Main.txt
Deckard's System Scanner v20071014.68
Run by Frank Butler on 2008-04-08 07:11:21
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Failed to create restore point; System Restore is disabled (service is not running).
Backed up registry hives.
Performed disk cleanup.
Percentage of Memory in Use: 87% (more than 75%).
Total Physical Memory: 256 MiB (512 MiB recommended).
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-08 07:17:34
Platform: Windows XP Service Pack 1 (5.01.2600)
MSIE: Internet Explorer (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\SYSTEM32\SMSS.EXE
C:\WINDOWS\SYSTEM32\CSRSS.EXE
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
C:\WINDOWS\SYSTEM32\SERVICES.EXE
C:\WINDOWS\SYSTEM32\LSASS.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\spools.exe
C:\WINDOWS\shell.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\SYSTEM32\jownw64o.exe
C:\WINDOWS\SYSTEM32\BluetoothAuthorizationAgent.exe
C:\WINDOWS\SYSTEM32\rcntpkdn.exe
C:\WINDOWS\SYSTEM32\brsvc01a.exe
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\WINDOWS\SYSTEM32\brss01a.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\??stem\nslookup.exe
C:\WINDOWS\SYSTEM32\CISVC.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\svchost.exe
C:\Program Files\Pop up Blocker\pd.exe
C:\WINDOWS\SYSTEM32\nvsvc32.exe
C:\WINDOWS\SYSTEM32\HPZipm12.exe
C:\Program Files\America Online 8.0\aoltray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\Program Files\Hewlett-Packard\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\SYSTEM32\ttlms.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\Bin\hposts07.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\SYSTEM32\wumss.exe
C:\Documents and Settings\Frank Butler\Desktop\dss.exe
C:\DOCUME~1\FRANKB~1\LOCALS~1\Temp\653C.tmp
C:\WINDOWS\SYSTEM32\CIDAEMON.EXE
C:\WINDOWS\SYSTEM32\?ymbols\w?auboot.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = GOOGLE.COM
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL =
http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.google.com/ie
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\System32\ntos.exe,
O1 - Hosts: 10.18.250.4 ad.doubleclick.net
O1 - Hosts: 10.18.250.4 ad.fastclick.net
O1 - Hosts: 10.18.250.4 ads.fastclick.net
O1 - Hosts: 10.18.250.4 ar.atwola.com
O1 - Hosts: 10.18.250.4 atdmt.com
O1 - Hosts: 10.18.250.4 avp.ch
O1 - Hosts: 10.18.250.4 avp.com
O1 - Hosts: 10.18.250.4 avp.ru
O1 - Hosts: 10.18.250.4 awaps.net
O1 - Hosts: 10.18.250.4 banner.fastclick.net
O1 - Hosts: 10.18.250.4 banners.fastclick.net
O1 - Hosts: 10.18.250.4 ca.com
O1 - Hosts: 10.18.250.4 click.atdmt.com
O1 - Hosts: 10.18.250.4 clicks.atdmt.com
O1 - Hosts: 10.18.250.4 customer.symantec.com
O1 - Hosts: 10.18.250.4 dispatch.mcafee.com
O1 - Hosts: 10.18.250.4 download.mcafee.com
O1 - Hosts: 10.18.250.4 download.microsoft.com
O1 - Hosts: 10.18.250.4 downloads-us1.kaspersky-labs.com
O1 - Hosts: 10.18.250.4 downloads-us2.kaspersky-labs.com
O1 - Hosts: 10.18.250.4 downloads-us3.kaspersky-labs.com
O1 - Hosts: 10.18.250.4 downloads.microsoft.com
O1 - Hosts: 10.18.250.4 downloads1.kaspersky-labs.com
O1 - Hosts: 10.18.250.4 downloads2.kaspersky-labs.com
O1 - Hosts: 10.18.250.4 downloads3.kaspersky-labs.com
O1 - Hosts: 10.18.250.4 downloads4.kaspersky-labs.com
O1 - Hosts: 10.18.250.4 engine.awaps.net
O1 - Hosts: 10.18.250.4 f-secure.com
O1 - Hosts: 10.18.250.4 fastclick.net
O1 - Hosts: 10.18.250.4 ftp.avp.ch
O1 - Hosts: 10.18.250.4 ftp.downloads1.kaspersky-labs.com
O1 - Hosts: 10.18.250.4 ftp.downloads2.kaspersky-labs.com
O1 - Hosts: 10.18.250.4 ftp.downloads3.kaspersky-labs.com
O1 - Hosts: 10.18.250.4 ftp.f-secure.com
O1 - Hosts: 10.18.250.4 ftp.kasperskylab.ru
O1 - Hosts: 10.18.250.4 ftp.sophos.com
O1 - Hosts: 10.18.250.4 go.microsoft.com
O1 - Hosts: 10.18.250.4 ids.kaspersky-labs.com
O1 - Hosts: 10.18.250.4 kaspersky-labs.com
O1 - Hosts: 10.18.250.4 kaspersky.com
O1 - Hosts: 10.18.250.4 liveupdate.symantec.com
O1 - Hosts: 10.18.250.4 liveupdate.symantecliveupdate.com
O1 - Hosts: 10.18.250.4 mast.mcafee.com
O1 - Hosts: 10.18.250.4 mcafee.com
O1 - Hosts: 10.18.250.4 media.fastclick.net
O1 - Hosts: 10.18.250.4 microsoft.com
O1 - Hosts: 10.18.250.4 msdn.microsoft.com
O1 - Hosts: 10.18.250.4 my-etrust.com
O1 - Hosts: 10.18.250.4 nai.com
O1 - Hosts: 10.18.250.4 networkassociates.com
O1 - Hosts: 10.18.250.4 norton.com
O1 - Hosts: 10.18.250.4 office.microsoft.com
O1 - Hosts: 10.18.250.4 pandasoftware.com
O1 - Hosts: 10.18.250.4 phx.corporate-ir.net
O1 - Hosts: 10.18.250.4 rads.mcafee.com
O1 - Hosts: 10.18.250.4 secure.nai.com
O1 - Hosts: 10.18.250.4 securityresponse.symantec.com
O1 - Hosts: 10.18.250.4 service1.symantec.com
O1 - Hosts: 10.18.250.4 sophos.com
O1 - Hosts: 10.18.250.4 spd.atdmt.com
O1 - Hosts: 10.18.250.4 support.microsoft.com
O1 - Hosts: 10.18.250.4 symantec.com
O1 - Hosts: 10.18.250.4 trendmicro.com
O1 - Hosts: 10.18.250.4 update.symantec.com
O1 - Hosts: 10.18.250.4 updates.symantec.com
O1 - Hosts: 10.18.250.4 updates1.kaspersky-labs.com
O1 - Hosts: 10.18.250.4 updates2.kaspersky-labs.com
O1 - Hosts: 10.18.250.4 updates3.kaspersky-labs.com
O1 - Hosts: 10.18.250.4 updates4.kaspersky-labs.com
O1 - Hosts: 10.18.250.4 updates5.kaspersky-labs.com
O1 - Hosts: 10.18.250.4 us.mcafee.com
O1 - Hosts: 10.18.250.4 vil.nai.com
O1 - Hosts: 10.18.250.4 viruslist.com
O1 - Hosts: 10.18.250.4 viruslist.ru
O1 - Hosts: 10.18.250.4 virusscan.jotti.org
O1 - Hosts: 10.18.250.4 virustotal.com
O1 - Hosts: 10.18.250.4 windowsupdate.microsoft.com
O1 - Hosts: 10.18.250.4 www.avp.ch
O1 - Hosts: 10.18.250.4 www.avp.com
O1 - Hosts: 10.18.250.4 www.avp.ru
O1 - Hosts: 10.18.250.4 www.awaps.net
O1 - Hosts: 10.18.250.4 www.ca.com
O1 - Hosts: 10.18.250.4 www.f-secure.com
O1 - Hosts: 10.18.250.4 www.fastclick.net
O1 - Hosts: 10.18.250.4 www.grisoft.com
O1 - Hosts: 10.18.250.4 www.kaspersky-labs.com
O1 - Hosts: 10.18.250.4 www.kaspersky.com
O1 - Hosts: 10.18.250.4 www.kaspersky.ru
O1 - Hosts: 10.18.250.4 www.mcafee.com
O1 - Hosts: 10.18.250.4 www.microsoft.com
O1 - Hosts: 10.18.250.4 www.my-etrust.com
O1 - Hosts: 10.18.250.4 www.nai.com
O1 - Hosts: 10.18.250.4 www.networkassociates.com
O1 - Hosts: 10.18.250.4 www.pandasoftware.com
O1 - Hosts: 10.18.250.4 www.sophos.com
O1 - Hosts: 10.18.250.4 www.symantec.com
O1 - Hosts: 10.18.250.4 www.trendmicro.com
O1 - Hosts: 10.18.250.4 www.viruslist.com
O1 - Hosts: 10.18.250.4 www.viruslist.ru
O1 - Hosts: 10.18.250.4 www.virustotal.com
O2 - BHO: (no name) - {3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9} - C:\WINDOWS\SYSTEM32\ssqpopp.dll
O2 - BHO: (no name) - {4334C196-737A-0788-0A14-2C00B6B581B6} - C:\WINDOWS\SYSTEM32\aofpbic.dll
O2 - BHO: (no name) - {578E9A99-C316-41FD-992B-07FE242A1E2E} - C:\WINDOWS\SYSTEM32\geeba.dll
O2 - BHO: {7c1a7a56-f923-c57b-9c34-b03f79b5b5c5} - {5c5b5b97-f30b-43c9-b75c-329f65a7a1c7} - C:\WINDOWS\SYSTEM32\jjbykcbo.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: iSecurity - {A8311E8F-E459-4D22-89B4-CB9DCF10A425} - C:\WINDOWS\SYSTEM32\iSecurity.cpl
O2 - BHO: cj helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\IE Extensions\cj.v2.dll
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\Toolbar.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM32\MSDXM.OCX
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Windows Update Manager Security Service] "C:\WINDOWS\system32\wumss.exe" *
O4 - HKLM\..\Run: [{D3-3F-F7-76-DW}] C:\WINDOWS\SYSTEM32\jownw64o.exe DWram
O4 - HKLM\..\Run: [BluetoothAuthorizationAgent] C:\WINDOWS\System32\BluetoothAuthorizationAgent.exe
O4 - HKLM\..\Run: [g]eeV\mWhjlnspB] C:\WINDOWS\SYSTEM32\rcntpkdn.exe DWram
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [BMcbbe0c45] Rundll32.exe "C:\WINDOWS\System32\uvvhuiwe.dll",s
O4 - HKLM\..\Run: [c88d3fd9] rundll32.exe "C:\WINDOWS\System32\pfmrujqw.dll",b
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\System32\printer.exe
O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\Frank Butler\cftmon.exe
O4 - HKLM\..\Run: [iSecurity applet] rundll32.exe iSecurity.cpl,SecurityMonitor
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PromoReg] C:\WINDOWS\System32\alt.exe.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Aida] "C:\WINDOWS\STEM~1\nslookup.exe" -vt yazb
O4 - HKCU\..\Run: [Wwaa] C:\WINDOWS\SYSTEM32\?ymbols\w?auboot.exe
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\System32\spoolvs.exe
O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKCU\..\Run: [autoload] C:\Documents and Settings\Frank Butler\cftmon.exe
O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\System32\drivers\svchost.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Pop up Blocker] "C:\Program Files\Pop up Blocker\pd.exe" Minimize
O4 - HKCU\..\Run: [aromis] C:\WINDOWS\aromis.exe
O4 - HKUS\S-1-5-18\..\Run: [Windows Update Manager Security Service] "C:\WINDOWS\system32\wumss.exe" * (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [autoload] C:\Documents and Settings\LocalService\cftmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Windows Update Manager Security Service] "C:\WINDOWS\system32\wumss.exe" * (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [autoload] C:\Documents and Settings\LocalService\cftmon.exe (User 'Default user')
O4 - Startup: Deewoo.lnk = C:\WINDOWS\SYSTEM32\rcntpkdn.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\SYSTEM32\jownw64o.exe
O4 - Startup: findfast.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: autorun.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O8 - Extra context menu item: &Search -
http://edits.mywebse...?p=ZRxdm429MMUS
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: PD - {FE53AEB5-AEF4-4CFB-8DED-8E494A5F6D37} - C:\Program Files\Pop up Blocker\pd.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....467&clcid=0x409
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} () -
http://ak.exe.imgfar...p1.0.0.15-3.cab
O16 - DPF: {50BD5CDA-4BA8-4048-8FAA-763F222E41D8} () - ms-its:mhtml:file://c:\\nores.mht!
http://adxanet.net/c...::/xpreload.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.micros...b?1145274234906
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) -
http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://download.macr...ash/swflash.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{40DA52B0-AA07-4885-8D08-F9F734F9D6DF}: NameServer = 85.255.116.100,85.255.112.115
O17 - HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.100 85.255.112.115
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.100 85.255.112.115
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: ssqpopp - C:\WINDOWS\System32\ssqpopp.dll
O21 - SSODL: RomCD - {fed2e853-b7b9-4ec8-b178-12e896a07311} - C:\WINDOWS\Installer\{fed2e853-b7b9-4ec8-b178-12e896a07311}\RomCD.dll
O21 - SSODL: CheckWeb - {C111CF13-545F-6FF1-51AC-F623D452C63D} - C:\WINDOWS\SYSTEM32\cryper.dll
O21 - SSODL: iSecurity - {A8311E8F-E459-4D22-89B4-CB9DCF10A425} - C:\WINDOWS\SYSTEM32\iSecurity.cpl
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\SYSTEM32\brsvc01a.exe
O23 - Service: ICF - Unknown owner - C:\WINDOWS\System32\svchost.exe:exe.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - C:\Program Files\McAfee.com\VSO\mcvsrte.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\SYSTEM32\NMSSvc.Exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\SYSTEM32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\HPZipm12.exe
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\SYSTEM32\DRIVERS\spools.exe
O23 - Service: System Managment Controler (SMSCGISVC) - Unknown owner - C:\WINDOWS\SYSTEM\smscg.exe
O23 - Service: Track Learning Management System (TTLMS) - Unknown owner - C:\WINDOWS\SYSTEM32\ttlms.exe
O23 - Service: TZO Client (TZONTService) - Unknown owner - C:\Program Files\TZO\TZO_NT_Service.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Windows Update Manager Security Service (wumss) - Unknown owner - C:\WINDOWS\SYSTEM32\wumss.exe
--
End of file - 18271 bytes
-- File Associations -----------------------------------------------------------
.exe - exefile - shell\open\command - C:\WINDOWS\system32\drivers\spools.exe "%1" %*
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 Qva26 - c:\windows\system32\drivers\qva26.sys
R1 MODEMM - c:\windows\system32\drivers\modemm.sys
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R2 DgiVecp (Team MFP Comm Driver) - c:\windows\system32\drivers\dgivecp.sys <Not Verified; DeviceGuys, Inc.; DeviceGuys, Inc. Team MFP for Windows NT, 9x, and 3.1>
S3 ATWPKT2 - c:\program files\america online 8.0\atwpkt2.sys <Not Verified; America Online; ATW Protocol Driver>
S3 bvrp_pci - c:\windows\system32\drivers\bvrp_pci.sys
S3 FileObjInfo (STFileDriver) - c:\documents and settings\all users\application data\spyware terminator\fileobjinfo.sys (file missing)
S3 NMSCFG (NIC Management Service Configuration Driver) - c:\windows\system32\drivers\nmscfg.sys <Not Verified; Intel Corporation; Intel® NMSCFG Driver>
S3 SMALUSB (Digital Camera Driver) - c:\windows\system32\drivers\smalidt.sys <Not Verified; SMaL Camera Technologies, Inc.; SMaL Camera Technolgies IDT Driver>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 TTLMS (Track Learning Management System) - c:\windows\system32\ttlms.exe
R2 uploadmgr (Upload Manager) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>
R2 WmdmPmSp (Portable Media Serial Number) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 wumss (Windows Update Manager Security Service) - c:\windows\system32\wumss.exe
S2 ICF - c:\windows\system32\svchost.exe:exe.exe
S2 SMSCGISVC (System Managment Controler) - "c:\windows\system\smscg.exe"
S2 TZONTService (TZO Client) - c:\program files\tzo\tzo_nt_service.exe
S3 NMSSvc (Intel® NMS) - c:\windows\system32\nmssvc.exe <Not Verified; Intel Corporation; NMS>
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2008-04-08 07:06:25 506 --a------ C:\WINDOWS\Tasks\McAfee.com Update Check (HYLAS-LAB-Frank Butler).job
2008-04-01 13:49:38 508 --a------ C:\WINDOWS\Tasks\McAfee.com Update Check (HYLAS-LAB-Alicia Dunlow).job
2008-04-01 12:18:14 490 --a------ C:\WINDOWS\Tasks\McAfee.com Update Check (HYLAS-LAB-user).job
2008-04-01 12:17:05 490 --a------ C:\WINDOWS\Tasks\McAfee.com Update Check (HYLAS-LAB-mark).job
2008-04-01 12:16:04 494 --a------ C:\WINDOWS\Tasks\McAfee.com Update Check (HYLAS-LAB-Mark H).job
2008-04-01 12:16:01 492 --a------ C:\WINDOWS\Tasks\McAfee.com Update Check (D7174T21-Owner).job
2008-04-01 12:15:12 492 --a------ C:\WINDOWS\Tasks\McAfee.com Update Check (HYLAS-LAB-randy).job
2008-04-01 12:15:03 496 --a------ C:\WINDOWS\Tasks\McAfee.com Update Check (HYLAS-LAB-Mark II).job
2008-04-01 12:15:02 500 --a------ C:\WINDOWS\Tasks\McAfee.com Update Check (HYLAS-LAB-Dale Holt).job
2006-11-09 10:57:07 258 --a------ C:\WINDOWS\Tasks\WebReg officejet 6200 series.job
-- Files created between 2008-03-08 and 2008-04-08 -----------------------------
2008-04-08 07:17:51 83520 --a------ C:\WINDOWS\System32\eumrpvnk.dll
2008-04-08 07:14:51 91712 --a------ C:\WINDOWS\System32\jjbykcbo.dll
2008-04-08 07:14:29 32768 --a------ C:\Program Files\tmp548890.exe
2008-04-08 07:14:29 222720 --a------ C:\Program Files\tmp547250.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-08 07:13:14 282112 --a------ C:\WINDOWS\aromis.exe
2008-04-08 07:06:05 5120 --a------ C:\WINDOWS\System32\ftp33.dll
2008-04-07 13:08:18 98304 --a------ C:\Program Files\tmp11497234.exe
2008-04-07 13:08:16 32768 --a------ C:\Program Files\tmp11498515.exe
2008-04-07 13:07:30 32768 --a------ C:\Program Files\tmp11463531.exe
2008-04-07 13:07:29 131072 --a------ C:\Program Files\tmp11462531.exe
2008-04-07 13:07:01 32768 --a------ C:\Program Files\tmp11434328.exe
2008-04-07 13:06:58 32768 --a------ C:\Program Files\tmp11430937.exe
2008-04-07 13:06:54 98304 --a------ C:\Program Files\tmp11426468.exe
2008-04-07 12:36:40 98304 --a------ C:\Program Files\tmp9602015.exe
2008-04-07 12:36:16 35576 --a------ C:\Program Files\tmp9571296.exe
2008-04-07 12:35:57 16464 --a------ C:\Program Files\tmp9562843.exe
2008-04-07 11:58:14 32768 --a------ C:\Program Files\tmp7307171.exe
2008-04-07 11:58:03 98304 --a------ C:\Program Files\tmp7295546.exe
2008-04-07 11:55:57 32768 --a------ C:\Program Files\tmp7170015.exe
2008-04-07 11:55:56 163840 --a------ C:\Program Files\tmp7169453.exe
2008-04-07 11:54:54 65536 --a------ C:\Program Files\tmp7106578.exe
2008-04-07 11:54:45 131072 --a------ C:\Program Files\tmp7097953.exe
2008-04-07 11:54:45 32768 --a------ C:\Program Files\tmp7097937.exe
2008-04-07 11:54:44 163840 --a------ C:\Program Files\tmp7095437.exe
2008-04-07 11:54:44 32768 --a------ C:\Program Files\tmp7095281.exe
2008-04-07 11:54:43 32768 --a------ C:\Program Files\tmp7095296.exe
2008-04-07 10:51:24 0 d-------- C:\Documents and Settings\Frank Butler\.housecall6.6
2008-04-07 10:50:49 0 d-------- C:\WINDOWS\Sun
2008-04-07 10:50:49 0 d-------- C:\Documents and Settings\Frank Butler\Application Data\Sun
2008-04-07 10:45:07 0 d-------- C:\Program Files\Java
2008-04-07 10:44:26 0 d-------- C:\Program Files\Common Files\Java
2008-04-07 10:36:16 0 d-------- C:\Program Files\Pop up Blocker
2008-04-07 10:30:54 5708 --a------ C:\WINDOWS\System32\k9371937.DLL
2008-04-07 10:30:50 21264 --a------ C:\WINDOWS\System32\rundll32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
2008-04-07 10:19:18 131072 --a------ C:\Program Files\tmp1370609.exe
2008-04-07 10:19:09 32768 --a------ C:\Program Files\tmp1361718.exe
2008-04-07 10:18:40 65536 --a------ C:\Program Files\tmp1321828.exe
2008-04-07 10:02:32 35540 --a------ C:\Program Files\tmp305328.exe
2008-04-07 10:02:16 32768 --a------ C:\Program Files\tmp305093.exe
2008-04-07 10:02:03 35648 --a------ C:\Program Files\tmp305562.exe
2008-04-07 10:01:53 195072 --a------ C:\Program Files\tmp305109.exe
2008-04-07 10:01:44 16600 --a------ C:\Program Files\tmp305375.exe
2008-04-07 08:56:29 10752 --a------ C:\WINDOWS\System32\WLCtrl32.dll
2008-04-07 08:42:55 0 d-------- C:\Documents and Settings\Frank Butler\Application Data\Uniblue
2008-04-07 08:40:50 35664 --a------ C:\Program Files\tmp227390.exe
2008-04-07 08:40:16 35512 --a------ C:\Program Files\tmp226312.exe
2008-04-07 08:40:06 16496 --a------ C:\Program Files\tmp225125.exe
2008-04-07 07:35:53 38400 --a------ C:\WINDOWS\System32\iiffcbx.dll
2008-04-07 07:35:53 0 d-------- C:\WINDOWS\System32\bharebio01
2008-04-07 07:29:17 167936 --a------ C:\WINDOWS\System32\drivers\Oktj56.sys
2008-04-07 07:29:16 167936 --a------ C:\WINDOWS\System32\drivers\msoft98.sys
2008-04-07 07:28:27 35576 --a------ C:\Program Files\tmp275281.exe
2008-04-07 07:28:22 16508 --a------ C:\Program Files\tmp275375.exe
2008-04-07 07:28:11 97792 --a------ C:\Program Files\tmp275359.exe
2008-04-07 07:27:54 16488 --a------ C:\Program Files\tmp275218.exe
2008-04-07 07:02:21 90176 --a------ C:\WINDOWS\System32\oxnaopwe.dll
2008-04-07 07:02:21 35604 --a------ C:\Program Files\tmp569359.exe
2008-04-07 06:59:25 16472 --a------ C:\Program Files\tmp402703.exe
2008-04-07 06:59:21 85056 --a------ C:\WINDOWS\System32\pfmrujqw.dll
2008-04-07 06:59:15 0 d-------- C:\WINDOWS\System32\a?sembly
2008-04-07 06:59:11 60928 --a------ C:\WINDOWS\System32\aofpbic.dll
2008-04-07 06:59:02 88128 --a------ C:\WINDOWS\System32\uvvhuiwe.dll
2008-04-04 15:54:17 16560 --a------ C:\Program Files\tmp319250.exe
2008-04-04 15:54:17 16492 --a------ C:\Program Files\tmp319062.exe
2008-04-04 15:42:17 0 d-------- C:\Program Files\iSecurity
2008-04-04 15:17:17 83520 --a------ C:\WINDOWS\System32\gjaucsrn.dll
2008-04-04 15:14:58 90176 --a------ C:\WINDOWS\System32\kdybvjln.dll
2008-04-04 15:14:38 87104 --a------ C:\WINDOWS\System32\eyshyxwp.dll
2008-04-04 14:17:10 64000 --a------ C:\Program Files\tmp337140.exe
2008-04-04 14:17:10 35732 --a------ C:\Program Files\tmp337062.exe
2008-04-04 14:16:43 16452 --a------ C:\Program Files\tmp321531.exe
2008-04-03 15:16:14 86592 --a------ C:\WINDOWS\System32\wuhlgsgq.dll
2008-04-03 15:14:12 89152 --a------ C:\WINDOWS\System32\vqtvmufk.dll
2008-04-03 15:14:05 88640 --a------ C:\WINDOWS\System32\crxhlbck.dll
2008-04-03 15:13:31 98816 --a------ C:\WINDOWS\System32\drivers\svchost.exe
2008-04-03 15:13:13 346857 --ahs---- C:\WINDOWS\System32\abeeg.ini2
2008-04-03 15:13:07 268288 --a------ C:\WINDOWS\System32\geeba.dll
2008-04-03 15:11:42 35736 --a------ C:\Program Files\tmp212921.exe
2008-04-03 15:11:12 35580 --a------ C:\Program Files\tmp212859.exe
2008-04-03 15:11:03 16636 --a------ C:\Program Files\tmp212750.exe
2008-04-03 14:52:15 446464 -ra------ C:\WINDOWS\System32\hhactivex.dll <Not Verified; Blue Sky Software Corporation.; RoboHELP HTML 2000>
2008-04-03 14:52:14 176128 --a------ C:\WINDOWS\System32\RcdScan.dll <Not Verified; Dell Computer Corporation; RcdScan Module>
2008-04-03 08:19:00 289280 --a------ C:\WINDOWS\regedit.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-03 07:41:30 3638 --a------ C:\Start_.cmd
2008-04-03 07:41:30 0 d-------- C:\327882R2FWJFW
2008-04-03 07:01:55 89152 --a------ C:\WINDOWS\System32\sytsepkj.dll
2008-04-03 07:00:31 0 d-------- C:\Program Files\RegistryFix
2008-04-03 06:58:38 65536 --a------ C:\Program Files\tmp306593.exe
2008-04-03 06:58:37 124 --a------ C:\tempdel.bat
2008-04-03 06:58:30 35804 --a------ C:\Program Files\tmp306109.exe
2008-04-03 06:58:30 0 d-------- C:\Program Files\IE Extensions
2008-04-03 06:58:16 16656 --a------ C:\Program Files\tmp306312.exe
2008-04-02 16:28:58 171520 --a------ C:\WINDOWS\System32\blackster.scr <Not Verified; Peter's Productions; Bugs!>
2008-04-02 16:28:44 87552 --a------ C:\WINDOWS\System32\ctfmona.exe
2008-04-02 16:23:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-04-01 14:40:16 0 d-------- C:\Documents and Settings\Frank Butler\Application Data\MailFrontier
2008-04-01 14:16:23 127000 --a------ C:\WINDOWS\System32\jownw64o.exe <Not Verified; ; Browser Driver>
2008-04-01 13:42:59 113184 --ahs---- C:\WINDOWS\System32\drivers\fidbox2.dat
2008-04-01 13:42:59 654112 --ahs---- C:\WINDOWS\System32\drivers\fidbox.dat
2008-04-01 12:51:28 0 d-------- C:\Documents and Settings\Administrator\Application Data\MailFrontier
2008-04-01 12:49:42 47461 --ahs---- C:\Documents and Settings\Administrator\cftmon.exe
2008-04-01 12:43:41 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-04-01 12:43:22 4212 ---h----- C:\WINDOWS\System32\zllictbl.dat
2008-04-01 12:42:28 0 d-------- C:\WINDOWS\System32\ZoneLabs
2008-04-01 12:41:53 0 d-------- C:\WINDOWS\Internet Logs
2008-04-01 12:41:23 0 d-------- C:\Program Files\SystemDefender
2008-04-01 12:41:20 98709 --a------ C:\Documents and Settings\Administrator\Application Data\sysdefender.exe
2008-04-01 12:36:02 0 d-------- C:\Documents and Settings\Administrator\Application Data\Share-to-Web Upload Folder
2008-04-01 12:22:51 937 --a------ C:\WINDOWS\System32\winpfz33.sys
2008-04-01 12:21:49 208972 --a------ C:\WINDOWS\System32\rcntpkdn.exe
2008-04-01 12:19:50 126984 --a------ C:\WINDOWS\System32\rwwnw64d.exe <Not Verified; ; Browser Driver>
2008-04-01 12:19:33 60226 --a------ C:\Documents and Settings\Frank Butler\cftmon.exe
2008-04-01 12:19:24 62464 --a------ C:\WINDOWS\System32\BluetoothAuthorizationAgent.exe
2008-04-01 12:19:19 47461 --a------ C:\Documents and Settings\LocalService\cftmon.exe
2008-04-01 12:16:00 57344 --a------ C:\WINDOWS\shell.exe
2008-04-01 12:15:58 57344 --a------ C:\WINDOWS\System32\spoolvs.exe
2008-04-01 12:15:52 57344 --a------ C:\WINDOWS\System32\printer.exe
2008-04-01 12:15:28 261632 --a------ C:\WINDOWS\System32\cryper.dll
2008-04-01 12:15:22 18944 --a------ C:\WINDOWS\System32\wowfx.dll
2008-04-01 12:15:08 57344 --a------ C:\Documents and Settings\Alicia Dunlow\Application Data\printer.exe
2008-04-01 12:15:06 5120 --a------ C:\WINDOWS\System32\ftpdll.dll
2008-04-01 12:15:06 5120 --a------ C:\Documents and Settings\Alicia Dunlow\ftpdll.dll
2008-04-01 12:14:53 25472 --a------ C:\WINDOWS\System32\drivers\Qva26.sys
2008-04-01 12:14:34 167936 --a------ C:\WINDOWS\System32\drivers\Swj45.sys
2008-04-01 12:14:30 10 --a------ C:\WINDOWS\System32\kr_done1
2008-04-01 12:14:23 62976 --a------ C:\WINDOWS\System32\~.exe
2008-04-01 12:13:53 48451 --a------ C:\WINDOWS\System32\drivers\spools.exe
2008-04-01 12:13:53 28990 --a------ C:\Documents and Settings\Alicia Dunlow\cftmon.exe
2008-04-01 12:13:50 30208 --a------ C:\W3NG.exe
2008-04-01 09:55:54 38400 --a------ C:\WINDOWS\System32\iifeeba.dll
2008-04-01 09:51:46 51200 --a------ C:\WINDOWS\mrofinu572.exe
2008-04-01 09:51:42 0 d-------- C:\WINDOWS\System32\?ymbols
2008-04-01 09:51:42 0 d-------- C:\Program Files\Outerinfo
2008-04-01 09:51:29 0 d-------- C:\WINDOWS\??stem
2008-04-01 09:51:23 38400 --a------ C:\WINDOWS\System32\wvutust.dll
2008-04-01 09:47:51 6705 --ahs---- C:\WINDOWS\System32\rtutv.ini2
2008-04-01 09:47:33 268288 --a------ C:\WINDOWS\System32\vtutr.dll
2008-04-01 08:43:32 0 d-------- C:\Documents and Settings\Alicia Dunlow\Application Data\Spyware Terminator
2008-04-01 08:12:41 38400 --a------ C:\WINDOWS\System32\xxywwwx.dll
2008-04-01 08:01:55 38400 --a------ C:\WINDOWS\System32\qommlig.dll
2008-04-01 07:59:54 320 --ahs---- C:\WINDOWS\System32\bccdd.ini2
2008-04-01 07:55:57 38400 --a------ C:\WINDOWS\System32\gebyabb.dll
2008-04-01 07:55:11 38400 --a------ C:\WINDOWS\System32\xxyxwuv.dll
2008-04-01 07:54:40 60928 --a------ C:\WINDOWS\System32\arykdmx.dll
2008-04-01 07:54:40 0 d-------- C:\Program Files\?icrosoft
2008-04-01 07:54:29 0 d-------- C:\WINDOWS\System32\F?nts
2008-04-01 07:54:27 38400 --a------ C:\WINDOWS\System32\urqonop.dll
2008-04-01 07:54:18 41723 ---hs---- C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
2008-04-01 07:54:17 0 d-------- C:\Program Files\?racle
2008-04-01 07:54:15 0 d-------- C:\WINDOWS\System32\aqVreo01
2008-04-01 07:54:14 38400 --a------ C:\WINDOWS\System32\ssqpopp.dll
2008-04-01 06:56:58 51200 --a------ C:\WINDOWS\mrofinu.exe
2008-04-01 06:56:46 39883 --a------ C:\WINDOWS\System32\targetedbanner-uninst.exe
2008-04-01 06:56:38 86016 --a------ C:\WINDOWS\System32\drivers\MODEMM.sys
2008-04-01 06:56:36 0 d-------- C:\WINDOWS\System32\xTmp
2008-04-01 06:56:36 0 d-------- C:\WINDOWS\System32\winz1
2008-04-01 06:56:36 0 d-------- C:\WINDOWS\System32\IDME
2008-04-01 06:56:34 0 d-------- C:\WINDOWS\System32\aqVreo04
2008-04-01 06:56:34 0 d-------- C:\Temp
2008-03-27 09:46:42 0 d-------- C:\Documents and Settings\Mark H\Application Data\Mozilla
2008-03-21 15:10:54 0 d-------- C:\Storage
2008-03-13 15:20:46 204800 --a------ C:\WINDOWS\TinyBHO.dll
2008-03-11 12:41:00 150 --a------ C:\WINDOWS\HoneyWellClient.dat
2008-03-11 12:40:19 512000 --a------ C:\WINDOWS\System32\ndmpeg4v.dll
2008-03-11 12:40:19 0 d-------- C:\Program Files\Honeywell
2008-03-11 11:18:06 58880 --a------ C:\WINDOWS\System32\atgban.dll
2008-03-10 06:58:45 418936 -rahs---- C:\WINDOWS\System32\wumss.exe
-- Find3M Report ---------------------------------------------------------------
2008-04-07 10:44:26 0 d-------- C:\Program Files\Common Files
2008-04-05 08:47:18 0 d-------- C:\Program Files\Common Files\aol
2008-04-04 15:53:30 0 d-------- C:\Documents and Settings\Frank Butler\Application Data\MSN6
2008-04-03 14:52:10 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-02 09:10:09 89600 --a------ C:\WINDOWS\System32\DRWTSN32.EXE <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-02 06:16:42 359936 --a------ C:\WINDOWS\System32\fxssvc.exe <Not Verified; Microsoft Corporation; Microsoft® Fax Server>
2008-04-02 06:16:02 81920 --a------ C:\WINDOWS\System32\HPZipm12.exe <Not Verified; HP; HP PML>
2008-04-02 06:15:57 192512 --a------ C:\WINDOWS\System32\DWWIN.EXE <Not Verified; Microsoft Corporation; Microsoft Application Error Reporting>
2008-04-02 06:15:57 16384 --a------ C:\WINDOWS\System32\CISVC.EXE <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-02 06:15:29 128000 --a------ C:\WINDOWS\System32\SPOOLSV.EXE <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-01 14:05:52 651264 --a------ C:\WINDOWS\System32\SSTEXT3D.SCR <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-01 14:03:35 84992 --a------ C:\WINDOWS\System32\CIDAEMON.EXE <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-01 13:58:07 100864 --a------ C:\WINDOWS\System32\SOL.EXE <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-01 13:53:42 77824 --a------ C:\WINDOWS\wanmpsvc.exe <Not Verified; America Online, Inc.; America Online>
2008-04-01 13:44:03 139776 --a------ C:\WINDOWS\System32\TASKMGR.EXE <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-01 13:43:27 164352 --a------ C:\WINDOWS\System32\USERINIT.EXE <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-01 12:15:17 24064 --a------ C:\WINDOWS\System32\SVCHOST.EXE <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-01 08:50:56 0 d-------- C:\Program Files\MyWebSearch
2008-04-01 07:54:40 0 d-------- C:\Program Files\?icrosoft
2008-04-01 07:54:18 0 d-------- C:\Program Files\?racle
2008-03-07 09:40:28 0 d-------- C:\Documents and Settings\Frank Butler\Application Data\AdobeUM
2008-03-06 12:51:02 0 d-------- C:\Program Files\TZO
2008-03-05 11:18:54 0 d-------- C:\Program Files\America Online 8.0
2008-03-04 11:17:56 187904 --ahs---- C:\WINDOWS\System32\.exe
2008-03-03 08:22:40 0 d-------- C:\Documents and Settings\Frank Butler\Application Data\AdobeAUM
2008-02-28 16:25:58 0 d-------- C:\Program Files\Google
2008-02-28 15:59:43 681 --a------ C:\WINDOWS\mozver.dat
2008-02-28 15:27:24 0 d-------- C:\Documents and Settings\Frank Butler\Application Data\Viewpoint
2008-02-28 15:23:14 0 d-------- C:\Program Files\Modem Helper
2008-02-28 15:23:14 0 d-------- C:\Program Files\EarthLink 5.0
2008-02-28 15:23:13 29 --a------ C:\WINDOWS\dscc.dll
2008-02-28 15:20:30 0 d-------- C:\Program Files\Yahoo!
2008-02-28 14:58:15 0 d-------- C:\Documents and Settings\Frank Butler\Application Data\U3
2008-02-28 12:51:12 0 d-------- C:\Documents and Settings\Frank Butler\Application Data\Google
2008-02-28 10:11:45 0 d-------- C:\Program Files\AOL Search
2008-02-28 10:11:36 0 d-------- C:\Program Files\Viewpoint
2008-02-27 09:47:46 1366016 -rahs---- C:\WINDOWS\System32\ttlms.exe
2008-02-27 08:52:29 0 d-------- C:\Documents and Settings\Frank Butler\Application Data\Adobe
2008-02-27 08:51:52 0 d-------- C:\Documents and Settings\Frank Butler\Application Data\Mozilla
2008-01-15 17:52:24 185344 ---hs---- C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
-- Registry Dump ---------------------------------------------------------------
Unable to run batchfile; The system cannot find the file specified.
ComSpec: C:\WINDOWS\system32\cmd.exe
-- Hosts -----------------------------------------------------------------------
10.18.250.4 ad.doubleclick.net
10.18.250.4 ad.fastclick.net
10.18.250.4 ads.fastclick.net
10.18.250.4 ar.atwola.com
10.18.250.4 atdmt.com
10.18.250.4 avp.ch
10.18.250.4 avp.com
10.18.250.4 avp.ru
10.18.250.4 awaps.net
10.18.250.4 banner.fastclick.net
90 more entries in hosts file.
-- End of Deckard's System Scanner: finished at 2008-04-08 07:18:37 ------------
--------------------------------------------------------------------------------------------------
Extra.txt
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 1.0
Architecture: X86; Language: English
CPU 0: Intel® Pentium® 4 CPU 2.53GHz
Percentage of Memory in Use: 78%
Physical Memory (total/avail): 255 MiB / 55.97 MiB
Pagefile Memory (total/avail): 616.5 MiB / 290.87 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1928.8 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 111.75 GiB total, 104.72 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - WDC WD1200BB-00GUA0 - 111.79 GiB - 2 partitions
\PARTITION0 - Unknown - 39.19 MiB
\PARTITION1 (bootable) - Installable File System - 111.75 GiB - C:
-- Security Center -------------------------------------------------------------
AUOptions is disabled.
AUState says computer has updates disabled.
-- Environment Variables -------------------------------------------------------
Unable to get environment variables; The system cannot find the file specified.
ComSpec: C:\WINDOWS\system32\cmd.exe
-- User Profiles ---------------------------------------------------------------
Alicia Dunlow
(admin)
Frank Butler
(admin)
Mark H
(admin)
user
(admin)
Administrator
(admin)
-- Add/Remove Programs ---------------------------------------------------------
Adobe Flash Player Plugin --> C:\WINDOWS\System32\Macromed\Flash\uninstall_plugin.exe
Adobe Shockwave Player --> C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log
Adobe Download Manager 2.0 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
America Online --> C:\Program Files\Common Files\aolshare\Aolunins_us.exe
AOL Search --> C:\Program Files\AOL Search\uninstaller.exe AOL Search
AOL Coach Version 1.0(Build:20020823.1) --> C:\WINDOWS\AolCInUn.exe
BarBack for Windows --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\BarBack\BarBack for Windows\Uninst.isu"
BCM V.92 56K Modem --> C:\WINDOWS\BCMSMU.exe quiet
--> C:\WINDOWS\IsUninst.exe -fC:\Sierra\CoolPool8ballNetDemo\Uninst.isu
Deewoo Network Manager removal --> C:\WINDOWS\System32\rcntpkdn.exe -UPop
Dell Support 5.0.0 (766) --> rundll32 C:\PROGRA~1\DELLSU~1\AUInst.dll,ExUninstall
HijackThis 1.99.1 --> C:\Program Files\Hijackthis\HijackThis.exe /uninstall
Hijackthis 1.99.1 --> "C:\Program Files\Hijackthis\unins000.exe"
HMA Control Chart Version 1.0 --> "C:\TL100Records\unins000.exe"
hp instant support --> C:\PROGRA~1\HEWLET~1\AiO\HPis\Uninstall.exe CeS
HP Image Zone 4.7 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Photo Printing Software --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hewlett-Packard\Photo Printing\Uninstall.isu" -c"C:\Program Files\Hewlett-Packard\Photo Printing\hpiunPC.dll
hp psc 700 series --> C:\WINDOWS\System32\hpocon09.exe /u 1143479452 /d "hp psc 700 series"
HP Extended Capabilities 4.7 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
Earthlink Installer - uninstall 'Earthlink 5.0' entry first if present --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{9D98F245-3010-43C6-B3B0-67A464DA298E}
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
Windows XP Hotfix - KB822603 --> C:\WINDOWS\$NtUninstallKB822603$\spuninst\spuninst.exe
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
McAfee.com SecurityCenter --> c:\PROGRA~1\mcafee.com\shared\mghtml.exe mcp://c:\PROGRA~1\mcafee.com\agent\uninst\screm.ui::uninstall.htm
Microsoft .NET Framework (English) v1.0.3705 --> C:\WINDOWS\Microsoft.NET\Framework\Install.exe /u /p Microsoft .NET Framework Full v1.0.3705 (1033)
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
Microsoft Interactive Training --> C:\Program Files\MSPress\Training\lunins32_s.exe
Mozilla Firefox (2.0.0.13) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
NVIDIA Windows 2000/XP Display Drivers --> rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvdd.inf
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Pop up Blocker v6.0.6 (remove only) --> "C:\Program Files\Pop up Blocker\uninst.exe"
Intel® PRO Ethernet Adapter and Software --> Prounstl.exe
--> C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
RealOne Player --> C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
Samsung SCX-4100 Series --> C:\WINDOWS\Samsung\SCX-4100\SETUP.EXE
Pine-Pave 5.01 --> C:\WINDOWS\ST5UNST.EXE -n "C:\Program Files\Microsoft Office\Office10\ST5UNST.LOG"
Enhancement Browser Tools Targetedbanner --> C:\WINDOWS\System32\targetedbanner-uninst.exe
TZO Internet Naming System --> C:\WINDOWS\iun6002.exe "C:\Program Files\TZO\irunin.ini"
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
McAfee.com VirusScan Online --> c:\PROGRA~1\mcafee.com\shared\mghtml.exe mcp://c:\PROGRA~1\mcafee.com\agent\uninst\vsoremui.dll::uninstall.htm
ZoneAlarm Security Suite --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
Intel® PROSet II --> MsiExec.exe /I{01A4AEDE-F219-49A2-B855-16A016EAF9A4}
Dell Solution Center --> MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
Dell Picture Studio - Dell Image Expert --> MsiExec.exe /I{151C555A-A9E7-4A2E-B6D7-165D04A3C956}
Java 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
HP PSC & OfficeJet 4.7 --> "C:\Program Files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup\hpzscr01.exe" -datfile hposcr05.dat
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Virtual Superpave Laboratory --> MsiExec.exe /I{4D1DFF63-706D-4885-AFE8-253B75F527F0}
Easy CD Creator 5 Basic --> MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
DAO --> MsiExec.exe /I{64116298-93C5-401D-B06C-39D8E3338508}
HP Software Update --> MsiExec.exe /X{64FC0C98-B035-4530-B15D-3D30610B6DF1}
HP Share-to-Web --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{748F4870-8350-11D3-B0BF-080009FB4A19}\setup.exe" --MAIN -l9
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
--> MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
Microsoft Office Access 2003 --> MsiExec.exe /I{90150409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Media Content --> MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Small Business --> MsiExec.exe /I{91130409-6000-11D3-8CFE-0050048383C9}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{975145C6-8BB2-41BF-A435-BB5A64B8DCF8}\SETUP.EXE"
DVDSentry --> MsiExec.exe /I{98DF85D9-96C0-4F57-A92E-C3539477EF5E}
PaperPort --> MsiExec.exe /I{A17EABB6-D0C6-44E5-820C-72DC7F495064}
--> MsiExec.exe /I{A2529672-574A-4A99-86A5-C1770A0E31FE}
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Microsoft .NET Framework (English) --> MsiExec.exe /X{B43357AA-3A6D-4D94-B56E-43C44D09E548}
Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Oregon Scientific Photo Album --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5673AC2-0EDF-4EF8-99B6-D2F012B9877C}\setup.exe" -l0x0
Paint Shop Pro 7 --> MsiExec.exe /I{D6DE02C7-1F47-11D4-9515-00105AE4B89A}
Dell ResourceCD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
--> MsiExec.exe /X{DEBEA68F-45AA-4707-A9A7-DBD6DB4FBE89}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F840E2F3-138C-4307-83F7-D0A5DD75B6CE}\SETUP.EXE" -l0x9
HRDE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FCA9F7DD-524E-47B7-85EE-F2F22BE7B703}\Setup.exe"
-- Application Event Log -------------------------------------------------------
Event Record #/Type46 / Error
Event Submitted/Written: 04/08/2008 07:17:13 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application aromis.exe, version 0.0.0.0, faulting module , version 0.0.0.0, fault address 0x00000000.
Event Record #/Type45 / Error
Event Submitted/Written: 04/08/2008 07:16:08 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application alt.exe.exe, version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x10105b05.
Event Record #/Type41 / Error
Event Submitted/Written: 04/08/2008 07:14:04 AM
Event ID/Source: 4126 / Ci
Event Description:
Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci. Index will
be automatically restored by refiltering all documents.
Event Record #/Type40 / Error
Event Submitted/Written: 04/08/2008 07:14:03 AM / 04/08/2008 07:14:04 AM
Event ID/Source: 4124 / Ci
Event Description:
Content index on c:\system volume information\catalog.wci is corrupt. Please shutdown and restart
the Indexing Service (cisvc).
Event Record #/Type39 / Warning
Event Submitted/Written: 04/08/2008 07:14:03 AM
Event ID/Source: 4132 / Ci
Event Description:
1 inconsistencies were detected in PropertyStore during recovery of catalog c:\system volume information\catalog.wci.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type108912 / Error
Event Submitted/Written: 04/08/2008 07:17:53 AM
Event ID/Source: 7016 / Service Control Manager
Event Description:
The BrSplService service has reported an invalid current state 0.
Event Record #/Type108895 / Error
Event Submitted/Written: 04/08/2008 07:10:35 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Task Scheduler service failed to start due to the following error:
%%1053
Event Record #/Type108894 / Error
Event Submitted/Written: 04/08/2008 07:10:35 AM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the Task Scheduler service to connect.
Event Record #/Type108887 / Error
Event Submitted/Written: 04/08/2008 07:10:28 AM
Event ID/Source: 7022 / Service Control Manager
Event Description:
The Windows Firewall/Internet Connection Sharing (ICS) service hung on starting.
Event Record #/Type108885 / Error
Event Submitted/Written: 04/08/2008 07:09:20 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Security Center service failed to start due to the following error:
%%1083
-- End of Deckard's System Scanner: finished at 2008-04-08 07:18:37 ------------