0

Well, A client brought in a PC LOADED with Viruses and Spyware.

Anyhow after numerous scans with Avast! and Ad-Aware, I came here and ran the suggested apps. The problem that still lingers is that whenever I goto the Screensaver Tab, I get the DLL as an App error.

Prior to this, the tabs for changing the wallpaper and the screensaver were both removed by the Viruses, and the screensaver was changed to the fake bluescreen & reboot screeensaver.

Here are my logs..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:33:31 AM, on 7/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Maxtor\Utils\SyncServices.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O16 - DPF: {427273CC-764E-11D3-823D-006097F90453} (Pixami Image Editor Control) - http://www.cmphotocenter.com/is/BPImageEditor.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {C915801D-6F00-49CD-8A9A-8DE5C11ADDC1} (Pixami Drag/Drop Upload UI Control) - http://www.cmphotocenter.com/is/DragDropUploader.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\Utils\SyncServices.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

--
End of file - 3954 bytes

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3307 (20080729)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=8b810300bff5e9409c619e93b3d669d3
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-07-29 07:57:47
# local_time=2008-07-29 03:57:47 (-0500, Eastern Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=464419
# found=1
# scan_time=3305
C:\Documents and Settings\LocalService\Application Data\1024990756.exe Win32/TrojanDownloader.FakeAlert.DR trojan (unable to clean - deleted) 00000000000000000000000000000000

Malwarebytes' Anti-Malware 1.23
Database version: 1007
Windows 5.1.2600 Service Pack 2

2:46:31 PM 7/29/2008
mbam-log-7-29-2008 (14-46-10).txt

Scan type: Full Scan (C:\|)
Objects scanned: 177545
Time elapsed: 44 minute(s), 31 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 15
Registry Values Infected: 2
Registry Data Items Infected: 3
Folders Infected: 34
Files Infected: 26

Memory Processes Infected:
C:\Documents and Settings\Bob Rostollan\Desktop\Malwarebytes Anti-Malware 1.23.2b\keygen.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\SYSTEM32\blphcjg0j0ecfe.scr (Trojan.FakeAlert) -> No action taken.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{66186f05-bbbb-4a39-864f-72d84615c679} (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{ffffffff-bbbb-4146-86fd-a722e8ab3489} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWay) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\rhcng0j0ecfe (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\XP_SecurityCenter (Rogue.XPSecurityCenter) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CbEvtSvc (Trojan.MyDoom) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CcEvtSvc (Trojan.MyDoom) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Secondary_Page_URL (Hijack.Homepage) -> Bad: (file:///c:/windows/homepage.html ) Good: (http://www.google.com/) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Secondary Start Pages (Hijack.Homepage) -> Bad: (file:///c:/windows/homepage.html ) Good: (http://www.google.com/) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
C:\WINDOWS\SYSTEM32\wsnpoem (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\rhcng0j0ecfe (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\rhcng0j0ecfe\Quarantine (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\rhcng0j0ecfe\Quarantine\Autorun (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\rhcng0j0ecfe\Quarantine\Autorun\HKCU (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\rhcng0j0ecfe\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\rhcng0j0ecfe\Quarantine\Autorun\HKLM (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\rhcng0j0ecfe\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\rhcng0j0ecfe\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\rhcng0j0ecfe\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\rhcng0j0ecfe\Quarantine\BrowserObjects (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Administrator\Application Data\rhcng0j0ecfe\Quarantine\Packages (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\rhcng0j0ecfe (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\rhcng0j0ecfe\Quarantine (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\rhcng0j0ecfe\Quarantine\Autorun (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\rhcng0j0ecfe\Quarantine\Autorun\HKCU (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\rhcng0j0ecfe\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\rhcng0j0ecfe\Quarantine\Autorun\HKLM (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\rhcng0j0ecfe\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\rhcng0j0ecfe\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\rhcng0j0ecfe\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\rhcng0j0ecfe\Quarantine\BrowserObjects (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\rhcng0j0ecfe\Quarantine\Packages (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Bob Rostollan\Application Data\rhcng0j0ecfe (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Bob Rostollan\Application Data\rhcng0j0ecfe\Quarantine (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Bob Rostollan\Application Data\rhcng0j0ecfe\Quarantine\Autorun (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Bob Rostollan\Application Data\rhcng0j0ecfe\Quarantine\Autorun\HKCU (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Bob Rostollan\Application Data\rhcng0j0ecfe\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Bob Rostollan\Application Data\rhcng0j0ecfe\Quarantine\Autorun\HKLM (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Bob Rostollan\Application Data\rhcng0j0ecfe\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Bob Rostollan\Application Data\rhcng0j0ecfe\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Bob Rostollan\Application Data\rhcng0j0ecfe\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Bob Rostollan\Application Data\rhcng0j0ecfe\Quarantine\BrowserObjects (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Bob Rostollan\Application Data\rhcng0j0ecfe\Quarantine\Packages (Rogue.Multiple) -> No action taken.

Files Infected:
C:\Documents and Settings\Bob Rostollan\Desktop\Malwarebytes Anti-Malware 1.23.2b\keygen.exe (Trojan.Downloader) -> No action taken.
C:\RECYCLER\S-1-5-21-3993569137-2603966070-3812142891-1007\Dc1.2b\keygen.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP4\A0000426.exe (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\SYSTEM32\wsnpoem\audio.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\SYSTEM32\wsnpoem\video.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\homepage.html (Malware.Trace) -> No action taken.
C:\WINDOWS\promo1.html (Malware.Trace) -> No action taken.
C:\WINDOWS\promo2.html (Malware.Trace) -> No action taken.
C:\WINDOWS\promo3.html (Malware.Trace) -> No action taken.
C:\WINDOWS\promo4.html (Malware.Trace) -> No action taken.
C:\WINDOWS\promo5.html (Malware.Trace) -> No action taken.
C:\WINDOWS\promo6.html (Malware.Trace) -> No action taken.
C:\WINDOWS\promogif1.gif (Malware.Trace) -> No action taken.
C:\WINDOWS\promogif2.gif (Malware.Trace) -> No action taken.
C:\WINDOWS\promogif3.gif (Malware.Trace) -> No action taken.
C:\WINDOWS\SYSTEM32\delself.bat (Malware.Trace) -> No action taken.
C:\WINDOWS\SYSTEM32\pharma.txt (Malware.Trace) -> No action taken.
C:\WINDOWS\SYSTEM32\other.txt (Malware.Trace) -> No action taken.
C:\WINDOWS\SYSTEM32\finance.txt (Malware.Trace) -> No action taken.
C:\WINDOWS\SYSTEM32\adult.txt (Malware.Trace) -> No action taken.
C:\WINDOWS\SYSTEM32\lt.res (Malware.Trace) -> No action taken.
C:\WINDOWS\SYSTEM32\sft.res (Malware.Trace) -> No action taken.
C:\WINDOWS\index.html (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\SYSTEM32\blphcjg0j0ecfe.scr (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\SYSTEM32\phcjg0j0ecfe.bmp (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Bob Rostollan\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> No action taken.

Deckard's System Scanner v20071014.68
Run by Bob Rostollan on 2008-07-30 08:30:42
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 4 Restore Point(s) --
4: 2008-07-30 12:30:49 UTC - RP6 - Deckard's System Scanner Restore Point
3: 2008-07-29 17:15:26 UTC - RP5 - System Checkpoint
2: 2008-07-28 14:57:33 UTC - RP4 - System Checkpoint
1: 2008-07-25 16:06:32 UTC - RP3 - Removed Bonjour


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 510 MiB (512 MiB recommended).


-- HijackThis (run as Bob Rostollan.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:32:02 AM, on 7/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Maxtor\Utils\SyncServices.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Documents and Settings\Bob Rostollan\Desktop\dss.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Bob Rostollan.exe

O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O16 - DPF: {427273CC-764E-11D3-823D-006097F90453} (Pixami Image Editor Control) - http://www.cmphotocenter.com/is/BPImageEditor.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {C915801D-6F00-49CD-8A9A-8DE5C11ADDC1} (Pixami Drag/Drop Upload UI Control) - http://www.cmphotocenter.com/is/DragDropUploader.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\Utils\SyncServices.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

--
End of file - 4038 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080729-093945-134 O4 - HKUS\S-1-5-18\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe (User 'SYSTEM')
backup-20080729-093945-198 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
backup-20080729-093945-270 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
backup-20080729-093945-301 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file:///c:/windows/homepage.html
backup-20080729-093945-303 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
backup-20080729-093945-342 O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
backup-20080729-093945-343 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
backup-20080729-093945-349 O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
backup-20080729-093945-357 O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
backup-20080729-093945-359 F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
backup-20080729-093945-455 R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
backup-20080729-093945-469 O4 - HKUS\.DEFAULT\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe (User 'Default user')
backup-20080729-093945-745 O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
backup-20080729-093945-787 O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
backup-20080729-093945-834 O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
backup-20080729-093947-115 O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
backup-20080729-093947-133 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20080729-093947-197 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20080729-093947-444 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
backup-20080729-093947-618 O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
backup-20080729-093947-801 O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
backup-20080729-093947-904 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
backup-20080729-093948-902 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
backup-20080729-093948-982 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124117199640
backup-20080729-093949-176 O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
backup-20080729-093949-253 O20 - Winlogon Notify: WinCtrl32 - WinCtrl32.dll (file missing)
backup-20080729-093949-281 O23 - Service: CcEvtSvc - Unknown owner - C:\WINDOWS\System32\CcEvtSvc.exe (file missing)
backup-20080729-093949-308 O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
backup-20080729-093949-470 O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
backup-20080729-093949-471 O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
backup-20080729-093949-536 O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
backup-20080729-093949-659 O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
backup-20080729-093949-813 O21 - SSODL: WebProxy - {66186F05-BBBB-4a39-864F-72D84615C679} - sockins32.dll (file missing)
backup-20080729-093949-874 O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
backup-20080729-094407-257 O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\ManagerApp\Onetouch.exe
backup-20080729-094407-419 O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
backup-20080729-094407-533 O4 - Global Startup: PC Connect for CASSIOPEIA starter.lnk = ?
backup-20080729-094407-577 O4 - Startup: PC sync Quick Data Copy.lnk = C:\PCSYNC\QDCTRAY.EXE
backup-20080729-094407-597 O20 - AppInit_DLLs: cru629.dat
backup-20080729-094407-797 O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
backup-20080729-094408-757 O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
backup-20080729-094408-764 O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\Utils\SyncServices.exe
backup-20080729-094408-896 O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>

S0 Winrw16 - c:\windows\system32\drivers\winrw16.sys (file missing)
S3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
S3 EraserUtilDrv10741 - c:\program files\common files\symantec shared\eengine\eraserutildrv10741.sys (file missing)
S3 USBAAPL (Apple Mobile USB Driver) - c:\windows\system32\drivers\usbaapl.sys <Not Verified; Apple, Inc.; Apple Mobile Device USB Driver>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 NTService1 (MaxSyncService) - "c:\program files\maxtor\utils\syncservices.exe" <Not Verified; ; SyncServices>
R2 sprtsvc_dellsupportcenter (SupportSoft Sprocket Service (dellsupportcenter)) - c:\program files\dell support center\bin\sprtsvc.exe /service /p dellsupportcenter

S4 MaxBackServiceInt - "c:\program files\maxtor\maxtor backup\maxbackserviceint.exe" <Not Verified; ; MaxBackServiceInt Module>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-07-28 13:14:19 604 --a------ C:\WINDOWS\Tasks\Registry Repair4.job
2008-07-23 10:14:09 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-06-30 and 2008-07-30 -----------------------------

2008-07-29 14:58:06 0 d-------- C:\Program Files\EsetOnlineScanner
2008-07-29 12:46:58 0 d-------- C:\Documents and Settings\Bob Rostollan\Application Data\Malwarebytes
2008-07-29 12:46:55 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-29 12:46:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-29 09:36:04 0 d-------- C:\Program Files\Trend Micro
2008-07-28 09:26:24 0 dr-h----- C:\Documents and Settings\Bob Rostollan\Recent
2008-07-25 12:15:04 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-07-25 12:15:04 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-07-25 12:15:04 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-07-25 12:15:04 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-07-25 12:15:04 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-07-25 12:15:04 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-07-25 12:15:04 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-07-25 12:15:04 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-07-25 12:15:04 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-07-25 12:15:04 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-07-25 12:15:04 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-07-25 12:15:04 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-07-25 12:15:04 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-07-25 12:15:04 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-07-25 12:15:04 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2008-07-25 12:15:04 0 d-------- C:\Documents and Settings\Administrator\Application Data\Share-to-Web Upload Folder
2008-07-25 12:15:04 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-07-25 12:15:04 0 d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2008-07-25 12:15:04 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-07-25 12:15:04 0 d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-07-25 12:15:03 1048576 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-07-24 08:23:16 0 d-------- C:\Program Files\Alwil Software
2008-07-23 14:56:33 0 d-------- C:\WINDOWS\pss
2008-07-23 07:03:36 60928 --a------ C:\WINDOWS\sysin.scr <Not Verified; Sysinternals; Sysinternals Blue Screen>
2008-07-22 11:13:05 14671 --a------ C:\WINDOWS\system32\uvanije.scr
2008-07-22 11:13:05 17780 --a------ C:\WINDOWS\oxezynevy.bin
2008-07-22 11:13:05 16134 --a------ C:\Program Files\Common Files\xedisyzecu.dat
2008-07-22 11:13:05 18648 --a------ C:\Documents and Settings\Bob Rostollan\Application Data\izaq.dll
2008-07-22 11:13:05 17090 --a------ C:\Documents and Settings\All Users\Application Data\izusosijal.scr
2008-07-22 11:13:05 19878 --a------ C:\Documents and Settings\All Users\Application Data\egogulos.dat
2008-07-22 11:13:04 16520 --a------ C:\WINDOWS\ihiwyq.sys
2008-07-22 11:13:04 11499 --a------ C:\Documents and Settings\Bob Rostollan\Application Data\qagutas.com
2008-07-21 22:32:03 0 d-------- C:\Documents and Settings\All Users\Symantec Temporary Files
2008-07-12 12:44:50 0 d-------- C:\Program Files\iPod


-- Find3M Report ---------------------------------------------------------------

2008-07-23 08:04:49 0 d-------- C:\Program Files\Norton Security Scan
2008-07-23 07:21:31 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-23 07:21:19 0 d-------- C:\Program Files\Symantec
2008-07-22 21:53:36 10 --a------ C:\WINDOWS\popcinfo.dat
2008-07-22 15:55:54 0 d-------- C:\Program Files\QUICKENW
2008-07-22 11:13:05 0 d-------- C:\Program Files\Common Files
2008-07-22 11:13:04 18198 --a------ C:\Program Files\Common Files\exudi._dl
2008-07-12 12:45:23 0 d-------- C:\Program Files\iTunes
2008-07-12 12:42:27 0 d-------- C:\Program Files\QuickTime
2008-07-02 10:16:48 0 d-------- C:\Program Files\Safari
2008-05-22 08:45:29 4096 --a------ C:\WINDOWS\d3dx.dat
2008-05-22 08:43:19 0 --a------ C:\Program Files\temp01
2008-05-15 12:20:40 106496 --a------ C:\WINDOWS\system32\DrvTrNTl.dll <Not Verified; High Criteria inc.; Total Recorder (Professional Edition)>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [06/30/2004 03:33 PM]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [04/11/2002 05:19 AM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [11/16/2004 02:05 AM]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [09/20/2005 10:35 AM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [09/20/2005 10:32 AM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [09/20/2005 10:36 AM]
"Dell Photo AIO Printer 922"="C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [06/18/2004 11:30 AM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [07/19/2008 10:38 AM]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [10/09/2007 07:56 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]

C:\Documents and Settings\Bob Rostollan\Start Menu\Programs\Startup\
DESKTOP.INI [8/10/2004 3:04:12 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [8/10/2004 3:04:12 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"DisableTaskMgr"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Reserved]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winrw16.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\braviax]
C:\WINDOWS\system32\braviax.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\buritos]
buritos.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
"C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
"C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lphcjg0j0ecfe]
C:\WINDOWS\system32\lphcjg0j0ecfe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
"C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
"C:\Program Files\Dell\Media Experience\PCMService.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMrhcng0j0ecfe]
C:\Program Files\rhcng0j0ecfe\rhcng0j0ecfe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XP SecurityCenter]
"C:\Program Files\XPSecurityCenter\XPSecurityCenter.exe" /hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LiveUpdate Notice Service"=2 (0x2)
"LiveUpdate Notice Ex"=2 (0x2)
"LiveUpdate"=3 (0x3)
"ccSetMgr"=2 (0x2)
"ccEvtMgr"=2 (0x2)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0bff7b48-597b-11dd-aa6b-001111b78985}]
Auto\command- F:\pstart.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL pstart.exe


-- End of Deckard's System Scanner: finished at 2008-07-30 08:32:44 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 2.80GHz
Percentage of Memory in Use: 69%
Physical Memory (total/avail): 509.98 MiB / 157.89 MiB
Pagefile Memory (total/avail): 1245.48 MiB / 996.79 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1933.94 MiB

A: is Removable (Unformatted)
C: is Fixed (NTFS) - 145.99 GiB total, 113.02 GiB free.
D: is CDROM (CDFS)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Maxtor 6Y160P0 - 149.01 GiB - 3 partitions
\PARTITION0 - Unknown - 54.88 MiB
\PARTITION1 (bootable) - Installable File System - 145.99 GiB - C:
\PARTITION2 - Unknown - 2.96 GiB

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
UpdatesDisableNotify is set.

AV: avast! antivirus 4.8.1229 [VPS 080729-1] v4.8.1229 (ALWIL Software) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\WINDOWS\\SYSTEM32\\USMT\\MIGWIZ.EXE"="C:\\WINDOWS\\SYSTEM32\\USMT\\MIGWIZ.EXE:*:Enabled:Files and Settings Transfer Wizard"
"C:\\Documents and Settings\\Bob Rostollan\\Local Settings\\Temporary Internet Files\\Content.IE5\\MR8N3KHW\\incredimail_install[1].exe"="C:\\Documents and Settings\\Bob Rostollan\\Local Settings\\Temporary Internet Files\\Content.IE5\\MR8N3KHW\\incredimail_install[1].exe:*:Enabled:IncrediMail Installer"
"C:\\Documents and Settings\\Bob Rostollan\\Local Settings\\Temp\\ImInstaller\\IncrediMail\\incredimail_install[1].exe"="C:\\Documents and Settings\\Bob Rostollan\\Local Settings\\Temp\\ImInstaller\\IncrediMail\\incredimail_install[1].exe:*:Enabled:IncrediMail Installer"
"C:\\Documents and Settings\\Bob Rostollan\\Local Settings\\Temporary Internet Files\\Content.IE5\\YYNH1VDZ\\incredimail_install[1].exe"="C:\\Documents and Settings\\Bob Rostollan\\Local Settings\\Temporary Internet Files\\Content.IE5\\YYNH1VDZ\\incredimail_install[1].exe:*:Enabled:IncrediMail Installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Bob Rostollan\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=BOB01
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Bob Rostollan
LOGONSERVER=\\BOB01
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\PROGRA~1\COMMON~1\SONICS~1\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\BOBROS~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\BOBROS~1\LOCALS~1\Temp
USERDOMAIN=BOB01
USERNAME=Bob Rostollan
USERPROFILE=C:\Documents and Settings\Bob Rostollan
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Bob Rostollan (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
--> C:\PROGRA~1\Yahoo!\Common\unyt.exe
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 5.0 Sprint Plus --> MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
Adobe Acrobat 4.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.dll"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop Album 2.0 Starter Edition --> MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player 11 --> C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Airport Mania: First Flight --> "C:\Program Files\Airport Mania - First Flight\Uninstall.exe"
AnswerWorks 5.0 English Runtime --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}\setup.exe" -l0x9 -uninst -removeonly
Apple Mobile Device Support --> MsiExec.exe /I{35B91753-5789-4517-9CF1-2CCE3A8CF4F1}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Avery DesignPro --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2CC982C0-7EAE-11D4-ACC3-0050568AD318}\Setup.exe" -l0x9 -uninst
Big Fish Games Client --> C:\Program Files\bfgclient\Uninstall.exe
Click'N Design 3D (V5) --> C:\PROGRA~1\CLICK'~1\UNWISE.EXE C:\PROGRA~1\CLICK'~1\INSTALL.LOG
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant D850 56K V.9x DFVc Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Creative Memories Memory Manager 2 --> MsiExec.exe /I{0F1A3568-7419-4115-A207-512B9F688267}
Creative Memories StoryBook Creator 2.0 --> MsiExec.exe /I{A3C7B70F-E60A-4429-B0EF-D5289EF89C5B}
Crosswords and Word Games --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Expert Software\Crosswords and Word Games\DeIsL1.isu"
CSI-Dark Motives --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{41C5EDB3-BE78-4C29-AE83-EDD2B1B740F1}\setup.exe" -l0x9
CSI --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3BA044B0-A5E4-428E-8731-63BD5DD4FDB2}\setup.exe" -l0x9
Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Media Experience --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
Dell Photo AIO Printer 922 --> C:\WINDOWS\system32\spool\drivers\w32x86\3\DLBTUNST.EXE -NOLICENSE
Dell Picture Studio v3.0 --> MsiExec.exe /I{AF06CAE4-C134-44B1-B699-14FBDB63BD37}
Dell Support Center --> MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
EarthLink setup files --> MsiExec.exe /X{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}
ESET Online Scanner --> C:\WINDOWS\system32\OnlineScannerUninstaller.exe
Finale NotePad 2005a --> C:\WINDOWS\unvise32.exe C:\Program Files\Finale NotePad 2005a\uninstal.log
Get High Speed Internet! --> MsiExec.exe /I{7A3F0566-5E05-4919-9C98-456F6B5CF831}
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"
GoToMeeting/GoToWebinar 3.0.0.198 --> C:\Program Files\Citrix\GoToMeeting\198\G2MUninstall.exe /uninstall
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
HP Photo and Imaging 1.0 - Scanjet 3500c Series --> MsiExec.exe /I{B8E952E3-A823-443A-8493-39A0CCE0E3EB}
Intel(R) Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel(R) PRO Network Adapters and Drivers --> Prounstl.exe
Intel(R) PROSet for Wired Connections --> MsiExec.exe /I{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}
Internet Explorer Default Page --> MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
ItsDeductible Express --> MsiExec.exe /X{36495C59-089C-49D1-BD15-9E5BD86DC9A1}
iTunes --> MsiExec.exe /I{EF6C4600-306D-4F6A-A119-C2A877D25B4A}
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Jasc Paint Shop Photo Album --> MsiExec.exe /I{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}
Jasc Paint Shop Pro 8 Dell Edition --> MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Jasc Paint Shop Pro Studio, Dell Editon --> MsiExec.exe /I{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
LiveUpdate (Symantec Corporation) --> MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate"
LiveUpdate (Symantec Corporation) --> MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
MahJongg Master 2 --> C:\eGames\MAHJON~1\UNWISE.EXE C:\eGames\MAHJON~1\INSTALL.LOG
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Maxtor Backup --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{9C3F9580-F5CF-4288-894E-9FF0EB24A21C} /l1033
Maxtor Encryption --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A4DB0F6C-851E-44E3-82EF-40D1C215A5FD} /l1033
Maxtor OneTouch III --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{FF268652-B3E8-494F-8343-1FC6DD0FF523} /l1033
Memory Manager Shared Components Update --> MsiExec.exe /I{855544EF-FF9E-4BB0-9CCF-B9D930FE6FFD}
Microsoft Combat Flight Simulator --> "C:\Program Files\Microsoft Games\Combat Flight Simulator\UNINSTAL.EXE" /runtemp
Microsoft Combat Flight Simulator 2 --> "C:\Program Files\Microsoft Games\Combat Flight Simulator 2\UNINSTAL.EXE" /runtemp /addremove
Microsoft Fighter Ace II --> "C:\Program Files\Microsoft Games\Fighter Ace II\Console.Exe" /runtemp /addremove
Microsoft Office Basic Edition 2003 --> MsiExec.exe /I{91130409-6000-11D3-8CFE-0150048383C9}
Microsoft Office PowerPoint Viewer 2003 --> MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Musicmatch® Jukebox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9 -uninst
My Way Search Assistant --> rundll32 C:\PROGRA~1\MyWaySA\SrchAsDe\1.bin\desrcas.dll,O
Mystery Case Files - Ravenhearst (remove only) --> "C:\Program Files\Yahoo! Games\Mystery Case Files - Ravenhearst\Uninstall.exe"
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
NetZeroInstallers --> MsiExec.exe /X{352310C3-E46B-42D3-8F32-54721FDD72D9}
Norton Security Scan --> MsiExec.exe /I{DA15D535-5E1D-4076-B520-8571346D6238}
PC Connect for CASSIOPEIA 1.01 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32715C4C-1ECE-4769-A9EB-8C411C859911}\Setup.exe" -l0x9
PowerDVD 5.3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Quest Bundle (remove only) --> "C:\Program Files\Yahoo! Games\Quest Bundle\Uninstall.exe"
Quicken 2008 --> MsiExec.exe /X{3B0F52AC-EF5C-4831-B221-06C782E41280}
Quicken WillMaker Plus 2005 --> C:\WINDOWS\unvise32.exe C:\Program Files\Quicken WillMaker Plus 2005\uninstal.log
QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Rhapsody Player Engine --> MsiExec.exe /I{84F1DE76-C48C-4281-87A0-CC9548D1E7F9}
Safari --> MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Solitaire Master --> C:\PROGRA~1\GAMEMA~1\SOLITA~1\UNWISE.EXE C:\PROGRA~1\GAMEMA~1\SOLITA~1\INSTALL.LOG
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic MyDVD --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9
Spybot - Search & Destroy 1.3 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Switch --> C:\Program Files\NCH Swift Sound\Switch\uninst.exe
Symantec Technical Support Web Controls --> MsiExec.exe /X{C4868E88-F5B5-4E45-9592-C7062BD97441}
TechConnect --> C:\Documents and Settings\All Users\Application Data\GTek\GTRemote\GTRCUnin.exe /selfdelete
Total Recorder 7.0 --> "C:\Program Files\HighCriteria\TotalRecorder\setup.exe" U
Tracktion 2.1.0.11 --> "C:\Program Files\Tracktion2\unins000.exe"
Tracktion 3.0.4.8 --> "C:\Program Files\Tracktion 3\unins000.exe"
TurboTax Deluxe 2005 --> C:\Program Files\TurboTax\Deluxe 2005\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2005\Uninstall.log" -NoGui
TurboTax Deluxe Deduction Maximizer 2006 --> C:\Program Files\TurboTax\Deluxe 2006\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2006\Uninstall.log" -NoGui
TurboTax ItsDeductible 2004 --> MsiExec.exe /X{B82919F6-31AA-43B3-B566-5DE35D69069A}
TurboTax ItsDeductible 2005 --> MsiExec.exe /X{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}
TurboTax ItsDeductible 2006 --> MsiExec.exe /X{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}
TurboTax Premier 2004 --> C:\Program Files\TurboTax\Premier 2004\TaxUnst.EXE "C:\Program Files\TurboTax\Premier 2004\Uninstall.log" -NoGui
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WexTech AnswerWorks --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}\SETUP.EXE" -l0x9 -eliminate
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
Zuma Deluxe 1.0 --> C:\Program Files\Yahoo! Games\Zuma Deluxe\PopUninstall.exe "C:\Program Files\Yahoo! Games\Zuma Deluxe\Install.log"


-- Application Event Log -------------------------------------------------------

Event Record #/Type52183 / Error
Event Submitted/Written: 07/30/2008 08:32:26 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application rundll32.exe, version 5.1.2600.2180, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x000431a0.
Processing media-specific event for [rundll32.exe!ws!]

Event Record #/Type52182 / Error
Event Submitted/Written: 07/30/2008 08:32:25 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application rundll32.exe, version 5.1.2600.2180, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00043345.
Processing media-specific event for [rundll32.exe!ws!]

Event Record #/Type52181 / Error
Event Submitted/Written: 07/30/2008 08:32:22 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application rundll32.exe, version 5.1.2600.2180, faulting module user32.dll, version 5.1.2600.3099, fault address 0x00009de9.
Processing media-specific event for [rundll32.exe!ws!]

Event Record #/Type52179 / Error
Event Submitted/Written: 07/29/2008 00:32:24 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application mbam.exe, version 1.23.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00a818fe.
Processing media-specific event for [mbam.exe!ws!]

Event Record #/Type52178 / Error
Event Submitted/Written: 07/29/2008 09:46:26 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application rundll32.exe, version 5.1.2600.2180, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x000431a0.
Processing media-specific event for [rundll32.exe!ws!]

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type99357 / Warning
Event Submitted/Written: 07/30/2008 04:28:17 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type99335 / Error
Event Submitted/Written: 07/29/2008 02:49:49 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
Beep
Fvi56

Event Record #/Type99311 / Error
Event Submitted/Written: 07/29/2008 09:47:08 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
Beep
Fvi56

Event Record #/Type99290 / Error
Event Submitted/Written: 07/29/2008 09:43:13 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
Beep
Fvi56

Event Record #/Type99284 / Warning
Event Submitted/Written: 07/29/2008 09:40:02 AM
Event ID/Source: 263 / PlugPlayManager
Event Description:
The service "Apple Mobile Device" may not have unregistered for device event notifications before it was stopped.

-- End of Deckard's System Scanner: finished at 2008-07-30 08:32:44 ------------

2
Contributors
3
Replies
4
Views
9 Years
Discussion Span
Last Post by gmgfarrand
0

Nevermind... I got the little bastard...

I ended up running all the tools recommended on this site, along with Avast! Trojan Hunter and SDFix.

All is well.

0

When you run malwarebytes antimalware, you need to actually get it to quarantine what it finds. You set it for no action.

0

Bugger....

I left it at default, I just assumed it deleted infections. Whoopsie....

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.