Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Popup's & Inability to Visit Certain Sites - HIJACK THIS LOG

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Popup's & Inability to Visit Certain Sites - HIJACK THIS LOG

Unread postby sicksix » June 26th, 2008, 1:07 am

Well the popups come up when I use IE just for testing purposes.. I am a Firefox fan and that is what I use the most.. I have version 3.0.. Well on this computer I am running, I can visit quite a few websites such as digg.com, gizmodo.com and such.. http://www.myspace.com and http://www.google.com are not working... I can get into google but it will go anywhere when I try hit the search button.. It gives a waiting message as if its waiting for information to be transfered from/to the website.. I have AVG turned on but I do not have any websites barred anywhere that I can find.. I have uninstalled AVG and it still was doing the same... I can login to a different profile on this machine and I can access any website I want...

VundoFix V7.0.5

Scan started at 11:03:54 PM 6/26/2008

Listing files found while scanning....

No infected files were found.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:44:43 PM, on 6/25/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\FlashGet\FlashGet.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\Program Files\Logitech\Easy Messaging\LogitechEasyMsg.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\ABIT\ABIT uGuru\GuruClock.exe
C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ABIT\ABIT uGuru\uGuru_Event_Receiver.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\BrigSoft\BSAtomic\BSAtomic.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\mstsc.exe
C:\Documents and Settings\Greg Carlisle\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {3496EC68-424A-42AF-AFC4-EDB5BFFA15E1} - C:\WINDOWS\system32\ssqRJyXQ.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {BE7E4CE1-8CBA-44A6-956F-462A667D3286} - C:\WINDOWS\system32\ssqPijiJ.dll (file missing)
O2 - BHO: {61fc13da-100f-2558-ee14-e89c0648be5d} - {d5eb8460-c98e-41ee-8552-f001ad31cf16} - C:\WINDOWS\system32\gdnrrlak.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe /min
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Easy Synchronization] C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
O4 - HKLM\..\Run: [Easy Messaging] C:\Program Files\Logitech\Easy Messaging\LogitechEasyMsg.exe --nogui
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [GuruClock] C:\Program Files\ABIT\ABIT uGuru\GuruClock.exe
O4 - HKLM\..\Run: [ABIT uGuru] C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [0cf44157] rundll32.exe "C:\WINDOWS\system32\iuijebnb.dll",b
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [BM0fc772cb] Rundll32.exe "C:\WINDOWS\system32\nfpkslix.dll",s
O4 - HKLM\..\RunOnce: [Easy Synchronization] C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe --ports
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: PC Atomic Sync.lnk = C:\Program Files\BrigSoft\BSAtomic\BSAtomic.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.myspace.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 4120130930
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 4120228868
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: gpaxiavp.dll,avgrsstx.dll
O20 - Winlogon Notify: ssqPijiJ - ssqPijiJ.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

--
End of file - 12615 bytes

Uninstall List

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
ABIT uGuru
Ad-Aware 2007
Adobe Acrobat 8.1.0 Professional
Adobe Flash Player Plugin
Alt-Tab Task Switcher Powertoy for Windows XP
Apple Mobile Device Support
Apple Software Update
Athlon 64 Processor Driver
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
ATI Multimedia Center 9.16
ATI Parental Control & Encoder
AVG 8.0
AVIVO Codecs
Bonjour
Calculator Powertoy for Windows XP
Canon S330
CDDRV_Installer
ClearType Tuning Control Panel Applet
CmdHere Powertoy For Windows XP
Creative Audio Console
DAO
EVEREST Ultimate Edition v4.50
FlashGet 1.9.6.1073
FlashMenu
HijackThis 2.0.2
HTML Slideshow Powertoy for Windows XP
Image Resizer Powertoy for Windows XP
iTunes
Java(TM) 6 Update 6
KhalInstallWrapper
Logitech Desktop Messenger
Logitech SetPoint
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Color Control Panel Applet for Windows XP
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mobile Phone Suite Easy Messaging
Mobile Phone Suite Easy Synchronization
Mozilla Firefox (3.0)
Mp3 Tag Tools v1.2
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
PC Atomic Sync v 4.0.0
QuickTime
Security Update for Excel 2007 (KB946974)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office Word 2007 (KB950113)
Security Update for Office 2007 (KB947801)
Security Update for Outlook 2007 (KB946983)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
TitanTV Client components for ATI
Tweak UI
Unlocker 1.8.7
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb950378)
Update for Windows XP (KB942763)
VideoLAN VLC media player 0.8.6h
Windows Internet Explorer 7
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver


Deckard's System Scanner v20071014.68
Run by Greg Carlisle on 2008-06-26 00:18:55
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
57: 2008-06-26 05:19:00 UTC - RP57 - Deckard's System Scanner Restore Point
56: 2008-06-25 14:58:21 UTC - RP56 - Avg8 Update
55: 2008-06-25 14:56:44 UTC - RP55 - Avg8 Update
54: 2008-06-25 04:09:09 UTC - RP54 - Installed Java(TM) 6 Update 6
53: 2008-06-25 03:16:57 UTC - RP53 - Installed Ad-Aware 2007


-- First Restore Point --
1: 2008-06-22 21:49:18 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Greg Carlisle.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:19:50 AM, on 6/26/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\FlashGet\FlashGet.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\Program Files\Logitech\Easy Messaging\LogitechEasyMsg.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\ABIT\ABIT uGuru\GuruClock.exe
C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ABIT\ABIT uGuru\uGuru_Event_Receiver.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\BrigSoft\BSAtomic\BSAtomic.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Greg Carlisle\Desktop\dss.exe
C:\DOCUME~1\GREGCA~1\Desktop\Greg Carlisle.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {3496EC68-424A-42AF-AFC4-EDB5BFFA15E1} - C:\WINDOWS\system32\ssqRJyXQ.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {BE7E4CE1-8CBA-44A6-956F-462A667D3286} - C:\WINDOWS\system32\ssqPijiJ.dll (file missing)
O2 - BHO: {61fc13da-100f-2558-ee14-e89c0648be5d} - {d5eb8460-c98e-41ee-8552-f001ad31cf16} - C:\WINDOWS\system32\gdnrrlak.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe /min
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Easy Synchronization] C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
O4 - HKLM\..\Run: [Easy Messaging] C:\Program Files\Logitech\Easy Messaging\LogitechEasyMsg.exe --nogui
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [GuruClock] C:\Program Files\ABIT\ABIT uGuru\GuruClock.exe
O4 - HKLM\..\Run: [ABIT uGuru] C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [0cf44157] rundll32.exe "C:\WINDOWS\system32\iuijebnb.dll",b
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [BM0fc772cb] Rundll32.exe "C:\WINDOWS\system32\nfpkslix.dll",s
O4 - HKLM\..\RunOnce: [Easy Synchronization] C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe --ports
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: PC Atomic Sync.lnk = C:\Program Files\BrigSoft\BSAtomic\BSAtomic.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.myspace.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 4120130930
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 4120228868
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: gpaxiavp.dll,avgrsstx.dll
O20 - Winlogon Notify: ssqPijiJ - ssqPijiJ.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

--
End of file - 12582 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 uGuru - c:\windows\system32\drivers\uguru.sys <Not Verified; ABIT Computer Corporation; uGuru V2.0 device driver>
R3 vsbus (Virtual Serial Bus Enumerator) - c:\windows\system32\drivers\vsb.sys <Not Verified; ELTIMA Software; ELTIMA Virtual Serial Bus>

S3 COMMONFX - c:\windows\system32\drivers\commonfx.sys (file missing)
S3 COMMONFX.SYS - c:\windows\system32\drivers\commonfx.sys (file missing)
S3 CTAUDFX - c:\windows\system32\drivers\ctaudfx.sys (file missing)
S3 CTAUDFX.SYS - c:\windows\system32\drivers\ctaudfx.sys (file missing)
S3 CTEDSPFX.DLL - c:\windows\system32\ctedspfx.dll <Not Verified; Creative Technology Ltd; Creative Audio Product>
S3 CTEDSPIO.DLL - c:\windows\system32\ctedspio.dll <Not Verified; Creative Technology Ltd; Creative Audio Product>
S3 CTEDSPSY.DLL - c:\windows\system32\ctedspsy.dll <Not Verified; Creative Technology Ltd; Creative Audio Product>
S3 CTERFXFX - c:\windows\system32\drivers\cterfxfx.sys (file missing)
S3 CTERFXFX.DLL - c:\windows\system32\cterfxfx.dll (file missing)
S3 CTERFXFX.SYS - c:\windows\system32\drivers\cterfxfx.sys (file missing)
S3 CTSBLFX - c:\windows\system32\drivers\ctsblfx.sys (file missing)
S3 CTSBLFX.SYS - c:\windows\system32\drivers\ctsblfx.sys (file missing)
S3 vserial (ELTIMA Virtual Serial Ports Driver) - c:\windows\system32\drivers\vserial.sys <Not Verified; ELTIMA Software; ELTIMA Virtual Serial Ports>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 ForceWare Intelligent Application Manager (IAM) - c:\program files\nvidia corporation\networkaccessmanager\bin\nsvcappflt.exe <Not Verified; ; app_filter Module>
R2 ForcewareWebInterface (Forceware Web Interface) - "c:\program files\nvidia corporation\networkaccessmanager\apache group\apache2\bin\apache.exe" -k runservice <Not Verified; Apache Software Foundation; Apache HTTP Server>
R2 Logitech Easy Synchronization - c:\program files\logitech\easy synchronization\servicestub.exe
R2 nSvcIp (ForceWare IP service) - c:\program files\nvidia corporation\networkaccessmanager\bin\nsvcip.exe <Not Verified; NVIDIA; NVIDIA nSvcIp>
R2 nSvcLog (ForceWare user log service) - c:\program files\nvidia corporation\networkaccessmanager\bin\nsvclog.exe <Not Verified; NVIDIA; NVIDIA nSvcLog>
R3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce Networking Controller
Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0057\4&2DF285A8&0&01
Manufacturer: NVIDIA
Name: NVIDIA nForce Networking Controller
PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0057\4&2DF285A8&0&01
Service: NVENETFD


-- Scheduled Tasks -------------------------------------------------------------

2008-06-22 16:23:45 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-05-26 and 2008-06-26 -----------------------------

2008-06-25 00:49:53 0 d-------- C:\VundoFix Backups
2008-06-24 23:35:45 0 d--h----- C:\$AVG8.VAULT$
2008-06-24 23:09:14 0 d-------- C:\Program Files\Java
2008-06-24 23:09:12 0 d-------- C:\Program Files\Common Files\Java
2008-06-24 23:08:56 0 d-------- C:\Documents and Settings\Greg Carlisle\Application Data\Sun
2008-06-24 22:17:02 0 d-------- C:\Program Files\Lavasoft
2008-06-24 22:17:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-24 22:16:11 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-24 19:57:19 81920 --a------ C:\WINDOWS\system32\iuijebnb.dll
2008-06-24 19:54:21 99840 --a------ C:\WINDOWS\system32\gdnrrlak.dll
2008-06-24 19:51:19 91136 --a------ C:\WINDOWS\system32\nfpkslix.dll
2008-06-24 19:19:47 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-24 19:19:36 0 d-------- C:\Program Files\AVG
2008-06-24 17:56:40 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-06-24 17:56:19 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-06-24 17:56:12 0 d-------- C:\Documents and Settings\Administrator\Application Data\Logitech
2008-06-24 17:56:07 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-06-24 17:56:07 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-06-24 17:56:07 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-06-24 17:56:07 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-06-24 17:56:07 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-06-24 17:56:07 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-06-24 17:56:07 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-06-24 17:56:07 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-06-24 17:56:07 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-06-24 17:56:07 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-06-24 17:56:07 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-06-24 17:56:07 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-06-24 17:56:07 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-06-24 17:56:06 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-06-24 09:48:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-06-23 21:44:43 105984 --a------ C:\WINDOWS\system32\gpaxiavp.dll
2008-06-23 19:49:11 91136 --a------ C:\WINDOWS\system32\vinyojtf.dll
2008-06-22 22:17:05 0 d-------- C:\Documents and Settings\Bruce Carlisle\Application Data\Macromedia
2008-06-22 19:59:57 0 d-------- C:\Program Files\Common Files\ODBC
2008-06-22 18:52:57 3072 --a------ C:\WINDOWS\CTXFIRES.DLL <Not Verified; ; CTxfiRes Dynamic Link Library>
2008-06-22 18:24:35 0 d-------- C:\Documents and Settings\Greg Carlisle\Application Data\ATI MMC
2008-06-22 18:24:29 0 d-------- C:\Documents and Settings\All Users\Application Data\ATI MMC
2008-06-22 17:21:02 0 d-------- C:\Program Files\Creative
2008-06-22 16:56:11 0 d-------- C:\WINDOWS\system32\Defaults
2008-06-22 16:49:08 642121 --ahs---- C:\WINDOWS\system32\QXyJRqss.ini2
2008-06-22 16:44:14 0 d-------- C:\Program Files\Lavalys
2008-06-22 16:24:36 0 d-------- C:\Documents and Settings\Greg Carlisle\Application Data\Apple Computer
2008-06-22 16:24:27 0 d-------- C:\Program Files\iPod
2008-06-22 16:24:24 0 d-------- C:\Program Files\iTunes
2008-06-22 16:24:14 0 d-------- C:\Program Files\Bonjour
2008-06-22 16:23:53 0 d-------- C:\Program Files\QuickTime
2008-06-22 16:23:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-22 16:23:42 0 d-------- C:\Program Files\Apple Software Update
2008-06-22 16:23:37 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-06-22 16:23:12 0 d-------- C:\Program Files\Common Files\Apple
2008-06-22 16:23:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-06-22 16:20:50 0 d-------- C:\Downloads
2008-06-22 16:00:59 0 d-------- C:\Documents and Settings\Greg Carlisle\Application Data\Macromedia
2008-06-22 04:49:23 36864 --a------ C:\WINDOWS\system32\CNMCP45.EXE
2008-06-22 04:49:22 0 d--h----- C:\BJPrinter
2008-06-22 04:49:16 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-06-22 04:47:21 0 d-------- C:\Program Files\Pro Imaging Powertoys
2008-06-22 04:43:24 0 d-------- C:\Documents and Settings\Annette Carlisle\Application Data\Mozilla
2008-06-22 04:39:43 0 d-------- C:\Documents and Settings\Annette Carlisle\Application Data\Adobe
2008-06-22 04:39:20 0 d-------- C:\Documents and Settings\Annette Carlisle\Application Data\Identities
2008-06-22 04:39:12 0 d-------- C:\Documents and Settings\Annette Carlisle\Application Data\Logitech
2008-06-22 04:39:09 0 d--h----- C:\Documents and Settings\Annette Carlisle\PrintHood
2008-06-22 04:39:09 0 d--h----- C:\Documents and Settings\Annette Carlisle\NetHood
2008-06-22 04:39:09 0 dr------- C:\Documents and Settings\Annette Carlisle\My Documents
2008-06-22 04:39:09 0 d--h----- C:\Documents and Settings\Annette Carlisle\Local Settings
2008-06-22 04:39:09 0 dr------- C:\Documents and Settings\Annette Carlisle\Favorites
2008-06-22 04:39:09 0 d-------- C:\Documents and Settings\Annette Carlisle\Desktop
2008-06-22 04:39:09 0 d--hs---- C:\Documents and Settings\Annette Carlisle\Cookies
2008-06-22 04:39:09 0 dr-h----- C:\Documents and Settings\Annette Carlisle\Application Data
2008-06-22 04:39:09 0 d---s---- C:\Documents and Settings\Annette Carlisle\Application Data\Microsoft
2008-06-22 04:39:08 0 d--h----- C:\Documents and Settings\Annette Carlisle\Templates
2008-06-22 04:39:08 0 dr------- C:\Documents and Settings\Annette Carlisle\Start Menu
2008-06-22 04:39:08 0 dr-h----- C:\Documents and Settings\Annette Carlisle\SendTo
2008-06-22 04:39:08 0 dr-h----- C:\Documents and Settings\Annette Carlisle\Recent
2008-06-22 04:39:08 876544 --a------ C:\Documents and Settings\Annette Carlisle\NTUSER.DAT
2008-06-22 04:20:46 0 d-------- C:\Program Files\Microsoft Works
2008-06-22 04:20:40 0 d-------- C:\Program Files\MSBuild
2008-06-22 04:20:03 0 d-------- C:\Program Files\Microsoft.NET
2008-06-22 04:19:04 0 d-------- C:\Documents and Settings\Bruce Carlisle\Application Data\Mozilla
2008-06-22 04:18:19 0 d-------- C:\Documents and Settings\Bruce Carlisle\Application Data\Adobe
2008-06-22 04:18:09 0 d-------- C:\Documents and Settings\Bruce Carlisle\Application Data\Identities
2008-06-22 04:18:03 0 d-------- C:\Documents and Settings\Bruce Carlisle\Application Data\Logitech
2008-06-22 04:18:00 0 d--h----- C:\Documents and Settings\Bruce Carlisle\Templates
2008-06-22 04:18:00 0 dr------- C:\Documents and Settings\Bruce Carlisle\Start Menu
2008-06-22 04:18:00 0 dr-h----- C:\Documents and Settings\Bruce Carlisle\SendTo
2008-06-22 04:18:00 0 dr-h----- C:\Documents and Settings\Bruce Carlisle\Recent
2008-06-22 04:18:00 0 d--h----- C:\Documents and Settings\Bruce Carlisle\PrintHood
2008-06-22 04:18:00 1572864 --a------ C:\Documents and Settings\Bruce Carlisle\NTUSER.DAT
2008-06-22 04:18:00 0 d--h----- C:\Documents and Settings\Bruce Carlisle\NetHood
2008-06-22 04:18:00 0 dr------- C:\Documents and Settings\Bruce Carlisle\My Documents
2008-06-22 04:18:00 0 d--h----- C:\Documents and Settings\Bruce Carlisle\Local Settings
2008-06-22 04:18:00 0 dr------- C:\Documents and Settings\Bruce Carlisle\Favorites
2008-06-22 04:18:00 0 d-------- C:\Documents and Settings\Bruce Carlisle\Desktop
2008-06-22 04:18:00 0 d--hs---- C:\Documents and Settings\Bruce Carlisle\Cookies
2008-06-22 04:18:00 0 dr-h----- C:\Documents and Settings\Bruce Carlisle\Application Data
2008-06-22 04:18:00 0 d---s---- C:\Documents and Settings\Bruce Carlisle\Application Data\Microsoft
2008-06-22 04:16:34 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-06-22 04:16:04 0 d-------- C:\WINDOWS\SHELLNEW
2008-06-22 04:15:19 0 dr-h----- C:\MSOCache
2008-06-22 04:13:49 0 d-------- C:\Program Files\DAEMON Tools
2008-06-22 04:11:37 682232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-06-22 04:01:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-22 03:47:03 3548 --a------ C:\WINDOWS\system32\WINFLASH.SYS
2008-06-22 03:47:03 6528 --a------ C:\WINDOWS\system32\nvoclock.sys <Not Verified; NVidia Corp.; NVidia System Utility Driver>
2008-06-22 03:47:03 23612 --a------ C:\WINDOWS\system32\FlashMenu.sys
2008-06-22 03:47:03 3548 --a------ C:\WINDOWS\system32\drivers\WINFLASH.SYS
2008-06-22 03:47:03 10752 --a------ C:\WINDOWS\system32\drivers\uGuru.SYS <Not Verified; ABIT Computer Corporation; uGuru V2.0 device driver>
2008-06-22 03:47:03 4608 --a------ C:\WINDOWS\system32\drivers\ProcObsrv.sys <Not Verified; ABIT Computer Corp.; ProcObsrv>
2008-06-22 03:47:03 6528 --a------ C:\WINDOWS\system32\drivers\nvoclock.sys <Not Verified; NVidia Corp.; NVidia System Utility Driver>
2008-06-22 03:47:03 4047 --a------ C:\WINDOWS\system32\drivers\MEMCTL.SYS
2008-06-22 03:47:03 5018 --a------ C:\WINDOWS\system32\drivers\HWIOCTL.SYS
2008-06-22 03:47:03 5960 --a------ C:\WINDOWS\system32\drivers\HWDRV.SYS
2008-06-22 03:47:03 1466368 --a------ C:\WINDOWS\system32\drivers\FlashMenuCHS.dll <Not Verified; ABIT Computer Corporation; FlashMenuCHS Dynamic Link Library>
2008-06-22 03:47:03 2721 --a------ C:\WINDOWS\system32\drivers\AMINTSYS.SYS
2008-06-22 03:47:03 0 d-------- C:\Program Files\ABIT
2008-06-22 03:46:29 0 d-------- C:\Program Files\AMD
2008-06-22 03:42:44 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-06-22 03:39:29 0 d-------- C:\temp
2008-06-22 03:39:26 22 --a------ C:\WINDOWS\FileName
2008-06-22 03:39:21 0 d-------- C:\Program Files\NVIDIA Corporation
2008-06-22 03:39:07 0 d-------- C:\Program Files\Windows Media Connect 2
2008-06-22 03:37:51 0 d-------- C:\WINDOWS\system32\LogFiles
2008-06-22 03:37:51 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-06-22 03:36:58 86016 --a------ C:\WINDOWS\system32\cttele.dll <Not Verified; Creative Technology Ltd; Creative Common Proxy Stud>
2008-06-22 03:36:47 0 d-------- C:\Documents and Settings\Greg Carlisle\Application Data\Creative
2008-06-22 03:36:29 0 d-------- C:\WINDOWS\system32\data
2008-06-22 03:33:43 0 d-------- C:\WINDOWS\system32\URTTemp
2008-06-22 03:25:29 0 d-------- C:\Documents and Settings\LocalService\Application Data\Logitech
2008-06-22 03:25:17 47104 --a------ C:\WINDOWS\system32\drivers\vserial.sys <Not Verified; ELTIMA Software; ELTIMA Virtual Serial Ports>
2008-06-22 03:25:17 18167 --a------ C:\WINDOWS\system32\drivers\vsb.sys <Not Verified; ELTIMA Software; ELTIMA Virtual Serial Bus>
2008-06-22 03:24:02 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-22 03:24:00 0 d-------- C:\Documents and Settings\Greg Carlisle\Application Data\Mozilla
2008-06-22 03:20:10 0 d-------- C:\Documents and Settings\Greg Carlisle\Application Data\Logitech
2008-06-22 03:20:10 0 d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-06-22 03:17:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-06-22 03:17:09 0 d-------- C:\Program Files\Common Files\Logishrd
2008-06-22 03:17:08 0 d-------- C:\Program Files\Logitech
2008-06-22 03:17:08 0 d-------- C:\Documents and Settings\Greg Carlisle\Application Data\InstallShield
2008-06-22 03:14:31 0 d-------- C:\WINDOWS\Prefetch
2008-06-22 03:10:46 0 d-------- C:\Documents and Settings\Greg Carlisle\Application Data\vlc
2008-06-22 03:10:23 0 d-------- C:\Program Files\VideoLAN
2008-06-22 03:09:02 0 d-------- C:\WINDOWS\system32\scripting
2008-06-22 03:09:02 0 d-------- C:\WINDOWS\l2schemas
2008-06-22 03:09:01 0 d-------- C:\WINDOWS\system32\en
2008-06-22 03:09:01 0 d-------- C:\WINDOWS\system32\bits
2008-06-22 03:07:55 0 d-------- C:\Program Files\BrigSoft
2008-06-22 03:07:29 0 d-------- C:\WINDOWS\ServicePackFiles
2008-06-22 03:07:29 0 d-------- C:\Program Files\Mp3TagToolsv12
2008-06-22 03:06:22 0 d-------- C:\Documents and Settings\Greg Carlisle\Application Data\WinRAR
2008-06-22 03:05:23 0 d-------- C:\WINDOWS\network diagnostic
2008-06-22 03:04:01 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-06-22 03:02:49 0 d-------- C:\Program Files\FlashGet
2008-06-22 02:54:54 520192 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2008-06-22 02:51:13 0 d-------- C:\Program Files\Common Files\ATI
2008-06-22 02:51:11 0 d-------- C:\Program Files\ATI Multimedia
2008-06-22 02:50:47 0 d-------- C:\WINDOWS\Downloaded Installations
2008-06-22 02:49:27 0 d-------- C:\Program Files\Common Files\ATI Technologies
2008-06-22 02:49:20 0 d-------- C:\Program Files\ATI Technologies
2008-06-22 02:48:47 0 d-------- C:\Program Files\TitanTV
2008-06-22 02:48:38 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-22 02:48:35 0 d-------- C:\Program Files\msaccrt
2008-06-22 02:48:23 0 d-------- C:\WINDOWS\system32\windows media
2008-06-22 02:48:16 0 d-------- C:\WINDOWS\RegisteredPackages
2008-06-22 02:48:16 0 d--h----- C:\WINDOWS\msdownld.tmp
2008-06-22 02:48:14 0 d-------- C:\Program Files\Windows Media Components
2008-06-22 02:46:07 0 d-------- C:\Program Files\Common Files\InstallShield
2008-06-22 02:45:51 0 d-------- C:\ATI
2008-06-22 02:38:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-06-22 02:38:20 0 d-------- C:\WINDOWS\system32\PreInstall
2008-06-22 02:35:10 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-06-22 02:35:08 0 d--hs---- C:\Documents and Settings\Greg Carlisle\UserData
2008-06-22 02:27:36 0 d-------- C:\Documents and Settings\Greg Carlisle\Application Data\Adobe
2008-06-22 02:27:34 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-06-22 02:27:30 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-06-22 02:24:24 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-22 02:24:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-06-22 02:17:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
2008-06-22 02:09:04 0 d-------- C:\Documents and Settings\Greg Carlisle\Application Data\Identities
2008-06-22 02:08:47 0 d--h----- C:\Documents and Settings\Greg Carlisle\Templates
2008-06-22 02:08:47 0 dr------- C:\Documents and Settings\Greg Carlisle\Start Menu
2008-06-22 02:08:47 0 dr-h----- C:\Documents and Settings\Greg Carlisle\SendTo
2008-06-22 02:08:47 0 dr-h----- C:\Documents and Settings\Greg Carlisle\Recent
2008-06-22 02:08:47 0 d--h----- C:\Documents and Settings\Greg Carlisle\PrintHood
2008-06-22 02:08:47 2621440 --ah----- C:\Documents and Settings\Greg Carlisle\NTUSER.DAT
2008-06-22 02:08:47 0 d--h----- C:\Documents and Settings\Greg Carlisle\NetHood
2008-06-22 02:08:47 0 dr------- C:\Documents and Settings\Greg Carlisle\My Documents
2008-06-22 02:08:47 0 d--h----- C:\Documents and Settings\Greg Carlisle\Local Settings
2008-06-22 02:08:47 0 dr------- C:\Documents and Settings\Greg Carlisle\Favorites
2008-06-22 02:08:47 0 d-------- C:\Documents and Settings\Greg Carlisle\Desktop
2008-06-22 02:08:47 0 d--hs---- C:\Documents and Settings\Greg Carlisle\Cookies
2008-06-22 02:08:47 0 dr-h----- C:\Documents and Settings\Greg Carlisle\Application Data
2008-06-22 02:07:49 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-06-22 02:07:48 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-06-22 02:07:47 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-06-22 02:07:47 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-06-22 02:07:47 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2008-06-22 02:07:47 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-06-22 02:07:47 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-06-22 02:07:36 262144 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-06-22 02:07:36 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-06-22 02:07:36 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies
2008-06-22 02:07:36 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-06-22 02:07:36 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-06-22 02:05:21 0 d-------- C:\WINDOWS\system32\xircom
2008-06-22 02:05:21 0 d-------- C:\Program Files\microsoft frontpage
2008-06-22 02:05:13 262144 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-06-22 02:05:05 0 d--h----- C:\WINDOWS\$hf_mig$
2008-06-22 02:04:54 0 -rahs---- C:\MSDOS.SYS
2008-06-22 02:04:54 0 -rahs---- C:\IO.SYS
2008-06-22 02:04:54 0 --a------ C:\CONFIG.SYS
2008-06-22 02:04:54 0 --a------ C:\AUTOEXEC.BAT
2008-06-22 02:04:12 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-06-22 02:04:05 0 dr------- C:\WINDOWS\Offline Web Pages
2008-06-22 02:04:04 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-06-22 02:03:41 0 d-------- C:\WINDOWS\system32\DirectX
2008-06-22 02:03:18 0 d---s---- C:\WINDOWS\Tasks
2008-06-22 02:03:18 0 d-------- C:\Program Files\Common Files\MSSoap
2008-06-22 02:03:15 0 d-------- C:\WINDOWS\system32\Macromed
2008-06-22 02:03:15 0 d-------- C:\WINDOWS\srchasst
2008-06-22 02:03:09 0 d-------- C:\Program Files\Movie Maker
2008-06-22 02:03:04 0 d-------- C:\WINDOWS\system32\Restore
2008-06-22 02:02:38 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-06-22 02:02:25 0 d-------- C:\WINDOWS\Registration
2008-06-22 02:02:19 0 d-------- C:\Program Files\Online Services
2008-06-22 02:02:15 0 d-------- C:\Program Files\Messenger
2008-06-22 02:02:12 0 d-------- C:\Program Files\MSN Gaming Zone
2008-06-22 02:01:46 0 d-------- C:\Program Files\Windows NT
2008-06-22 02:01:44 0 d-------- C:\WINDOWS\system32\MsDtc
2008-06-22 02:01:43 0 d-------- C:\WINDOWS\system32\Com
2008-06-21 20:55:47 0 d--hs---- C:\WINDOWS\Installer
2008-06-21 20:55:45 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-06-21 20:55:43 0 dr------- C:\Program Files
2008-06-21 20:55:43 0 d-------- C:\Program Files\Common Files
2008-06-21 20:55:23 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-06-21 20:55:23 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-06-21 20:55:23 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-06-21 20:55:23 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-06-21 20:55:23 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-06-21 20:55:23 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-06-21 20:55:23 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-06-21 20:55:23 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-06-21 20:55:23 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-06-21 20:55:23 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-06-21 20:55:23 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-06-21 20:55:23 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-06-21 20:55:23 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-06-21 20:55:23 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-06-21 20:55:23 0 dr------- C:\Documents and Settings\All Users\Documents
2008-06-21 20:55:23 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-06-21 20:53:34 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-06-21 20:53:34 0 d-------- C:\WINDOWS\system32\CatRoot
2008-06-21 20:53:28 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-06-21 20:53:28 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-06-21 20:53:28 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-06-21 20:53:28 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-06-21 20:53:11 0 d--hs---- C:\System Volume Information
2008-06-21 20:53:11 0 d-------- C:\Documents and Settings
2008-06-21 20:47:45 0 d-------- C:\WINDOWS
2008-06-21 20:47:45 0 d-------- C:\WINDOWS\WinSxS
2008-06-21 20:47:45 0 dr------- C:\WINDOWS\Web
2008-06-21 20:47:45 0 d-------- C:\WINDOWS\twain_32
2008-06-21 20:47:45 0 d-------- C:\WINDOWS\system32
2008-06-21 20:47:45 0 d-------- C:\WINDOWS\system32\wins
2008-06-21 20:47:45 0 d-------- C:\WINDOWS\system32\wbem
2008-06-21 20:47:45 0 d-------- C:\WINDOWS\system32\usmt
2008-06-21 20:47:45 0 d-------- C:\WINDOWS\system32\spool
2008-06-21 20:47:45 0 d-------- C:\WINDOWS\system32\ShellExt
2008-06-21 20:47:45 0 d-------- C:\WINDOWS\system32\Setup
2008-06-21 20:47:45 0 d-------- C:\WINDOWS\system32\ras
2008-06-21 20:47:45 0 d-------- C:\WINDOWS\system32\oobe
2008-06-21 20:47:45 0 d-------- C:\WINDOWS\system32\npp
2008-06-21 20:47:45 0 d-------- C:\WINDOWS\system32\mui
2008-06-21 20:47:45 0 d-------- C:\WINDOWS\system32\inetsrv
2008-06-21 20:47:45 0 d-------- C:\WINDOWS\system32\IME
2008-06-21 20:47:45 0 d-------- C:\WINDOWS\system32\icsxml
2008-06-21 20:47:45 0 d-------- C:\WINDOWS\system32\ias
2008-06-21 20:47:45 0 d-------- C:\WINDOWS\system32\export
2008-06-21 20:47:45 0 d-------- C:\WINDOWS\system32\drivers
2008-06-21 20:47:45 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-06-21 20:47:45 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-06-21 20:47:45 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-06-21 20:47:45 0 d-------- C:\WINDOWS\system32\dhcp
2008-06-21 20:47:45 0 d-------- C:\WINDOWS\system32\config
2008-06-21 20:47:45 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-06-21 20:47:45 0 d-------- C:\WINDOWS\system32\3076
2008-06-21 20:47:45 0 d-------- C:\WINDOWS\system32\2052
2008-06-21 20:47:45 0 d-------- C:\WINDOWS\system32\1054
2008-06-21 20:47:45 0 d-------- C:\WINDOWS\system32\1042
2008-06-21 20:47:45 0 d-------- C:\WINDOWS\system32\1041
2008-06-21 20:47:45 0 d-------- C:\WINDOWS\system32\1037
2008-06-21 20:47:45 0 d-------- C:\WINDOWS\system32\1033
2008-06-21 20:47:45 0 d-------- C:\WINDOWS\system32\1031
2008-06-21 20:47:45 0 d-------- C:\WINDOWS\system32\1028
2008-06-21 20:47:45 0 d-------- C:\WINDOWS\system32\1025
2008-06-21 20:47:45 0 d-------- C:\WINDOWS\system
2008-06-21 20:47:45 0 d-------- C:\WINDOWS\security
2008-06-21 20:47:45 0 d-------- C:\WINDOWS\Resources
2008-06-21 20:47:45 0 d-------- C:\WINDOWS\repair
2008-06-21 20:47:45 0 d-------- C:\WINDOWS\Provisioning
2008-06-21 20:47:45 0 d-------- C:\WINDOWS\PeerNet
2008-06-21 20:47:45 0 d-------- C:\WINDOWS\pchealth
2008-06-21 20:47:45 0 d-------- C:\WINDOWS\mui
2008-06-21 20:47:45 0 d-------- C:\WINDOWS\msapps
2008-06-21 20:47:45 0 d-------- C:\WINDOWS\msagent
2008-06-21 20:47:45 0 d-------- C:\WINDOWS\Media
2008-06-21 20:47:45 0 d-------- C:\WINDOWS\java
2008-06-21 20:47:45 0 d--h----- C:\WINDOWS\inf
2008-06-21 20:47:45 0 d-------- C:\WINDOWS\ime
2008-06-21 20:47:45 0 d-------- C:\WINDOWS\Help
2008-06-21 20:47:45 0 dr--s---- C:\WINDOWS\Fonts
2008-06-21 20:47:45 0 d-------- C:\WINDOWS\ehome
2008-06-21 20:47:45 0 d-------- C:\WINDOWS\Driver Cache
2008-06-21 20:47:45 0 d-------- C:\WINDOWS\Debug
2008-06-21 20:47:45 0 d-------- C:\WINDOWS\Cursors
2008-06-21 20:47:45 0 d-------- C:\WINDOWS\Connection Wizard
2008-06-21 20:47:45 0 d-------- C:\WINDOWS\Config
2008-06-21 20:47:45 0 d-------- C:\WINDOWS\AppPatch
2008-06-21 20:47:45 0 d-------- C:\WINDOWS\addins


-- Find3M Report ---------------------------------------------------------------

2008-06-21 20:55:23 62 --ahs---- C:\Documents and Settings\Greg Carlisle\Application Data\desktop.ini
2008-05-07 01:07:00 7481359 --a------ C:\WINDOWS\system32\AppSetup.exe <Not Verified; Creative Technology Ltd; Creative Self-Extracting>
2008-05-05 13:33:22 11776 --a------ C:\WINDOWS\system32\ac3api.dll <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-05-05 13:33:02 8704 --a------ C:\WINDOWS\system32\ctagent.dll <Not Verified; Creative Technology Ltd; ctagent>
2008-05-05 13:32:54 9216 --a------ C:\WINDOWS\CTPRES.DLL <Not Verified; Creative Technology Ltd; CtPanel Resource>
2008-04-30 16:55:10 585326 --a------ C:\WINDOWS\system32\APOIM32.exe <Not Verified; Creative Technology Ltd; Creative Audio Processing Object Interface Module>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3496EC68-424A-42AF-AFC4-EDB5BFFA15E1}]
C:\WINDOWS\system32\ssqRJyXQ.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BE7E4CE1-8CBA-44A6-956F-462A667D3286}]
C:\WINDOWS\system32\ssqPijiJ.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d5eb8460-c98e-41ee-8552-f001ad31cf16}]
06/24/2008 07:54 PM 99840 --a------ C:\WINDOWS\system32\gdnrrlak.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [05/10/2007 10:46 PM]
"@"="" []
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [11/10/2006 12:35 PM]
"Flashget"="C:\Program Files\FlashGet\FlashGet.exe" [09/25/2007 03:10 AM]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [09/21/2007 03:10 AM C:\WINDOWS\KHALMNPR.Exe]
"Bluetooth Connection Assistant"="LBTWIZ.exe" []
"BluetoothAuthenticationAgent"="bthprops.cpl" [04/13/2008 07:12 PM C:\WINDOWS\system32\bthprops.cpl]
"Easy Synchronization"="C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe" [11/29/2004 11:55 AM]
"Easy Messaging"="C:\Program Files\Logitech\Easy Messaging\LogitechEasyMsg.exe" [11/29/2004 11:52 AM]
"CTxfiHlp"="CTXFIHLP.EXE" [04/09/2007 12:32 PM C:\WINDOWS\system32\Ctxfihlp.exe]
"nTrayFw"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [04/29/2005 06:22 PM]
"GuruClock"="C:\Program Files\ABIT\ABIT uGuru\GuruClock.exe" [10/06/2004 02:15 PM]
"ABIT uGuru"="C:\Program Files\ABIT\ABIT uGuru\uGuru.exe" [01/11/2005 04:21 PM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [08/24/2007 07:00 AM]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [03/19/2002 05:30 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [05/27/2008 10:50 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [06/02/2008 11:13 AM]
"CTHelper"="CTHELPER.EXE" [08/11/2006 02:56 PM C:\WINDOWS\CTHELPER.EXE]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [06/25/2008 09:57 AM]
"0cf44157"="C:\WINDOWS\system32\iuijebnb.dll" [06/24/2008 07:57 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]
"BM0fc772cb"="C:\WINDOWS\system32\nfpkslix.dll" [06/24/2008 07:51 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"ATI Launchpad"="" []
"ATI DeviceDetect"="C:\Program Files\ATI Multimedia\main\ATIDtct.EXE" [10/31/2006 09:24 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 07:12 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"Easy Synchronization"=C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe --ports

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [6/22/2008 3:26:56 AM]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [6/22/2008 3:17:16 AM]
PC Atomic Sync.lnk - C:\Program Files\BrigSoft\BSAtomic\BSAtomic.exe [6/22/2008 3:07:55 AM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{FE24CD78-7C63-465D-8787-4EDF7FC79895}"= C:\Program Files\Logitech\Easy Synchronization\shellexecutehook.dll [11/29/2004 11:55 AM 69632]
"{BE7E4CE1-8CBA-44A6-956F-462A667D3286}"= C:\WINDOWS\system32\ssqPijiJ.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll 11/15/2007 10:10 AM 72208 c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqPijiJ]
ssqPijiJ.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=gpaxiavp.dll,avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ssqRJyXQ

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc
bthsvcs BthServ

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{84641e74-422c-11dd-9d73-0018f80d8f88}]
AutoRun\command- I:\Help!.exe
open\command- I:\Help!.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F8B9E5C0-4DCC-CFCF-ABA5-00401D608516}]
C:\DOCUME~1\GREGCA~1\LOCALS~1\Temp\IXP000.TMP\server.exe



-- End of Deckard's System Scanner: finished at 2008-06-26 00:22:20 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: AMD Athlon(tm) 64 X2 Dual Core Processor 4400+
Percentage of Memory in Use: 37%
Physical Memory (total/avail): 2047.48 MiB / 1281.77 MiB
Pagefile Memory (total/avail): 3939.87 MiB / 3138.28 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1869.18 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 298.08 GiB total, 244.66 GiB free.
D: is Fixed (NTFS) - 74.53 GiB total, 58.8 GiB free.
E: is Fixed (NTFS) - 74.52 GiB total, 74.42 GiB free.
F: is Fixed (NTFS) - 229.66 GiB total, 217.39 GiB free.
G: is Fixed (NTFS) - 931.51 GiB total, 206.41 GiB free.
H: is Fixed (NTFS) - 232.88 GiB total, 228.85 GiB free.
I: is Removable (FAT)
K: is CDROM (No Media)

\\.\PHYSICALDRIVE3 - SAMSUNG SP2504C - 232.83 GiB - 3 partitions
\PARTITION0 - Unknown - 47.03 MiB
\PARTITION1 (bootable) - Installable File System - 229.66 GiB - F:
\PARTITION2 - Unknown - 3.12 GiB

\\.\PHYSICALDRIVE4 - ST380011A - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.53 GiB - D:

\\.\PHYSICALDRIVE2 - WDC WD10EACS-00ZJB0 - 931.51 GiB - 1 partition
\PARTITION0 - Installable File System - 931.51 GiB - G:

\\.\PHYSICALDRIVE0 - WDC WD2500JB-00FUA0 - 232.88 GiB - 1 partition
\PARTITION0 - Installable File System - 232.88 GiB - H:

\\.\PHYSICALDRIVE1 - WDC WD3200YS-01PGB0 - 298.09 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 298.08 GiB - C:

\\.\PHYSICALDRIVE5 - WDC WD800JB-00CRA1 - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.52 GiB - E:

\\.\PHYSICALDRIVE6 - Imation Flash Drive USB Device - 1011.91 MiB - 1 partition
\PARTITION0 - MS-DOS V4 Huge - 1013.88 MiB - I:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Greg Carlisle\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=C73134QCOEA03
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=NYC
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Greg Carlisle
LOGONSERVER=\\NYC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 35 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2302
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=RDP-Tcp#1
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\GREGCA~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\GREGCA~1\LOCALS~1\Temp
USERDOMAIN=NYC
USERNAME=Greg Carlisle
USERPROFILE=C:\Documents and Settings\Greg Carlisle
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Greg Carlisle (admin)
Bruce Carlisle
Annette Carlisle (new local, admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
ABIT uGuru --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF8500E6-EA0D-11D7-8755-0080C8F92A32}\Setup.exe" -l0x9
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 8.1.0 Professional --> msiexec /I {AC76BA86-1033-F400-7760-000000000003}
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Alt-Tab Task Switcher Powertoy for Windows XP --> MsiExec.exe /I{A7050037-F0EA-4BAB-BCD5-FC05507D6147}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Athlon 64 Processor Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI Multimedia Center 9.16 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{3CBA0E30-6F54-47EF-910E-1D4D450AFE45}
ATI Parental Control & Encoder --> MsiExec.exe /I{36CDA33B-909B-4719-97D1-C4B99309BDC7}
AVG 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
AVIVO Codecs --> MsiExec.exe /X{C941F1F1-25B3-4DF5-83E6-888C51A1AAB6}
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Calculator Powertoy for Windows XP --> MsiExec.exe /I{B37C842A-B624-46B8-A727-654E72F1C91A}
Canon S330 --> C:\WINDOWS\system32\CNMCP45.EXE -@C:\WINDOWS\IsUninst.exe -f"C:\BJPrinter\CNMWINDOWS\Canon S330 Installer\Inst\DeIsL1.isu" -pCanon S330-c"C:\BJPrinter\CNMWINDOWS\Canon S330 Installer\Inst\bjinst.dll
CDDRV_Installer --> MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
ClearType Tuning Control Panel Applet --> MsiExec.exe /I{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}
CmdHere Powertoy For Windows XP --> MsiExec.exe /I{6855CCDD-BDF9-48E4-B80A-80DFB96FE36C}
Creative Audio Console --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x9 /remove
DAO --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}
EVEREST Ultimate Edition v4.50 --> "C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"
FlashGet 1.9.6.1073 --> C:\Program Files\FlashGet\uninst.exe
FlashMenu --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0555CC40-C007-11D4-B257-0050BAA96AA5}\Setup.exe" -l0x9
HijackThis 2.0.2 --> "C:\Documents and Settings\Greg Carlisle\Desktop\HijackThis.exe" /uninstall
HTML Slideshow Powertoy for Windows XP --> MsiExec.exe /I{4E475FD4-4513-4B1D-8DDA-43912B068C99}
Image Resizer Powertoy for Windows XP --> MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29}
iTunes --> MsiExec.exe /I{9F70BF98-003C-491D-81FC-FF9792206AF0}
Java(TM) 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
KhalInstallWrapper --> MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe" -l0x9 UNINSTALL
Logitech SetPoint --> C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0009 -removeonly
Microsoft Color Control Panel Applet for Windows XP --> MsiExec.exe /X{CE378F36-E404-4244-A33F-F50A2A6D31BD}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mobile Phone Suite Easy Messaging --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{36C91F9F-292E-4395-83B6-13B3C61FE93E}\setup.exe" -l0x9
Mobile Phone Suite Easy Synchronization --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC134D03-97F1-45B9-B32A-52E885AFA895}\setup.exe" -l0x9
Mozilla Firefox (3.0) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mp3 Tag Tools v1.2 --> "C:\Program Files\Mp3TagToolsv12\uninstall.exe"
NVIDIA Drivers --> C:\WINDOWS\system32\NVUNINST.EXE UninstallGUI
NVIDIA ForceWare Network Access Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{1F6423DE-7959-4178-80E0-023C7EAA5347} /l1033
PC Atomic Sync v 4.0.0 --> "C:\Program Files\BrigSoft\BSAtomic\unins000.exe"
QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
TitanTV Client components for ATI --> MsiExec.exe /I{A3DD7BA6-37A6-4245-A167-B3AA137B2157}
Tweak UI --> "C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
Unlocker 1.8.7 --> C:\Program Files\Unlocker\uninst.exe
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb950378) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F6296086-AED5-4EC0-938B-08EA0254F20E}
VideoLAN VLC media player 0.8.6h --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type496 / Error
Event Submitted/Written: 06/24/2008 10:31:29 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application WINWORD.EXE, version 12.0.6308.5000, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type495 / Error
Event Submitted/Written: 06/24/2008 10:31:17 AM
Event ID/Source: 5000 / Microsoft Office 12
Event Description:
EventType officelifeboathang, P1 winword.exe, P2 12.0.6308.5000, P3 ntdll.dll, P4 5.1.2600.5512, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 officelifeboathang0, P10 officelifeboathang1.

Event Record #/Type494 / Error
Event Submitted/Written: 06/24/2008 10:25:59 AM
Event ID/Source: 5000 / Microsoft Office 12
Event Description:
EventType officelifeboathang, P1 winword.exe, P2 12.0.6308.5000, P3 ntdll.dll, P4 5.1.2600.5512, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 officelifeboathang0, P10 officelifeboathang1.

Event Record #/Type321 / Error
Event Submitted/Written: 06/22/2008 06:49:57 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application atimmc.exe, version 9.16.0.1, faulting module unknown, version 0.0.0.0, fault address 0x018c5200.
Processing media-specific event for [atimmc.exe!ws!]

Event Record #/Type269 / Error
Event Submitted/Written: 06/22/2008 04:50:34 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.
Processing media-specific event for [drwtsn32.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type1664 / Error
Event Submitted/Written: 06/24/2008 07:05:46 PM
Event ID/Source: 10016 / DCOM
Event Description:
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission can be modified using the Component Services administrative tool.

Event Record #/Type1663 / Error
Event Submitted/Written: 06/24/2008 06:46:16 PM
Event ID/Source: 10016 / DCOM
Event Description:
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission can be modified using the Component Services administrative tool.

Event Record #/Type1662 / Error
Event Submitted/Written: 06/24/2008 06:26:46 PM
Event ID/Source: 10016 / DCOM
Event Description:
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission can be modified using the Component Services administrative tool.

Event Record #/Type1661 / Error
Event Submitted/Written: 06/24/2008 06:07:16 PM
Event ID/Source: 10016 / DCOM
Event Description:
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission can be modified using the Component Services administrative tool.

Event Record #/Type1654 / Error
Event Submitted/Written: 06/24/2008 05:47:46 PM
Event ID/Source: 10016 / DCOM
Event Description:
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission can be modified using the Component Services administrative tool.



-- End of Deckard's System Scanner: finished at 2008-06-26 00:22:20 ------------
sicksix
Active Member
 
Posts: 2
Joined: June 26th, 2008, 12:39 am
Advertisement
Register to Remove

Re: Popup's & Inability to Visit Certain Sites - HIJACK THIS LOG

Unread postby sicksix » June 26th, 2008, 8:18 pm

Anyone please help?!
sicksix
Active Member
 
Posts: 2
Joined: June 26th, 2008, 12:39 am

Re: Popup's & Inability to Visit Certain Sites - HIJACK THIS LOG

Unread postby Scotty » June 28th, 2008, 2:43 pm

Hi! Welcome to the MWR forums.
My name is Scotty. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research.

Please be patient as my posts to you have to be checked before I reply, so they make take longer.
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland

Re: Popup's & Inability to Visit Certain Sites - HIJACK THIS LOG

Unread postby Scotty » June 29th, 2008, 10:51 am

Hi

OTMoveIt2 -

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code: Select all
    C:\WINDOWS\system32\iuijebnb.dll
    C:\WINDOWS\system32\gdnrrlak.dll
    C:\WINDOWS\system32\nfpkslix.dll
    C:\WINDOWS\system32\vinyojtf.dll
    C:\WINDOWS\system32\QXyJRqss.ini2
    C:\DOCUME~1\GREGCA~1\LOCALS~1\Temp\IXP000.TMP\server.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3496EC68-424A-42AF-AFC4-EDB5BFFA15E1}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BE7E4CE1-8CBA-44A6-956F-462A667D3286}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d5eb8460-c98e-41ee-8552-f001ad31cf16}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\0cf44157
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\BM0fc772cb
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{BE7E4CE1-8CBA-44A6-956F-462A667D3286}
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqPijiJ
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F8B9E5C0-4DCC-CFCF-ABA5-00401D608516}
    

  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


Warning.Please note that this fix is specific for this poster and should not be used by anyone else:

1. Before we make changes to your registry, we need to make a back up.

Backup Your Registry with ERUNT
  • Download ERUNT to your Desktop (right-click the link, select Save Target As..., select your Desktop and press Save)
  • Right-click erunt.zip, choose Extract All... and follow the prompts to unzip the program
  • Open the erunt folder on your Desktop and double-click ERUNT.exe to start the program
  • OK all the prompts to back up your registry to the default location.

    Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe

    2. Please do this:

    • Copy the contents of the Code Box below to Notepad.
    • Name the file as fix.reg
    • Change the Save as Type to All Files
    • and Save it on the desktop

Code: Select all
REGEDIT4 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00 



Make sure there are NO blank lines before REGEDIT4

Then double-click on the fix.reg file, and when it prompts to merge say yes.

Now reboot the computer.


Please go to Virus Total or Jotti and upload C:\WINDOWS\system32\gpaxiavp.dll for scanning.

For Virus Total

  1. Please copy and paste C:\WINDOWS\system32\gpaxiavp.dll in the text box next to the Browse button.
  2. Click on Send File.

For Jotti

  1. Please copy and paste C:\WINDOWS\system32\gpaxiavp.dll in the text box next to the Browse button.
  2. Click on Submit.

Post back with the Jotti/VirusTotal results, OTMoveIt log and a new Deckards System Scanner (DSS) log, please.
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland

Re: Popup's & Inability to Visit Certain Sites - HIJACK THIS LOG

Unread postby Scotty » July 4th, 2008, 12:25 pm

Hows it going here?
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland

Re: Popup's & Inability to Visit Certain Sites - HIJACK THIS LOG

Unread postby Simon V. » July 7th, 2008, 1:58 pm

Due to lack of response this topic is now closed.

If you still need help open a new thread in the Malware Removal forum and wait for a new helper.

If you have been helped and wish to donate to help with the costs of this volunteer site, please read Donations For Malware Removal
User avatar
Simon V.
MRU Emeritus
MRU Emeritus
 
Posts: 3388
Joined: November 11th, 2006, 3:35 pm
Location: Antwerp, Belgium
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: pgmigg and 44 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware