Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Possible Infection?-Long gap between login and desktop

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Possible Infection?-Long gap between login and desktop

Unread postby ELevy » October 22nd, 2007, 11:20 am

I believe my laptop has some infection causing it to exhibit a log delay between logging on and the desktop appearing. I have 1.5 GB of ram and am running XP Home

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:12:29 AM, on 10/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\GizmoPlugin\GizmoPlugin.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VMware\VMware Server\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\SpiralFrog\Spiralfrog.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.vonage.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [SpiralFrog] C:\Program Files\SpiralFrog\Spiralfrog.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [VisualTooltip] C:\Program Files\VisualTooltip\VisualToolTip.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=laptop
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h20278.www2.hp.com/HPISWeb/Custo ... anager.CAB
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.faces.com/Common/Controls/Ac ... oader3.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C7625C1-35A7-44FD-8C0B-31698B88F545}: Domain = levy.lan
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: COM+ System Application Manage (COM+ System Manager) - Unknown owner - C:\Program Files\Common Files\System\Dllhost.exe (file missing)
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Gizmo VoIP Service (Gizmo Plugin) - SIPphone, Inc. - C:\Program Files\GizmoPlugin\GizmoPlugin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware Registration Service (vmserverdWin32) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 14887 bytes
ELevy
Regular Member
 
Posts: 20
Joined: October 22nd, 2007, 11:17 am
Advertisement
Register to Remove

Unread postby Katana » October 25th, 2007, 10:56 am

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those three things, everything should go smoothly :D

Submit a File For Analysis
We need to have the file below Scanned by Uploading it to Jotti

Please visit Jotti
Copy/paste the the following file path into the window
C:\Program Files\Common Files\System\Dllhost.exe
Click Submit/Send File
Please post back, to let me know the results.

If Jotti is too busy please try Virustotal

Deckard's System Scanner
Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Unread postby ELevy » October 25th, 2007, 7:01 pm

I left my laptop at work so I will run the tests tomorrow and report the results here.
ELevy
Regular Member
 
Posts: 20
Joined: October 22nd, 2007, 11:17 am

Unread postby ELevy » October 26th, 2007, 8:34 am

katana wrote:Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those three things, everything should go smoothly :D

Submit a File For Analysis
We need to have the file below Scanned by Uploading it to Jotti

Please visit Jotti
Copy/paste the the following file path into the window
C:\Program Files\Common Files\System\Dllhost.exe
Click Submit/Send File
Please post back, to let me know the results.



I was unable to find C:\Program Files\Common Files\System\Dllhost.exe
ELevy
Regular Member
 
Posts: 20
Joined: October 22nd, 2007, 11:17 am

Unread postby ELevy » October 26th, 2007, 8:35 am

Deckard's System Scanner v20071014.68
Run by Emanuel on 2007-10-26 08:28:19
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2007-10-26 12:28:21 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 2.58 GiB (less than 15%) free.


-- HijackThis (run as Emanuel.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:30:50 AM, on 10/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\GizmoPlugin\GizmoPlugin.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VMware\VMware Server\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\SpiralFrog\Spiralfrog.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Documents and Settings\Emanuel\Desktop\dss.exe
C:\DOCUME~1\Emanuel\Desktop\ANTI-M~1\Emanuel.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [SpiralFrog] C:\Program Files\SpiralFrog\Spiralfrog.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [VisualTooltip] C:\Program Files\VisualTooltip\VisualToolTip.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=laptop
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h20278.www2.hp.com/HPISWeb/Custo ... anager.CAB
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.faces.com/Common/Controls/Ac ... oader3.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C7625C1-35A7-44FD-8C0B-31698B88F545}: Domain = levy.lan
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: COM+ System Application Manage (COM+ System Manager) - Unknown owner - C:\Program Files\Common Files\System\Dllhost.exe (file missing)
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Gizmo VoIP Service (Gizmo Plugin) - SIPphone, Inc. - C:\Program Files\GizmoPlugin\GizmoPlugin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware Registration Service (vmserverdWin32) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 14427 bytes

-- HijackThis Fixed Entries (C:\DOCUME~1\Emanuel\Desktop\ANTI-M~1\backups\) ----

backup-20071022-154717-448 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.vonage.com/

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 BTSERIAL (Bluetooth Serial Driver) - c:\windows\system32\drivers\btserial.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 4.0.1.2401>
R2 BTSLBCSP (Bluetooth Port Client Driver) - c:\windows\system32\drivers\btslbcsp.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 4.0.1.2401>
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
R2 VMnetBridge (VMware Bridge Protocol) - c:\windows\system32\drivers\vmnetbridge.sys <Not Verified; VMware, Inc.; VMware bridge driver (32-bit)>
R2 VMnetuserif (VMware Network Application Interface) - c:\windows\system32\drivers\vmnetuserif.sys <Not Verified; VMware, Inc.; VMware network application interface driver (32-bit)>
R2 vmx86 (VMware vmx86) - c:\windows\system32\drivers\vmx86.sys <Not Verified; VMware, Inc.; VMware kernel driver>
R2 vstor2 (Vstor2 Virtual Storage Driver) - c:\program files\common files\vmware\vmware virtual image editing\vstor2.sys <Not Verified; VMware, Inc.; VMware Virtual Machine Importer>
R3 btwmodem (Bluetooth Modem) - c:\windows\system32\drivers\btwmodem.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 4.0.1.2401>
R3 pgfilter - c:\program files\peerguardian2\pgfilter.sys

S3 APLMp50 (APLMp50 NDIS Protocol Driver) - c:\windows\system32\drivers\aplmp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 NCHSSVAD (SoundTap Recorder) - c:\windows\system32\drivers\nchssvad.sys <Not Verified; NCH Swift Sound; NCH Swift Sound Virtual Audio Device>
S3 NPF (NetGroup Packet Filter Driver) - c:\windows\system32\drivers\npf.sys <Not Verified; CACE Technologies; WinPcap Netgroup Packet Filter Driver>
S3 PalmUSBD - c:\windows\system32\drivers\palmusbd.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Diskeeper - "c:\program files\executive software\diskeeper\dkservice.exe" <Not Verified; Executive Software International, Inc.; Diskeeper (TM) Disk Defragmenter>
R2 Gizmo Plugin (Gizmo VoIP Service) - "c:\program files\gizmoplugin\gizmoplugin.exe" <Not Verified; SIPphone, Inc.; Gizmo Plugin VOIP Service>
R2 VMAuthdService (VMware Authorization Service) - c:\program files\vmware\vmware server\vmware-authd.exe <Not Verified; VMware, Inc.; VMware Server>
R2 VMnetDHCP (VMware DHCP Service) - c:\windows\system32\vmnetdhcp.exe <Not Verified; VMware, Inc.; VMware Server>
R2 vmount2 (VMware Virtual Mount Manager Extended) - "c:\program files\common files\vmware\vmware virtual image editing\vmount2.exe" <Not Verified; VMware, Inc.; VMware Virtual Machine Importer>
R2 vmserverdWin32 (VMware Registration Service) - c:\program files\vmware\vmware server\vmserverdwin32.exe <Not Verified; VMware, Inc.; VMware Server>
R2 VMware NAT Service - c:\windows\system32\vmnat.exe <Not Verified; VMware, Inc.; VMware Server>

S2 COM+ System Manager (COM+ System Application Manage) - c:\program files\common files\system\dllhost.exe (file missing)
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
S3 rpcapd (Remote Packet Capture Protocol v.0 (experimental)) - "c:\program files\winpcap\rpcapd.exe" -d -f "c:\program files\winpcap\rpcapd.ini" <Not Verified; CACE Technologies; Remote Packet Capture Daemon>
S4 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2007-09-26 and 2007-10-26 -----------------------------

2007-10-22 15:21:19 0 d-------- C:\Program Files\Microsoft Works
2007-10-22 12:04:19 0 d-------- C:\Program Files\EsetOnlineScanner
2007-10-22 11:27:51 0 d-------- C:\Program Files\a-squared Free
2007-10-22 11:16:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-10-18 13:48:23 0 d-------- C:\Program Files\msn gaming zone
2007-10-18 10:52:33 0 d-------- C:\Documents and Settings\Emanuel\My Do
2007-10-18 10:36:10 0 d-------- C:\Program Files\Common Files\AnswerWorks 5.0
2007-10-18 10:35:56 1843200 --a------ C:\WINDOWS\system32\acXMLParser.dll <Not Verified; Apache Software Foundation; Xerces-C Version 2.7.0>
2007-10-18 10:35:34 0 d-------- C:\Program Files\Common Files\Palo Alto Software
2007-10-18 10:35:27 0 d-------- C:\Program Files\Common Files\Intuit
2007-10-18 09:20:03 0 d-------- C:\Documents and Settings\Emanuel\Application Data\GrabIt
2007-10-18 09:12:12 0 d-------- C:\Program Files\GrabIt
2007-10-16 09:56:23 0 d-------- C:\Program Files\Winamp
2007-10-16 09:56:23 0 d-------- C:\Documents and Settings\Emanuel\Application Data\Winamp
2007-10-16 09:22:47 49152 --a------ C:\WINDOWS\system32\XXPBAR.EXE <Not Verified; Pixeleb, Inc.; Pixeleb, Inc. xxpbarx>
2007-10-16 09:22:47 230377 --a------ C:\WINDOWS\system32\XXCOPY16.EXE
2007-10-16 09:22:47 278528 --a------ C:\WINDOWS\system32\XXCOPY.EXE <Not Verified; Pixelab, Inc.; Pixelab, Inc. xxcopy>
2007-10-16 09:22:47 1436 --a------ C:\WINDOWS\system32\UIXXCOPY.BAT
2007-10-16 02:07:11 0 d--hs---- C:\Documents and Settings\Emanuel\Recent
2007-10-15 19:33:42 262144 --a------ C:\Documents and Settings\Application Data\ntuser.dat
2007-10-15 19:33:16 0 d-------- C:\Documents and Settings\All Users\Application Data\YAHOO
2007-10-15 19:30:45 0 d-------- C:\Program Files\Yahoo!
2007-10-12 13:40:26 0 d-------- C:\sorted music
2007-10-12 12:46:09 20080 --a------ C:\WINDOWS\system32\Winsspi.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
2007-10-12 12:46:09 32256 --a------ C:\WINDOWS\system32\Selfreg.dll <Not Verified; Microsoft; SelfReg>
2007-10-12 12:46:08 415504 --a------ C:\WINDOWS\system32\Msrepl35.dll <Not Verified; Microsoft Corporation; Microsoft® Access>
2007-10-12 12:46:08 262144 --a------ C:\WINDOWS\system32\Msrd2x35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2007-10-12 12:46:08 36864 --a------ C:\WINDOWS\system32\Msjter35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2007-10-12 12:46:08 139264 --a------ C:\WINDOWS\system32\Msjint35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2007-10-12 12:46:08 1046288 --a------ C:\WINDOWS\system32\Msjet35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2007-10-12 12:46:07 12288 --a------ C:\WINDOWS\system32\Hlinkprx.dll
2007-10-12 12:46:06 6144 --a------ C:\WINDOWS\system32\W95fiber.dll <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95>
2007-10-12 12:46:06 195072 --a------ C:\WINDOWS\system32\Msodeusa.dll <Not Verified; Microsoft Corporation; Microsoft App-wide Setup for Windows>
2007-10-12 12:46:05 0 d-------- C:\Program Files\Access 97 Runtime
2007-10-12 12:46:04 0 d-------- C:\Program Files\Common Files\Sagekey Software
2007-10-12 12:46:03 59392 --a------ C:\WINDOWS\system32\MoleZip.dll <Not Verified; MoleStudio.com; MoleStudio MoleZip>
2007-10-12 12:46:03 20480 --a------ C:\WINDOWS\system32\crcdll32.dll <Not Verified; Lauren Vanderhoof; crc32dll>
2007-10-12 12:46:03 99840 --a------ C:\WINDOWS\system32\Blofsh10.dll <Not Verified; None; Blowfish DLL>
2007-10-12 12:46:03 45056 --a------ C:\WINDOWS\system32\ASPIshim.dll
2007-10-12 12:46:03 10752 --a------ C:\WINDOWS\system32\aamd532.dll <Not Verified; Almeida & Andrade Ltda; MD5 Maker DLL>
2007-10-12 12:46:00 0 d-------- C:\Program Files\OPAL Network
2007-10-12 10:50:49 41984 --a------ C:\WINDOWS\system32\APTRRNTm.dll <Not Verified; High Criteria inc.; TRSDK for ReplayRadio of ApplianTechnologies>
2007-10-12 10:50:49 36864 --a------ C:\WINDOWS\system32\APTRRNTl.dll <Not Verified; High Criteria inc.; TRSDK for ReplayRadio of ApplianTechnologies>
2007-10-12 10:50:31 0 d-------- C:\Program Files\Replay Music 2
2007-10-12 10:50:25 0 d-------- C:\Program Files\Replay Music
2007-10-10 14:36:04 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-10-10 14:29:51 0 d-------- C:\Program Files\CCleaner
2007-10-05 14:57:08 44967968 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-10-05 14:54:53 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-10-05 14:54:37 11264 --a------ C:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
2007-10-05 14:08:53 0 d-------- C:\Program Files\Trend Micro
2007-10-05 11:58:56 0 d-------- C:\Documents and Settings\Emanuel\Application Data\SlySoft
2007-10-05 11:57:03 0 d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
2007-10-05 11:51:56 34308 --a------ C:\WINDOWS\system32\Chip.dll
2007-10-05 11:49:29 0 d-------- C:\Program Files\SlySoft
2007-10-05 11:48:05 0 d-------- C:\Program Files\Amazon DVD Shrinker
2007-10-05 11:47:25 0 d-------- C:\WINDOWS\Bifrost
2007-09-28 10:37:01 0 d-------- C:\Documents and Settings\Emanuel\Application Data\Audacity


-- Find3M Report ---------------------------------------------------------------

2007-10-26 08:31:08 0 d-------- C:\Program Files\PeerGuardian2
2007-10-26 08:17:27 0 d-------- C:\Program Files\SpiralFrog
2007-10-26 08:16:20 0 d-------- C:\Documents and Settings\Emanuel\Application Data\AVG7
2007-10-22 11:14:33 0 d-------- C:\Documents and Settings\Emanuel\Application Data\AdobeUM
2007-10-21 00:45:49 4 --a------ C:\WINDOWS\system32\9C066A
2007-10-18 19:31:30 0 d-------- C:\Documents and Settings\Emanuel\Application Data\Azureus
2007-10-18 13:24:16 0 d-------- C:\Program Files\Quicken
2007-10-18 10:48:06 0 d-------- C:\Program Files\Common Files
2007-10-18 10:36:10 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-10-16 19:32:01 0 d-------- C:\Documents and Settings\Emanuel\Application Data\VMware
2007-10-15 20:27:31 0 d-------- C:\Program Files\Rhapsody
2007-10-15 20:24:32 0 d-------- C:\Documents and Settings\Emanuel\Application Data\Real
2007-10-12 10:50:24 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2007-10-12 09:18:56 0 d-------- C:\Program Files\Audacity
2007-10-11 11:53:48 0 d-------- C:\Program Files\Online Services
2007-10-11 10:44:46 0 d-------- C:\Program Files\LogMeIn
2007-10-11 10:40:30 0 d-------- C:\Program Files\Google
2007-10-11 10:40:30 0 d-------- C:\Program Files\GizmoPlugin
2007-10-11 10:39:45 0 d-------- C:\Program Files\DAEMON Tools
2007-10-11 10:37:51 0 d-------- C:\Program Files\Common Files\LightScribe
2007-10-11 06:41:45 0 d-------- C:\Program Files\QuickPar
2007-10-05 14:55:41 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-10-05 08:47:09 0 d-------- C:\Program Files\Apple Software Update
2007-10-05 08:46:16 0 d-------- C:\Program Files\Common Files\Adobe
2007-10-05 08:31:04 0 d-------- C:\Program Files\HP
2007-09-24 17:38:40 0 d-------- C:\Documents and Settings\Emanuel\Application Data\U3
2007-09-21 14:47:06 0 d-------- C:\Program Files\Windows Media Connect 2
2007-09-21 13:57:07 0 d-------- C:\Program Files\WinPcap
2007-09-21 11:39:13 0 d-------- C:\Documents and Settings\Emanuel\Application Data\Media Player Classic
2007-09-21 09:26:12 0 d-------- C:\Documents and Settings\Emanuel\Application Data\Adobe
2007-09-21 09:14:32 0 d-------- C:\Documents and Settings\Emanuel\Application Data\Thinstall
2007-09-20 15:39:31 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-09-17 21:49:50 0 d-------- C:\Program Files\PandoraBrowse
2007-09-17 21:13:12 0 d-------- C:\Program Files\MP3tunes
2007-09-14 09:53:07 0 d-------- C:\Documents and Settings\Emanuel\Application Data\Apple Computer
2007-09-14 09:51:39 0 d-------- C:\Documents and Settings\Emanuel\Application Data\GTek
2007-09-11 12:59:33 0 d-------- C:\Program Files\Azureus
2007-09-02 00:02:26 0 d-------- C:\Program Files\ShufflePlay2
2007-09-01 23:40:41 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2007-09-01 22:54:26 0 d-------- C:\Program Files\RSSoft
2007-08-31 13:37:19 0 d-------- C:\Documents and Settings\Emanuel\Application Data\DivX
2007-08-31 11:33:38 0 d-------- C:\Program Files\DivX
2007-08-31 10:49:25 0 d-------- C:\Program Files\Executive Software
2007-08-29 23:21:23 0 d-------- C:\Program Files\PartyGaming
2007-08-29 23:13:15 0 d-------- C:\Program Files\Siber Systems
2007-08-28 13:18:50 0 d-------- C:\Program Files\Magic MP3 Tagger
2007-08-14 10:40:08 55831 --a------ C:\WINDOWS\BricoPackUninst.cmd
2007-08-14 10:40:08 5804 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2007-08-14 09:35:30 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2007-08-08 16:30:12 19456 --a------ C:\WINDOWS\system32\OnlineScannerLang.dll <Not Verified; ; OnlineScanner Language Library>
2007-08-02 18:11:28 253952 --a------ C:\WINDOWS\system32\OnlineScannerDLLA.dll <Not Verified; ; OnlineScanner Dynamic Link Library>
2007-08-02 18:11:14 241664 --a------ C:\WINDOWS\system32\OnlineScannerDLLW.dll <Not Verified; ; OnlineScanner Dynamic Link Library>
2007-07-27 15:49:02 225355 --a------ C:\WINDOWS\system32\lnod32apiW.dll
2007-07-27 15:49:02 196683 --a------ C:\WINDOWS\system32\lnod32apiA.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [11/11/2005 12:05 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 04:00 AM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [06/19/2005 04:50 PM]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [12/22/2005 11:57 AM]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [08/01/2005 05:26 PM]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [10/11/2005 01:23 PM]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [12/13/2005 08:45 PM]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [03/20/2006 06:34 PM]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [02/16/2005 11:11 PM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"LogMeIn GUI"="C:\Program Files\LogMeIn\LogMeInSystray.exe" [10/06/2006 07:55 PM]
"BluetoothAuthenticationAgent"="bthprops.cpl" [08/04/2004 04:00 AM C:\WINDOWS\system32\bthprops.cpl]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [03/09/2007 06:53 PM]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [02/08/2007 01:12 AM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [10/26/2007 08:18 AM]
"DiskeeperSystray"="C:\Program Files\Executive Software\Diskeeper\DkIcon.exe" [07/26/2005 05:52 PM]
"SpiralFrog"="C:\Program Files\SpiralFrog\Spiralfrog.exe" [09/14/2007 08:58 AM]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [09/06/2007 04:14 PM]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [03/12/2007 01:49 PM]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [04/03/2007 06:29 PM]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [09/18/2005 06:40 PM]
"VisualTooltip"="C:\Program Files\VisualTooltip\VisualToolTip.exe" []
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [10/11/2007 06:35 PM]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [10/19/2007 08:19 AM]

C:\Documents and Settings\Emanuel\Start Menu\Programs\Startup\
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [3/18/2007 6:05:02 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
Bluetooth.lnk - C:\Program Files\Belkin\Bluetooth Software\BTTray.exe [8/24/2005 2:06:54 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 10/06/2006 07:56 PM 11504 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 08/14/2007 09:42 AM 176128 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk
backup=C:\WINDOWS\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Emanuel^Start Menu^Programs^Startup^palmOne Registration.lnk]
path=C:\Documents and Settings\Emanuel\Start Menu\Programs\Startup\palmOne Registration.lnk
backup=C:\WINDOWS\pss\palmOne Registration.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
"C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\manager]
"C:\Windows\System32\drivers\setup\manager.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55f9bd8a-84b6-11db-992f-0014a5ef0629}]
AutoRun\command- rundll32.exe url.dll,FileProtocolHandler LapNetWizard.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c73ca7a-7e99-11db-9928-0014a5ef0629}]
AutoRun\command- G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b2d99d6-687c-11dc-99d7-0016d443950d}]
AutoRun\command- F:\LaunchU3.exe -a

*Newly Created Service* - PGFILTER

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{86BD9109-A930-850A-C400-CB85C0CEC5E1}]
C:\WINDOWS\Bifrost\Marcel s



-- End of Deckard's System Scanner: finished at 2007-10-26 08:31:43 ------------
ELevy
Regular Member
 
Posts: 20
Joined: October 22nd, 2007, 11:17 am

Unread postby ELevy » October 26th, 2007, 8:36 am

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Turion(tm) 64 Mobile Technology ML-32
Percentage of Memory in Use: 45%
Physical Memory (total/avail): 1406.17 MiB / 772.39 MiB
Pagefile Memory (total/avail): 1832.45 MiB / 1331.63 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1918.21 MiB

C: is Fixed (NTFS) - 48.44 GiB total, 2.58 GiB free.
D: is Fixed (FAT32) - 7.42 GiB total, 0.84 GiB free.
E: is CDROM (No Media)
Y: is CDROM (No Media)
Z: is CDROM (Unformatted)

\\.\PHYSICALDRIVE0 - WDC WD600UE-22KVT0 - 55.89 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 48.44 GiB - C:
\PARTITION1 - Unknown - 7.44 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: ZoneAlarm Firewall v7.0.408.000 (Check Point, LTD.)
AV: AVG 7.5.503 v7.5.503 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink"
"C:\\Program Files\\Apache Software Foundation\\Apache2.2\\bin\\httpd.exe"="C:\\Program Files\\Apache Software Foundation\\Apache2.2\\bin\\httpd.exe:*:Enabled:Apache HTTP Server"
"C:\\Program Files\\3Com\\3CServer.exe"="C:\\Program Files\\3Com\\3CServer.exe:*:Enabled:3CServer TFTP/FTP Server"
"C:\\Program Files\\Rhapsody\\rhapsody.exe"="C:\\Program Files\\Rhapsody\\rhapsody.exe:*:Enabled:Rhapsody Media Player"
"C:\\Program Files\\Simple DNS Plus\\sdnsmain.exe"="C:\\Program Files\\Simple DNS Plus\\sdnsmain.exe:*:Disabled:Simple DNS Plus - Main server engine"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe:*:Enabled:AOL TopSpeed"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1172443356\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1172443356\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1172443356\\ee\\AOLOpenRide.exe"="C:\\Program Files\\Common Files\\AOL\\1172443356\\ee\\AOLOpenRide.exe:*:Enabled:AOL OpenRide"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Emanuel\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=COMPAQ_LAP
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Emanuel
LOGONSERVER=\\COMPAQ_LAP
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Executive Software\Diskeeper\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PCTYPE=PRESARIO
PLATFORM=MCD
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 36 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2402
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Emanuel\LOCALS~1\Temp
TMP=C:\DOCUME~1\Emanuel\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=COMPAQ_LAP
USERNAME=Emanuel
USERPROFILE=C:\Documents and Settings\Emanuel
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Emanuel (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\InstallShield Installation Information\{F37167DD-4436-4641-90B6-329D60632DDA}\Setup.exe" REMOVEALL --u:{F37167DD-4436-4641-90B6-329D60632DDA}
--> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> MsiExec.exe /I{09715083-BF10-4834-9E28-B5D8820513CA}
--> MsiExec.exe /I{1E049668-AD90-4008-B213-E20CED2324DD}
--> MsiExec.exe /I{35103A8A-E9D8-40FA-AEC7-4D138952DB30}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
a-squared Free 3.0 --> "C:\Program Files\a-squared Free\unins000.exe"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Advanced IP Scanner v1.5 --> C:\Program Files\Advanced IP Scanner\uninstal.exe
AI RoboForm (All Users) --> "C:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe"
Amazon DVD Shrinker 2.6.2 --> "C:\Program Files\Amazon DVD Shrinker\unins000.exe"
AnswerWorks 5.0 English Runtime --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}\Setup.exe" -l0x9 -uninst -removeonly
AnyDVD --> "C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
Apple Mobile Device Support --> MsiExec.exe /I{967D588C-9B96-40C9-A222-DCD6922563CA}
Athlon 64 Processor Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
Azureus --> C:\Program Files\Azureus\Uninstall.exe
Belkin Bluetooth Software --> MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CDex extraction audio --> "C:\Program Files\CDex_150\uninstall.exe"
Conexant AC-Link Audio --> C:\Program Files\CONEXANT\CNXT_AUDIO\HXFSETUP.EXE -U -ICPL309BA.INF
Customer Experience Enhancement --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033
Diskeeper Professional Edition --> MsiExec.exe /X{DBCD6910-F929-4D46-B867-3EBEA4A1D409}
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
Enhanced Sound Card Driver 6.0 --> C:\WINDOWS\iun6002.exe "C:\Program Files\Replay Radio 6\irunin.ini"
EPSON Copy Utility 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x9 -UnInstall
EPSON Scan --> C:\Program Files\epson\escndv\setup\setup.exe /r
ESET Online Scanner --> C:\WINDOWS\system32\OnlineScannerUninstaller.exe
Gizmo Plugin --> C:\Program Files\GizmoPlugin\uninstall.exe
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"
GrabIt 1.7.1 Beta (build 960) --> "C:\Program Files\GrabIt\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Help and Support --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x9 -removeonly
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HP User Guides--System Recovery --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BC96BBA7-C634-460E-AD18-A0A994213F80}\Setup.exe" -l0x9 -removeonly
HP User Guides 0025 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52AE81CB-B786-490E-93CF-240A9891B392}\setup.exe" -l0x9 -removeonly
HP Wireless Assistant 2.00 C1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x9 hpquninst
ieSpell --> "C:\Program Files\ieSpell\uninst.exe"
InsideCAT v 3.22 Lite --> "C:\Program Files\InsideCAT3\unins000.exe"
InterVideo WinDVD 8 --> C:\Program Files\InstallShield Installation Information\{20471B27-D702-4FE8-8DEC-0702CC8C0A85}\setup.exe -runfromtemp -l0x0409
IsoBuster 2.0 --> "C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Kiswin v1.0 --> "C:\Kiswin\unins000.exe"
LADSPA_plugins-win-0.4.15 --> "C:\Program Files\Audacity\Plug-Ins\unins000.exe"
LG Download VX9900 DLL --> MsiExec.exe /I{AB7F647B-FC83-4D13-9F7D-8F25539A59B5}
LGDownload Version 1.6 --> MsiExec.exe /X{D29FBBC1-5DA2-47AC-83CB-C234292F0C50}
LockerSync 3.14 Beta --> MsiExec.exe /I{8DE151A4-6692-41C2-94DA-2CEA1DE003B8}
Logitech Audio Echo Cancellation Component --> MsiExec.exe /X{BEF726DD-4037-4214-8C6A-E625C02D2870}
Logitech QuickCam --> MsiExec.exe /X{7D2370AC-D8E6-4996-986A-19824F8A167C}
Logitech Video Enumerator --> MsiExec.exe /X{EA516024-D84D-41F1-814F-83175A6188F2}
Logitech® Camera Driver --> "C:\Program Files\Common Files\LogiShrd\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
LogMeIn --> MsiExec.exe /I{BA2D4D22-0B99-4D63-BCEE-D2EA4736F27F}
Magic MP3 Tagger 2.2.4d --> "C:\Program Files\Magic MP3 Tagger\unins000.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Miranda IM --> C:\Program Files\Miranda IM\uninstall.exe
Motorola Software Update --> MsiExec.exe /I{E9556809-6831-4F42-9997-DE66654D44B1}
Mozilla Firefox (2.0.0.8) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP3Boss --> "C:\Program Files\OPAL Network\MP3Boss\uninstall.exe" C:\PROGRA~1\OPALNE~1\MP3Boss\install.log
Musikapa --> "C:\Program Files\EleFun Multimedia\Musikapa\unins000.exe"
muvee autoProducer 4.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{286F29AF-0BE2-4D5F-AB17-B7631A810553}\setup.exe" -l0x9
MVision --> MsiExec.exe /I{35725FBC-A136-4A46-9F29-091759D9BB93}
Nero 7 Ultra Edition --> MsiExec.exe /I{43FFE159-3199-4188-A1CD-629166AD1033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Office 2003 Trial Assistant --> MsiExec.exe /I{47D2103B-FD51-4017-9C20-DD408B17D726}
Pack Vista Inspirat 2 1.0 --> C:\WINDOWS\BricoPacks\Vista Inspirat 2\Remove.exe
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
PandoraBrowse 1.0 --> "C:\Program Files\PandoraBrowse\unins000.exe"
PartyPoker --> "C:\Program Files\PartyGaming\PartyPoker\Uninstall.exe" "C:\Program Files\PartyGaming\PartyPoker\install.log"
PeerGuardian 2.0 --> "C:\Program Files\PeerGuardian2\unins000.exe"
PrimoPDF --> "C:\WINDOWS\PrimoPDF\uninstall.exe" "/U:C:\Program Files\activePDF\PrimoPDF\Uninstall\uninstall.xml"
PrimoPDF Redistribution Package --> MsiExec.exe /I{885744A4-1A01-44B0-858A-0AE6738CBCF7}
QPST --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{31228E31-2BFF-11D2-8866-00805F0D9D40}\Setup.exe" -uninst
Quick Launch Buttons 5.20 G1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEB326EC-8F40-47B2-BA22-BB092565D66F}\setup.exe" -l0x9 -uninst
Quicken 2008 --> MsiExec.exe /X{3B0F52AC-EF5C-4831-B221-06C782E41280}
QuickPar 0.9 --> C:\Program Files\QuickPar\uninst.exe
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Replay AV 8 --> C:\WINDOWS\iun6002.exe "C:\Program Files\Replay AV 8\uninstall8.ini"
Replay Music 2.51 --> C:\WINDOWS\iun6002.exe "C:\Program Files\Replay Music 2\irunin.ini"
Rhapsody --> C:\PROGRA~1\Rhapsody\Unwise32.exe /A C:\PROGRA~1\Rhapsody\INSTALL.LOG
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
ShufflePlay 2.74 --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\ShufflePlay2\ST6UNST.LOG"
Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_1002&DEV_4378\HXFSETUP.EXE -U -Icpl309bk.inf
SpiralFrog Download Manager 0.8.23 --> MsiExec.exe /X{95738B44-49CF-4C62-A620-320F1007B14A}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Tetpic 4000(v2.6 Full Version) --> c:\Program Files\ElefunMultimedia\Tetpic 4000(v2.6 Full Version)\uninstal.exe
Texas Instruments PCIxx21/x515/xx12 drivers. --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A} /l1033
UseNeXT --> "C:\Program Files\UseNeXT\unins000.exe"
VideoLAN VLC media player 0.8.6b --> C:\Program Files\VideoLAN\VLC\uninstall.exe
VisDir Free Disk Space Finder v 1.2 --> "C:\Program Files\VisDir\unins000.exe"
VMware Server --> MsiExec.exe /I{FEE84D71-7FF0-46C1-AED4-1BD821D53A9F}
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
WindowBlinds --> C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\UNWISE.EXE C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\INSTALL.LOG
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinPcap 3.1 --> C:\Program Files\WinPcap\uninstall.exe
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Wireless Home Network Setup --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{09D8492A-C8E2-421E-927D-46800FB327A3}\Setup.exe" -l0x9 -removeonly
XQDC X-Setup Pro 9.0.100 --> "C:\Program Files\X-Setup Pro\unins000.exe"
ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type5629 / Error
Event Submitted/Written: 10/26/2007 08:19:49 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20071.816, faulting module firefox.exe, version 1.8.20071.816, fault address 0x00024984.
Processing media-specific event for [firefox.exe!ws!]

Event Record #/Type5627 / Warning
Event Submitted/Written: 10/26/2007 08:15:07 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{7D2370AC-D8E6-4996-986A-19824F8A167C}', feature 'QuickCam' failed during request for component '{C207503F-9631-4AF6-8CD2-D11260DBA3C5}'

Event Record #/Type5626 / Warning
Event Submitted/Written: 10/26/2007 08:15:07 AM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{7D2370AC-D8E6-4996-986A-19824F8A167C}', feature 'QuickCam', component '{B52C7B4D-F46F-438C-ADF2-05A138C57757}' failed. The resource 'HKEY_CURRENT_USER\Software\Logitech\QuickCam10\DesktopShortcutKey' does not exist.

Event Record #/Type5625 / Warning
Event Submitted/Written: 10/26/2007 08:15:07 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{7D2370AC-D8E6-4996-986A-19824F8A167C}', feature 'QuickCam' failed during request for component '{C207503F-9631-4AF6-8CD2-D11260DBA3C5}'

Event Record #/Type5624 / Warning
Event Submitted/Written: 10/26/2007 08:15:07 AM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{7D2370AC-D8E6-4996-986A-19824F8A167C}', feature 'QuickCam', component '{B52C7B4D-F46F-438C-ADF2-05A138C57757}' failed. The resource 'HKEY_CURRENT_USER\Software\Logitech\QuickCam10\DesktopShortcutKey' does not exist.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type21204 / Error
Event Submitted/Written: 10/22/2007 10:56:53 AM
Event ID/Source: 29 / W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Event Record #/Type21203 / Error
Event Submitted/Written: 10/22/2007 10:56:53 AM
Event ID/Source: 17 / W32Time
Event Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Event Record #/Type21196 / Error
Event Submitted/Written: 10/22/2007 10:54:01 AM
Event ID/Source: 29 / W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Event Record #/Type21195 / Error
Event Submitted/Written: 10/22/2007 10:54:01 AM
Event ID/Source: 17 / W32Time
Event Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Event Record #/Type21193 / Error
Event Submitted/Written: 10/22/2007 10:53:56 AM
Event ID/Source: 7011 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for a transaction response from the Netman service.



-- End of Deckard's System Scanner: finished at 2007-10-26 08:31:43 ------------
ELevy
Regular Member
 
Posts: 20
Joined: October 22nd, 2007, 11:17 am

Unread postby Katana » October 26th, 2007, 8:42 am

ELevy wrote:I was unable to find C:\Program Files\Common Files\System\Dllhost.exe


Did you Copy/Paste the file name, or search for the file ?

System Drive C: has 2.58 GiB (less than 15%) free.

This could be causing you problems, your hard disc is almost full
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Unread postby ELevy » October 26th, 2007, 8:48 am

katana wrote:
ELevy wrote:I was unable to find C:\Program Files\Common Files\System\Dllhost.exe


Did you Copy/Paste the file name, or search for the file ?

System Drive C: has 2.58 GiB (less than 15%) free.

This could be causing you problems, your hard disc is almost full


I copied and pasted it and the site said it could not upload the file. if i look in the folder it's not there.
ELevy
Regular Member
 
Posts: 20
Joined: October 22nd, 2007, 11:17 am

Unread postby Katana » October 26th, 2007, 8:56 am

Show All Files And Folders
Now you need to show all files and folders
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck Hide file extensions for known file types
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.


Have a look for the file now.

Kaspersky Online Scanner .

Go Here http://www.kaspersky.com/virusscanner

Read the Requirements and limitations before you click Accept.
Allow the ActiveX download if necessary
Once the database has downloaded, click Next.
Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
Click on "My Computer" and then put the kettle on!
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
Please post the Kaspersky log in your reply.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Unread postby ELevy » October 26th, 2007, 9:32 am

About to start the scan now
ELevy
Regular Member
 
Posts: 20
Joined: October 22nd, 2007, 11:17 am

Unread postby ELevy » October 26th, 2007, 12:32 pm

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, October 26, 2007 11:59:22 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 26/10/2007
Kaspersky Anti-Virus database records: 446581
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
Y:\
Z:\

Scan Statistics:
Total number of scanned objects: 77578
Number of viruses found: 7
Number of infected objects: 21
Number of suspicious objects: 0
Duration of the scan process: 02:22:41

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\muvee Technologies\030625\0102\0314\values Object is locked skipped
C:\Documents and Settings\All Users\Application Data\VMware\vmnetdhcp.leases Object is locked skipped
C:\Documents and Settings\Emanuel\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Emanuel\Desktop\Anti-Malware\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Emanuel\Desktop\Anti-Malware\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Emanuel\Desktop\Anti-Malware\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\Emanuel\Desktop\kf151.zip/keyfinder.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Documents and Settings\Emanuel\Desktop\kf151.zip/keyfinder.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Documents and Settings\Emanuel\Desktop\kf151.zip/keyfinder.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Documents and Settings\Emanuel\Desktop\kf151.zip ZIP: infected - 3 skipped
C:\Documents and Settings\Emanuel\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped
C:\Documents and Settings\Emanuel\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped
C:\Documents and Settings\Emanuel\Local Settings\Application Data\ApplicationHistory\Spiralfrog.exe.6f996b7a.ini.inuse Object is locked skipped
C:\Documents and Settings\Emanuel\Local Settings\Application Data\Identities\{445BA929-0754-421E-B2F9-D5F440A69141}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped
C:\Documents and Settings\Emanuel\Local Settings\Application Data\Identities\{445BA929-0754-421E-B2F9-D5F440A69141}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped
C:\Documents and Settings\Emanuel\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Emanuel\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Emanuel\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Emanuel\Local Settings\History\History.IE5\MSHist012007102620071027\index.dat Object is locked skipped
C:\Documents and Settings\Emanuel\Local Settings\Temp\~DFFB35.tmp Object is locked skipped
C:\Documents and Settings\Emanuel\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Emanuel\My Documents\Azureus Downloads\Network Tools\VNC\realvnc-4_1_2-x86_win32.exe/file1 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Documents and Settings\Emanuel\My Documents\Azureus Downloads\Network Tools\VNC\realvnc-4_1_2-x86_win32.exe/file2 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Documents and Settings\Emanuel\My Documents\Azureus Downloads\Network Tools\VNC\realvnc-4_1_2-x86_win32.exe/file3 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Documents and Settings\Emanuel\My Documents\Azureus Downloads\Network Tools\VNC\realvnc-4_1_2-x86_win32.exe/file5 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Documents and Settings\Emanuel\My Documents\Azureus Downloads\Network Tools\VNC\realvnc-4_1_2-x86_win32.exe Inno: infected - 4 skipped
C:\Documents and Settings\Emanuel\My Documents\Azureus Downloads\Network Tools\VNC\tightvnc-1.2.9-setup.exe/data0002 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.h skipped
C:\Documents and Settings\Emanuel\My Documents\Azureus Downloads\Network Tools\VNC\tightvnc-1.2.9-setup.exe/data0003 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b skipped
C:\Documents and Settings\Emanuel\My Documents\Azureus Downloads\Network Tools\VNC\tightvnc-1.2.9-setup.exe Inno: infected - 2 skipped
C:\Documents and Settings\Emanuel\My Documents\Azureus Downloads\Vista Transformation Pack 7.0.exe/WISE0030.BIN Infected: not-a-virus:RiskTool.Win32.PsKill.e skipped
C:\Documents and Settings\Emanuel\My Documents\Azureus Downloads\Vista Transformation Pack 7.0.exe WiseSFX: infected - 1 skipped
C:\Documents and Settings\Emanuel\My Documents\SpiralFrog\trace.log Object is locked skipped
C:\Documents and Settings\Emanuel\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Emanuel\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\LogMeIn\LMIinit.dll Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped
C:\Program Files\LogMeIn\ramaint.exe Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped
C:\Program Files\PeerGuardian2\history.db Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP4\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\COMPAQ_LAP.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SF5D54239.tmp Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{469FBCE0-6F9D-47C7-BCBF-8B56F15146B9}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LMIinit.dll Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\pskill.exe Infected: not-a-virus:RiskTool.Win32.PsKill.e skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_1ec.dat Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_3a8.dat Object is locked skipped
C:\WINDOWS\Temp\vmware-serverd.log Object is locked skipped
C:\WINDOWS\Temp\vmware-vmount.log Object is locked skipped
C:\WINDOWS\Temp\ZLT035c4.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT07be3.TMP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
ELevy
Regular Member
 
Posts: 20
Joined: October 22nd, 2007, 11:17 am

Unread postby ELevy » October 26th, 2007, 12:32 pm

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, October 26, 2007 12:01:32 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 26/10/2007
Kaspersky Anti-Virus database records: 446581
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
Y:\
Z:\

Scan Statistics:
Total number of scanned objects: 77578
Number of viruses found: 7
Number of infected objects: 21
Number of suspicious objects: 0
Duration of the scan process: 02:22:41

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\muvee Technologies\030625\0102\0314\values Object is locked skipped
C:\Documents and Settings\All Users\Application Data\VMware\vmnetdhcp.leases Object is locked skipped
C:\Documents and Settings\Emanuel\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Emanuel\Desktop\Anti-Malware\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Emanuel\Desktop\Anti-Malware\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Emanuel\Desktop\Anti-Malware\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\Emanuel\Desktop\kf151.zip/keyfinder.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Documents and Settings\Emanuel\Desktop\kf151.zip/keyfinder.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Documents and Settings\Emanuel\Desktop\kf151.zip/keyfinder.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Documents and Settings\Emanuel\Desktop\kf151.zip ZIP: infected - 3 skipped
C:\Documents and Settings\Emanuel\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped
C:\Documents and Settings\Emanuel\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped
C:\Documents and Settings\Emanuel\Local Settings\Application Data\ApplicationHistory\Spiralfrog.exe.6f996b7a.ini.inuse Object is locked skipped
C:\Documents and Settings\Emanuel\Local Settings\Application Data\Identities\{445BA929-0754-421E-B2F9-D5F440A69141}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped
C:\Documents and Settings\Emanuel\Local Settings\Application Data\Identities\{445BA929-0754-421E-B2F9-D5F440A69141}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped
C:\Documents and Settings\Emanuel\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Emanuel\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Emanuel\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Emanuel\Local Settings\History\History.IE5\MSHist012007102620071027\index.dat Object is locked skipped
C:\Documents and Settings\Emanuel\Local Settings\Temp\~DFFB35.tmp Object is locked skipped
C:\Documents and Settings\Emanuel\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Emanuel\My Documents\Azureus Downloads\Network Tools\VNC\realvnc-4_1_2-x86_win32.exe/file1 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Documents and Settings\Emanuel\My Documents\Azureus Downloads\Network Tools\VNC\realvnc-4_1_2-x86_win32.exe/file2 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Documents and Settings\Emanuel\My Documents\Azureus Downloads\Network Tools\VNC\realvnc-4_1_2-x86_win32.exe/file3 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Documents and Settings\Emanuel\My Documents\Azureus Downloads\Network Tools\VNC\realvnc-4_1_2-x86_win32.exe/file5 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Documents and Settings\Emanuel\My Documents\Azureus Downloads\Network Tools\VNC\realvnc-4_1_2-x86_win32.exe Inno: infected - 4 skipped
C:\Documents and Settings\Emanuel\My Documents\Azureus Downloads\Network Tools\VNC\tightvnc-1.2.9-setup.exe/data0002 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.h skipped
C:\Documents and Settings\Emanuel\My Documents\Azureus Downloads\Network Tools\VNC\tightvnc-1.2.9-setup.exe/data0003 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b skipped
C:\Documents and Settings\Emanuel\My Documents\Azureus Downloads\Network Tools\VNC\tightvnc-1.2.9-setup.exe Inno: infected - 2 skipped
C:\Documents and Settings\Emanuel\My Documents\Azureus Downloads\Vista Transformation Pack 7.0.exe/WISE0030.BIN Infected: not-a-virus:RiskTool.Win32.PsKill.e skipped
C:\Documents and Settings\Emanuel\My Documents\Azureus Downloads\Vista Transformation Pack 7.0.exe WiseSFX: infected - 1 skipped
C:\Documents and Settings\Emanuel\My Documents\SpiralFrog\trace.log Object is locked skipped
C:\Documents and Settings\Emanuel\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Emanuel\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\LogMeIn\LMIinit.dll Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped
C:\Program Files\LogMeIn\ramaint.exe Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped
C:\Program Files\PeerGuardian2\history.db Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP4\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\COMPAQ_LAP.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SF5D54239.tmp Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{469FBCE0-6F9D-47C7-BCBF-8B56F15146B9}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LMIinit.dll Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\pskill.exe Infected: not-a-virus:RiskTool.Win32.PsKill.e skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_1ec.dat Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_3a8.dat Object is locked skipped
C:\WINDOWS\Temp\vmware-serverd.log Object is locked skipped
C:\WINDOWS\Temp\vmware-vmount.log Object is locked skipped
C:\WINDOWS\Temp\ZLT035c4.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT07be3.TMP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
ELevy
Regular Member
 
Posts: 20
Joined: October 22nd, 2007, 11:17 am

Unread postby Katana » October 26th, 2007, 1:48 pm

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Azureus

I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.


My recommendation is you go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).
Please note: you must NOT use this whilst we are cleaning your machine.

I presume that you want to keep the LogMeIn and VNC programs ??

This file needs deleting
C:\Documents and Settings\Emanuel\Desktop\kf151.zip

None of these items should be causing your problems.

Fix With HJT
Close all other windows and then start HiJack This
Click Do A System Scan Only
When it has finished scanning put a check next to the following lines
O23 - Service: COM+ System Application Manage (COM+ System Manager) - Unknown owner - C:\Program Files\Common Files\System\Dllhost.exe (file missing)

- Close ALL open windows (especially Internet Explorer!)-
Now click Fix checked
Click yes to any prompts
Close HijackThis

Are you running VMWare ??
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Unread postby ELevy » October 26th, 2007, 1:57 pm

katana wrote:IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Azureus

I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.


My recommendation is you go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).
Please note: you must NOT use this whilst we are cleaning your machine.

I presume that you want to keep the LogMeIn and VNC programs ??

This file needs deleting
C:\Documents and Settings\Emanuel\Desktop\kf151.zip

None of these items should be causing your problems.

Fix With HJT
Close all other windows and then start HiJack This
Click Do A System Scan Only
When it has finished scanning put a check next to the following lines
O23 - Service: COM+ System Application Manage (COM+ System Manager) - Unknown owner - C:\Program Files\Common Files\System\Dllhost.exe (file missing)

- Close ALL open windows (especially Internet Explorer!)-
Now click Fix checked
Click yes to any prompts
Close HijackThis

Are you running VMWare ??


I will remove Azureus. I undersand the reasons you do not want it or any P2P software to be on the system while trying to clean it. I do need VNC and LogMeIn occasionally to assist some people. VMWare is run infrequently and is not being used at the present time.
ELevy
Regular Member
 
Posts: 20
Joined: October 22nd, 2007, 11:17 am

Unread postby ELevy » October 26th, 2007, 2:08 pm

New Hijack this Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:07:24 PM, on 10/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\GizmoPlugin\GizmoPlugin.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VMware\VMware Server\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\SpiralFrog\Spiralfrog.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE
C:\Documents and Settings\Emanuel\Desktop\Anti-Malware\Emanuel.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [SpiralFrog] C:\Program Files\SpiralFrog\Spiralfrog.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [VisualTooltip] C:\Program Files\VisualTooltip\VisualToolTip.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=laptop
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h20278.www2.hp.com/HPISWeb/Custo ... anager.CAB
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.faces.com/Common/Controls/Ac ... oader3.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C7625C1-35A7-44FD-8C0B-31698B88F545}: Domain = levy.lan
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: COM+ System Application Manage (COM+ System Manager) - Unknown owner - C:\Program Files\Common Files\System\Dllhost.exe (file missing)
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Gizmo VoIP Service (Gizmo Plugin) - SIPphone, Inc. - C:\Program Files\GizmoPlugin\GizmoPlugin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware Registration Service (vmserverdWin32) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 14477 bytes
ELevy
Regular Member
 
Posts: 20
Joined: October 22nd, 2007, 11:17 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 21 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware