PDA

View Full Version : Various problems, programs open then stop responding



DeltaFiveSix
2008-05-18, 04:06
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:24:55 PM, on 5/17/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Toshiba\Utilities\SVPWUTIL.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Toshiba\IVP\ISM\pinger.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\CPUICE\CPUICE.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Belkin\Network USB Hub Control Center\Connect.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3546A2CA-1FB1-4829-B604-890C0C5818F2} - C:\Windows\system32\byXNeDVo.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: QXK Rhythm - {E71878D1-E549-489A-92BA-C16F9048E249} - C:\Windows\fvowketqpag.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Zango - {E1BACF55-35E1-4E47-9247-2D48660E5545} - C:\Program Files\Zango\bin\10.1.181.0\HostIE.dll (file missing)
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: pvnsmfor - {C1F49C47-813A-479D-BDCF-4B9BF8B0B48E} - C:\Windows\pvnsmfor.dll (file missing)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [KeyAccess] C:\Windows\keyacc32.exe
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [PINGER] C:\TOSHIBA\IVP\ISM\pinger.exe /run
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [iolo Startup] "C:\Program Files\iolo\Common\Lib\ioloLManager.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [advap32] C:\Users\Kyle\AppData\Local\Temp\stdcons.exe/r
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\awtqpOiG.dll,#1
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [InstallProgram] C:\Users\Kyle\AppData\Local\Temp\setup_526_1_.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Belkin Network USB Hub Control Center.lnk = C:\Program Files\Belkin\Network USB Hub Control Center\Connect.exe
O4 - Global Startup: CPUICE.lnk = C:\Program Files\CPUICE\CPUICE.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} (GoBit Games Player) - http://aolsvc.aol.com/onlinegames/free-trial-burger-shop/GoBitGamesPlayer_v4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{716EFBB5-8CDF-41DE-BD82-94390BDAB4A8}: NameServer = 192.168.0.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O21 - SSODL: vbksrofa - {A86EB300-0DAC-4161-AA63-8452AD49EECC} - C:\Windows\vbksrofa.dll (file missing)
O21 - SSODL: mpfanvqg - {47C9D5ED-899F-4FE9-810E-B2CA7A15B692} - C:\Windows\mpfanvqg.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: CPUCooLServer Service (CPUCooLServer) - Unknown owner - C:\Program Files\CPUICECooLSrv.exe (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

--
End of file - 13447 bytes



-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, May 17, 2008 8:19:47 PM
Operating System: Microsoft Windows Vista Home Edition, Service Pack 1 (Build 6001)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 17/05/2008
Kaspersky Anti-Virus database records: 781180
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
F:\

Scan Statistics:
Total number of scanned objects: 122456
Number of viruses found: 8
Number of infected objects: 45
Number of suspicious objects: 0
Duration of the scan process: 04:11:39

Infected Object Name / Virus Name / Last Action
C:\$Recycle.Bin\S-1-5-21-3828028985-627414594-974731854-1000\$RTXCAP7.rar/RAZOR-wic.exe/data0003 Infected: Trojan-Downloader.Win32.Small.tzu skipped
C:\$Recycle.Bin\S-1-5-21-3828028985-627414594-974731854-1000\$RTXCAP7.rar/RAZOR-wic.exe Infected: Trojan-Downloader.Win32.Small.tzu skipped
C:\$Recycle.Bin\S-1-5-21-3828028985-627414594-974731854-1000\$RTXCAP7.rar RAR: infected - 2 skipped
C:\Boot\BCD Object is locked skipped
C:\Boot\BCD.LOG Object is locked skipped
C:\Program Files\CA\SharedComponents\PPRT\logs\2008-05-17.csv Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\master.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\mastlog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\model.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\modellog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdbdata.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdblog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\tempdb.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\templog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\log_130.trc Object is locked skipped
C:\ProgramData\iolo\FileInfoList\IOLOFIL.FDB Object is locked skipped
C:\ProgramData\KeyAccess Audit Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\81ee61c665b34828acdccd6c0abce936_94391475-a33e-4db9-ab19-c3501d415532 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\98c8ad3dde6417c462027a37139db0b1_94391475-a33e-4db9-ab19-c3501d415532 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a0682bee9b07a9051ed8aac2e08c45ff_94391475-a33e-4db9-ab19-c3501d415532 Object is locked skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-11022006-050241.log Object is locked skipped
C:\ProgramData\Symantec\Common Client\settings.dat Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtETmp\369E8A17.TMP Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtETmp\E9893DC9.TMP Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F480001.VBN Infected: Trojan-Downloader.Win32.Small.tzu skipped
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F480002\4F6E6278.VBN/stream/data0003 Infected: Trojan.Win32.Vapsup.fcy skipped
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F480002\4F6E6278.VBN/stream/data0004 Infected: Trojan.Win32.Vapsup.fcy skipped
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F480002\4F6E6278.VBN/stream/data0005 Infected: Trojan.Win32.Vapsup.fcy skipped
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F480002\4F6E6278.VBN/stream/data0006 Infected: Trojan.Win32.Vapsup.fcy skipped
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F480002\4F6E6278.VBN/stream/data0007 Infected: Trojan.Win32.Vapsup.fcy skipped
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F480002\4F6E6278.VBN/stream/data0008 Infected: Trojan.Win32.Vapsup.fcy skipped
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F480002\4F6E6278.VBN/stream Infected: Trojan.Win32.Vapsup.fcy skipped
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F480002\4F6E6278.VBN NSIS: infected - 7 skipped
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F480002\4F6E6278.VBN CryptZ: infected - 7 skipped
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F480003.VBN/stream/data0003 Infected: Trojan.Win32.Vapsup.fcy skipped
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F480003.VBN/stream/data0004 Infected: Trojan.Win32.Vapsup.fcy skipped
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F480003.VBN/stream/data0005 Infected: Trojan.Win32.Vapsup.fcy skipped
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F480003.VBN/stream/data0006 Infected: Trojan.Win32.Vapsup.fcy skipped
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F480003.VBN/stream/data0007 Infected: Trojan.Win32.Vapsup.fcy skipped
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F480003.VBN/stream/data0008 Infected: Trojan.Win32.Vapsup.fcy skipped
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F480003.VBN/stream Infected: Trojan.Win32.Vapsup.fcy skipped
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F480003.VBN NSIS: infected - 7 skipped
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F480003.VBN CryptZ: infected - 7 skipped
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F480004.VBN/stream/data0003 Infected: Trojan.Win32.Vapsup.fcy skipped
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F480004.VBN/stream/data0004 Infected: Trojan.Win32.Vapsup.fcy skipped
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F480004.VBN/stream/data0005 Infected: Trojan.Win32.Vapsup.fcy skipped
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F480004.VBN/stream/data0006 Infected: Trojan.Win32.Vapsup.fcy skipped
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F480004.VBN/stream/data0007 Infected: Trojan.Win32.Vapsup.fcy skipped
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F480004.VBN/stream/data0008 Infected: Trojan.Win32.Vapsup.fcy skipped
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F480004.VBN/stream Infected: Trojan.Win32.Vapsup.fcy skipped
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F480004.VBN NSIS: infected - 7 skipped
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F480004.VBN CryptZ: infected - 7 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\Users\Kyle\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Users\Kyle\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\Kyle\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\Kyle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\Kyle\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\Kyle\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\Kyle\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\Kyle\AppData\Local\Microsoft\Windows\UsrClass.dat{0a4d544b-9d5c-11dc-a548-0016d4fc3df5}.TM.blf Object is locked skipped
C:\Users\Kyle\AppData\Local\Microsoft\Windows\UsrClass.dat{0a4d544b-9d5c-11dc-a548-0016d4fc3df5}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Kyle\AppData\Local\Microsoft\Windows\UsrClass.dat{0a4d544b-9d5c-11dc-a548-0016d4fc3df5}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\Kyle\AppData\Local\Microsoft\Windows Defender\FileTracker\{99D967D5-1A9C-4F96-BAA6-4228CCA31C18} Object is locked skipped
C:\Users\Kyle\AppData\Local\Mozilla\Firefox\Profiles\ludbugsu.default\Cache\7F592B14d01/run.exe Infected: Trojan-Downloader.Win32.Zlob.nin skipped
C:\Users\Kyle\AppData\Local\Mozilla\Firefox\Profiles\ludbugsu.default\Cache\7F592B14d01 ZIP: infected - 1 skipped
C:\Users\Kyle\AppData\Local\Mozilla\Firefox\Profiles\ludbugsu.default\Cache\C5E65000d01 Infected: Trojan-Clicker.HTML.IFrame.lz skipped
C:\Users\Kyle\AppData\Local\portable.dir\shadow.cky Object is locked skipped
C:\Users\Kyle\AppData\Local\Temp\googlewebaccclient.exe.log Object is locked skipped
C:\Users\Kyle\AppData\Local\Temp\GoogleWebAccelerator.pac Object is locked skipped
C:\Users\Kyle\AppData\Local\Temp\GoogleWebAcceleratorCache Object is locked skipped
C:\Users\Kyle\AppData\Local\Temp\GoogleWebAccWarden.exe.log Object is locked skipped
C:\Users\Kyle\AppData\Local\Temp\NERO14768\Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\Users\Kyle\AppData\Local\Temp\setup_526_1_.exe Infected: Trojan-Downloader.Win32.Small.vuo skipped
C:\Users\Kyle\AppData\Local\Temp\tmp00028f63 Infected: Trojan-Downloader.Win32.ConHook.rr skipped
C:\Users\Kyle\AppData\Local\Temp\tmp0002adfa Infected: Trojan-Downloader.Win32.ConHook.rr skipped
C:\Users\Kyle\AppData\Local\Temp\tmp00038b6d Infected: Trojan-Downloader.Win32.ConHook.rr skipped
C:\Users\Kyle\AppData\Local\Temp\tmp002aab7b Infected: Trojan-Downloader.Win32.ConHook.rr skipped
C:\Users\Kyle\AppData\Local\Temp\tmp01a62775 Infected: Trojan-Downloader.Win32.ConHook.rr skipped
C:\Users\Kyle\AppData\Local\Temp\~DF5B55.tmp Object is locked skipped
C:\Users\Kyle\AppData\Local\Temp\~DF6784.tmp Object is locked skipped
C:\Users\Kyle\AppData\Local\Temp\~DF7309.tmp Object is locked skipped
C:\Users\Kyle\AppData\Local\Temp\~DF94AA.tmp Object is locked skipped
C:\Users\Kyle\AppData\Roaming\iolo\SystemAnalyzer.log Object is locked skipped
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\Kyle\Desktop\World%20in%20Conflict.zip/run.exe Infected: Trojan-Downloader.Win32.Zlob.nin skipped
C:\Users\Kyle\Desktop\World%20in%20Conflict.zip ZIP: infected - 1 skipped
C:\Users\Kyle\Music\LimeWire\03 Track 3.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped
C:\Users\Kyle\NTUSER.DAT Object is locked skipped
C:\Users\Kyle\ntuser.dat.LOG1 Object is locked skipped
C:\Users\Kyle\ntuser.dat.LOG2 Object is locked skipped
C:\Users\Kyle\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped
C:\Users\Kyle\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Kyle\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\Internet Logs\fwdbglog.txt Object is locked skipped
C:\Windows\Internet Logs\fwpktlog.txt Object is locked skipped
C:\Windows\Internet Logs\IAMDB.RDB Object is locked skipped
C:\Windows\Internet Logs\KVENESS1.ldb Object is locked skipped
C:\Windows\Internet Logs\tvDebug.log Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WindowsUpdate.log Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2 Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2 Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\awtqpOiG.dll Infected: Trojan-Downloader.Win32.ConHook.rr skipped
C:\Windows\System32\catroot2\edb.log Object is locked skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\config\COMPONENTS Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped
C:\Windows\System32\config\DEFAULT Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped
C:\Windows\System32\config\RegBack\COMPONENTS Object is locked skipped
C:\Windows\System32\config\RegBack\DEFAULT Object is locked skipped
C:\Windows\System32\config\RegBack\SAM Object is locked skipped
C:\Windows\System32\config\RegBack\SECURITY Object is locked skipped
C:\Windows\System32\config\RegBack\SOFTWARE Object is locked skipped
C:\Windows\System32\config\RegBack\SYSTEM Object is locked skipped
C:\Windows\System32\config\SAM Object is locked skipped
C:\Windows\System32\config\SAM.LOG1 Object is locked skipped
C:\Windows\System32\config\SAM.LOG2 Object is locked skipped
C:\Windows\System32\config\SECURITY Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped
C:\Windows\System32\config\SOFTWARE Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped
C:\Windows\System32\config\SYSTEM Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000003.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000004.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{955686f6-22a3-11dd-830c-806e6f6e6963}.TxR.0.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{955686f6-22a3-11dd-830c-806e6f6e6963}.TxR.1.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{955686f6-22a3-11dd-830c-806e6f6e6963}.TxR.2.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{955686f6-22a3-11dd-830c-806e6f6e6963}.TxR.blf Object is locked skipped
C:\Windows\System32\drivers\sptd.sys Object is locked skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\SQM\SQMLogger_2008-5-17-18-0-17_0.etl Object is locked skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\Windows\System32\wbem\Repository\INDEX.BTR Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING1.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING2.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\OBJECTS.DATA Object is locked skipped
C:\Windows\System32\WDI\LogFiles\WdiContextLog.etl.002 Object is locked skipped
C:\Windows\System32\wfp\wfpdiag.etl Object is locked skipped
C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\ODiag.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\OSession.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\Windows\Temp\fb_2488.lck Object is locked skipped
C:\Windows\Temp\ZLT055b4.TMP Object is locked skipped
C:\Windows\Temp\ZLT078aa.TMP Object is locked skipped
C:\Windows\WindowsUpdate.log Object is locked skipped

Scan process completed.

Shaba
2008-05-19, 12:02
Hi DeltaFiveSix

Please download Malwarebytes' Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Please post contents of that file in your next reply.

Download Deckard's System Scanner (DSS) (http://www.techsupportforum.com/sectools/Deckard/dss.exe) to your Desktop. Note: You must be logged onto an account with administrator privileges.

Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post.

Post:

- dss logs (taken after mbam run)
- mbam report

DeltaFiveSix
2008-05-20, 00:34
Malwarebytes' Anti-Malware 1.12
Database version: 768

Scan type: Full Scan (C:\|)
Objects scanned: 172476
Time elapsed: 1 hour(s), 56 minute(s), 31 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 2
Registry Keys Infected: 16
Registry Values Infected: 6
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 19

Memory Processes Infected:
c:\Users\Kyle\AppData\Local\Temp\setup_526_1_.exe (Trojan.Downloader) -> Unloaded process successfully.

Memory Modules Infected:
C:\Windows\System32\byXNeDVo.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\Windows\System32\rqRIxvWN.dll (Trojan.Vundo) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fff4dc43-78d3-4727-b4dd-070de67f3de7} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{fff4dc43-78d3-4727-b4dd-070de67f3de7} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\Interface\{5533d5e4-e28a-4e81-8397-2a8309f2a21a} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{beb03003-ac27-4fda-96d5-d7566c4498d3} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f02f25f7-ff6c-423a-9d16-504df8b36772} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ae6fee2c-d9dc-4b46-847d-fc89810dc2b0} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{6e942b1a-d9bd-4945-bdce-093970028aa9} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{99ccfb8c-6380-4a14-8fdd-ef3e7e95335d} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Adsl Software Limited (Rogue.MalWarrior) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ef4cc146-43c9-4741-8d21-eb5035a4ebec} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e71878d1-e549-489a-92ba-c16f9048e249} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e71878d1-e549-489a-92ba-c16f9048e249} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\pvnsmfor.bnwx (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\pvnsmfor.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\InstallProgram (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\advap32 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{ef4cc146-43c9-4741-8d21-eb5035a4ebec} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\mpfanvqg (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\vbksrofa (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\byxnedvo -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\byxnedvo -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Kyle\AppData\Local\Temp\setup_526_1_.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\byXNeDVo.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\oVDeNXyb.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\oVDeNXyb.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\ddcApqnl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\lnqpAcdd.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\lnqpAcdd.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\jkkLCVom.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\moVCLkkj.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\moVCLkkj.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\ljJCrPGx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\xGPrCJjl.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\xGPrCJjl.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Kyle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BVZHV230\css4[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Kyle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FUK4QKEL\css4[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Kyle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G6RXICXU\css4[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Kyle\AppData\Local\Temp\stdcons.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\System32\rqRIxvWN.dll (Trojan.Agent) -> Delete on reboot.
C:\Windows\fvowketqpag.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

DeltaFiveSix
2008-05-20, 00:35
Deckard's System Scanner v20071014.68
Run by Kyle on 2008-05-19 17:14:00
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 2 Restore Point(s) --
2: 2008-05-19 04:00:10 UTC - RP304 - Scheduled Checkpoint
1: 2008-05-18 06:28:07 UTC - RP303 - Windows Defender Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 78% (more than 75%).
Total Physical Memory: 1014 MiB (1024 MiB recommended).


-- HijackThis (run as Kyle.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:19:51 PM, on 5/19/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Toshiba\IVP\ISM\pinger.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\CPUICE\CPUICE.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Belkin\Network USB Hub Control Center\Connect.exe
C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Users\Kyle\Desktop\dss.exe
C:\Program Files\Symantec AntiVirus\DoScan.exe
C:\Program Files\Symantec AntiVirus\SavUI.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Kyle.exe
C:\Windows\system32\rundll32.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {FFF4DC43-78D3-4727-B4DD-070DE67F3DE7} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Zango - {E1BACF55-35E1-4E47-9247-2D48660E5545} - C:\Program Files\Zango\bin\10.1.181.0\HostIE.dll (file missing)
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: pvnsmfor - {C1F49C47-813A-479D-BDCF-4B9BF8B0B48E} - C:\Windows\pvnsmfor.dll (file missing)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [KeyAccess] C:\Windows\keyacc32.exe
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [PINGER] C:\TOSHIBA\IVP\ISM\pinger.exe /run
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [iolo Startup] "C:\Program Files\iolo\Common\Lib\ioloLManager.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Belkin Network USB Hub Control Center.lnk = C:\Program Files\Belkin\Network USB Hub Control Center\Connect.exe
O4 - Global Startup: CPUICE.lnk = C:\Program Files\CPUICE\CPUICE.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} (GoBit Games Player) - http://aolsvc.aol.com/onlinegames/free-trial-burger-shop/GoBitGamesPlayer_v4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{716EFBB5-8CDF-41DE-BD82-94390BDAB4A8}: NameServer = 192.168.0.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: CPUCooLServer Service (CPUCooLServer) - Unknown owner - C:\Program Files\CPUICECooLSrv.exe (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

--
End of file - 13201 bytes

-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe",2
.js - JSFile - shell\open\command - NOTEPAD.EXE %1
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*
.vbs - VBSFile - shell\open\command - NOTEPAD.EXE %1


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 NTIOWP - c:\windows\system32\drivers\ntiowp.sys <Not Verified; ; NT IO driver>

S3 SRTSPL - c:\windows\system32\drivers\srtspl.sys <Not Verified; Symantec Corporation; AutoProtect>
S4 KR10I - c:\windows\system32\drivers\kr10i.sys <Not Verified; TOSHIBA CORPORATION; TOSHIBA RAID>
S4 KR10N - c:\windows\system32\drivers\kr10n.sys <Not Verified; TOSHIBA CORPORATION; TOSHIBA RAID>
S4 KR3NPXP - c:\windows\system32\drivers\kr3npxp.sys <Not Verified; TOSHIBA CORPORATION; TOSHIBA RAID>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 CFSvcs (ConfigFree Service) - c:\program files\toshiba\configfree\cfsvcs.exe <Not Verified; TOSHIBA CORPORATION; ConfigFree(TM)>
R2 Swupdtmr - c:\toshiba\ivp\swupdate\swupdtmr.exe
R2 TODDSrv (TOSHIBA Optical Disc Drive Service) - c:\windows\system32\toddsrv.exe <Not Verified; TOSHIBA Corporation; TDCSrv Application>
R2 TOSHIBA Bluetooth Service - c:\program files\toshiba\bluetooth toshiba stack\tosbtsrv.exe <Not Verified; TOSHIBA CORPORATION; Bluetooth Stack for Windows by TOSHIBA>

S2 CPUCooLServer (CPUCooLServer Service) - "c:\program files\cpuicecoolsrv.exe" (file missing)
S4 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-25 21:39:14 512 --a------ C:\Windows\Tasks\CAAntiSpywareScan_Daily as Kyle at 8 15 PM.job


-- Files created between 2008-04-19 and 2008-05-19 -----------------------------

2008-05-19 14:06:10 0 d-------- C:\Users\All Users\Malwarebytes
2008-05-19 14:06:04 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-19 13:49:03 29824 -----n--- C:\Windows\system32\rqRIxvWN.dll
2008-05-17 05:53:28 344 --ahs---- C:\Windows\system32\AaGggfii.ini2
2008-05-17 05:30:29 0 d-------- C:\Users\All Users\Kaspersky Lab
2008-05-17 05:30:22 0 d-------- C:\Windows\system32\Kaspersky Lab
2008-05-17 05:19:35 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-05-17 05:10:25 0 d-------- C:\Program Files\Trend Micro
2008-05-17 00:41:34 0 d-------- C:\Users\All Users\Media Center Programs
2008-05-17 00:23:59 317824 -----n--- C:\Windows\system32\byXNeDVo.dll
2008-05-17 00:08:55 0 d-------- C:\Program Files\Sierra Entertainment
2008-05-15 18:14:31 0 d-------- C:\Program Files\Common Files\xing shared
2008-05-14 20:57:11 12800 --a------ C:\Windows\system32\elrawdsk.sys <Not Verified; EldoS Corporation; RawDisk>
2008-05-14 20:57:03 22528 --a------ C:\Windows\system32\smrgdf.exe
2008-05-14 20:57:03 34304 --a------ C:\Windows\system32\iolobtdfg.exe
2008-05-07 21:52:31 0 d-------- C:\Program Files\RapidSolution
2008-05-07 21:52:30 0 d-------- C:\Users\All Users\RapidSolution
2008-05-03 16:26:50 0 d-------- C:\Program Files\WMA-MP3.com
2008-05-03 15:58:31 0 d-------- C:\Program Files\Emergent Music LLC
2008-05-02 02:42:27 0 d-------- C:\Users\All Users\GoBit Games
2008-04-28 21:38:46 0 d-------- C:\Acala3gpMovies
2008-04-28 21:32:38 1024000 --a------ C:\Windows\system32\3ivx.dll <Not Verified; 3ivx.com; 3ivx D4 4.5.1 Plus>
2008-04-28 21:23:36 506368 --a------ C:\Windows\system32\msxml.dll <Not Verified; Microsoft Corporation; Microsoft XML Core Services>
2008-04-27 08:29:16 0 d-------- C:\Windows\system32\Adobe
2008-04-19 20:04:10 0 d-------- C:\Program Files\Apple Software Update
2008-04-19 08:28:59 0 d-------- C:\PerfLogs
2008-04-19 03:20:04 0 d-------- C:\4ba2db830e59c41b8e9890fc


-- Find3M Report ---------------------------------------------------------------

2008-05-19 14:06:39 0 d-------- C:\Users\Kyle\AppData\Roaming\Malwarebytes
2008-05-19 13:55:28 30748 --a------ C:\Users\Kyle\AppData\Roaming\.googlewebacchosts
2008-05-17 01:33:15 0 d-------- C:\Users\Kyle\AppData\Roaming\.purple
2008-05-17 00:08:53 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-17 00:04:23 0 d-------- C:\Users\Kyle\AppData\Roaming\uTorrent
2008-05-15 18:21:14 0 d-------- C:\Users\Kyle\AppData\Roaming\Real
2008-05-15 18:16:25 2823 --a------ C:\Windows\mozver.dat
2008-05-15 18:14:31 0 d-------- C:\Program Files\Common Files
2008-05-15 18:14:26 0 d-------- C:\Program Files\Common Files\Real
2008-05-15 18:13:32 0 d-------- C:\Program Files\Real
2008-05-14 20:56:58 0 d-------- C:\Program Files\iolo
2008-05-14 14:54:16 0 d-------- C:\Program Files\Common Files\Nero
2008-05-14 14:40:44 0 d-------- C:\Program Files\Avi2Dvd
2008-05-14 03:10:06 0 d-------- C:\Program Files\Windows Mail
2008-05-12 18:24:32 0 d-------- C:\Users\Kyle\AppData\Roaming\Microsoft Games
2008-05-12 18:00:14 0 d-------- C:\Program Files\Microsoft Games
2008-05-08 22:16:31 0 d-------- C:\Users\Kyle\AppData\Roaming\dvdcss
2008-05-07 21:57:53 0 d-------- C:\Users\Kyle\AppData\Roaming\Tunebite
2008-05-04 18:23:16 0 d-------- C:\Users\Kyle\AppData\Roaming\Ruckus Network
2008-05-03 16:01:38 0 d-------- C:\Program Files\Ruckus Player
2008-04-27 19:50:29 0 d-------- C:\Users\Kyle\AppData\Roaming\gtk-2.0
2008-04-21 11:36:44 0 d-------- C:\Program Files\DivX
2008-04-19 20:06:23 0 d-------- C:\Program Files\Safari
2008-04-19 08:49:44 174 --ahs---- C:\Program Files\desktop.ini
2008-04-19 08:35:23 0 d-------- C:\Program Files\Windows Sidebar
2008-04-19 08:35:23 0 d-------- C:\Program Files\Windows Calendar
2008-04-19 08:35:22 0 d-------- C:\Program Files\Movie Maker
2008-04-19 08:35:16 0 d-------- C:\Program Files\Windows Collaboration
2008-04-19 08:35:15 0 d-------- C:\Program Files\Windows Journal
2008-04-19 08:35:13 0 d-------- C:\Program Files\Windows Photo Gallery
2008-04-19 08:34:56 0 d-------- C:\Program Files\Windows Defender
2008-04-17 18:59:51 0 d-------- C:\Program Files\dvdSanta
2008-04-17 15:51:18 0 d-------- C:\Program Files\Xvid
2008-04-17 14:41:00 0 d-------- C:\Program Files\ffdshow
2008-04-17 02:57:48 0 d-------- C:\Program Files\AviSynth 2.5
2008-04-16 21:28:03 0 d-------- C:\Program Files\NeroInstall.bak
2008-04-16 21:18:57 0 d-------- C:\Users\Kyle\AppData\Roaming\Nero
2008-04-16 21:06:33 0 d-------- C:\Program Files\Nero
2008-04-14 21:57:26 0 d-------- C:\Program Files\Cedelia
2008-04-12 07:41:20 180224 --a------ C:\Windows\system32\xvidvfw.dll
2008-04-12 07:30:20 765952 --a------ C:\Windows\system32\xvidcore.dll
2008-04-10 00:12:29 195024 --ah----- C:\Windows\system32\mlfcache.dat
2008-04-08 02:31:34 0 d-------- C:\Program Files\GIMP-2.0
2008-04-06 13:22:50 0 d-------- C:\Users\Kyle\AppData\Roaming\Apple Computer
2008-04-05 20:05:40 0 d-------- C:\Program Files\iTunes
2008-04-05 20:05:27 0 d-------- C:\Program Files\iPod
2008-04-05 20:01:32 0 d-------- C:\Program Files\QuickTime
2008-04-05 04:36:20 0 d-------- C:\Program Files\Microsoft Silverlight
2008-03-31 17:25:48 823296 --a------ C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 17:25:48 823296 --a------ C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 17:25:46 802816 --a------ C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-03-31 17:25:46 831488 --a------ C:\Windows\system32\divx_xx0a.dll
2008-03-31 17:25:46 682496 --a------ C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-30 16:35:41 0 d-------- C:\Program Files\ZyX
2008-03-27 17:12:13 0 d-------- C:\Users\Kyle\AppData\Roaming\LimeWire
2008-03-26 03:21:09 0 d-------- C:\Program Files\Realtek
2008-03-26 03:21:04 315392 --a------ C:\Windows\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-03-23 14:26:31 0 d-------- C:\Program Files\Miranda IM
2008-03-22 13:34:34 0 d-------- C:\Users\Kyle\AppData\Roaming\iolo
2008-03-22 12:51:36 74703 --a------ C:\Windows\system32\mfc45.dll
2008-03-21 21:01:52 0 d-------- C:\Program Files\Belkin
2008-03-21 16:30:08 3596288 --a------ C:\Windows\system32\qt-dx331.dll
2008-03-21 16:28:54 196608 --a------ C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-03-21 16:28:54 81920 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-03-21 16:28:20 12288 --a------ C:\Windows\system32\DivXWMPExtType.dll
2008-03-21 02:06:41 0 d-------- C:\Users\Kyle\AppData\Roaming\Jasc
2008-03-21 00:22:15 0 d-------- C:\Program Files\Jasc Software Inc
2008-03-16 04:37:35 0 --a------ C:\Users\Kyle\AppData\Roaming\wklnhst.dat
2008-03-06 18:36:14 215 --a------ C:\stats.dat
2008-03-05 18:07:48 520192 --a------ C:\Windows\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFF4DC43-78D3-4727-B4DD-070DE67F3DE7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [07/27/2007 07:32 AM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [01/19/2008 03:38 AM]
"RtHDVCpl"="RtHDVCpl.exe" [03/11/2008 05:53 PM C:\Windows\RtHDVCpl.exe]
"TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [12/20/2006 03:16 AM]
"HSON"="C:\Program Files\TOSHIBA\TBS\HSON.exe" [12/07/2006 08:49 PM]
"HWSetup"="C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" [11/01/2006 12:06 PM]
"SVPWUTIL"="C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe" [01/18/2006 08:06 PM]
"KeyAccess"="C:\Windows\keyacc32.exe" [06/08/2007 02:00 PM]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [11/27/2007 09:42 PM]
"capfasem"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [02/19/2008 01:32 AM]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [07/27/2007 07:00 AM]
"QOELOADER"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" [11/28/2007 08:17 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [11/22/2006 06:12 PM]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [11/28/2006 07:34 AM]
"PINGER"="C:\TOSHIBA\IVP\ISM\pinger.exe" [07/20/2006 04:45 PM]
"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" []
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [08/24/2007 08:00 AM]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [01/09/2008 04:31 AM]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [01/02/2008 06:07 PM]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [01/02/2008 06:06 PM]
"Persistence"="C:\Windows\system32\igfxpers.exe" [01/02/2008 06:07 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" []
"RegistryMechanic"="" []
"iolo Startup"="C:\Program Files\iolo\Common\Lib\ioloLManager.exe" [05/06/2008 08:58 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05/15/2008 06:13 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [01/19/2008 03:33 AM]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" []
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [01/19/2008 03:33 AM]
"@"="" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Belkin Network USB Hub Control Center.lnk - C:\Program Files\Belkin\Network USB Hub Control Center\Connect.exe [3/21/2008 9:02:01 PM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
CPUICE.lnk - C:\Program Files\CPUICE\CPUICE.exe [2/25/2008 9:03:50 PM]
Run Google Web Accelerator.lnk - C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe [7/9/2007 11:24:38 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)
"EnableUIADesktopToggle"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
UmxWnp.Dll 01/31/2007 03:00 PM 79368 C:\Windows\System32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=KATRACK.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cafwc]
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
"C:\Program Files\DAEMON Tools Lite\daemon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
C:\Program Files\ltmoh\Ltmoh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe]
NDSTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
WindowsMobile wcescomm rapimgr
LocalServiceRestricted WcesComm RapiMgr


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1eab8f52-c138-11dc-bdc0-0016d4fc3df5}]
AutoRun\command- F:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d008b31-a32e-11dc-b5af-0016d4fc3df5}]
AutoRun\command- E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af8d580e-a8f1-11dc-a0c7-0016d4fc3df5}]
AutoRun\command- F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c22cf7b3-9d4f-11dc-97dc-0016d4fc3df5}]
AutoRun\command- I:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c22cf7b6-9d4f-11dc-97dc-0016d4fc3df5}]
AutoRun\command- H:\LaunchU3.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8382 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-05-19 17:31:01 ------------




Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6001) SP 1.0
Architecture: X86; Language: English

CPU 0: Genuine Intel(R) CPU T2080 @ 1.73GHz
Percentage of Memory in Use: 88%
Physical Memory (total/avail): 1013.38 MiB / 121.15 MiB
Pagefile Memory (total/avail): 2285.08 MiB / 1274.19 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1889.29 MiB

C: is Fixed (NTFS) - 110.32 GiB total, 18.57 GiB free.
D: is CDROM (No Media)
F: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Hitachi HTS541612J9SA00 ATA Device - 111.79 GiB - 2 partitions
\PARTITION0 - Unknown - 1500 MiB
\PARTITION1 (bootable) - Installable File System - 110.32 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: McAfee Personal Firewall v (McAfee) Disabled
FW: ZoneAlarm Firewall v7.1.248.000 (Check Point, LTD.)
FW: CA Personal Firewall v9.1.0.36 (CA) Disabled
AV: Symantec AntiVirus v10.2.0.276 (Symantec Corporation)
AV: McAfee VirusScan v (McAfee) Disabled
AS: McAfee VirusScan v (McAfee) Disabled
AS: Spybot - Search and Destroy v1.0.0.5 (Safer Networking Ltd.)
AS: Symantec AntiVirus v10.2.0.276 (Symantec Corporation)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
AS: CA Anti-Spyware v9.1.0.9 (CA)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"="C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine"
"C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"="C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Kyle\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=KVENESS1
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Kyle
LOCALAPPDATA=C:\Users\Kyle\AppData\Local
LOGONSERVER=\\KVENESS1
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Smart Projects\IsoBuster;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 12, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0e0c
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Kyle\AppData\Local\Temp
TMP=C:\Users\Kyle\AppData\Local\Temp
tvdumpflags=8
USERDOMAIN=kveness1
USERNAME=Kyle
USERPROFILE=C:\Users\Kyle
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Kyle [I](admin)
Mcx1 (new local, net ready)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\InstallShield Installation Information\{A644254B-92F6-4970-8635-AB0775371E72}\setup.exe" --u:{A644254B-92F6-4970-8635-AB0775371E72}
--> C:\PROGRA~1\RUCKUS~1\UNWISE.EXE /a C:\PROGRA~1\RUCKUS~1\INSTALL.LOG
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{622E6F16-0904-49B6-BBE1-4CC836314CCF}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{697AFC77-F318-4CD4-BF16-F50F4C1072DA}\setup.exe" -l0x9
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
Activation Assistant for the 2007 Microsoft Office suites --> "C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player 11 --> C:\Windows\system32\adobe\SHOCKW~1\UNWISE.EXE C:\Windows\system32\Adobe\SHOCKW~1\Install.log
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Aspell English Dictionary-0.50-2 --> "C:\Program Files\Aspell\unins001.exe"
Atheros Driver Installation Program --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\setup.exe" -l0x9 -removeonly
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
Belkin Network USB Hub Control Center --> C:\Program Files\Belkin\Network USB Hub Control Center\Couninst.exe
Bluetooth Stack for Windows by Toshiba --> MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Bonjour Core for Windows --> MsiExec.exe /I{56DF5C9E-6392-46D3-B366-297B14E1DAAF}
CA Internet Security Suite --> "C:\Program Files\CA\CA Internet Security Suite\caunst.exe" /u
CD/DVD Drive Acoustic Silencer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\setup.exe" -l0x9
CPUICE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6DAAA569-7239-11D5-9C79-00E098965B40}\setup.exe" -uninst
Dassault Systemes Software Prerequisites x86 --> MsiExec.exe /I{9877BCD9-6698-4951-AE19-D5F398D83D5A}
Desktop Dialer --> C:\Windows\unvise32.exe C:\Program Files\DesktopDialer\uninstal.log
Dev-C++ 5 beta 9 release (4.9.9.2) --> "C:\Dev-Cpp\uninstall.exe"
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD MovieFactory for TOSHIBA --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}\setup.exe" -l0x9
dvdSanta 4.00 --> "C:\Program Files\dvdSanta\unins000.exe"
EVEREST Corporate Edition v4.20 --> "C:\Program Files\Lavalys\EVEREST Corporate Edition\unins000.exe"
ffdshow (remove only) --> "C:\Program Files\ffdshow\uninstall.exe"
getPlus(R)_ocx --> rundll32.exe advpack.dll,LaunchINFSection C:\Windows\inf\GETPLUSo.INF, DefaultUninstall
GIMP 2.4.5 --> "C:\Program Files\GIMP-2.0\setup\unins000.exe"
GMail Drive Shell Extension --> rundll32.exe C:\Windows\system32\ShellExt\GMailFS.dll,Uninstall C:\Windows\system32\ShellExt\GMailFS.inf
GNU Aspell 0.50-3 --> "C:\Program Files\Aspell\unins000.exe"
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Google Web Accelerator --> MsiExec.exe /X{6A1975EB-27E6-491D-94BC-6355FA25F40F}
Goombah Partner COM Server --> MsiExec.exe /I{EBBE2FB2-FBED-44F6-B95F-230AB5A65B28}
Gordian Knot Rip Pack 0.35.0 --> C:\Program Files\GordianKnot\uninst.exe
GTK+ Runtime 2.12.1 rev b (remove only) --> C:\Program Files\Common Files\GTK\2.0\uninst.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Intel(R) Graphics Media Accelerator Driver --> C:\Windows\system32\igxpun.exe -uninstall
iolo technologies' System Mechanic Professional 7 --> "C:\Program Files\iolo\System Mechanic Professional 7\unins000.exe"
ISO Recorder --> MsiExec.exe /I{39600969-41C3-4658-876E-16F108FC5C92}
IsoBuster 2.3 --> "C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Jasc Animation Shop 3 --> MsiExec.exe /I{7C4196CA-CA41-4F34-9C08-7724E7705D52}
Java(TM) SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
jv16 PowerTools 2007 --> "C:\Program Files\jv16 PowerTools 2007\unins000.exe"
Kaspersky Online Scanner --> C:\Windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
LimeWire 4.16.0 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Macromedia Dreamweaver 8 --> MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 3.5 --> C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5 --> MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft Money Essentials --> "C:\Program Files\Microsoft Money 2007\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Money Shared Libraries --> MsiExec.exe /X{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Rise Of Nations --> "C:\Program Files\Microsoft Games\Rise of Nations\UNINSTAL.EXE" /runtemp /addremove
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 --> "c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) --> MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005 Tools Express Edition --> MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
Microsoft SQL Server Compact 3.5 Design Tools ENU --> MsiExec.exe /X{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}
Microsoft SQL Server Compact 3.5 ENU --> MsiExec.exe /I{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}
Microsoft SQL Server Native Client --> MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Microsoft SQL Server Setup Support Files (English) --> MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer --> MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}
Microsoft Visual Basic 2008 Express Edition - ENU --> C:\Program Files\Microsoft Visual Studio 9.0\Microsoft Visual Basic 2008 Express Edition - ENU\setup.exe
Microsoft Visual Basic 2008 Express Edition - ENU --> MsiExec.exe /X{9C2DC81B-8114-37D9-A922-95E460A1FAFB}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework --> MsiExec.exe /X{B4C0A315-07FB-39F9-85CD-8CE20C019350}
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32 --> MsiExec.exe /X{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSDN Library for Microsoft Visual Studio 2008 Express Editions --> C:\Program Files\Microsoft Visual Studio 9.0\MSDN Library for Microsoft Visual Studio 2008 Express Editions\install.exe
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML4 Parser --> MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Pidgin --> C:\Program Files\Pidgin\pidgin-uninst.exe
Protected Music Converter 1.0.0.8 --> "C:\Program Files\WMA-MP3.com\Protected Music Converter\unins000.exe"
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista --> C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver --> RtlUpd.exe -r -m
Registry Mechanic 7.0 --> "C:\Program Files\Registry Mechanic\unins000.exe"
Ruckus Player --> C:\PROGRA~1\RUCKUS~1\UNWISE.EXE C:\PROGRA~1\RUCKUS~1\INSTALL.LOG
Safari --> MsiExec.exe /I{40589552-3892-409E-B92C-9F5032A4B2F0}
Sassafras K2 Client --> MsiExec.exe /I{E23D1D2C-1762-11D5-A8D2-00C04FA35723}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Security Update for Visio 2007 (KB947590) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
SI Swimsuit Calendar --> "C:\Program Files\SI Swimsuit Calendar\unins000.exe"
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Symantec AntiVirus --> MsiExec.exe /I{7C9E6E52-EB11-44DB-A761-82D5D873A8D9}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515/xx12 drivers. --> C:\Program Files\InstallShield Installation Information\{F7B05784-334C-4F76-8BAB-30ABEB7FD534}\setup.exe -runfromtemp -l0x0409
TOSHIBA Assist --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\setup.exe" -l0x9
TOSHIBA ConfigFree --> C:\Program Files\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\setup.exe -runfromtemp -l0x0009uninstall -removeonly
TOSHIBA Disc Creator --> MsiExec.exe /I{5DA0E02F-970B-424B-BF41-513A5018E4C0}
TOSHIBA Extended Tiles for Windows Mobility Center --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{617C36FD-0CBE-4600-84B2-441CEB12FADF} /l1033
TOSHIBA Hardware Setup --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5279374D-87FE-4879-9385-F17278EBB9D3} /l1033
Toshiba Registration --> MsiExec.exe /I{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}
TOSHIBA SD Memory Utilities --> MsiExec.exe /X{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}
TOSHIBA Software Modem --> Tosmreg -U
TOSHIBA Software Upgrades --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{425A2BC2-AA64-4107-9C29-484245BBEA05}\setup.exe" -l0x9 -removeonly
TOSHIBA Supervisor Password --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE} /l1033
TOSHIBA Value Added Package --> C:\Program Files\InstallShield Installation Information\{FEDD27A0-B306-45EF-BF58-B527406B42C8}\setup.exe -runfromtemp -l0x0409
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb950378) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F6296086-AED5-4EC0-938B-08EA0254F20E}
VC Runtimes MSI --> MsiExec.exe /X{FF29527A-44CD-3422-945E-981A13584000}
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VeohTV BETA --> C:\Program Files\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409
VideoLAN VLC media player 0.8.6d --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Mobile Device Center --> MsiExec.exe /X{904CCF62-818D-4675-BC76-D37EB399F917}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
World in Conflict --> C:\Program Files\InstallShield Installation Information\{F11ADC64-C89E-47F4-A0B3-3665FF859397}\setup.exe -runfromtemp -l0x0009 -removeonly
Xvid 1.1.3 final uninstall --> "C:\Program Files\Xvid\unins000.exe"
ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type24295 / Success
Event Submitted/Written: 05/19/2008 05:10:50 PM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type24294 / Success
Event Submitted/Written: 05/19/2008 05:10:47 PM
Event ID/Source: 5615 / WinMgmt
Event Description:


Event Record #/Type24260 / Success
Event Submitted/Written: 05/19/2008 05:10:03 PM
Event ID/Source: 88 / UmxAgent
Event Description:
Sync client C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe registered successfully

Event Record #/Type24259 / Success
Event Submitted/Written: 05/19/2008 05:10:03 PM
Event ID/Source: 88 / UmxAgent
Event Description:
explorer.exe started

Event Record #/Type24258 / Success
Event Submitted/Written: 05/19/2008 05:10:00 PM
Event ID/Source: 88 / UmxAgent
Event Description:
explorer.exe started



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type2251168 / Error
Event Submitted/Written: 05/11/2008 03:09:25 PM
Event ID/Source: 46 / volmgr
Event Description:
Crash dump initialization failed!

Event Record #/Type2251164 / Error
Event Submitted/Written: 05/11/2008 03:09:41 PM
Event ID/Source: 6008 / EventLog
Event Description:
The previous system shutdown at 5:14:02 AM on 5/11/2008 was unexpected.

Event Record #/Type2251157 / Error
Event Submitted/Written: 05/11/2008 03:09:09 PM
Event ID/Source: 46 / volmgr
Event Description:
Crash dump initialization failed!

Event Record #/Type2251153 / Error
Event Submitted/Written: 05/11/2008 05:14:30 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
Remote Access Connection ManagerTelephony%%1058

Event Record #/Type2251152 / Error
Event Submitted/Written: 05/11/2008 05:14:30 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
Remote Access Connection ManagerTelephony%%1058



-- End of Deckard's System Scanner: finished at 2008-05-19 17:31:01 ------------

Shaba
2008-05-20, 15:24
Hi

Looks much better :bigthumb:

I see that McAfee is disabled.

Is it outdated?

DeltaFiveSix
2008-05-22, 00:47
Yup, problems seem to have gone away.

And I don't use McAfee because I'm required to use Norton for my school on campus. My laptop isn't allowed into the network without their version of Norton.

Thanks for the help. :2thumb:

Shaba
2008-05-22, 14:34
Hi

Then please uninstall McAfee and after that post back a fresh dss log :)

DeltaFiveSix
2008-05-26, 07:06
Sorry for the late response. I've been away from home for a little while.

I actually uninstalled McAfee the day I got my laptop but it still appears in the logs :sad:

Shaba
2008-05-26, 13:06
Hi

I see.

Copy text below to Notepad and save it as rem.bat (save it as all files, *.*)

@ECHO OFF
net stop winmgmt
rd /S /Q %systemroot%\system32\wbem\Repository
net start winmgmt
exit

It should look like this -> http://users.telenet.be/bluepatchy/miekiemoes/images/bat.JPG

Doubleclick rem.bat; black dos windows will flash, that's normal.

(In case you are unsure how to create a bat file, take a look here (http://www.nellie2.co.uk/file.htm#How_to_Make_a_.Bat_File) with screenshots.)

Reboot.

Re-run dss.

Post a fresh dss log.

DeltaFiveSix
2008-05-27, 00:26
I only got a main.txt log instead of main and extra.txt like last time. Not sure why or if it's a problem but here's the main.txt.




Deckard's System Scanner v20071014.68
Run by Kyle on 2008-05-26 17:22:51
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 86% (more than 75%).
Total Physical Memory: 1014 MiB (1024 MiB recommended).
System Drive C: has 14.01 GiB (less than 15%) free.


-- HijackThis (run as Kyle.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:23:11 PM, on 5/26/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\CPUICE\CPUICE.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Belkin\Network USB Hub Control Center\Connect.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Toshiba\IVP\ISM\ivpsvmgr.exe
C:\Users\Kyle\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Kyle.exe
C:\Windows\system32\rundll32.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {FFF4DC43-78D3-4727-B4DD-070DE67F3DE7} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Zango - {E1BACF55-35E1-4E47-9247-2D48660E5545} - C:\Program Files\Zango\bin\10.1.181.0\HostIE.dll (file missing)
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: pvnsmfor - {C1F49C47-813A-479D-BDCF-4B9BF8B0B48E} - C:\Windows\pvnsmfor.dll (file missing)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [KeyAccess] C:\Windows\keyacc32.exe
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [PINGER] C:\TOSHIBA\IVP\ISM\pinger.exe /run
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [iolo Startup] "C:\Program Files\iolo\Common\Lib\ioloLManager.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Belkin Network USB Hub Control Center.lnk = C:\Program Files\Belkin\Network USB Hub Control Center\Connect.exe
O4 - Global Startup: CPUICE.lnk = C:\Program Files\CPUICE\CPUICE.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} (GoBit Games Player) - http://aolsvc.aol.com/onlinegames/free-trial-burger-shop/GoBitGamesPlayer_v4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{716EFBB5-8CDF-41DE-BD82-94390BDAB4A8}: NameServer = 192.168.0.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: CPUCooLServer Service (CPUCooLServer) - Unknown owner - C:\Program Files\CPUICECooLSrv.exe (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

--
End of file - 13171 bytes

-- Files created between 2008-04-26 and 2008-05-26 -----------------------------

2008-05-19 14:06:10 0 d-------- C:\Users\All Users\Malwarebytes
2008-05-19 14:06:04 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-19 13:49:03 29824 -----n--- C:\Windows\system32\rqRIxvWN.dll
2008-05-17 05:53:28 344 --ahs---- C:\Windows\system32\AaGggfii.ini2
2008-05-17 05:30:29 0 d-------- C:\Users\All Users\Kaspersky Lab
2008-05-17 05:30:22 0 d-------- C:\Windows\system32\Kaspersky Lab
2008-05-17 05:19:35 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-05-17 05:10:25 0 d-------- C:\Program Files\Trend Micro
2008-05-17 00:41:34 0 d-------- C:\Users\All Users\Media Center Programs
2008-05-17 00:23:59 317824 -----n--- C:\Windows\system32\byXNeDVo.dll
2008-05-17 00:08:55 0 d-------- C:\Program Files\Sierra Entertainment
2008-05-15 18:14:31 0 d-------- C:\Program Files\Common Files\xing shared
2008-05-14 20:57:11 12800 --a------ C:\Windows\system32\elrawdsk.sys <Not Verified; EldoS Corporation; RawDisk>
2008-05-14 20:57:03 22528 --a------ C:\Windows\system32\smrgdf.exe
2008-05-14 20:57:03 34304 --a------ C:\Windows\system32\iolobtdfg.exe
2008-05-07 21:52:31 0 d-------- C:\Program Files\RapidSolution
2008-05-07 21:52:30 0 d-------- C:\Users\All Users\RapidSolution
2008-05-03 16:26:50 0 d-------- C:\Program Files\WMA-MP3.com
2008-05-03 15:58:31 0 d-------- C:\Program Files\Emergent Music LLC
2008-05-02 02:42:27 0 d-------- C:\Users\All Users\GoBit Games
2008-04-28 21:38:46 0 d-------- C:\Acala3gpMovies
2008-04-28 21:32:38 1024000 --a------ C:\Windows\system32\3ivx.dll <Not Verified; 3ivx.com; 3ivx D4 4.5.1 Plus>
2008-04-28 21:23:36 506368 --a------ C:\Windows\system32\msxml.dll <Not Verified; Microsoft Corporation; Microsoft XML Core Services>
2008-04-27 08:29:16 0 d-------- C:\Windows\system32\Adobe


-- Find3M Report ---------------------------------------------------------------

2008-05-26 17:09:10 0 d-------- C:\Users\Kyle\AppData\Roaming\uTorrent
2008-05-26 15:59:46 0 d-------- C:\Users\Kyle\AppData\Roaming\.purple
2008-05-26 15:48:44 38777 --a------ C:\Users\Kyle\AppData\Roaming\.googlewebacchosts
2008-05-20 11:16:21 0 d-------- C:\Program Files\dvdSanta
2008-05-19 14:06:39 0 d-------- C:\Users\Kyle\AppData\Roaming\Malwarebytes
2008-05-17 00:08:53 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-15 18:21:14 0 d-------- C:\Users\Kyle\AppData\Roaming\Real
2008-05-15 18:16:25 2823 --a------ C:\Windows\mozver.dat
2008-05-15 18:14:31 0 d-------- C:\Program Files\Common Files
2008-05-15 18:14:26 0 d-------- C:\Program Files\Common Files\Real
2008-05-15 18:13:32 0 d-------- C:\Program Files\Real
2008-05-14 20:56:58 0 d-------- C:\Program Files\iolo
2008-05-14 14:54:16 0 d-------- C:\Program Files\Common Files\Nero
2008-05-14 14:40:44 0 d-------- C:\Program Files\Avi2Dvd
2008-05-14 03:10:06 0 d-------- C:\Program Files\Windows Mail
2008-05-12 18:24:32 0 d-------- C:\Users\Kyle\AppData\Roaming\Microsoft Games
2008-05-12 18:00:14 0 d-------- C:\Program Files\Microsoft Games
2008-05-08 22:16:31 0 d-------- C:\Users\Kyle\AppData\Roaming\dvdcss
2008-05-07 21:57:53 0 d-------- C:\Users\Kyle\AppData\Roaming\Tunebite
2008-05-04 18:23:16 0 d-------- C:\Users\Kyle\AppData\Roaming\Ruckus Network
2008-05-03 16:01:38 0 d-------- C:\Program Files\Ruckus Player
2008-04-27 19:50:29 0 d-------- C:\Users\Kyle\AppData\Roaming\gtk-2.0
2008-04-21 11:36:44 0 d-------- C:\Program Files\DivX
2008-04-19 20:06:23 0 d-------- C:\Program Files\Safari
2008-04-19 20:04:14 0 d-------- C:\Program Files\Apple Software Update
2008-04-19 08:49:44 174 --ahs---- C:\Program Files\desktop.ini
2008-04-19 08:35:23 0 d-------- C:\Program Files\Windows Sidebar
2008-04-19 08:35:23 0 d-------- C:\Program Files\Windows Calendar
2008-04-19 08:35:22 0 d-------- C:\Program Files\Movie Maker
2008-04-19 08:35:16 0 d-------- C:\Program Files\Windows Collaboration
2008-04-19 08:35:15 0 d-------- C:\Program Files\Windows Journal
2008-04-19 08:35:13 0 d-------- C:\Program Files\Windows Photo Gallery
2008-04-19 08:34:56 0 d-------- C:\Program Files\Windows Defender
2008-04-17 15:51:18 0 d-------- C:\Program Files\Xvid
2008-04-17 14:41:00 0 d-------- C:\Program Files\ffdshow
2008-04-17 02:57:48 0 d-------- C:\Program Files\AviSynth 2.5
2008-04-16 21:28:03 0 d-------- C:\Program Files\NeroInstall.bak
2008-04-16 21:18:57 0 d-------- C:\Users\Kyle\AppData\Roaming\Nero
2008-04-16 21:06:33 0 d-------- C:\Program Files\Nero
2008-04-14 21:57:26 0 d-------- C:\Program Files\Cedelia
2008-04-12 07:41:20 180224 --a------ C:\Windows\system32\xvidvfw.dll
2008-04-12 07:30:20 765952 --a------ C:\Windows\system32\xvidcore.dll
2008-04-10 00:12:29 195024 --ah----- C:\Windows\system32\mlfcache.dat
2008-04-08 02:31:34 0 d-------- C:\Program Files\GIMP-2.0
2008-04-06 13:22:50 0 d-------- C:\Users\Kyle\AppData\Roaming\Apple Computer
2008-04-05 20:05:40 0 d-------- C:\Program Files\iTunes
2008-04-05 20:05:27 0 d-------- C:\Program Files\iPod
2008-04-05 20:01:32 0 d-------- C:\Program Files\QuickTime
2008-04-05 04:36:20 0 d-------- C:\Program Files\Microsoft Silverlight
2008-03-31 17:25:48 823296 --a------ C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 17:25:48 823296 --a------ C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 17:25:46 802816 --a------ C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-03-31 17:25:46 831488 --a------ C:\Windows\system32\divx_xx0a.dll
2008-03-31 17:25:46 682496 --a------ C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-30 16:35:41 0 d-------- C:\Program Files\ZyX
2008-03-27 17:12:13 0 d-------- C:\Users\Kyle\AppData\Roaming\LimeWire
2008-03-26 03:21:09 0 d-------- C:\Program Files\Realtek
2008-03-26 03:21:04 315392 --a------ C:\Windows\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-03-22 12:51:36 74703 --a------ C:\Windows\system32\mfc45.dll
2008-03-21 16:30:08 3596288 --a------ C:\Windows\system32\qt-dx331.dll
2008-03-21 16:28:54 196608 --a------ C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-03-21 16:28:54 81920 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-03-21 16:28:20 12288 --a------ C:\Windows\system32\DivXWMPExtType.dll
2008-03-16 04:37:35 0 --a------ C:\Users\Kyle\AppData\Roaming\wklnhst.dat
2008-03-06 18:36:14 215 --a------ C:\stats.dat
2008-03-05 18:07:48 520192 --a------ C:\Windows\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFF4DC43-78D3-4727-B4DD-070DE67F3DE7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [04/03/2008 10:51 AM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [01/19/2008 03:38 AM]
"RtHDVCpl"="RtHDVCpl.exe" [03/11/2008 05:53 PM C:\Windows\RtHDVCpl.exe]
"TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [12/20/2006 03:16 AM]
"HSON"="C:\Program Files\TOSHIBA\TBS\HSON.exe" [12/07/2006 08:49 PM]
"HWSetup"="C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" [11/01/2006 12:06 PM]
"SVPWUTIL"="C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe" [01/18/2006 08:06 PM]
"KeyAccess"="C:\Windows\keyacc32.exe" [06/08/2007 02:00 PM]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [11/27/2007 09:42 PM]
"capfasem"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [05/22/2008 02:50 AM]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [07/27/2007 07:00 AM]
"QOELOADER"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" [11/28/2007 08:17 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [11/22/2006 06:12 PM]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [11/28/2006 07:34 AM]
"PINGER"="C:\TOSHIBA\IVP\ISM\pinger.exe" [07/20/2006 04:45 PM]
"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" []
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [08/24/2007 08:00 AM]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [01/09/2008 04:31 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" []
"RegistryMechanic"="" []
"iolo Startup"="C:\Program Files\iolo\Common\Lib\ioloLManager.exe" [05/06/2008 08:58 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05/15/2008 06:13 PM]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [02/11/2008 08:13 PM]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [02/11/2008 08:13 PM]
"Persistence"="C:\Windows\system32\igfxpers.exe" [02/11/2008 08:13 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [01/19/2008 03:33 AM]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" []
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [01/19/2008 03:33 AM]
"@"="" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Belkin Network USB Hub Control Center.lnk - C:\Program Files\Belkin\Network USB Hub Control Center\Connect.exe [3/21/2008 9:02:01 PM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
CPUICE.lnk - C:\Program Files\CPUICE\CPUICE.exe [2/25/2008 9:03:50 PM]
Run Google Web Accelerator.lnk - C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe [7/9/2007 11:24:38 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)
"EnableUIADesktopToggle"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
UmxWnp.Dll 01/31/2007 03:00 PM 79368 C:\Windows\System32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=KATRACK.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cafwc]
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
"C:\Program Files\DAEMON Tools Lite\daemon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
C:\Program Files\ltmoh\Ltmoh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe]
NDSTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
WindowsMobile wcescomm rapimgr
LocalServiceRestricted WcesComm RapiMgr


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1eab8f52-c138-11dc-bdc0-0016d4fc3df5}]
AutoRun\command- F:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d008b31-a32e-11dc-b5af-0016d4fc3df5}]
AutoRun\command- E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af8d580e-a8f1-11dc-a0c7-0016d4fc3df5}]
AutoRun\command- F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c22cf7b3-9d4f-11dc-97dc-0016d4fc3df5}]
AutoRun\command- I:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c22cf7b6-9d4f-11dc-97dc-0016d4fc3df5}]
AutoRun\command- H:\LaunchU3.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-05-26 17:24:18 ------------

Shaba
2008-05-27, 16:33
Hi

No problem, that is normal :)

Does McAfee still show in Security Center?

Shaba
2008-06-01, 12:02
Due to the lack of feedback this Topic is closed.

If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.

Everyone else please begin a New Topic.