ThreeTima
2008-06-12, 22:37
I had this a VERY VERY VERY Long time ago. I did get rid of it somehow, I can't remember. Anyhow, this particular Virus/Malware is like 4-5 years old, I thought it had died, evidently not.
It wasn't until recently that I found Virtumonde on my system. I used Spybot S&D to try to get rid of it like 3 times. All the Online "Guides" are about 3-4 years out of date and don't list all keys / files that need to be eradicated. So that's when I decided to go drastic...
I nuked of my system, backing up only those files needed (Pictures, some music, etc). Since then, the only things I have downloaded are driver files (from the manufacturer(s)), Spybot S&D, Virus Scan (McAfee - Provided free From My ISP). I have loaded MS Office 2007, Setpoint (Keyboard/mouse software from Logitech), Mozilla Firefox, and a few games that I've been playing for years.
Following is Three Log Files. the First two being the main and extra from the Deckard's System Scanner v20071014.68. The Third being from Hijack this v2.0.2.
__________ALL LOGFILES =START=___________________________________
---------------------Main.txt [START]-------------------------------------
Deckard's System Scanner v20071014.68
Run by Joshua Felland on 2008-06-12 16:07:27
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
21: 2008-06-12 20:07:31 UTC - RP21 - Deckard's System Scanner Restore Point
20: 2008-06-12 12:54:03 UTC - RP20 - Installed Microsoft ActiveSync
19: 2008-06-12 10:28:13 UTC - RP19 - Installed Eudemons Online
18: 2008-06-12 10:26:48 UTC - RP18 - Installed Eudemons Online
17: 2008-06-12 10:00:37 UTC - RP17 - Installed Windows XP Windows Desktop Search 3.01.
-- First Restore Point --
1: 2008-06-12 09:50:19 UTC - RP1 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Joshua Felland.exe) --------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:08:33 PM, on 6/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\System32\svchost.exe
E:\Program Files\Eudemons Online\soul.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\mmc.exe
C:\Documents and Settings\Joshua Felland\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Joshua Felland.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {D306BECA-9699-424E-8948-7AE1103B48B4} - C:\WINDOWS\system32\opnmNDuU.dll
O2 - BHO: (no name) - {F53BAFE5-CE7A-4E95-95AC-A3912EFD3739} - C:\WINDOWS\system32\ssqOFVMF.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [54814844] rundll32.exe "C:\WINDOWS\system32\gcfkpcad.dll",b
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe"
O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15031/CTSUEng.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://dev.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15035/CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: ssqOFVMF - C:\WINDOWS\SYSTEM32\ssqOFVMF.dll
O23 - Service: McAfee Application Installer Cleanup (0154251213299408) (0154251213299408mcinstcleanup) - Unknown owner - C:\DOCUME~1\JOSHUA~1\LOCALS~1\Temp\015425~1.EXE (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
--
End of file - 9128 bytes
-- File Associations -----------------------------------------------------------
.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
All drivers whitelisted.
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 PLFlash DeviceIoControl Service - c:\windows\system32\ioctlsvc.exe <Not Verified; Prolific Technology Inc.; IoctlSvc Application>
S2 0154251213299408mcinstcleanup (McAfee Application Installer Cleanup (0154251213299408)) - c:\docume~1\joshua~1\locals~1\temp\015425~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service (file missing)
S2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Controller
Device ID: PCI\VEN_1002&DEV_4D52&SUBSYS_A3461002&REV_00\3&13C0B0C5&0&28
Manufacturer:
Name: Multimedia Controller
PNP Device ID: PCI\VEN_1002&DEV_4D52&SUBSYS_A3461002&REV_00\3&13C0B0C5&0&28
Service:
-- Scheduled Tasks -------------------------------------------------------------
2008-06-12 15:36:17 358 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2008-06-12 15:36:16 350 --a------ C:\WINDOWS\Tasks\McQcTask.job
-- Files created between 2008-05-12 and 2008-06-12 -----------------------------
2008-06-12 16:01:25 0 d-------- C:\Program Files\Trend Micro
2008-06-12 15:40:40 143360 --a------ C:\WINDOWS\system32\dunzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading UnZIP DLL>
2008-06-12 15:35:46 0 d-------- C:\Program Files\McAfee.com
2008-06-12 15:35:36 0 d-------- C:\Program Files\Common Files\McAfee
2008-06-12 15:35:23 0 d-------- C:\Program Files\McAfee
2008-06-12 15:30:03 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-06-12 08:54:05 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-06-12 08:13:19 0 d-------- C:\WINDOWS\MythWar
2008-06-12 06:32:31 0 d-------- C:\Program Files\GameSpot
2008-06-12 06:32:31 0 d-------- C:\Documents and Settings\All Users\temp
2008-06-12 06:32:31 0 d-------- C:\Documents and Settings\All Users\Gamespot
2008-06-12 06:17:50 0 d-------- C:\Documents and Settings\Joshua Felland\Application Data\Windows Desktop Search
2008-06-12 06:00:49 0 d-------- C:\Program Files\Windows Desktop Search
2008-06-12 05:57:42 0 d-------- C:\Program Files\NeroInstall.bak
2008-06-12 05:56:17 0 d-------- C:\Documents and Settings\Joshua Felland\Application Data\Nero
2008-06-12 05:50:59 81408 --a------ C:\WINDOWS\system32\gcfkpcad.dll
2008-06-12 05:50:08 7511 --ahs---- C:\WINDOWS\system32\UuDNmnpo.ini2
2008-06-12 05:50:05 322048 --a------ C:\WINDOWS\system32\opnmNDuU.dll
2008-06-12 05:49:50 0 d-------- C:\Program Files\Nero
2008-06-12 05:49:50 0 d-------- C:\Program Files\Common Files\Nero
2008-06-12 05:49:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-06-12 05:48:52 0 d-------- C:\WINDOWS\LastGood
2008-06-12 05:42:01 58880 --a------ C:\WINDOWS\system32\ssqOFVMF.dll
2008-06-12 05:42:01 58880 --a------ C:\WINDOWS\system32\ddcYQGWN.dll
2008-06-12 05:40:46 0 d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-06-12 05:40:43 0 d-------- C:\Documents and Settings\Joshua Felland\Application Data\Logitech
2008-06-12 05:39:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-06-12 05:39:02 0 d-------- C:\Program Files\Common Files\Logishrd
2008-06-12 05:38:56 0 d-------- C:\Program Files\Logitech
2008-06-12 05:38:55 0 d-------- C:\Documents and Settings\Joshua Felland\Application Data\InstallShield
2008-06-12 05:37:43 0 d-------- C:\Program Files\Microsoft Works
2008-06-12 05:37:34 0 d-------- C:\Program Files\MSBuild
2008-06-12 05:36:39 0 d-------- C:\Program Files\Microsoft.NET
2008-06-12 05:35:03 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-06-12 05:34:31 0 d-------- C:\WINDOWS\SHELLNEW
2008-06-12 05:34:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-12 05:33:40 0 dr-h----- C:\MSOCache
2008-06-12 05:21:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-06-12 05:21:15 0 d-------- C:\Documents and Settings\Joshua Felland\Application Data\Azureus
2008-06-12 05:20:50 0 d-------- C:\Program Files\Azureus
2008-06-12 05:18:09 0 d-------- C:\Program Files\Java
2008-06-12 05:17:57 0 d-------- C:\Program Files\Common Files\Java
2008-06-12 05:11:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-06-12 05:11:13 0 d-------- C:\Program Files\Yahoo!
2008-06-12 04:51:28 0 d-------- C:\Program Files\Windows Media Connect 2
2008-06-12 04:50:45 0 d-------- C:\WINDOWS\system32\LogFiles
2008-06-12 04:50:45 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-06-12 04:47:44 0 d-------- C:\WINDOWS\system32\URTTemp
2008-06-12 04:40:23 0 d-------- C:\Program Files\SystemRequirementsLab
2008-06-12 04:37:30 327168 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-06-12 04:34:45 0 d-------- C:\Program Files\DIFX
2008-06-12 04:34:41 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-06-12 04:28:23 0 d-------- C:\Program Files\Setup Files
2008-06-12 04:25:40 0 d-------- C:\Program Files\MSI
2008-06-12 04:20:02 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-12 04:19:09 0 d-------- C:\Program Files\VIA
2008-06-12 04:18:49 0 d-------- C:\drivers
2008-06-12 04:12:15 0 d-------- C:\Program Files\PC Wizard 2008
2008-06-12 04:09:44 0 d-------- C:\Program Files\Creative
2008-06-12 03:46:58 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-12 03:46:56 0 d-------- C:\Documents and Settings\Joshua Felland\Application Data\Mozilla
2008-06-12 03:42:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-12 03:36:12 0 d-------- C:\WINDOWS\Prefetch
2008-06-12 03:26:37 0 d-------- C:\WINDOWS\system32\scripting
2008-06-12 03:26:37 0 d-------- C:\WINDOWS\l2schemas
2008-06-12 03:26:36 0 d-------- C:\WINDOWS\system32\en
2008-06-12 03:26:36 0 d-------- C:\WINDOWS\system32\bits
2008-06-12 03:24:32 0 d-------- C:\WINDOWS\ServicePackFiles
2008-06-12 03:21:51 0 d-------- C:\WINDOWS\network diagnostic
2008-06-12 03:19:48 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-06-12 03:07:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-06-12 03:01:31 0 d--hs---- C:\Documents and Settings\Joshua Felland\UserData
2008-06-12 03:00:17 0 d-------- C:\WINDOWS\system32\PreInstall
2008-06-12 03:00:15 0 d--h----- C:\WINDOWS\$hf_mig$
2008-06-12 02:49:43 0 d-------- C:\WINDOWS\nvidia icons
2008-06-12 02:49:28 0 d-------- C:\WINDOWS\nview
2008-06-12 02:49:13 0 d-------- C:\Program Files\Common Files\InstallShield
2008-06-12 02:49:07 0 d-------- C:\NVIDIA
2008-06-12 02:47:04 0 d-------- C:\Documents and Settings\Joshua Felland\Application Data\Adobe
2008-06-12 02:46:53 0 d-------- C:\Documents and Settings\Joshua Felland\Application Data\Macromedia
2008-06-12 02:46:35 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-06-12 02:45:25 0 d-------- C:\win_xp_2k3_32-10.78.0.0 <WIN_XP~1.0>
2008-06-11 16:00:07 0 d-------- C:\Documents and Settings\Joshua Felland\Application Data\Identities
2008-06-11 16:00:02 0 d--h----- C:\Documents and Settings\Joshua Felland\Templates
2008-06-11 16:00:02 0 dr------- C:\Documents and Settings\Joshua Felland\Start Menu
2008-06-11 16:00:02 0 dr-h----- C:\Documents and Settings\Joshua Felland\SendTo
2008-06-11 16:00:02 0 dr-h----- C:\Documents and Settings\Joshua Felland\Recent
2008-06-11 16:00:02 0 d--h----- C:\Documents and Settings\Joshua Felland\PrintHood
2008-06-11 16:00:02 2883584 --ah----- C:\Documents and Settings\Joshua Felland\NTUSER.DAT
2008-06-11 16:00:02 0 d--h----- C:\Documents and Settings\Joshua Felland\NetHood
2008-06-11 16:00:02 0 dr------- C:\Documents and Settings\Joshua Felland\My Documents
2008-06-11 16:00:02 0 d--h----- C:\Documents and Settings\Joshua Felland\Local Settings
2008-06-11 16:00:02 0 dr------- C:\Documents and Settings\Joshua Felland\Favorites
2008-06-11 16:00:02 0 d-------- C:\Documents and Settings\Joshua Felland\Desktop
2008-06-11 16:00:02 0 d--hs---- C:\Documents and Settings\Joshua Felland\Cookies
2008-06-11 16:00:02 0 dr-h----- C:\Documents and Settings\Joshua Felland\Application Data
2008-06-11 15:59:03 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-06-11 15:59:01 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-06-11 15:59:00 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-06-11 15:59:00 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-06-11 15:59:00 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2008-06-11 15:59:00 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-06-11 15:59:00 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-06-11 15:46:44 225280 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-06-11 15:46:44 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-06-11 15:46:44 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies
2008-06-11 15:46:44 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-06-11 15:46:44 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-06-11 15:43:55 0 d-------- C:\WINDOWS\system32\xircom
2008-06-11 15:43:55 0 d-------- C:\Program Files\microsoft frontpage
2008-06-11 15:43:45 262144 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-06-11 15:43:39 0 -rahs---- C:\MSDOS.SYS
2008-06-11 15:43:39 0 -rahs---- C:\IO.SYS
2008-06-11 15:43:39 0 --a------ C:\CONFIG.SYS
2008-06-11 15:43:39 0 --a------ C:\AUTOEXEC.BAT
2008-06-11 15:42:48 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-06-11 15:42:40 0 dr------- C:\WINDOWS\Offline Web Pages
2008-06-11 15:42:40 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-06-11 15:42:30 0 d--h----- C:\Program Files\WindowsUpdate
2008-06-11 15:42:15 0 d-------- C:\WINDOWS\system32\DirectX
2008-06-11 15:41:51 0 d---s---- C:\WINDOWS\Tasks
2008-06-11 15:41:50 0 d-------- C:\Program Files\Common Files\MSSoap
2008-06-11 15:41:47 0 d-------- C:\WINDOWS\system32\Macromed
2008-06-11 15:41:47 0 d-------- C:\WINDOWS\srchasst
2008-06-11 15:41:41 0 d-------- C:\Program Files\Movie Maker
2008-06-11 15:41:36 0 d-------- C:\WINDOWS\system32\Restore
2008-06-11 15:41:04 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-06-11 15:40:49 0 d-------- C:\WINDOWS\Registration
2008-06-11 15:40:42 0 d-------- C:\Program Files\Online Services
2008-06-11 15:40:37 0 d-------- C:\Program Files\Messenger
2008-06-11 15:40:34 0 d-------- C:\Program Files\MSN Gaming Zone
2008-06-11 15:40:06 0 d-------- C:\Program Files\Windows NT
2008-06-11 15:40:04 0 d-------- C:\WINDOWS\system32\MsDtc
2008-06-11 15:40:03 0 d-------- C:\WINDOWS\system32\Com
2008-06-11 11:33:23 0 d--hs---- C:\WINDOWS\Installer
2008-06-11 11:33:23 0 d-------- C:\Program Files\Common Files\ODBC
2008-06-11 11:33:20 0 dr------- C:\Program Files <PROGRA~1>
2008-06-11 11:33:20 0 d-------- C:\Program Files\Common Files
2008-06-11 11:33:20 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-06-11 11:33:00 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-06-11 11:33:00 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-06-11 11:33:00 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-06-11 11:33:00 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-06-11 11:33:00 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-06-11 11:33:00 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-06-11 11:33:00 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-06-11 11:33:00 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-06-11 11:33:00 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-06-11 11:33:00 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-06-11 11:33:00 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-06-11 11:33:00 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-06-11 11:33:00 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-06-11 11:33:00 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-06-11 11:33:00 0 dr------- C:\Documents and Settings\All Users\Documents
2008-06-11 11:33:00 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-06-11 11:32:50 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-06-11 11:32:50 0 d-------- C:\WINDOWS\system32\CatRoot
2008-06-11 11:32:44 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-06-11 11:32:44 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-06-11 11:32:44 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-06-11 11:32:44 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-06-11 11:32:25 0 d--hs---- C:\System Volume Information <SYSTEM~1>
2008-06-11 11:32:25 0 d-------- C:\Documents and Settings <DOCUME~1>
2008-06-11 11:26:28 0 d-------- C:\WINDOWS
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\WinSxS
2008-06-11 11:26:28 0 dr------- C:\WINDOWS\Web
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\twain_32
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\system32
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\system32\wins
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\system32\wbem
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\system32\usmt
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\system32\spool
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\system32\ShellExt
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\system32\Setup
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\system32\ras
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\system32\oobe
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\system32\npp
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\system32\mui
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\system32\inetsrv
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\system32\IME
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\system32\icsxml
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\system32\ias
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\system32\export
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\system32\drivers
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-06-11 11:26:28 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\system32\dhcp
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\system32\config
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\system32\3076
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\system32\2052
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\system32\1054
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\system32\1042
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\system32\1041
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\system32\1037
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\system32\1033
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\system32\1031
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\system32\1028
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\system32\1025
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\system
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\security
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\Resources
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\repair
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\Provisioning
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\PeerNet
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\pchealth
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\mui
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\msapps
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\msagent
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\Media
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\java
2008-06-11 11:26:28 0 d--h----- C:\WINDOWS\inf
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\ime
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\Help
2008-06-11 11:26:28 0 dr--s---- C:\WINDOWS\Fonts
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\ehome
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\Driver Cache
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\Debug
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\Cursors
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\Connection Wizard
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\Config
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\AppPatch
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\addins
-- Find3M Report ---------------------------------------------------------------
2008-06-12 08:54:55 2528 --a------ C:\Documents and Settings\Joshua Felland\Application Data\$_hpcst$.hpc
2008-06-12 06:32:32 6172 --a------ C:\Program Files\install.log
2008-06-11 11:33:00 62 --ahs---- C:\Documents and Settings\Joshua Felland\Application Data\desktop.ini
2008-05-02 22:46:00 1630208 --a------ C:\WINDOWS\system32\nwiz.exe
2008-05-02 22:46:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2008-05-02 22:46:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2008-05-02 22:46:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2008-05-02 22:46:00 1486848 --a------ C:\WINDOWS\system32\nview.dll
2008-05-02 22:46:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2008-05-02 22:46:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2008-05-02 22:46:00 425984 --a------ C:\WINDOWS\system32\keystone.exe
2008-04-13 11:21:50 17920 --a------ C:\WINDOWS\system32\Ntaccess.sys <Not Verified; Your Corporation; Your Product Name>
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D306BECA-9699-424E-8948-7AE1103B48B4}]
06/12/2008 05:50 AM 322048 --a------ C:\WINDOWS\system32\opnmNDuU.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F53BAFE5-CE7A-4E95-95AC-A3912EFD3739}]
06/12/2008 05:42 AM 58880 --a------ C:\WINDOWS\system32\ssqOFVMF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/02/2008 10:46 PM]
"nwiz"="nwiz.exe" [05/02/2008 10:46 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [05/02/2008 10:46 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [11/29/2007 02:17 AM C:\WINDOWS\KHALMNPR.Exe]
"54814844"="C:\WINDOWS\system32\gcfkpcad.dll" [06/12/2008 05:51 AM]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [02/28/2008 09:59 AM]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [02/18/2008 04:29 PM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [11/01/2007 07:12 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 08:12 PM]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [02/28/2008 05:07 PM]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [11/13/2006 01:39 PM]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"NeroHomeFirstStart"="C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"Spybot - Search & Destroy"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
C:\Documents and Settings\Joshua Felland\Start Menu\Programs\Startup\
GameSpot Download Manager.lnk - C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe [4/16/2008 7:08:36 PM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [6/12/2008 5:39:11 AM]
PC Alert 4.lnk - C:\Program Files\MSI\PC Alert 4\PCAlert4.exe [6/12/2008 4:37:41 AM]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2/5/2007 3:40:46 PM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{F53BAFE5-CE7A-4E95-95AC-A3912EFD3739}"= C:\WINDOWS\system32\ssqOFVMF.dll [06/12/2008 05:42 AM 58880]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [02/05/2007 03:39 PM 294400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll 01/09/2008 12:30 PM 72208 c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqOFVMF]
ssqOFVMF.dll 06/12/2008 05:42 AM 58880 C:\WINDOWS\system32\ssqOFVMF.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\opnmNDuU
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc
*Newly Created Service* - IPFILTERDRIVER
*Newly Created Service* - MCMSCSVC
*Newly Created Service* - MCNASVC
*Newly Created Service* - MCPROXY
*Newly Created Service* - MCSHIELD
*Newly Created Service* - MCSYSMON
*Newly Created Service* - MFEAVFK
*Newly Created Service* - MFEBOPK
*Newly Created Service* - MFEHIDK
*Newly Created Service* - MFESMFK
*Newly Created Service* - MPFP
*Newly Created Service* - MPFSERVICE
*Newly Created Service* - NMINDEXINGSERVICE
*Newly Created Service* - OSE
*Newly Created Service* - PLFLASH_DEVICEIOCONTROL_SERVICE
*Newly Created Service* - UDFS
*Newly Created Service* - WSEARCH
-- Hosts -----------------------------------------------------------------------
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
8724 more entries in hosts file.
-- End of Deckard's System Scanner: finished at 2008-06-12 16:10:42 ------
--- Main.text [end]-----------------------------------------------------
-----------------extra.txt [START]-------------------------------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English
CPU 0: AMD Opteron(tm) Processor 248
CPU 1: AMD Opteron(tm) Processor 248
Percentage of Memory in Use: 35%
Physical Memory (total/avail): 2046.41 MiB / 1320.08 MiB
Pagefile Memory (total/avail): 3939.16 MiB / 3329.18 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1905.39 MiB
C: is Fixed (NTFS) - 111.78 GiB total, 99.37 GiB free.
D: is CDROM (UDF)
E: is Fixed (NTFS) - 232.82 GiB total, 152.58 GiB free.
\\.\PHYSICALDRIVE0 - ST3120026A - 111.79 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 111.78 GiB - C:
\\.\PHYSICALDRIVE1 - Maxtor 7 Y250M0 SCSI Disk Device - 232.83 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 232.82 GiB - E:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Joshua Felland\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DJ-KILLAB
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Joshua Felland
LOGONSERVER=\\DJ-KILLAB
MOZ_CRASHREPORTER_DATA_DIRECTORY=C:\Documents and Settings\Joshua Felland\Application Data\Mozilla\Firefox\Crash Reports
MOZ_CRASHREPORTER_RESTART_ARG_0=C:\Program Files\Mozilla Firefox\firefox.exe
MOZ_CRASHREPORTER_STRINGS_OVERRIDE=C:\Program Files\Mozilla Firefox\crashreporter-override.ini
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Nero\Lib\;C:\Program Files\Common Files\Nero\Lib\;C:\Program Files\Common Files\Nero\Lib\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 5 Stepping 10, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=050a
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\JOSHUA~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\JOSHUA~1\LOCALS~1\Temp
USERDOMAIN=DJ-KILLAB
USERNAME=Joshua Felland
USERPROFILE=C:\Documents and Settings\Joshua Felland
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Joshua Felland [I](admin)
-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Azureus Vuze --> C:\Program Files\Azureus\uninstall.exe
CDDRV_Installer --> MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
DMI Browse --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MSI\DMI Browser\Uninst.isu"
Eudemons Online --> C:\Program Files\InstallShield Installation Information\{2B4A545A-DF30-4FC9-B56E-EB7DAFA70792}\setup.exe -runfromtemp -l0x0009 -removeonly
GameSpot Download Manager --> "C:\Program Files\GameSpot\uninstall.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
i-Speeder --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MSI\i-Speeder\Uninst.isu"
InfoView --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MSI\InfoView\Uninst.isu"
Java(TM) 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
KhalInstallWrapper --> MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
Logitech SetPoint --> C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0009 -removeonly
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft ActiveSync --> MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MythWar --> "C:\WINDOWS\MythWar\uninstall.exe" "/U:e:\Program Files\MythWar\Uninstall\uninstall.xml"
Nero 8 --> MsiExec.exe /X{BE282C23-5484-47FF-B2C1-EBEA5C891033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
PC Alert 4 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MSI\PC Alert 4\Uninst.isu"
PC Wizard 2008.1.84 --> "C:\Program Files\PC Wizard 2008\unins000.exe"
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
VIA Platform Device Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
Windows Desktop Search 3.01 --> "C:\WINDOWS\$NtUninstallKB917013$\spuninst\spuninst.exe"
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) --> C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_C074F64CC74B03BC354BB5DC973CCF768D5A7194\amdk8.inf
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WMIinfo --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MSI\WMIinfo\Uninst.isu"
Yahoo! Messenger --> E:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U E:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
-- Application Event Log -------------------------------------------------------
Event Record #/Type186 / Error
Event Submitted/Written: 06/12/2008 03:41:57 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.
Event Record #/Type185 / Error
Event Submitted/Written: 06/12/2008 03:41:57 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.
Event Record #/Type184 / Error
Event Submitted/Written: 06/12/2008 03:41:57 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.
Event Record #/Type183 / Error
Event Submitted/Written: 06/12/2008 03:41:57 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.
Event Record #/Type182 / Error
Event Submitted/Written: 06/12/2008 03:41:57 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type560 / Error
Event Submitted/Written: 06/12/2008 03:50:39 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}
Event Record #/Type559 / Error
Event Submitted/Written: 06/12/2008 03:50:38 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}
Event Record #/Type554 / Error
Event Submitted/Written: 06/12/2008 03:48:00 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}
Event Record #/Type553 / Error
Event Submitted/Written: 06/12/2008 03:47:58 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}
Event Record #/Type504 / Error
Event Submitted/Written: 06/12/2008 08:58:51 AM
Event ID/Source: 7 / Cdrom
Event Description:
The device, \Device\CdRom0, has a bad block.
-- End of Deckard's System Scanner: finished at 2008-06-12 16:10:42 ------
----extra.txt [END]-------------------------------------------------------
------------------hijackthis.log [START]----------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:15:29 PM, on 6/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\System32\svchost.exe
E:\Program Files\Eudemons Online\soul.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\notepad.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Common Files\Microsoft Shared\office12\offlb.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [54814844] rundll32.exe "C:\WINDOWS\system32\gcfkpcad.dll",b
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe"
O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15031/CTSUEng.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://dev.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15035/CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0154251213299408) (0154251213299408mcinstcleanup) - Unknown owner - C:\DOCUME~1\JOSHUA~1\LOCALS~1\Temp\015425~1.EXE (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
--
End of file - 8409 bytes
----hijackthis.log [END]--------------------------------------
____________ALL LOGFILES -END-_____________________
PLEASE HELP, like I said, I'm pretty sure I couldn't have downloaded it again, unless it was somehow in my MS Windows disk or in my driver files.
Thanks.
It wasn't until recently that I found Virtumonde on my system. I used Spybot S&D to try to get rid of it like 3 times. All the Online "Guides" are about 3-4 years out of date and don't list all keys / files that need to be eradicated. So that's when I decided to go drastic...
I nuked of my system, backing up only those files needed (Pictures, some music, etc). Since then, the only things I have downloaded are driver files (from the manufacturer(s)), Spybot S&D, Virus Scan (McAfee - Provided free From My ISP). I have loaded MS Office 2007, Setpoint (Keyboard/mouse software from Logitech), Mozilla Firefox, and a few games that I've been playing for years.
Following is Three Log Files. the First two being the main and extra from the Deckard's System Scanner v20071014.68. The Third being from Hijack this v2.0.2.
__________ALL LOGFILES =START=___________________________________
---------------------Main.txt [START]-------------------------------------
Deckard's System Scanner v20071014.68
Run by Joshua Felland on 2008-06-12 16:07:27
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
21: 2008-06-12 20:07:31 UTC - RP21 - Deckard's System Scanner Restore Point
20: 2008-06-12 12:54:03 UTC - RP20 - Installed Microsoft ActiveSync
19: 2008-06-12 10:28:13 UTC - RP19 - Installed Eudemons Online
18: 2008-06-12 10:26:48 UTC - RP18 - Installed Eudemons Online
17: 2008-06-12 10:00:37 UTC - RP17 - Installed Windows XP Windows Desktop Search 3.01.
-- First Restore Point --
1: 2008-06-12 09:50:19 UTC - RP1 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Joshua Felland.exe) --------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:08:33 PM, on 6/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\System32\svchost.exe
E:\Program Files\Eudemons Online\soul.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\mmc.exe
C:\Documents and Settings\Joshua Felland\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Joshua Felland.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {D306BECA-9699-424E-8948-7AE1103B48B4} - C:\WINDOWS\system32\opnmNDuU.dll
O2 - BHO: (no name) - {F53BAFE5-CE7A-4E95-95AC-A3912EFD3739} - C:\WINDOWS\system32\ssqOFVMF.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [54814844] rundll32.exe "C:\WINDOWS\system32\gcfkpcad.dll",b
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe"
O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15031/CTSUEng.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://dev.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15035/CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: ssqOFVMF - C:\WINDOWS\SYSTEM32\ssqOFVMF.dll
O23 - Service: McAfee Application Installer Cleanup (0154251213299408) (0154251213299408mcinstcleanup) - Unknown owner - C:\DOCUME~1\JOSHUA~1\LOCALS~1\Temp\015425~1.EXE (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
--
End of file - 9128 bytes
-- File Associations -----------------------------------------------------------
.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
All drivers whitelisted.
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 PLFlash DeviceIoControl Service - c:\windows\system32\ioctlsvc.exe <Not Verified; Prolific Technology Inc.; IoctlSvc Application>
S2 0154251213299408mcinstcleanup (McAfee Application Installer Cleanup (0154251213299408)) - c:\docume~1\joshua~1\locals~1\temp\015425~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service (file missing)
S2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Controller
Device ID: PCI\VEN_1002&DEV_4D52&SUBSYS_A3461002&REV_00\3&13C0B0C5&0&28
Manufacturer:
Name: Multimedia Controller
PNP Device ID: PCI\VEN_1002&DEV_4D52&SUBSYS_A3461002&REV_00\3&13C0B0C5&0&28
Service:
-- Scheduled Tasks -------------------------------------------------------------
2008-06-12 15:36:17 358 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2008-06-12 15:36:16 350 --a------ C:\WINDOWS\Tasks\McQcTask.job
-- Files created between 2008-05-12 and 2008-06-12 -----------------------------
2008-06-12 16:01:25 0 d-------- C:\Program Files\Trend Micro
2008-06-12 15:40:40 143360 --a------ C:\WINDOWS\system32\dunzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading UnZIP DLL>
2008-06-12 15:35:46 0 d-------- C:\Program Files\McAfee.com
2008-06-12 15:35:36 0 d-------- C:\Program Files\Common Files\McAfee
2008-06-12 15:35:23 0 d-------- C:\Program Files\McAfee
2008-06-12 15:30:03 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-06-12 08:54:05 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-06-12 08:13:19 0 d-------- C:\WINDOWS\MythWar
2008-06-12 06:32:31 0 d-------- C:\Program Files\GameSpot
2008-06-12 06:32:31 0 d-------- C:\Documents and Settings\All Users\temp
2008-06-12 06:32:31 0 d-------- C:\Documents and Settings\All Users\Gamespot
2008-06-12 06:17:50 0 d-------- C:\Documents and Settings\Joshua Felland\Application Data\Windows Desktop Search
2008-06-12 06:00:49 0 d-------- C:\Program Files\Windows Desktop Search
2008-06-12 05:57:42 0 d-------- C:\Program Files\NeroInstall.bak
2008-06-12 05:56:17 0 d-------- C:\Documents and Settings\Joshua Felland\Application Data\Nero
2008-06-12 05:50:59 81408 --a------ C:\WINDOWS\system32\gcfkpcad.dll
2008-06-12 05:50:08 7511 --ahs---- C:\WINDOWS\system32\UuDNmnpo.ini2
2008-06-12 05:50:05 322048 --a------ C:\WINDOWS\system32\opnmNDuU.dll
2008-06-12 05:49:50 0 d-------- C:\Program Files\Nero
2008-06-12 05:49:50 0 d-------- C:\Program Files\Common Files\Nero
2008-06-12 05:49:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-06-12 05:48:52 0 d-------- C:\WINDOWS\LastGood
2008-06-12 05:42:01 58880 --a------ C:\WINDOWS\system32\ssqOFVMF.dll
2008-06-12 05:42:01 58880 --a------ C:\WINDOWS\system32\ddcYQGWN.dll
2008-06-12 05:40:46 0 d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-06-12 05:40:43 0 d-------- C:\Documents and Settings\Joshua Felland\Application Data\Logitech
2008-06-12 05:39:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-06-12 05:39:02 0 d-------- C:\Program Files\Common Files\Logishrd
2008-06-12 05:38:56 0 d-------- C:\Program Files\Logitech
2008-06-12 05:38:55 0 d-------- C:\Documents and Settings\Joshua Felland\Application Data\InstallShield
2008-06-12 05:37:43 0 d-------- C:\Program Files\Microsoft Works
2008-06-12 05:37:34 0 d-------- C:\Program Files\MSBuild
2008-06-12 05:36:39 0 d-------- C:\Program Files\Microsoft.NET
2008-06-12 05:35:03 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-06-12 05:34:31 0 d-------- C:\WINDOWS\SHELLNEW
2008-06-12 05:34:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-12 05:33:40 0 dr-h----- C:\MSOCache
2008-06-12 05:21:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-06-12 05:21:15 0 d-------- C:\Documents and Settings\Joshua Felland\Application Data\Azureus
2008-06-12 05:20:50 0 d-------- C:\Program Files\Azureus
2008-06-12 05:18:09 0 d-------- C:\Program Files\Java
2008-06-12 05:17:57 0 d-------- C:\Program Files\Common Files\Java
2008-06-12 05:11:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-06-12 05:11:13 0 d-------- C:\Program Files\Yahoo!
2008-06-12 04:51:28 0 d-------- C:\Program Files\Windows Media Connect 2
2008-06-12 04:50:45 0 d-------- C:\WINDOWS\system32\LogFiles
2008-06-12 04:50:45 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-06-12 04:47:44 0 d-------- C:\WINDOWS\system32\URTTemp
2008-06-12 04:40:23 0 d-------- C:\Program Files\SystemRequirementsLab
2008-06-12 04:37:30 327168 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-06-12 04:34:45 0 d-------- C:\Program Files\DIFX
2008-06-12 04:34:41 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-06-12 04:28:23 0 d-------- C:\Program Files\Setup Files
2008-06-12 04:25:40 0 d-------- C:\Program Files\MSI
2008-06-12 04:20:02 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-12 04:19:09 0 d-------- C:\Program Files\VIA
2008-06-12 04:18:49 0 d-------- C:\drivers
2008-06-12 04:12:15 0 d-------- C:\Program Files\PC Wizard 2008
2008-06-12 04:09:44 0 d-------- C:\Program Files\Creative
2008-06-12 03:46:58 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-12 03:46:56 0 d-------- C:\Documents and Settings\Joshua Felland\Application Data\Mozilla
2008-06-12 03:42:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-12 03:36:12 0 d-------- C:\WINDOWS\Prefetch
2008-06-12 03:26:37 0 d-------- C:\WINDOWS\system32\scripting
2008-06-12 03:26:37 0 d-------- C:\WINDOWS\l2schemas
2008-06-12 03:26:36 0 d-------- C:\WINDOWS\system32\en
2008-06-12 03:26:36 0 d-------- C:\WINDOWS\system32\bits
2008-06-12 03:24:32 0 d-------- C:\WINDOWS\ServicePackFiles
2008-06-12 03:21:51 0 d-------- C:\WINDOWS\network diagnostic
2008-06-12 03:19:48 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-06-12 03:07:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-06-12 03:01:31 0 d--hs---- C:\Documents and Settings\Joshua Felland\UserData
2008-06-12 03:00:17 0 d-------- C:\WINDOWS\system32\PreInstall
2008-06-12 03:00:15 0 d--h----- C:\WINDOWS\$hf_mig$
2008-06-12 02:49:43 0 d-------- C:\WINDOWS\nvidia icons
2008-06-12 02:49:28 0 d-------- C:\WINDOWS\nview
2008-06-12 02:49:13 0 d-------- C:\Program Files\Common Files\InstallShield
2008-06-12 02:49:07 0 d-------- C:\NVIDIA
2008-06-12 02:47:04 0 d-------- C:\Documents and Settings\Joshua Felland\Application Data\Adobe
2008-06-12 02:46:53 0 d-------- C:\Documents and Settings\Joshua Felland\Application Data\Macromedia
2008-06-12 02:46:35 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-06-12 02:45:25 0 d-------- C:\win_xp_2k3_32-10.78.0.0 <WIN_XP~1.0>
2008-06-11 16:00:07 0 d-------- C:\Documents and Settings\Joshua Felland\Application Data\Identities
2008-06-11 16:00:02 0 d--h----- C:\Documents and Settings\Joshua Felland\Templates
2008-06-11 16:00:02 0 dr------- C:\Documents and Settings\Joshua Felland\Start Menu
2008-06-11 16:00:02 0 dr-h----- C:\Documents and Settings\Joshua Felland\SendTo
2008-06-11 16:00:02 0 dr-h----- C:\Documents and Settings\Joshua Felland\Recent
2008-06-11 16:00:02 0 d--h----- C:\Documents and Settings\Joshua Felland\PrintHood
2008-06-11 16:00:02 2883584 --ah----- C:\Documents and Settings\Joshua Felland\NTUSER.DAT
2008-06-11 16:00:02 0 d--h----- C:\Documents and Settings\Joshua Felland\NetHood
2008-06-11 16:00:02 0 dr------- C:\Documents and Settings\Joshua Felland\My Documents
2008-06-11 16:00:02 0 d--h----- C:\Documents and Settings\Joshua Felland\Local Settings
2008-06-11 16:00:02 0 dr------- C:\Documents and Settings\Joshua Felland\Favorites
2008-06-11 16:00:02 0 d-------- C:\Documents and Settings\Joshua Felland\Desktop
2008-06-11 16:00:02 0 d--hs---- C:\Documents and Settings\Joshua Felland\Cookies
2008-06-11 16:00:02 0 dr-h----- C:\Documents and Settings\Joshua Felland\Application Data
2008-06-11 15:59:03 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-06-11 15:59:01 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-06-11 15:59:00 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-06-11 15:59:00 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-06-11 15:59:00 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2008-06-11 15:59:00 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-06-11 15:59:00 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-06-11 15:46:44 225280 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-06-11 15:46:44 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-06-11 15:46:44 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies
2008-06-11 15:46:44 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-06-11 15:46:44 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-06-11 15:43:55 0 d-------- C:\WINDOWS\system32\xircom
2008-06-11 15:43:55 0 d-------- C:\Program Files\microsoft frontpage
2008-06-11 15:43:45 262144 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-06-11 15:43:39 0 -rahs---- C:\MSDOS.SYS
2008-06-11 15:43:39 0 -rahs---- C:\IO.SYS
2008-06-11 15:43:39 0 --a------ C:\CONFIG.SYS
2008-06-11 15:43:39 0 --a------ C:\AUTOEXEC.BAT
2008-06-11 15:42:48 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-06-11 15:42:40 0 dr------- C:\WINDOWS\Offline Web Pages
2008-06-11 15:42:40 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-06-11 15:42:30 0 d--h----- C:\Program Files\WindowsUpdate
2008-06-11 15:42:15 0 d-------- C:\WINDOWS\system32\DirectX
2008-06-11 15:41:51 0 d---s---- C:\WINDOWS\Tasks
2008-06-11 15:41:50 0 d-------- C:\Program Files\Common Files\MSSoap
2008-06-11 15:41:47 0 d-------- C:\WINDOWS\system32\Macromed
2008-06-11 15:41:47 0 d-------- C:\WINDOWS\srchasst
2008-06-11 15:41:41 0 d-------- C:\Program Files\Movie Maker
2008-06-11 15:41:36 0 d-------- C:\WINDOWS\system32\Restore
2008-06-11 15:41:04 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-06-11 15:40:49 0 d-------- C:\WINDOWS\Registration
2008-06-11 15:40:42 0 d-------- C:\Program Files\Online Services
2008-06-11 15:40:37 0 d-------- C:\Program Files\Messenger
2008-06-11 15:40:34 0 d-------- C:\Program Files\MSN Gaming Zone
2008-06-11 15:40:06 0 d-------- C:\Program Files\Windows NT
2008-06-11 15:40:04 0 d-------- C:\WINDOWS\system32\MsDtc
2008-06-11 15:40:03 0 d-------- C:\WINDOWS\system32\Com
2008-06-11 11:33:23 0 d--hs---- C:\WINDOWS\Installer
2008-06-11 11:33:23 0 d-------- C:\Program Files\Common Files\ODBC
2008-06-11 11:33:20 0 dr------- C:\Program Files <PROGRA~1>
2008-06-11 11:33:20 0 d-------- C:\Program Files\Common Files
2008-06-11 11:33:20 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-06-11 11:33:00 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-06-11 11:33:00 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-06-11 11:33:00 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-06-11 11:33:00 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-06-11 11:33:00 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-06-11 11:33:00 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-06-11 11:33:00 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-06-11 11:33:00 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-06-11 11:33:00 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-06-11 11:33:00 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-06-11 11:33:00 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-06-11 11:33:00 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-06-11 11:33:00 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-06-11 11:33:00 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-06-11 11:33:00 0 dr------- C:\Documents and Settings\All Users\Documents
2008-06-11 11:33:00 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-06-11 11:32:50 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-06-11 11:32:50 0 d-------- C:\WINDOWS\system32\CatRoot
2008-06-11 11:32:44 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-06-11 11:32:44 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-06-11 11:32:44 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-06-11 11:32:44 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-06-11 11:32:25 0 d--hs---- C:\System Volume Information <SYSTEM~1>
2008-06-11 11:32:25 0 d-------- C:\Documents and Settings <DOCUME~1>
2008-06-11 11:26:28 0 d-------- C:\WINDOWS
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\WinSxS
2008-06-11 11:26:28 0 dr------- C:\WINDOWS\Web
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\twain_32
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\system32
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\system32\wins
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\system32\wbem
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\system32\usmt
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\system32\spool
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\system32\ShellExt
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\system32\Setup
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\system32\ras
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\system32\oobe
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\system32\npp
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\system32\mui
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\system32\inetsrv
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\system32\IME
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\system32\icsxml
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\system32\ias
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\system32\export
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\system32\drivers
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-06-11 11:26:28 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\system32\dhcp
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\system32\config
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\system32\3076
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\system32\2052
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\system32\1054
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\system32\1042
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\system32\1041
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\system32\1037
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\system32\1033
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\system32\1031
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\system32\1028
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\system32\1025
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\system
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\security
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\Resources
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\repair
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\Provisioning
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\PeerNet
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\pchealth
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\mui
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\msapps
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\msagent
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\Media
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\java
2008-06-11 11:26:28 0 d--h----- C:\WINDOWS\inf
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\ime
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\Help
2008-06-11 11:26:28 0 dr--s---- C:\WINDOWS\Fonts
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\ehome
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\Driver Cache
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\Debug
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\Cursors
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\Connection Wizard
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\Config
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\AppPatch
2008-06-11 11:26:28 0 d-------- C:\WINDOWS\addins
-- Find3M Report ---------------------------------------------------------------
2008-06-12 08:54:55 2528 --a------ C:\Documents and Settings\Joshua Felland\Application Data\$_hpcst$.hpc
2008-06-12 06:32:32 6172 --a------ C:\Program Files\install.log
2008-06-11 11:33:00 62 --ahs---- C:\Documents and Settings\Joshua Felland\Application Data\desktop.ini
2008-05-02 22:46:00 1630208 --a------ C:\WINDOWS\system32\nwiz.exe
2008-05-02 22:46:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2008-05-02 22:46:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2008-05-02 22:46:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2008-05-02 22:46:00 1486848 --a------ C:\WINDOWS\system32\nview.dll
2008-05-02 22:46:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2008-05-02 22:46:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2008-05-02 22:46:00 425984 --a------ C:\WINDOWS\system32\keystone.exe
2008-04-13 11:21:50 17920 --a------ C:\WINDOWS\system32\Ntaccess.sys <Not Verified; Your Corporation; Your Product Name>
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D306BECA-9699-424E-8948-7AE1103B48B4}]
06/12/2008 05:50 AM 322048 --a------ C:\WINDOWS\system32\opnmNDuU.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F53BAFE5-CE7A-4E95-95AC-A3912EFD3739}]
06/12/2008 05:42 AM 58880 --a------ C:\WINDOWS\system32\ssqOFVMF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/02/2008 10:46 PM]
"nwiz"="nwiz.exe" [05/02/2008 10:46 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [05/02/2008 10:46 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [11/29/2007 02:17 AM C:\WINDOWS\KHALMNPR.Exe]
"54814844"="C:\WINDOWS\system32\gcfkpcad.dll" [06/12/2008 05:51 AM]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [02/28/2008 09:59 AM]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [02/18/2008 04:29 PM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [11/01/2007 07:12 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 08:12 PM]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [02/28/2008 05:07 PM]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [11/13/2006 01:39 PM]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"NeroHomeFirstStart"="C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"Spybot - Search & Destroy"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
C:\Documents and Settings\Joshua Felland\Start Menu\Programs\Startup\
GameSpot Download Manager.lnk - C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe [4/16/2008 7:08:36 PM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [6/12/2008 5:39:11 AM]
PC Alert 4.lnk - C:\Program Files\MSI\PC Alert 4\PCAlert4.exe [6/12/2008 4:37:41 AM]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2/5/2007 3:40:46 PM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{F53BAFE5-CE7A-4E95-95AC-A3912EFD3739}"= C:\WINDOWS\system32\ssqOFVMF.dll [06/12/2008 05:42 AM 58880]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [02/05/2007 03:39 PM 294400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll 01/09/2008 12:30 PM 72208 c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqOFVMF]
ssqOFVMF.dll 06/12/2008 05:42 AM 58880 C:\WINDOWS\system32\ssqOFVMF.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\opnmNDuU
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc
*Newly Created Service* - IPFILTERDRIVER
*Newly Created Service* - MCMSCSVC
*Newly Created Service* - MCNASVC
*Newly Created Service* - MCPROXY
*Newly Created Service* - MCSHIELD
*Newly Created Service* - MCSYSMON
*Newly Created Service* - MFEAVFK
*Newly Created Service* - MFEBOPK
*Newly Created Service* - MFEHIDK
*Newly Created Service* - MFESMFK
*Newly Created Service* - MPFP
*Newly Created Service* - MPFSERVICE
*Newly Created Service* - NMINDEXINGSERVICE
*Newly Created Service* - OSE
*Newly Created Service* - PLFLASH_DEVICEIOCONTROL_SERVICE
*Newly Created Service* - UDFS
*Newly Created Service* - WSEARCH
-- Hosts -----------------------------------------------------------------------
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
8724 more entries in hosts file.
-- End of Deckard's System Scanner: finished at 2008-06-12 16:10:42 ------
--- Main.text [end]-----------------------------------------------------
-----------------extra.txt [START]-------------------------------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English
CPU 0: AMD Opteron(tm) Processor 248
CPU 1: AMD Opteron(tm) Processor 248
Percentage of Memory in Use: 35%
Physical Memory (total/avail): 2046.41 MiB / 1320.08 MiB
Pagefile Memory (total/avail): 3939.16 MiB / 3329.18 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1905.39 MiB
C: is Fixed (NTFS) - 111.78 GiB total, 99.37 GiB free.
D: is CDROM (UDF)
E: is Fixed (NTFS) - 232.82 GiB total, 152.58 GiB free.
\\.\PHYSICALDRIVE0 - ST3120026A - 111.79 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 111.78 GiB - C:
\\.\PHYSICALDRIVE1 - Maxtor 7 Y250M0 SCSI Disk Device - 232.83 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 232.82 GiB - E:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Joshua Felland\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DJ-KILLAB
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Joshua Felland
LOGONSERVER=\\DJ-KILLAB
MOZ_CRASHREPORTER_DATA_DIRECTORY=C:\Documents and Settings\Joshua Felland\Application Data\Mozilla\Firefox\Crash Reports
MOZ_CRASHREPORTER_RESTART_ARG_0=C:\Program Files\Mozilla Firefox\firefox.exe
MOZ_CRASHREPORTER_STRINGS_OVERRIDE=C:\Program Files\Mozilla Firefox\crashreporter-override.ini
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Nero\Lib\;C:\Program Files\Common Files\Nero\Lib\;C:\Program Files\Common Files\Nero\Lib\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 5 Stepping 10, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=050a
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\JOSHUA~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\JOSHUA~1\LOCALS~1\Temp
USERDOMAIN=DJ-KILLAB
USERNAME=Joshua Felland
USERPROFILE=C:\Documents and Settings\Joshua Felland
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Joshua Felland [I](admin)
-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Azureus Vuze --> C:\Program Files\Azureus\uninstall.exe
CDDRV_Installer --> MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
DMI Browse --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MSI\DMI Browser\Uninst.isu"
Eudemons Online --> C:\Program Files\InstallShield Installation Information\{2B4A545A-DF30-4FC9-B56E-EB7DAFA70792}\setup.exe -runfromtemp -l0x0009 -removeonly
GameSpot Download Manager --> "C:\Program Files\GameSpot\uninstall.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
i-Speeder --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MSI\i-Speeder\Uninst.isu"
InfoView --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MSI\InfoView\Uninst.isu"
Java(TM) 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
KhalInstallWrapper --> MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
Logitech SetPoint --> C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0009 -removeonly
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft ActiveSync --> MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MythWar --> "C:\WINDOWS\MythWar\uninstall.exe" "/U:e:\Program Files\MythWar\Uninstall\uninstall.xml"
Nero 8 --> MsiExec.exe /X{BE282C23-5484-47FF-B2C1-EBEA5C891033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
PC Alert 4 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MSI\PC Alert 4\Uninst.isu"
PC Wizard 2008.1.84 --> "C:\Program Files\PC Wizard 2008\unins000.exe"
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
VIA Platform Device Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
Windows Desktop Search 3.01 --> "C:\WINDOWS\$NtUninstallKB917013$\spuninst\spuninst.exe"
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) --> C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_C074F64CC74B03BC354BB5DC973CCF768D5A7194\amdk8.inf
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WMIinfo --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MSI\WMIinfo\Uninst.isu"
Yahoo! Messenger --> E:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U E:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
-- Application Event Log -------------------------------------------------------
Event Record #/Type186 / Error
Event Submitted/Written: 06/12/2008 03:41:57 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.
Event Record #/Type185 / Error
Event Submitted/Written: 06/12/2008 03:41:57 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.
Event Record #/Type184 / Error
Event Submitted/Written: 06/12/2008 03:41:57 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.
Event Record #/Type183 / Error
Event Submitted/Written: 06/12/2008 03:41:57 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.
Event Record #/Type182 / Error
Event Submitted/Written: 06/12/2008 03:41:57 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type560 / Error
Event Submitted/Written: 06/12/2008 03:50:39 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}
Event Record #/Type559 / Error
Event Submitted/Written: 06/12/2008 03:50:38 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}
Event Record #/Type554 / Error
Event Submitted/Written: 06/12/2008 03:48:00 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}
Event Record #/Type553 / Error
Event Submitted/Written: 06/12/2008 03:47:58 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}
Event Record #/Type504 / Error
Event Submitted/Written: 06/12/2008 08:58:51 AM
Event ID/Source: 7 / Cdrom
Event Description:
The device, \Device\CdRom0, has a bad block.
-- End of Deckard's System Scanner: finished at 2008-06-12 16:10:42 ------
----extra.txt [END]-------------------------------------------------------
------------------hijackthis.log [START]----------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:15:29 PM, on 6/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\System32\svchost.exe
E:\Program Files\Eudemons Online\soul.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\notepad.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Common Files\Microsoft Shared\office12\offlb.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [54814844] rundll32.exe "C:\WINDOWS\system32\gcfkpcad.dll",b
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe"
O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15031/CTSUEng.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://dev.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15035/CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0154251213299408) (0154251213299408mcinstcleanup) - Unknown owner - C:\DOCUME~1\JOSHUA~1\LOCALS~1\Temp\015425~1.EXE (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
--
End of file - 8409 bytes
----hijackthis.log [END]--------------------------------------
____________ALL LOGFILES -END-_____________________
PLEASE HELP, like I said, I'm pretty sure I couldn't have downloaded it again, unless it was somehow in my MS Windows disk or in my driver files.
Thanks.