Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

error loading C:\WINDOWS\system32\vtsqn.dll

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

error loading C:\WINDOWS\system32\vtsqn.dll

Unread postby Kristoff » November 21st, 2007, 7:30 am

I'm running Windows Vista, had lots of Spyware such as a "Security Toolbar 7.1" or something, and lots of alerts popping up. I ran Super Anti Spyware and removed the offending items, have checked my system with SpyNoMore and it has gone. Only problem now is i'm getting an error when starting Vista:

"error loading C:\WINDOWS\system32\vtsqn.dll"

Here is my log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:16:55, on 21/11/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {11926E4A-BECE-4512-B77C-23A3D2B2481A} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SNM] "C:\Program Files\SpyNoMore\SNM.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\WINDOWS\system32\vtsqn.dll,c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - http://www.update.microsoft.com/windows ... 3416061234
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00A80AD.dat
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 5598 bytes


Thank you.
Kristoff
Active Member
 
Posts: 3
Joined: November 21st, 2007, 7:24 am
Advertisement
Register to Remove

Re: error loading C:\WINDOWS\system32\vtsqn.dll

Unread postby silver » November 26th, 2007, 12:08 am

Hi Kristoff,

Please highlight and copy (Ctrl-C) the following command (it's one long command), press Start then paste (Ctrl-V) it into the search box and press Enter to execute it:
cmd /c dir /a /s c:\__c*.dat >> "%userprofile%\desktop\look.txt"
A black box will open and a file will appear on your Desktop called look.txt. Please wait until the black box closes before doing anything else.

Then, repeat with this command:
cmd /c dir /a C:\WINDOWS\system32\vtsqn.dll >> "%userprofile%\desktop\look.txt"
Again a black box will appear, please wait until it closes before opening look.txt. Post the contents of look.txt in your next response.

Download Deckard's System Scanner (DSS)
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  • Make sure Format->Word Wrap is unchecked
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your reply

Once complete, please post the look.txt output and both DSS logs, you won't need to produce a new HijackThis log as DSS produces one for you.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Re: error loading C:\WINDOWS\system32\vtsqn.dll

Unread postby silver » December 1st, 2007, 3:01 am

Hi,

Do you still need help with your machine?

If the instructions are unclear or something isn't working, please let me know before proceeding.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Re: error loading C:\WINDOWS\system32\vtsqn.dll

Unread postby silver » December 3rd, 2007, 10:17 pm

This topic is now closed due to inactivity. If you wish it to be reopened, please send an email to 'admin at malwareremoval.com' with a link to your thread.

If it has been 10 days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, this topic will not be reopened. If you still require help, please start a new topic and include a fresh HijackThis log and a link to this thread in your new topic.

You can help support this site from this link :
Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

ATTN Silver RE:error loading C:\WINDOWS\system32\vtsqn.dll

Unread postby Kristoff » December 5th, 2007, 12:03 pm

Sorry, I have been away and didnt get chance to do the instructions:

Re: viewtopic.php?f=12&t=25492&p=239254#p239254

look.txt:

Volume in drive C has no label.
Volume Serial Number is AC31-955E
Volume in drive C has no label.
Volume Serial Number is AC31-955E

Directory of C:\WINDOWS\system32



main.txt:

Deckard's System Scanner v20071014.68
Run by Kristoff on 2007-12-05 15:39:05
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
11: 2007-12-05 13:34:56 UTC - RP31 - Installed AVG 7.5
10: 2007-12-02 20:31:43 UTC - RP30 - Scheduled Checkpoint
9: 2007-12-01 08:43:59 UTC - RP29 - Windows Update
8: 2007-11-29 21:52:21 UTC - RP28 - Installed Macromedia Dreamweaver 8
7: 2007-11-28 11:02:11 UTC - RP27 - Windows Update


-- First Restore Point --
1: 2007-11-23 19:50:56 UTC - RP20 - Device Driver Package Install: Microsoft Microsoft Common Controller For Windows Class


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 1022 MiB (1024 MiB recommended).


-- HijackThis (run as Kristoff.exe) --------------------------------------------

logfile has no content; running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-12-05 15:40:19
Platform: Windows Vista (6.00.6000)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\System32\dwm.exe
C:\Windows\System32\taskeng.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\SearchFilterHost.exe
C:\Users\Kristoff\Documents\Downloads\dss.exe
C:\Program Files\Trend Micro\HijackThis\Kristoff.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.winningelevenblog.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {11926E4A-BECE-4512-B77C-23A3D2B2481A} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SNM] "C:\Program Files\SpyNoMore\SNM.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\WINDOWS\system32\vtsqn.dll,c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} () - http://www.update.microsoft.com/windows ... 3416061234
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shoc ... wflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00A80AD.dat
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgwlntf - C:\Windows\system32\avgwlntf.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATI Smart - Unknown owner - C:\Windows\System32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgrssvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - C:\Program Files\Nero\Nero8\Nero
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe


--
End of file - 7382 bytes

-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe",2


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SASDIFSV - \??\c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - \??\c:\program files\superantispyware\saskutil.sys
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R1 StarOpen - c:\windows\system32\drivers\staropen.sys
R3 3xHybrid (Philips SAA713x PCI Card) - c:\windows\system32\drivers\3xhybrid.sys <Not Verified; Philips Semiconductors GmbH; Philips Semiconductors 3xHybrid>

S3 SASENUM - \??\c:\program files\superantispyware\sasenum.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 CLCapSvc (CyberLink Background Capture Service (CBCS)) - "c:\program files\home cinema\powercinema\kernel\tv\clcapsvc.exe" <Not Verified; ; CLCapSvc Module>
R2 CLSched (CyberLink Task Scheduler (CTS)) - "c:\program files\home cinema\powercinema\kernel\tv\clsched.exe" <Not Verified; ; CLSched Module>
R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe
R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>

S2 CyberLink Media Library Service - "c:\program files\home cinema\powercinema\kernel\clml_ntservice\clmlserver.exe" <Not Verified; Cyberlink; Cyberlink Media Library Server>
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 WLSetupSvc (Windows Live Setup Service) - "c:\program files\windows live\installer\wlsetupsvc.exe" <Not Verified; Microsoft Corporation; Windows Live installer>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00000002-0000-1000-8000-0002EE000002}_VID&00000000_PID&C039\7&4BE3142&0&001963EC9BCC_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00000002-0000-1000-8000-0002EE000002}_VID&00000000_PID&C039\7&4BE3142&0&001963EC9BCC_C00000000
Service:


-- Scheduled Tasks -------------------------------------------------------------

2007-11-29 19:03:05 284 --a------ C:\Windows\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-11-05 and 2007-12-05 -----------------------------

2007-12-05 13:35:23 0 d-------- C:\Users\All Users\Grisoft
2007-12-04 00:30:44 0 d-------- C:\Users\All Users\Avg7
2007-12-04 00:21:35 0 d-------- C:\Updates
2007-12-03 22:58:51 766464 --a------ C:\Windows\system32\Fireside_Christmas_3D_Screensaver.scr <Not Verified; 3Planesoft; Fireside Christmas 3D Screensaver>
2007-12-03 22:58:51 8421376 --a------ C:\Windows\system32\Fireside Christmas 3D Screensaver.exe <Not Verified; 3Planesoft; Fireside Christmas 3D Screensaver>
2007-12-03 22:58:51 0 d-------- C:\Program Files\Fireside Christmas 3D Screensaver
2007-12-03 22:56:52 780288 --a------ C:\Windows\system32\Fireplace_3D_Screensaver.scr <Not Verified; 3Planesoft; Fireplace 3D Screensaver>
2007-12-03 22:56:52 3451392 --a------ C:\Windows\system32\Fireplace 3D Screensaver.exe <Not Verified; 3Planesoft; Fireplace 3D Screensaver>
2007-12-03 22:56:52 0 d-------- C:\Program Files\Fireplace 3D Screensaver
2007-12-03 22:56:17 799744 --a------ C:\Windows\system32\Tropical_Fish_3D_Screensaver.scr <Not Verified; 3Planesoft; Tropical Fish 3D Screensaver>
2007-12-03 22:56:17 7265792 --a------ C:\Windows\system32\Tropical Fish 3D Screensaver.exe <Not Verified; 3Planesoft; Tropical Fish 3D Screensaver>
2007-12-03 22:56:17 0 d-------- C:\Program Files\Tropical Fish 3D Screensaver
2007-12-03 22:55:43 413696 --a------ C:\Windows\system32\3Planesoft_Screensaver_Manager.scr <Not Verified; 3Planesoft; 3Planesoft Screensaver Manager>
2007-12-03 22:55:43 0 d-------- C:\Windows\system32\3Planesoft
2007-12-03 22:55:43 0 d-------- C:\Program Files\3Planesoft Screensaver Manager
2007-12-03 22:55:40 8933376 --a------ C:\Windows\system32\Watermill 3D Screensaver.exe <Not Verified; 3Planesoft; Watermill 3D Screensaver>
2007-12-03 22:55:39 782848 --a------ C:\Windows\system32\Watermill_3D_Screensaver.scr <Not Verified; 3Planesoft; Watermill 3D Screensaver>
2007-12-03 22:55:39 0 d-------- C:\Program Files\Watermill 3D Screensaver
2007-12-03 22:01:20 32 --a------ C:\Windows\go
2007-12-03 22:01:17 0 d-------- C:\Windows\vf_hip
2007-12-03 22:01:16 0 d-------- C:\Program Files\Hide IP Platinum
2007-12-02 00:06:06 0 d-------- C:\Program Files\High-Logic
2007-11-23 20:11:00 0 d-------- C:\Users\All Users\Nero
2007-11-23 20:11:00 0 d-------- C:\Program Files\Common Files\Nero
2007-11-23 16:02:19 0 d-------- C:\Windows\system32\E177E04D548C4006A465EEB92D3DE021
2007-11-23 16:01:44 0 d-------- C:\Users\All Users\Ipswitch
2007-11-23 16:01:41 0 d-------- C:\Program Files\Ipswitch
2007-11-23 14:47:44 0 d-------- C:\Program Files\DVDlabPro2
2007-11-23 00:51:48 32 --a------ C:\Users\All Users\ezsid.dat
2007-11-22 20:55:03 0 d-------- C:\Users\Kristoff\Fonts
2007-11-22 20:45:40 0 d-------- C:\Users\All Users\Adobe Systems
2007-11-22 20:28:41 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-11-22 11:59:22 0 d-------- C:\Program Files\PSCS2
2007-11-21 11:16:23 0 d-------- C:\Program Files\Trend Micro
2007-11-20 21:52:42 0 d--hs---- C:\Users\Mcx1\Templates
2007-11-20 21:52:42 0 d--hs---- C:\Users\Mcx1\Start Menu
2007-11-20 21:52:42 0 d--hs---- C:\Users\Mcx1\SendTo
2007-11-20 21:52:42 0 d--hs---- C:\Users\Mcx1\Recent
2007-11-20 21:52:42 0 d--hs---- C:\Users\Mcx1\PrintHood
2007-11-20 21:52:42 0 d--hs---- C:\Users\Mcx1\NetHood
2007-11-20 21:52:42 0 d--hs---- C:\Users\Mcx1\My Documents
2007-11-20 21:52:42 0 d--hs---- C:\Users\Mcx1\Local Settings
2007-11-20 21:52:42 0 d--hs---- C:\Users\Mcx1\Cookies
2007-11-20 21:52:42 0 d--hs---- C:\Users\Mcx1\Application Data
2007-11-20 21:52:41 0 dr------- C:\Users\Mcx1\Videos
2007-11-20 21:52:41 0 d-------- C:\Users\Mcx1\Saved Games
2007-11-20 21:52:41 0 dr------- C:\Users\Mcx1\Pictures
2007-11-20 21:52:41 0 dr------- C:\Users\Mcx1\Music
2007-11-20 21:52:41 0 dr------- C:\Users\Mcx1\Links
2007-11-20 21:52:41 0 dr------- C:\Users\Mcx1\Favorites
2007-11-20 21:52:41 0 dr------- C:\Users\Mcx1\Downloads
2007-11-20 21:52:41 0 dr------- C:\Users\Mcx1\Documents
2007-11-20 21:52:41 0 dr------- C:\Users\Mcx1\Desktop
2007-11-20 21:52:41 0 d--h----- C:\Users\Mcx1\AppData
2007-11-20 21:52:40 524288 --a------ C:\Users\Mcx1\NTUSER.DAT
2007-11-20 21:08:05 0 d-------- C:\Windows\Panther
2007-11-20 21:06:07 0 d-------- C:\Windows\system32\OEM
2007-11-20 21:06:07 59 --a------ C:\Windows\DELL_VERSION
2007-11-20 20:57:15 0 d--h----- C:\$WINDOWS.~Q
2007-11-20 20:53:22 0 d--h----- C:\$INPLACE.~TR
2007-11-20 18:17:47 0 d-------- C:\Program Files\Frameworkx
2007-11-20 17:21:32 0 d-------- C:\Program Files\MSXML 4.0
2007-11-20 15:27:42 0 d-------- C:\Program Files\PowerISO
2007-11-20 14:53:51 0 d-------- C:\Users\All Users\SUPERAntiSpyware.com
2007-11-20 14:52:52 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-11-20 14:51:36 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-20 14:10:54 0 d-------- C:\Windows\PCHEALTH
2007-11-20 14:07:48 0 dr------- C:\Users\Kristoff\Searches
2007-11-20 14:05:58 171136 -rahs---- C:\grldr
2007-11-20 13:53:36 22668 --a------ C:\Windows\system32\emptyregdb.dat
2007-11-20 13:19:25 0 dr------- C:\Users\Kristoff\Videos
2007-11-20 13:19:25 0 d--hs---- C:\Users\Kristoff\Templates
2007-11-20 13:19:25 0 d--hs---- C:\Users\Kristoff\Start Menu
2007-11-20 13:19:25 0 d--hs---- C:\Users\Kristoff\SendTo
2007-11-20 13:19:25 0 dr------- C:\Users\Kristoff\Saved Games
2007-11-20 13:19:25 0 d--hs---- C:\Users\Kristoff\Recent
2007-11-20 13:19:25 0 d--h----- C:\Users\Kristoff\PrintHood
2007-11-20 13:19:25 0 dr------- C:\Users\Kristoff\Pictures
2007-11-20 13:19:25 2359296 --ahs---- C:\Users\Kristoff\ntuser.dat
2007-11-20 13:19:25 0 d--hs---- C:\Users\Kristoff\NetHood
2007-11-20 13:19:25 0 d--hs---- C:\Users\Kristoff\My Documents
2007-11-20 13:19:25 0 dr------- C:\Users\Kristoff\Music
2007-11-20 13:19:25 0 d--h----- C:\Users\Kristoff\Local Settings
2007-11-20 13:19:25 0 dr------- C:\Users\Kristoff\Links
2007-11-20 13:19:25 0 dr------- C:\Users\Kristoff\Favorites
2007-11-20 13:19:25 0 dr------- C:\Users\Kristoff\Downloads
2007-11-20 13:19:25 0 dr------- C:\Users\Kristoff\Documents
2007-11-20 13:19:25 0 dr------- C:\Users\Kristoff\Desktop
2007-11-20 13:19:25 0 d--hs---- C:\Users\Kristoff\Cookies
2007-11-20 13:19:25 0 d--hs---- C:\Users\Kristoff\Application Data
2007-11-20 13:19:25 0 d--h----- C:\Users\Kristoff\AppData
2007-11-20 13:17:55 0 d-------- C:\Windows\system32\URTTEMP
2007-11-20 13:17:48 0 d--hs---- C:\Windows\Installer
2007-11-20 13:14:59 2428 --a------ C:\Windows\bthservsdp.dat
2007-11-20 13:14:28 0 --a------ C:\Windows\system32\atiicdxx.dat
2007-11-20 13:14:17 882688 -ra------ C:\Windows\system32\drivers\3xHybrid.sys <Not Verified; Philips Semiconductors GmbH; Philips Semiconductors 3xHybrid>
2007-11-20 13:14:17 3072 -ra------ C:\Windows\system32\34CoInstaller.dll
2007-11-20 13:12:33 0 d-------- C:\Windows\Debug
2007-11-20 13:12:33 0 d-------- C:\Windows\CSC
2007-11-20 13:09:22 0 d-------- C:\Windows\Prefetch
2007-11-20 12:49:24 0 d--hs---- C:\Boot
2007-11-20 08:13:33 1152 --a------ C:\Windows\system32\windrv.sys
2007-11-16 12:44:38 0 d-------- C:\Program Files\Skype
2007-11-16 12:44:38 0 d-------- C:\Program Files\Common Files\Skype
2007-11-16 12:44:29 0 d-------- C:\Users\All Users\Skype
2007-11-14 19:09:11 0 d-------- C:\Program Files\Google
2007-11-12 23:18:02 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2007-11-12 23:17:55 0 d-------- C:\Program Files\Windows Live
2007-11-12 23:17:47 0 d-------- C:\Users\All Users\WLInstaller
2007-11-10 15:33:14 0 d-------- C:\Program Files\VirtualDJ
2007-11-08 22:40:10 0 d-------- C:\Program Files\iPod
2007-11-08 22:40:07 0 d-------- C:\Program Files\iTunes
2007-11-08 17:26:39 40 --a------ C:\Users\Kristoff\language.dat
2007-11-06 15:35:10 0 d-------- C:\Users\All Users\Macromedia
2007-11-06 15:35:04 0 d-------- C:\Program Files\Common Files\Macromedia
2007-11-06 15:35:03 0 d-------- C:\Program Files\Macromedia


-- Find3M Report ---------------------------------------------------------------

2007-12-05 13:54:55 0 d-------- C:\Users\Kristoff\AppData\Roaming\AVG7
2007-12-04 15:35:11 0 d-------- C:\Users\Kristoff\AppData\Roaming\Skype
2007-12-04 15:35:08 0 d-------- C:\Users\Kristoff\AppData\Roaming\skypePM
2007-12-04 00:13:34 0 d-------- C:\Users\Kristoff\AppData\Roaming\Azureus
2007-11-29 21:57:54 0 d-------- C:\Users\Kristoff\AppData\Roaming\Macromedia
2007-11-23 20:16:21 0 d-------- C:\Users\Kristoff\AppData\Roaming\Nero
2007-11-23 20:11:00 0 d-------- C:\Program Files\Nero
2007-11-23 20:11:00 0 d-------- C:\Program Files\Common Files
2007-11-23 16:02:03 0 d-------- C:\Users\Kristoff\AppData\Roaming\Ipswitch
2007-11-23 16:01:41 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-23 00:04:38 0 d-------- C:\Users\Kristoff\AppData\Roaming\X10 Commander
2007-11-22 21:22:57 0 d-------- C:\Users\Kristoff\AppData\Roaming\Opera
2007-11-22 20:46:28 0 d-------- C:\Users\Kristoff\AppData\Roaming\Adobe
2007-11-22 20:29:05 0 d-------- C:\Program Files\Common Files\Adobe
2007-11-22 11:59:29 0 d-------- C:\Program Files\Common Files\InstallShield
2007-11-20 17:54:15 174 --ahs---- C:\Program Files\desktop.ini
2007-11-20 17:50:58 0 d-------- C:\Program Files\Windows Calendar
2007-11-20 17:50:55 0 d-------- C:\Program Files\Windows Mail
2007-11-20 17:50:47 0 d-------- C:\Program Files\Windows Defender
2007-11-20 14:52:51 0 d-------- C:\Users\Kristoff\AppData\Roaming\SUPERAntiSpyware.com
2007-11-20 13:40:51 0 d-------- C:\Users\Kristoff\AppData\Roaming\Thunderbird
2007-11-20 13:40:49 0 d-------- C:\Users\Kristoff\AppData\Roaming\Sun
2007-11-20 13:40:48 0 d-------- C:\Users\Kristoff\AppData\Roaming\Sports Interactive
2007-11-20 13:40:47 0 d-------- C:\Users\Kristoff\AppData\Roaming\Real
2007-11-20 13:40:46 0 d-------- C:\Users\Kristoff\AppData\Roaming\Mozilla
2007-11-20 13:40:42 0 d-------- C:\Users\Kristoff\AppData\Roaming\MailWasherPro
2007-11-20 13:40:39 0 d-------- C:\Users\Kristoff\AppData\Roaming\Identities
2007-11-20 13:40:39 0 d-------- C:\Users\Kristoff\AppData\Roaming\Google
2007-11-20 13:40:39 0 d-------- C:\Users\Kristoff\AppData\Roaming\CyberLink
2007-11-20 13:40:38 0 d-------- C:\Users\Kristoff\AppData\Roaming\Bookmarks
2007-11-20 13:40:37 0 d-------- C:\Users\Kristoff\AppData\Roaming\ATI
2007-11-20 13:40:36 0 d-------- C:\Users\Kristoff\AppData\Roaming\Apple Computer
2007-11-20 13:40:36 0 d-------- C:\Users\Kristoff\AppData\Roaming\Ahead
2007-11-20 13:32:03 0 d--h----- C:\Program Files\Zero G Registry
2007-11-20 13:32:03 0 d-------- C:\Program Files\Xvid
2007-11-20 13:32:01 0 d-------- C:\Program Files\WebCamDV
2007-11-20 13:31:47 0 d-------- C:\Program Files\Sports Interactive
2007-11-20 13:31:46 0 d-------- C:\Program Files\Samsung
2007-11-20 13:31:40 0 d-------- C:\Program Files\Real
2007-11-20 13:31:39 0 d-------- C:\Program Files\QuickTime
2007-11-20 13:31:29 0 d-------- C:\Program Files\MSN Gaming Zone
2007-11-20 13:31:29 0 d-------- C:\Program Files\Mozilla Thunderbird
2007-11-20 13:31:24 0 d-------- C:\Program Files\Microsoft.NET
2007-11-20 13:31:24 0 d-------- C:\Program Files\Microsoft Works
2007-11-20 13:30:53 0 d-------- C:\Program Files\microsoft frontpage
2007-11-20 13:30:53 0 d-------- C:\Program Files\Microsoft ActiveSync
2007-11-20 13:30:53 0 d-------- C:\Program Files\MailWasher
2007-11-20 13:30:53 0 d-------- C:\Program Files\MagicISO
2007-11-20 13:30:22 0 d-------- C:\Program Files\Java
2007-11-20 13:29:58 0 d-------- C:\Program Files\Home Cinema
2007-11-20 13:28:31 0 d-------- C:\Program Files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter
2007-11-20 13:28:30 0 d-------- C:\Program Files\CyberLink
2007-11-20 13:28:30 0 d-------- C:\Program Files\CopyPod
2007-11-20 13:28:30 0 d-------- C:\Program Files\Common Files\xing shared
2007-11-20 13:28:30 0 d-------- C:\Program Files\Common Files\X10
2007-11-20 13:28:29 0 d-------- C:\Program Files\Common Files\Real
2007-11-20 13:28:27 0 d-------- C:\Program Files\Common Files\ODBC
2007-11-20 13:28:27 0 d-------- C:\Program Files\Common Files\MSSoap
2007-11-20 13:28:22 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2007-11-20 13:28:22 0 d-------- C:\Program Files\Common Files\LightScribe
2007-11-20 13:28:21 0 d-------- C:\Program Files\Common Files\Java
2007-11-20 13:28:20 0 d-------- C:\Program Files\Common Files\Download Manager
2007-11-20 13:28:20 0 d-------- C:\Program Files\Common Files\Control Panels
2007-11-20 13:28:04 0 d-------- C:\Program Files\Common Files\Apple
2007-11-20 13:28:04 0 d-------- C:\Program Files\Common Files\Ahead
2007-11-20 13:25:02 0 d-------- C:\Program Files\Bonjour
2007-11-20 13:25:02 0 d-------- C:\Program Files\Azureus
2007-11-20 13:25:02 0 d-------- C:\Program Files\ATI Technologies
2007-11-20 13:24:50 0 d-------- C:\Program Files\Apple Software Update
2007-11-20 13:24:46 0 d-------- C:\Program Files\Alwil Software
2007-11-13 13:46:22 0 d-------- C:\Program Files\MSN Messenger
2007-10-26 20:29:00 114 --a------ C:\Users\Kristoff\AppData\Roaming\Default.PLS
2007-10-26 15:59:12 0 d-------- C:\Program Files\Windows Media Connect 2
2007-09-16 20:54:32 720 --a------ C:\Windows\mozver.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11926E4A-BECE-4512-B77C-23A3D2B2481A}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [20/11/2007 17:36]
"BluetoothAuthenticationAgent"="rundll32.exe" [02/11/2006 09:45 C:\Windows\System32\rundll32.exe]
"SNM"="C:\Program Files\SpyNoMore\SNM.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 00:11]
"SoundMan"="SOUNDMAN.EXE" [09/03/2007 16:28 C:\Windows\SOUNDMAN.EXE]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/11/2007 18:36]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [01/03/2007 15:57]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [20/09/2007 09:51]
"NWEReboot"="" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [05/12/2007 13:35]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 11:34]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02/11/2006 12:34]
"cmds"="C:\WINDOWS\system32\vtsqn.dll,c" []

C:\Users\Kristoff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [16/03/2005 19:16:50]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 05/12/2007 13:35 9216 C:\Windows\System32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\system32\__c00A80AD.dat

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\vtsqn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
"C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ
WudfServiceGroup WUDFSvc

*Newly Created Service* - AVGCLEAN
*Newly Created Service* - AVGMFX86

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2007-12-05 15:41:48 ------------



extra.txt:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Ultimate (build 6000)
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) D CPU 2.80GHz
Percentage of Memory in Use: 65%
Physical Memory (total/avail): 1021.94 MiB / 352.95 MiB
Pagefile Memory (total/avail): 2511.95 MiB / 1614.74 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1903.04 MiB

C: is Fixed (NTFS) - 232.88 GiB total, 124.58 GiB free.
D: is CDROM (No Media)
E: is Removable (No Media)
F: is Removable (No Media)
G: is Removable (No Media)

\\.\PHYSICALDRIVE0 - WDC WD2500JS-00NCB1 ATA Device - 232.88 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 232.88 GiB - C:

\\.\PHYSICALDRIVE1 - Generic Flash HS-CF USB Device

\\.\PHYSICALDRIVE2 - Generic Flash HS-MS/SD USB Device

\\.\PHYSICALDRIVE3 - Generic Flash HS-SM USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: AVG 7.5.503 v7.5.503 (Grisoft)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Home Cinema\\PowerCinema\\PCMService.exe"="C:\\Program Files\\Home Cinema\\PowerCinema\\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"
"C:\\Program Files\\Home Cinema\\PowerCinema\\PowerCinema.exe"="C:\\Program Files\\Home Cinema\\PowerCinema\\PowerCinema.exe:*:Enabled:CyberLink PowerCinema"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"="C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe:*:Enabled:Football Manager 2008"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\pbwyybsp.exe"="C:\\WINDOWS\\system32\\pbw"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Kristoff\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=CHRIS
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Kristoff
LOCALAPPDATA=C:\Users\Kristoff\AppData\Local
LOGONSERVER=\\CHRIS
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\ATI Technologies\ATI.ACE\;C:\Program Files\Samsung\Samsung PC Studio 3\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\Common Files\Nero\Lib\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0407
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Kristoff\AppData\Local\Temp
TMP=C:\Users\Kristoff\AppData\Local\Temp
USERDOMAIN=CHRIS
USERNAME=Kristoff
USERPROFILE=C:\Users\Kristoff
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Kristoff (admin)
Mcx1 (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Windows\UNNeroBackItUp.exe /UNINSTALL
--> C:\Windows\UNNeroMediaHome.exe /UNINSTALL
--> C:\Windows\UNNeroShowTime.exe /UNINSTALL
--> C:\Windows\UNNeroVision.exe /UNINSTALL
--> C:\Windows\UNRecode.exe /UNINSTALL
3Planesoft Screensaver Manager 1.1 --> "C:\Program Files\3Planesoft Screensaver Manager\unins000.exe"
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color Common Settings --> C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings --> MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe ExtendScript Toolkit 2 --> C:\Program Files\Common Files\Adobe\Installers\5bc0f8414ec36c555a3e7e5ec2e225e\Setup.exe
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{1BCEA516-B4C5-4B2D-BFA0-AB7910BAD862}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe InDesign CS3 --> C:\Program Files\Common Files\Adobe\Installers\05ba3a63f36684fe0c5dde2ebe6f8f5\Setup.exe
Adobe InDesign CS3 --> MsiExec.exe /I{CB3F8375-B600-4B9F-83C9-238ED1E583FD}
Adobe InDesign CS3 Icon Handler --> MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Setup --> MsiExec.exe /I{56B8B892-317E-4FDE-9E4D-44B189848A27}
Adobe Setup --> MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup --> MsiExec.exe /I{D504303A-717D-414C-BA9F-FE01093E2EF8}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe SING CS3 --> MsiExec.exe /I{3F9B2FD2-1C83-4401-9967-C3636638E958}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> MsiExec.exe /I{F08DAD55-0EB9-46FD-B083-6AC2B3B816B7}
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
Azureus --> C:\Program Files\Azureus\Uninstall.exe
CopyPod (remove only) --> "C:\Program Files\CopyPod\uninstall.exe"
Creatix V.92 Data Fax Modem --> agrsmdel
DVD-lab PRO 2.3 --> "C:\Program Files\DVDlabPro2\unins000.exe"
Fireplace 3D Screensaver 1.0 --> "C:\Program Files\Fireplace 3D Screensaver\unins000.exe"
Fireside Christmas 3D Screensaver 1.0 --> "C:\Program Files\Fireside Christmas 3D Screensaver\unins000.exe"
FLV to AVI MPEG WMV 3GP MP4 iPod Converter 3.2.0607 --> "C:\Program Files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter\unins000.exe"
Font Creator 5.0 --> "C:\Program Files\High-Logic\Font Creator\unins000.exe"
Football Manager 2008 --> "C:\Program Files\Sports Interactive\Football Manager 2008\Uninstall_Football Manager 2008\Uninstall Football Manager 2008.exe"
Frameworkx AutoReply for Windows Live Messenger 1.2 --> MsiExec.exe /I{C35FB1C4-7C32-48A7-9B9E-E86A83A77D3F}
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Hide IP Platinum 3.5 --> "C:\Program Files\Hide IP Platinum\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Ipswitch WS_FTP Professional 2007 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}\setup.exe" -l0x9 -removeonly
iTunes --> MsiExec.exe /I{E3FEE4E7-4488-4A3F-A6BD-13745936EADB}
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Macromedia Dreamweaver 8 --> MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Flash 8 --> MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
Macromedia Flash 8 Video Encoder --> MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Macromedia Flash Player 8 --> MsiExec.exe /X{885A63EA-382B-4DD4-A755-14809B8557D6}
Magic ISO Maker v5.4 (build 0248) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
MailWasher Free --> "C:\Program Files\MailWasher\unins000.exe"
MediaShow 3.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5A9B7C0-8751-11D8-9D75-000129760D75}\setup.exe" -uninstall
Microsoft .NET Framework 1.1 --> msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 Hotfix (KB929729) --> "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.9) --> C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
Nero 8 Demo --> MsiExec.exe /X{B944FA21-81AF-4A77-8328-CE4F4CC51033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PhotoNow! 1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\setup.exe" -uninstall
PowerCinema --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
PowerDirector --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" -uninstall
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
PowerProducer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{5B09BD67-4C99-46A1-8161-B7208CE18121}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> Alcrmv.exe -r -m
Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Tropical Fish 3D Screensaver 1.1 --> "C:\Program Files\Tropical Fish 3D Screensaver\unins000.exe"
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Virtual DJ - Atomix Productions --> C:\PROGRA~1\VIRTUA~1\UNWISE.EXE C:\PROGRA~1\VIRTUA~1\INSTALL.LOG
Vista Shortcut Manager --> MsiExec.exe /I{47609E69-4C5E-48B1-A889-24C6B82B5C04}
Watermill 3D Screensaver 2.0 --> "C:\Program Files\Watermill 3D Screensaver\unins000.exe"
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime --> "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 11 --> "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Xvid 1.1.3 final uninstall --> "C:\Program Files\Xvid\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type2590 / Success
Event Submitted/Written: 12/05/2007 10:54:56 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type2583 / Success
Event Submitted/Written: 12/05/2007 10:54:44 AM
Event ID/Source: 5617 / WinMgmt
Event Description:
Windows Management Instrumentation Service subsystems initialized successfully

Event Record #/Type2582 / Success
Event Submitted/Written: 12/05/2007 10:54:44 AM
Event ID/Source: 5615 / WinMgmt
Event Description:
Windows Management Instrumentation Service started sucessfully

Event Record #/Type2576 / Success
Event Submitted/Written: 12/05/2007 10:54:39 AM
Event ID/Source: 902 / Software Licensing Service
Event Description:
The Software Licensing service has started.

Event Record #/Type2562 / Warning
Event Submitted/Written: 12/04/2007 08:27:36 PM
Event ID/Source: 1530 / profsvc
Event Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-1482476501-1123561945-839522115-1004_Classes:
Process 964 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1482476501-1123561945-839522115-1004_CLASSES



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type23755 / Warning
Event Submitted/Written: 12/05/2007 03:40:37 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%CHRIS27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %CHRIS27 can't undo changes that you allow.

For more information please see the following:
%CHRIS275

Scan ID: {7A6BBD99-EDAA-4EF2-BF38-6A0B8EADB05B}

User: CHRIS\Kristoff

Name: %CHRIS271

ID: %CHRIS272

Severity ID: %CHRIS273

Category ID: %CHRIS274

Path Found: %CHRIS276

Alert Type: %CHRIS278

Detection Type: 1.1.1505.02

Event Record #/Type23754 / Warning
Event Submitted/Written: 12/05/2007 03:40:37 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%CHRIS27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %CHRIS27 can't undo changes that you allow.

For more information please see the following:
%CHRIS275

Scan ID: {B3592D93-F631-47C8-95ED-2DC742A7BE15}

User: CHRIS\Kristoff

Name: %CHRIS271

ID: %CHRIS272

Severity ID: %CHRIS273

Category ID: %CHRIS274

Path Found: %CHRIS276

Alert Type: %CHRIS278

Detection Type: 1.1.1505.02

Event Record #/Type23753 / Warning
Event Submitted/Written: 12/05/2007 03:40:37 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%CHRIS27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %CHRIS27 can't undo changes that you allow.

For more information please see the following:
%CHRIS275

Scan ID: {1D1CE9E9-1A2A-4A18-A3BE-D984F79D35FC}

User: CHRIS\Kristoff

Name: %CHRIS271

ID: %CHRIS272

Severity ID: %CHRIS273

Category ID: %CHRIS274

Path Found: %CHRIS276

Alert Type: %CHRIS278

Detection Type: 1.1.1505.02

Event Record #/Type23752 / Warning
Event Submitted/Written: 12/05/2007 03:40:37 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%CHRIS27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %CHRIS27 can't undo changes that you allow.

For more information please see the following:
%CHRIS275

Scan ID: {DF6ECC2A-A5AF-43FA-A1F6-26D04D236B5A}

User: CHRIS\Kristoff

Name: %CHRIS271

ID: %CHRIS272

Severity ID: %CHRIS273

Category ID: %CHRIS274

Path Found: %CHRIS276

Alert Type: %CHRIS278

Detection Type: 1.1.1505.02

Event Record #/Type23740 / Warning
Event Submitted/Written: 12/05/2007 02:52:22 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.



-- End of Deckard's System Scanner: finished at 2007-12-05 15:41:48 ------------



Cheers
Kristoff
Active Member
 
Posts: 3
Joined: November 21st, 2007, 7:24 am

Re: error loading C:\WINDOWS\system32\vtsqn.dll

Unread postby Corrine » December 8th, 2007, 9:25 am

Topic reopened at the request of the poster.
User avatar
Corrine
Visiting Staff
 
Posts: 1193
Joined: May 12th, 2005, 8:44 am
Location: Upstate, NY

Re: error loading C:\WINDOWS\system32\vtsqn.dll

Unread postby silver » December 9th, 2007, 3:20 am

Hi Kristoff,

Please open Start->Control Panel->Programs and Features, then find and uninstall Java(TM) 6 Update 2 - this is outdated and now a security risk and you already have the latest Java Runtime installed (Java(TM) 6 Update 3).

You have Azureus, a P2P file sharing program installed on your computer. This program does not come bundled with malware as some similar programs do, but peer-to-peer file sharing networks are one of the biggest sources of malware we see. Anything downloaded from them cannot be trusted to be clean, because even if the file appears to be what it claims to be, it can have malware embedded in it.
I recommend you remove it, but of course the choice is yours.
You can remove Azureus via Programs and Features.

------------------------------------------------------------------------

Then, right-click the HijackThis program file or shortcut and choose Run as administrator to start the program
Choose Do a system scan only and place a checkmark next to the following lines:
O2 - BHO: (no name) - {11926E4A-BECE-4512-B77C-23A3D2B2481A} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SNM] "C:\Program Files\SpyNoMore\SNM.exe" /startup
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\WINDOWS\system32\vtsqn.dll,c
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00A80AD.dat

Then close all open windows apart from HijackThis, press Fix checked, OK the prompt and close HijackThis.

------------------------------------------------------------------------

Backup Your Registry with ERUNT:
  • Download erunt.zip to your Desktop from here:
    http://aumha.org/downloads/erunt.zip
  • Right-click erunt.zip, select Extract All... and follow the prompts to extract ERUNT to a new folder on your Desktop
  • Inside the new folder, right-click ERUNT.exe and select Run as administrator to start the program
  • OK all the prompts to back up your registry to the default location.
Note: to restore your registry, go to the backup folder and start ERDNT.exe

Then, open Notepad (press Start, enter notepad into the search box and press Enter)
Copy the text inside the code box below (ensure you copy it all at once), and paste it into a new notepad file.
Change the Save As Type to All Files and save it as fix.bat to your Desktop.
Code: Select all
@echo off
echo REGEDIT4 > "%userprofile%\desktop\regfix.reg"
echo.>> "%userprofile%\desktop\regfix.reg"
echo [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] >> "%userprofile%\desktop\regfix.reg"
echo "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00 >> "%userprofile%\desktop\regfix.reg"
echo.>> "%userprofile%\desktop\regfix.reg"
regedit /s "%userprofile%\desktop\regfix.reg"
reg query HKLM\system\currentcontrolset\control\lsa /v "authentication packages" > "%userprofile%\desktop\output.txt"
del "%userprofile%\desktop\regfix.reg"

Locate fix.bat on your Desktop, right-click it and select Run as administrator. A black box should appear and disappear and a file called output.txt should appear on your Desktop - please paste the contents of this in your next response.

Now reboot your computer
------------------------------------------------------------------------

Download OTMoveIt to your desktop, right-click the program and choose Run as administrator to start it.
Select the contents of the below file list, then press Ctrl+C to copy it to the clipboard
In OTMoveIt, click in the left-hand pane and press Ctrl+V to paste the file-list into the program
Then, press MoveIt!
If the program asks you to reboot now, click No
Copy the Results output and paste it into a new notepad file so you can post it in your next response. Do this by clicking in the right-hand pane, press Ctrl-A then Ctrl-C to select all and copy. Then open Notepad, press Ctrl-V to paste in the text, and save this text file to your desktop.

OTMoveIt file list:
Code: Select all
C:\Program Files\SpyNoMore
C:\WINDOWS\system32\vtsqn.dll
C:\WINDOWS\system32\__c00A80AD.dat

Then reboot your computer to complete the removals.

------------------------------------------------------------------------

Once complete, please post the contents of output.txt, the OTMoveIt report and a new HijackThis log.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Re: error loading C:\WINDOWS\system32\vtsqn.dll

Unread postby Kristoff » December 9th, 2007, 12:50 pm

Content of output.txt:

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
authentication packages REG_MULTI_SZ msv1_0


Content of OTMoveIt Results:

File/Folder C:\Program Files\SpyNoMore not found.
File/Folder C:\WINDOWS\system32\vtsqn.dll not found.
File/Folder C:\WINDOWS\system32\__c00A80AD.dat not found.

Created on 12/09/2007 16:45:31


And i'm pretty sure it has fixed it, just going to reboot now....

EDIT: It's worked. Brilliant cheers!
Kristoff
Active Member
 
Posts: 3
Joined: November 21st, 2007, 7:24 am

Re: error loading C:\WINDOWS\system32\vtsqn.dll

Unread postby silver » December 9th, 2007, 10:23 pm

Hi Kristoff,

Those reports look good and I'm very glad to hear things are running better :) but a lack of symptoms doesn't always indicate your machine is clean.

I recommend you post a new HijackThis log for me to check, and there will be a couple of further steps we should perform to make sure your machine really is clean.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Re: error loading C:\WINDOWS\system32\vtsqn.dll

Unread postby silver » December 17th, 2007, 5:04 am

This topic is now closed due to inactivity. If you wish it to be reopened, please send an email to 'admin at malwareremoval.com' with a link to your thread.

If it has been 10 days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, this topic will not be reopened. If you still require help, please start a new topic and include a fresh HijackThis log and a link to this thread in your new topic.

You can help support this site from this link :
Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 20 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware