E-49CC-B677-0CF3C5267457}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD549B7B-3532-4160-80D4-3E3DD39A9AE5}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD549B7B-3532-4160-80D4-3E3DD39A9AE5}\setup.exe" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
a-squared Free 1.6 --> "C:\Program Files\a2 Free\unins000.exe"
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Download Manager 2.0 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop CS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Ai Booster --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{74BF0A46-DF67-4D86-B038-BF0E51871B66}\Setup.exe" -l0x9
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ASUS Probe V2.23.01 --> C:\WINDOWS\uninst.exe -f"C:\Program Files\ASUS\Probe\DeIsL1.isu" -c"C:\Program Files\ASUS\Probe\probunis.dll"
ASUS WLAN Card Utilities/Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8F722FA9-B994-4C9B-B292-FD32D6206EDF}\Setup.exe" -l0x9
Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"
AudioKit --> C:\Program Files\AudioKit\Uninstall.exe
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Barbie(R) Pet Rescue --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Mattel Interactive\Barbie(R)\Barbie(R) Pet Rescue\Uninst.isu"
Battlefield 2(TM) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x9 -removeonly
Bazooka Scanner --> "C:\Program Files\Bazooka Scanner\Uninstall.exe" "C:\Program Files\Bazooka Scanner\install.log"
BitTorrent 5.0.9 --> "C:\Program Files\BitTorrent\uninstall.exe"
C-Media High Definition Audio Driver --> C:\WINDOWS\system32\cmirmdrv.exe
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Cheating-Death 4.29.2 --> C:\Program Files\Cheating-Death\UninstCD.exe
Collab --> C:\Program Files\Image-Line\Collab\uninstall.exe
Cool Edit Pro 2.1 --> C:\Program Files\coolpro2\cep2unin.exe
Creative MediaSource --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\SETUP.EXE" -l0x9 /remove/remove
Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{87499F38-FD69-4A2B-B41A-BAB8DE9B94FE}\setup.exe" -l0x9 /remove
DiMAGE Viewer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{976EA7B1-7562-483D-88DA-4323D263B7CD}\Setup.exe" -l0x9 anything
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
Eyeball Chat 2.2 --> C:\PROGRA~1\Eyeball\EYEBAL~1\UNWISE.EXE C:\PROGRA~1\Eyeball\EYEBAL~1\INSTALL.LOG
FL Studio 5 --> C:\Program Files\Image-Line\FLStudio5\uninstall.exe
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Video Uploader --> "C:\Program Files\Google Video\Uninstall.exe"
Google Video Viewer 1.0 (based on VLC 0.8.2 Player) --> C:\Program Files\GoogleVideoViewer\VLC\uninstall.exe
HijackThis 1.99.1 --> C:\Documents and Settings\Shawn\My Documents\Unzipped\hijackthis\HijackThis.exe /uninstall
HLSW v1.0.0.44 --> "C:\Program Files\HLSW\unins000.exe"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
HP Image Zone 4.2 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 4.2 --> "C:\Program Files\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe" -datfile hposcr04.dat
HP Software Update --> MsiExec.exe /X{457791C5-D702-4143-A7B2-2744BE9573F2}
HP Unload DLL Patch --> MsiExec.exe /X{595D0DE8-C38A-4432-B851-47DECC1A99BD}
Internet Speed Monitor --> C:\Program Files\ISM\Uninstall.exe
iTunes --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{47808F78-F178-49DC-B708-15FE538B16FF}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
J2SE Runtime Environment 5.0 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java 2 Runtime Environment Standard Edition v1.3.1_04 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\JavaSoft\JRE\1.3.1_04\Uninst.isu"
Java 2 Runtime Environment, SE v1.4.2_06 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142060}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Last.fm 1.4.1.57486 --> "C:\Program Files\Last.fm\unins000.exe"
Last.fm Player 1.1.4 --> "C:\Program Files\Last.fm Player\unins000.exe"
LimeWire --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7F99416F-B410-487A-8288-ECC1263E23E7}
LimeWire 4.9.23 --> "C:\Program Files\LimeWire\uninstall.exe"
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x9 UNINSTALL
Logitech ImageStudio --> MsiExec.exe /I{5A24DD7E-7B01-41AC-ADA8-F1776177A3BA}
Logitech SetPoint --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9 -removeonly
Lotus SmartSuite 97 --> C:\WINDOWS\lunin10.exe /T SmartSuite /V 97.0 /I "c:\lotus\suit.inf" /C "c:\lotus\cinstall.ini" /O /L EN
Macromedia Flash Player 8 --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Marvell Miniport Driver --> MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Microsoft AntiSpyware --> MsiExec.exe /I{536F7C74-844B-4683-B0C5-EA39E19A6FE3}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Word Viewer 2003 --> MsiExec.exe /I{90850409-6000-11D3-8CFE-0150048383C9}
Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
mIRC --> "C:\Program Files\mIRC\mirc.exe" -uninstall
Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero Suite --> C:\Program Files\Common Files\Nero\Uninstall\Setupx.exe /uninstall ExtraUninstallID=""
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OIN --> C:\WINDOWS\system32\shex.exe open http://www.outerinfo.com/questionnaire.php
OpenMG Limited Patch 4.0-04-08-02-01 --> C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.0-04-08-02-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.0.00 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{6F1974D6-4249-43B6-88B0-9A9B8A33956C} /l1033 UNINSTALL
QuickTime --> MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
RzE's CS Helper --> "c:\program files\valve\steam\steamapps\xiej\counter-strike\cstrike\uninst-rzes_cs_helper.exe"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Sound Blaster Audigy 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CECB9B3D-E681-4458-85F8-8D182941AF1D}\SETUP.EXE" -l0x9
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 3.2 --> "C:\Program Files\Spyware Doctor\unins000.exe"
SpywareBlaster v3.4 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Steam(TM) --> C:\PROGRA~1\Steam\UNWISE.EXE C:\PROGRA~1\Steam\INSTALL.LOG
TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe"
The Sims Deluxe Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{10798AE3-DCBB-43C3-9C93-C23512427E25}\setup.exe" -l0009
ToneThis 3.0 --> C:\Program Files\ToneThis 3.0\Uninstall.exe
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Ventrilo Server --> MsiExec.exe /I{85DD724B-15E5-4572-81BF-CF9031D83848}
Verizon Online --> C:\WINDOWS\system32\VerizonUninstaller.exe
VideoMach 3.3.4 --> C:\Program Files\VideoMach-3.3.4\uninstall.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
ViewSonic Monitor Drivers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B4FEA924-630D-11D4-B78E-005004566E4D}\Setup.exe" -l0x9
WinAce Archiver --> C:\Program Files\WinAce\SXUNINST.EXE C:\Program Files\WinAce\SXUNINST.INI
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinSCP 3.6.8 --> "C:\Program Files\WinSCP3\unins000.exe"
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
XviD MPEG-4 Video Codec --> "C:\Program Files\XviD\unins000.exe"
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

-- Application Event Log -------------------------------------------------------

Event Record #/Type6347 / Error
Event Submitted/Written: 01/18/2008 05:57:36 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application mshta.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type6346 / Error
Event Submitted/Written: 01/18/2008 01:01:50 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application wmplayer.exe, version 11.0.5721.5145, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type6345 / Error
Event Submitted/Written: 01/18/2008 10:40:01 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application rundll32.exe, version 5.1.2600.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type6344 / Error
Event Submitted/Written: 01/18/2008 10:39:59 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application rundll32.exe, version 5.1.2600.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type6300 / Error
Event Submitted/Written: 01/14/2008 04:16:57 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application rundll32.exe, version 5.1.2600.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type243403 / Warning
Event Submitted/Written: 01/18/2008 06:02:04 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type243382 / Warning
Event Submitted/Written: 01/18/2008 05:39:56 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type243378 / Warning
Event Submitted/Written: 01/18/2008 04:30:39 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type243373 / Error
Event Submitted/Written: 01/18/2008 01:07:41 PM
Event ID/Source: 9 / atapi
Event Description:
The device, \Device\Ide\IdePort0, did not respond within the timeout period.

Event Record #/Type243372 / Error
Event Submitted/Written: 01/18/2008 01:07:15 PM
Event ID/Source: 9 / atapi
Event Description:
The device, \Device\Ide\IdePort0, did not respond within the timeout period.

-- End of Deckard's System Scanner: finished at 2008-01-18 18:11:09 ------------

HJT Log
Logfile of HijackThis v1.99.1
Scan saved at 6:14:06 PM, on 1/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WIND

greyknight17 · Joined: Feb 03, 2003 Posts: 5058 Location: Brooklyn, NY

Print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should NOT have any open browsers when you are following the procedures below.

Do you know what this program is used for?
C:\Program Files\RcvSystem\httpdchk.dll

If not, I want you to upload this file (C:\Program Files\RcvSystem\httpdchk.dll) to http://virusscan.jotti.org and report back what it found.

Uninstall FunWebProducts, Viewpoint Media Player and Internet Speed Monitor via the Add/Remove Programs panel.

Delete the following:

C:\Documents and Settings\VTMet\Application Data\FunWebProducts
C:\Program Files\FunWebProducts
C:\WINDOWS\system32\CID
C:\WINDOWS\system32\SvcNm
C:\winevzq.exe
C:\Program Files\QdrPack
C:\Program Files\QdrModule
C:\Program Files\ISM
C:\spoolerlogs

Download VundoFix at http://www.atribune.org/ccount/click.php?id=4 and save it to your desktop.
- Double-click VundoFix.exe to run it.
- Click the Scan for Vundo button.
- Once it's done scanning, click the Remove Vundo button.
- You will receive a prompt asking if you want to remove the files. Click Yes.
- Once you click yes, your desktop will go blank as it starts removing Vundo.
- When completed, it will prompt that it will reboot your computer. Click OK.
- Post the contents of C:\vundofix.txt here.

NOTE: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot. Simply follow the above instructions starting from Click the Scan for Vundo button when VundoFix appears upon rebooting.

Try downloading combofix again and run it. It should work now.

Post the combofix log here along with a new HijackThis log.

Xiej · Joined: Jun 14, 2005 Posts: 8

Online malware Scan
Service
Service load:
0% 100%
File: httpdchk.dll
Status:
INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: fecd6ed65929d61dc751d24f606ba936
Packers detected:
-
Bit9 reports: File not found
Scanner results
Scan taken on 21 Jan 2008 13:12:48 (GMT)
A-Squared - Found nothing
AntiVir - Found HEUR/Malware
ArcaVir - Found nothing
Avast - Found nothing
AVG Antivirus - Found Generic2.ZYS
BitDefender - Found nothing
ClamAV - Found nothing
CPsecure - Found nothing
Dr.Web - Found nothing
F-Prot Antivirus - Found nothing
F-Secure Anti-Virus - Found nothing
Fortinet - Found Adware/ISM
Ikarus - Found nothing
Kaspersky Anti-Virus - Found nothing
NOD32 - Found nothing
Norman Virus Control - Found nothing
Panda Antivirus - Found nothing
Rising Antivirus - Found nothing
Sophos Antivirus - Found nothing
VirusBuster - Found nothing
VBA32 - Found nothing

Vundofix

VundoFix V6.7.7

Checking Java version...

Java version is 1.4.2.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.11

Scan started at 2:45:37 PM 1/20/2008

Listing files found while scanning....

C:\WINDOWS\system32\awtqq.dll
C:\WINDOWS\system32\ddaby.dll
C:\WINDOWS\system32\ddayy.dll
C:\WINDOWS\system32\ddccd.dll
C:\WINDOWS\system32\gebcb.dll
C:\WINDOWS\system32\geeby.dll
C:\WINDOWS\system32\jkkji.dll
C:\WINDOWS\system32\jkkjk.dll
C:\WINDOWS\system32\mljgf.dll
C:\WINDOWS\system32\mljgg.dll
C:\WINDOWS\system32\mljjj.dll
C:\WINDOWS\system32\vtstq.dll
C:\WINDOWS\system32\vturq.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\awtqq.dll
C:\WINDOWS\system32\awtqq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddaby.dll
C:\WINDOWS\system32\ddaby.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddayy.dll
C:\WINDOWS\system32\ddayy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddccd.dll
C:\WINDOWS\system32\ddccd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gebcb.dll
C:\WINDOWS\system32\gebcb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\geeby.dll
C:\WINDOWS\system32\geeby.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkkji.dll
C:\WINDOWS\system32\jkkji.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkkjk.dll
C:\WINDOWS\system32\jkkjk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljgf.dll
C:\WINDOWS\system32\mljgf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljgg.dll
C:\WINDOWS\system32\mljgg.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljjj.dll
C:\WINDOWS\system32\mljjj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtstq.dll
C:\WINDOWS\system32\vtstq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vturq.dll
C:\WINDOWS\system32\vturq.dll Has been deleted!

Performing Repairs to the registry.
Done!

Combofix
Same error still popping up. "Not a valid Win 32 operation"

HJT Log
Logfile of HijackThis v1.99.1
Scan saved at 8:35:26 AM, on 1/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe <