Here's the old extra.txt file
I found it at this location
C:\Deckard\System Scanner\20070827075659
Deckard's System Scanner v20070826.66
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft® Windows Vista™ Business (build 6000)
Architecture: X86; Language: English
CPU 0: AMD Turion(tm) 64 X2 Mobile Technology TL-52
Percentage of Memory in Use: 68%
Physical Memory (total/avail): 958 MiB / 300 MiB
Pagefile Memory (total/avail): 2170.7 MiB / 1373.43 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1930.79 MiB
C: is Fixed (NTFS) - 68.14 GiB total, 33.41 GiB free.
D: is Fixed (NTFS) - 6.39 GiB total, 0.72 GiB free.
E: is CDROM (CDFS)
F: is Removable (FAT32)
G: is CDROM (CDFS)
\\.\PHYSICALDRIVE0 - Hitachi HTS541680J9S SCSI Disk Device - 74.53 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 68.14 GiB - C:
\PARTITION1 - Installable File System - 6.39 GiB - D:
\\.\PHYSICALDRIVE1 - SanDisk U3 Cruzer Micro USB Device - 3.81 GiB - 1 partition
\PARTITION0 - Unknown - 3.81 GiB - F:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.
AV: AVG 7.5.484 v7.5.484 (GRISOFT)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
AS: Spy Sweeper v5.5.7.48 (Webroot Software Inc)
Disabled
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\kc\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=KC-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HKCU_S=\REGISTRY\CUSER\Software
HKLM_S=\REGISTRY\MACHINE\Software
HOMEDRIVE=C:
HOMEPATH=\Users\kc
LOCALAPPDATA=C:\Users\kc\AppData\Local
LOGONSERVER=\\KC-PC
NUMBER_OF_PROCESSORS=2
OnlineServices=Online Services
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PCBRAND=Pavilion
PLATFORM=MCD
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 72 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4802
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\kc\AppData\Local\Temp
TMP=C:\Users\kc\AppData\Local\Temp
USERDOMAIN=KC-PC
USERNAME=kc
USERPROFILE=C:\Users\kc
windir=C:\Windows
-- User Profiles ---------------------------------------------------------------
kc
(admin)
-- Add/Remove Programs ---------------------------------------------------------
Activation Assistant for the 2007 Microsoft Office suites --> "C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Acrobat 4.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.dll"
Adobe Flash Player 9 ActiveX --> C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}
ASIO4ALL --> C:\Program Files\ASIO4ALL v2\uninstall.exe
ASL_HS_Installer32 --> MsiExec.exe /I{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
Collab --> C:\Program Files\Image-Line\Collab\uninstall.exe
Conexant HD Audio --> C:\Program Files\CONEXANT\CNXT_HDAUDIO\HUFSetup.EXE -U -IwisR30B7.inf
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
FL Studio 7 --> C:\Program Files\FL Studio 7\uninstall.exe
G-Force --> C:\Program Files\SoundSpectrum\G-Force\Uninstall.exe
Hewlett-Packard Active Check --> MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent --> MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Active Support Library --> C:\Program Files\InstallShield Installation Information\{21E62565-8639-457C-B64C-A3FF0A8B4D80}\setup.exe -runfromtemp -l0x0409
HP Connections (remove only) --> C:\Windows\HPCPCUninstall-6811507\HPBWSetup.exe -appid 6811507 -uninstall
HP Customer Experience Enhancements --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly
HP Easy Setup - Core --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}\setup.exe" -l0x9
HP Easy Setup - Frontend --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly
HP Help and Support --> MsiExec.exe /I{E4DDBA93-769B-49D8-BA33-8814E45ED0C1}
HP Quick Launch Buttons 6.10 B9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe" -l0x9 uninst
HP QuickPlay 3.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HP User Guide 0041 --> MsiExec.exe /I{ABFBC596-7EB3-4E4D-A1A3-D2B6806EF1FE}
HP Wireless Assistant --> MsiExec.exe /I{02F33FB0-F7D5-4C0A-B4AD-8CE5CE230BBE}
HPNetworkAssistant --> MsiExec.exe /I{228C6B46-64E2-404E-898A-EF0830603EF4}
IL Download Manager --> C:\Program Files\Image-Line\Downloader\uninstall.exe
iTunes --> MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4}
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Memorex exPressit Label Design Studio --> C:\Windows\mvuninst\App1\mvuninst.exe "Memorex exPressit Label Design Studio"
Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007 --> MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Mozilla Firefox (2.0.0.3) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
muvee autoProducer 5.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{99C5770C-1C90-42E7-9B74-D47CFAF14621}\setup.exe" -l0x9
MySpaceIM --> C:\Program Files\MySpace\IM\Uninstall.exe
Netflix Movie Viewer --> MsiExec.exe /X{B6272BAC-1A51-4418-933D-E6FC6C7DC42D}
NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
QuickTime --> MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A}
Roxio Creator Audio --> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Basic v9 --> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Copy --> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data --> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator EasyArchive --> MsiExec.exe /I{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
Roxio Creator Tools --> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler 3 --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD Basic v9 --> MsiExec.exe /I{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}
RTC Client API v1.2 --> MsiExec.exe /X{44CDBD1B-89FB-4E02-8319-2A4C550F664A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB936509) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A00724F5-82C4-4924-B707-0E5A84B52471}
Security Update for Office 2007 (KB934062) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Office 2007 (KB936514) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C7A78F7F-EF32-4477-BAD7-3439EA7571BF}
Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_103C30B7\HXFSETUP.EXE -U -Iwis30B7z.inf
Sonic Activation Module --> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Spy Sweeper --> "C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
Starcraft --> C:\Windows\SCunin.exe C:\Windows\SCunin.dat
StarCraft X-tra Editor --> C:\Windows\SCXEunin.exe C:\Windows\SCXEunin.dat
StarDraft Setup --> C:\PROGRA~1\CAMELO~1\STARDR~1\UNWISE.EXE C:\PROGRA~1\CAMELO~1\STARDR~1\INSTALL.LOG
StealthBot v2.6 Revision 3 (remove only) --> "C:\Program Files\StealthBot\uninst.exe"
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TurboTax Deluxe Deduction Maximizer 2006 --> C:\Program Files\TurboTax\Deluxe 2006\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2006\Uninstall.log" -NoGui
TurboTax ItsDeductible 2006 --> MsiExec.exe /X{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}
Uniblue SpeedUpMyPC 3 --> "C:\Program Files\Uniblue\SpeedUpMyPC 3\unins000.exe"
Update for Office 2007 (KB932080) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB934391) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
Update for Office 2007 (KB934393) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {92FBAD46-E7F6-49FA-89B5-C39FC5BFAD15}
Update for Word 2007 (KB934173) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C6A89125-5473-45E3-B413-ED8186437475}
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WexTech AnswerWorks --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}\SETUP.EXE" -l0x9 -eliminate
WhiteCap --> C:\Program Files\SoundSpectrum\WhiteCap\Uninstall.exe
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}
Windows Live Toolbar --> MsiExec.exe /X{C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}
Winferno Registry Power Cleaner --> "C:\Program Files\Winferno\RegistryPowerCleaner\unins000.exe"
Wordtopia 3.15b --> C:\Program Files\Wordtopia\uninst.exe
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
-- Application Event Log -------------------------------------------------------
Event Record #/Type34628 / Success
Event Submitted/Written: 08/27/2007 04:48:49 AM
Event ID/Source: 5617 / WinMgmt
Event Description:
Event Record #/Type34627 / Success
Event Submitted/Written: 08/27/2007 04:48:48 AM
Event ID/Source: 5615 / WinMgmt
Event Description:
Event Record #/Type34626 / Success
Event Submitted/Written: 08/27/2007 04:48:03 AM
Event ID/Source: 902 / Software Licensing Service
Event Description:
The Software Licensing service has started.
Event Record #/Type34614 / Warning
Event Submitted/Written: 08/27/2007 04:41:33 AM
Event ID/Source: 1530 / profsvc
Event Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-3547637012-3431079100-3895126627-1000_Classes:
Process 900 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3547637012-3431079100-3895126627-1000_CLASSES
Event Record #/Type34613 / Warning
Event Submitted/Written: 08/27/2007 04:41:31 AM
Event ID/Source: 1530 / profsvc
Event Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-3547637012-3431079100-3895126627-1000:
Process 900 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3547637012-3431079100-3895126627-1000
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type372143 / Warning
Event Submitted/Written: 08/27/2007 05:02:00 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%KC-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %KC-PC27 can't undo changes that you allow.
For more information please see the following:
%KC-PC275
Scan ID: {792DCBD8-E927-4736-BC27-1C66C70250CE}
User: KC-PC\kc
Name: %KC-PC271
ID: %KC-PC272
Severity ID: %KC-PC273
Category ID: %KC-PC274
Path Found: %KC-PC276
Alert Type: %KC-PC278
Detection Type: 1.1.1505.02
Event Record #/Type372142 / Warning
Event Submitted/Written: 08/27/2007 05:02:00 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%KC-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %KC-PC27 can't undo changes that you allow.
For more information please see the following:
%KC-PC275
Scan ID: {C85E00EC-AACB-4494-857F-14C340AEAD62}
User: KC-PC\kc
Name: %KC-PC271
ID: %KC-PC272
Severity ID: %KC-PC273
Category ID: %KC-PC274
Path Found: %KC-PC276
Alert Type: %KC-PC278
Detection Type: 1.1.1505.02
Event Record #/Type372141 / Warning
Event Submitted/Written: 08/27/2007 05:02:00 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%KC-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %KC-PC27 can't undo changes that you allow.
For more information please see the following:
%KC-PC275
Scan ID: {27FC90AA-5F6E-4127-8304-74897A79C330}
User: KC-PC\kc
Name: %KC-PC271
ID: %KC-PC272
Severity ID: %KC-PC273
Category ID: %KC-PC274
Path Found: %KC-PC276
Alert Type: %KC-PC278
Detection Type: 1.1.1505.02
Event Record #/Type372140 / Warning
Event Submitted/Written: 08/27/2007 05:02:00 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%KC-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %KC-PC27 can't undo changes that you allow.
For more information please see the following:
%KC-PC275
Scan ID: {D1F6E74A-44F9-4655-9C38-C7AA4D982C54}
User: KC-PC\kc
Name: %KC-PC271
ID: %KC-PC272
Severity ID: %KC-PC273
Category ID: %KC-PC274
Path Found: %KC-PC276
Alert Type: %KC-PC278
Detection Type: 1.1.1505.02
Event Record #/Type372139 / Warning
Event Submitted/Written: 08/27/2007 05:02:00 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%KC-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %KC-PC27 can't undo changes that you allow.
For more information please see the following:
%KC-PC275
Scan ID: {1CCA1285-BEC1-4AB8-90B6-B919A8065B63}
User: KC-PC\kc
Name: %KC-PC271
ID: %KC-PC272
Severity ID: %KC-PC273
Category ID: %KC-PC274
Path Found: %KC-PC276
Alert Type: %KC-PC278
Detection Type: 1.1.1505.02
-- End of Deckard's System Scanner: finished at 2007-08-27 05:07:31 ------------
Here's the NEW main.txt file you requested
Deckard's System Scanner v20070826.66
Run by kc on 2007-08-28 08:45:42
Computer is in Normal Mode.
--------------------------------------------------------------------------------
Total Physical Memory: 958 MiB (1024 MiB recommended).
-- HijackThis (run as kc.exe) --------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:05:10 AM, on 8/27/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Users\kc\Stealthbot22.exe
C:\Program Files\Grisoft\AVG7\avgw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\kc\Desktop\dss.exe
C:\Windows\system32\DllHost.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\kc.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.malwareremoval.com/forum/viewtop ... 378#208378
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [WAWifiMessage] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
O4 - HKLM\..\Run: [NvSvc] "RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ISUSPM Startup] -startup
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: HP Connections.lnk = C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
O8 - Extra context menu item: &Windows Live Search -
res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 8020 bytes
-- Files created between 2007-07-28 and 2007-08-28 -----------------------------
2007-08-28 07:18:13 0 d-------- C:\Windows\system32\Panda Software
2007-08-28 03:23:43 0 d-------- C:\Program Files\Panda Security
2007-08-27 04:51:13 0 d-------- C:\Program Files\Common Files\Java
2007-08-23 05:00:22 0 d-------- C:\Program Files\Uniblue
2007-08-22 08:35:45 47104 --a------ C:\Windows\system32\drivers\avgwfp.sys
2007-08-22 08:35:10 0 d-------- C:\Users\All Users\Grisoft
2007-08-22 08:35:10 0 d-------- C:\Users\All Users\avg7
2007-08-19 20:18:11 106496 --a------ C:\Windows\system32\TPActiveX.dll <Not Verified; ; TPActiveX Module>
2007-08-19 20:18:04 0 d-------- C:\Program Files\PassAlong
2007-08-02 17:08:50 164 --a------ C:\install.dat
2007-07-29 11:21:56 0 d-------- C:\Users\All Users\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
2007-07-29 05:58:23 0 d-------- C:\Windows\system\CLA
-- Find3M Report ---------------------------------------------------------------
2007-08-28 08:00:45 0 d-------- C:\Program Files\Starcraft
2007-08-28 08:00:05 0 d-------- C:\Users\kc\AppData\Roaming\AVG7
2007-08-27 04:52:59 0 d-------- C:\Program Files\Java
2007-08-27 04:51:13 0 d-------- C:\Program Files\Common Files
2007-08-27 04:49:06 12884 --a------ C:\Users\kc\AppData\Roaming\nvModes.dat
2007-08-27 04:49:06 12884 --a------ C:\Users\kc\AppData\Roaming\nvModes.001
2007-08-27 04:41:37 12 --a------ C:\Windows\bthservsdp.dat
2007-08-25 12:30:46 0 d-------- C:\Program Files\Trend Micro
2007-08-25 12:19:22 0 d-------- C:\Program Files\LimeWire
2007-08-25 12:18:57 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-08-23 05:00:35 0 d-------- C:\Users\kc\AppData\Roaming\Uniblue
2007-08-22 22:56:04 5424 --a------ C:\Users\kc\AppData\Roaming\wklnhst.dat
2007-08-17 17:14:21 0 d-------- C:\Users\kc\AppData\Roaming\Roxio
2007-08-09 17:35:25 0 d-------- C:\Users\kc\AppData\Roaming\U3
2007-07-30 17:29:23 0 d-------- C:\Program Files\Apple Software Update
2007-07-15 02:27:39 0 d-------- C:\Program Files\Elaborate Bytes
2007-07-12 23:50:21 0 d-------- C:\Program Files\Yahoo!
2007-07-12 23:50:20 0 d-------- C:\Program Files\Winferno
2007-07-04 17:37:06 0 d-------- C:\Program Files\StealthBot
2007-07-04 14:00:39 0 d-------- C:\Program Files\Webroot
2007-07-04 13:57:42 0 d-------- C:\Users\kc\AppData\Roaming\Webroot
2007-06-29 22:48:39 0 d-------- C:\Program Files\MySpace
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [04/11/2007 03:02 AM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [11/15/2006 12:02 AM]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [02/17/2005 02:11 AM]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [10/18/2006 12:56 PM]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [10/18/2006 12:32 PM]
"NvSvc"="RUNDLL32.exe" [11/02/2006 04:45 AM C:\Windows\System32\rundll32.exe]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [10/30/2006 10:36 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [04/16/2007 02:09 PM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [08/22/2007 08:35 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 04:00 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"=" -startup" []
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 07:36 AM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"Launcher"=%WINDIR%\SMINST\launcher.exe
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Users\kc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [10/26/2006 11:24:54 PM]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [10/23/2006 4:48:20 AM]
HP Connections.lnk - C:\Program Files\HP Connections\6811507\Program\HP Connections.exe [1/18/2007 8:54:26 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 08/22/2007 08:35 AM 9216 C:\Windows\System32\avgwlntf.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\Windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]
"C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
"C:\Program Files\Common Files\AOL\1171411877\ee\AOLSoftware.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
"C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
"C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
"C:\Program Files\HP\QuickPlay\QPService.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc CscService TabletInputService UmRdpService wlansvc WPDBusEnum EMDMgmt
LocalServiceNoNetwork PLA DPS BFE mpssvc
LocalServiceNetworkRestricted DHCP eventlog AudioSrv LmHosts wscsvc p2pimsvc PNRPSvc p2psvc PnrpAutoReg
bthsvcs BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b29ac7c-468c-11dc-ba2a-00038a000015}]
AutoRun\command- G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0cd8af9-bc4d-11db-a72d-0017ee7bceb6}]
AutoRun\command- F:\start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ddd2d979-bb42-11db-86dd-806e6f6e6963}]
AutoRun\command- E:\SETUP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
-- End of Deckard's System Scanner: finished at 2007-08-28 08:46:45 ------------
Here's the TotalScan.txt you requested
;***********************************************************************************************************************************************************************************
ANALYSIS: 2007-08-28 08:44:49
PROTECTIONS: 1
MALWARE: 45
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
AVG 7.5.484 7.5.484 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00032731 application/mywebsearch HackTools No 0 Yes No c:\windows\system32\f3pssavr.scr
00032731 application/mywebsearch HackTools No 0 Yes No hkey_classes_root\clsid\{9afb8248-617f-460d-9366-d71cdeda3179}
00032731 application/mywebsearch HackTools No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44cf-8957-5838F569A31D}
00032731 application/mywebsearch HackTools No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
00032731 application/mywebsearch HackTools No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
00032731 application/mywebsearch HackTools No 0 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}
00032731 application/mywebsearch HackTools No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
00096053 application/funweb HackTools No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF}
00096053 application/funweb HackTools No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
00096053 application/funweb HackTools No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
00101555 Application/KillApp.B HackTools No 0 Yes No C:\HP\BIN\KillIt.exe
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\kc\AppData\Roaming\Mozilla\Firefox\Profiles\exk83bm7.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\kc\AppData\Roaming\Mozilla\Firefox\Profiles\exk83bm7.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\kc\AppData\Roaming\Microsoft\Windows\Cookies\kc@trafficmp[2].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\kc\AppData\Roaming\Mozilla\Firefox\Profiles\exk83bm7.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\kc\AppData\Roaming\Microsoft\Windows\Cookies\kc@casalemedia[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\kc\AppData\Roaming\Microsoft\Windows\Cookies\kc@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\kc\AppData\Roaming\Mozilla\Firefox\Profiles\exk83bm7.default\cookies.txt[.doubleclick.net/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\kc\AppData\Roaming\Mozilla\Firefox\Profiles\exk83bm7.default\cookies.txt[.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\kc@atdmt[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\kc\AppData\Roaming\Microsoft\Windows\Cookies\kc@atdmt[2].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\kc\AppData\Roaming\Microsoft\Windows\Cookies\kc@tradedoubler[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\kc\AppData\Roaming\Mozilla\Firefox\Profiles\exk83bm7.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\kc\AppData\Roaming\Mozilla\Firefox\Profiles\exk83bm7.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\kc\AppData\Roaming\Microsoft\Windows\Cookies\kc@fastclick[2].txt
00145460 Cookie/2o7 TrackingCookie No 0 Yes No C:\Users\kc\AppData\Roaming\Mozilla\Firefox\Profiles\exk83bm7.default\cookies.txt[.2o7.net/]
00145460 Cookie/2o7 TrackingCookie No 0 Yes No C:\Users\kc\AppData\Roaming\Mozilla\Firefox\Profiles\exk83bm7.default\cookies.txt[.2o7.net/]
00145460 Cookie/2o7 TrackingCookie No 0 Yes No C:\Users\kc\AppData\Roaming\Mozilla\Firefox\Profiles\exk83bm7.default\cookies.txt[.2o7.net/]
00145460 Cookie/2o7 TrackingCookie No 0 Yes No C:\Users\kc\AppData\Roaming\Microsoft\Windows\Cookies\kc@2o7[1].txt
00145460 Cookie/2o7 TrackingCookie No 0 Yes No C:\Users\kc\AppData\Roaming\Mozilla\Firefox\Profiles\exk83bm7.default\cookies.txt[.2o7.net/]
00145460 Cookie/2o7 TrackingCookie No 0 Yes No C:\Users\kc\AppData\Roaming\Mozilla\Firefox\Profiles\exk83bm7.default\cookies.txt[.2o7.net/]
00145460 Cookie/2o7 TrackingCookie No 0 Yes No C:\Users\kc\AppData\Roaming\Mozilla\Firefox\Profiles\exk83bm7.default\cookies.txt[.2o7.net/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\kc\AppData\Roaming\Microsoft\Windows\Cookies\kc@tribalfusion[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\kc\AppData\Roaming\Mozilla\Firefox\Profiles\exk83bm7.default\cookies.txt[.tribalfusion.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\kc\AppData\Roaming\Mozilla\Firefox\Profiles\exk83bm7.default\cookies.txt[.mediaplex.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\kc\AppData\Roaming\Mozilla\Firefox\Profiles\exk83bm7.default\cookies.txt[.mediaplex.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\kc\AppData\Roaming\Microsoft\Windows\Cookies\kc@mediaplex[2].txt
00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\Users\kc\AppData\Roaming\Mozilla\Firefox\Profiles\exk83bm7.default\cookies.txt[.clickbank.net/]
00162900 Cookie/MediaTickets TrackingCookie No 0 Yes No C:\Users\kc\AppData\Roaming\Mozilla\Firefox\Profiles\exk83bm7.default\cookies.txt[.kinghost.com/]
00162900 Cookie/MediaTickets TrackingCookie No 0 Yes No C:\Users\kc\AppData\Roaming\Microsoft\Windows\Cookies\kc@kinghost[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\kc\AppData\Roaming\Microsoft\Windows\Cookies\kc@com[1].txt
00167672 Cookie/DomainSponsor TrackingCookie No 0 Yes No C:\Users\kc\AppData\Roaming\Microsoft\Windows\Cookies\kc@landing.domainsponsor[1].txt
00167677 Cookie/WebPower TrackingCookie No 0 Yes No C:\Users\kc\AppData\Roaming\Microsoft\Windows\Cookies\kc@webpower[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\kc\AppData\Roaming\Microsoft\Windows\Cookies\kc@xiti[1].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Users\kc\AppData\Roaming\Microsoft\Windows\Cookies\kc@toplist[1].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Users\kc\AppData\Roaming\Mozilla\Firefox\Profiles\exk83bm7.default\cookies.txt[.toplist.cz/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\kc\AppData\Roaming\Microsoft\Windows\Cookies\kc@ad.yieldmanager[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\kc\AppData\Roaming\Mozilla\Firefox\Profiles\exk83bm7.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\kc\AppData\Roaming\Mozilla\Firefox\Profiles\exk83bm7.default\cookies.txt[ad.yieldmanager.com/]
00168057 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Users\kc\AppData\Roaming\Microsoft\Windows\Cookies\kc@counter10.sextracker[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\kc\AppData\Roaming\Microsoft\Windows\Cookies\kc@apmebf[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\kc\AppData\Roaming\Microsoft\Windows\Cookies\kc@serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\kc\AppData\Roaming\Microsoft\Windows\Cookies\kc@bs.serving-sys[2].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Users\kc\AppData\Roaming\Microsoft\Windows\Cookies\kc@adtech[2].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Users\kc\AppData\Roaming\Microsoft\Windows\Cookies\kc@server.iad.liveperson[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\kc\AppData\Roaming\Microsoft\Windows\Cookies\kc@advertising[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\kc\AppData\Roaming\Mozilla\Firefox\Profiles\exk83bm7.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\kc\AppData\Roaming\Mozilla\Firefox\Profiles\exk83bm7.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\kc\AppData\Roaming\Mozilla\Firefox\Profiles\exk83bm7.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\kc\AppData\Roaming\Mozilla\Firefox\Profiles\exk83bm7.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\kc\AppData\Roaming\Mozilla\Firefox\Profiles\exk83bm7.default\cookies.txt[.advertising.com/]
00169286 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Users\kc\AppData\Roaming\Microsoft\Windows\Cookies\kc@sextracker[1].txt
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\kc\AppData\Roaming\Microsoft\Windows\Cookies\kc@media.adrevolver[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\kc\AppData\Roaming\Microsoft\Windows\Cookies\kc@ads.pointroll[2].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\kc\AppData\Roaming\Mozilla\Firefox\Profiles\exk83bm7.default\cookies.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\kc\AppData\Roaming\Microsoft\Windows\Cookies\kc@overture[1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\kc\AppData\Roaming\Microsoft\Windows\Cookies\kc@realmedia[2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\kc\AppData\Roaming\Mozilla\Firefox\Profiles\exk83bm7.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\kc\AppData\Roaming\Mozilla\Firefox\Profiles\exk83bm7.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\kc\AppData\Roaming\Microsoft\Windows\Cookies\kc@questionmarket[1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\kc\AppData\Roaming\Mozilla\Firefox\Profiles\exk83bm7.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\kc\AppData\Roaming\Mozilla\Firefox\Profiles\exk83bm7.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\kc\AppData\Roaming\Mozilla\Firefox\Profiles\exk83bm7.default\cookies.txt[.zedo.com/]
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Users\kc\AppData\Roaming\Mozilla\Firefox\Profiles\exk83bm7.default\cookies.txt[.bluestreak.com/]
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Users\kc\AppData\Roaming\Microsoft\Windows\Cookies\kc@bluestreak[2].txt
00175950 Cookie/cs.sexcounter TrackingCookie No 0 Yes No C:\Users\kc\AppData\Roaming\Mozilla\Firefox\Profiles\exk83bm7.default\cookies.txt[.cs.sexcounter.com/]
00175950 Cookie/cs.sexcounter TrackingCookie No 0 Yes No C:\Users\kc\AppData\Roaming\Mozilla\Firefox\Profiles\exk83bm7.default\cookies.txt[.cs.sexcounter.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\kc\AppData\Roaming\Mozilla\Firefox\Profiles\exk83bm7.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\kc\AppData\Roaming\Microsoft\Windows\Cookies\kc@adrevolver[2].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\kc\AppData\Roaming\Mozilla\Firefox\Profiles\exk83bm7.default\cookies.txt[.adrevolver.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Users\kc\AppData\Roaming\Microsoft\Windows\Cookies\kc@adultfriendfinder[2].txt
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Users\kc\AppData\Roaming\Microsoft\Windows\Cookies\kc@searchportal.information[1].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Users\kc\AppData\Roaming\Microsoft\Windows\Cookies\kc@target[2].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\kc\AppData\Roaming\Mozilla\Firefox\Profiles\exk83bm7.default\cookies.txt[.atwola.com/]
00262024 Cookie/ErrorSafe TrackingCookie No 0 Yes No C:\Users\kc\AppData\Roaming\Microsoft\Windows\Cookies\kc@www.errorsafe[1].txt
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Users\kc\AppData\Roaming\Microsoft\Windows\Cookies\kc@ads.addynamix[1].txt
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\Users\kc\AppData\Roaming\Mozilla\Firefox\Profiles\exk83bm7.default\cookies.txt[citi.bridgetrack.com/]
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\Users\kc\AppData\Roaming\Mozilla\Firefox\Profiles\exk83bm7.default\cookies.txt[citi.bridgetrack.com/]
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\Users\kc\AppData\Roaming\Microsoft\Windows\Cookies\kc@citi.bridgetrack[1].txt
01606636 Cookie/Adserver TrackingCookie No 0 Yes No C:\Users\kc\AppData\Roaming\Microsoft\Windows\Cookies\kc@adserver.easyad[2].txt
;===================================================================================================================================================================================
SUSPECTS
Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
Heres whats components were in the requested file locations
C:\Users\All Users\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 - Had no
files in it. 0 bytes
C:\Windows\system\CLA - It has 10 .JPG files of my sister's photos of
her friend. No idea why its in that location haha. 5.87 MB
Well, I hope i got everything. Sorry it took so long. That TotalScan was at the updating part at 0%, figured it would take a while so i went to sleep. Woke up and it was still there so i restarted it. I'm right now going to reinstall AVG. [/u]