---

 

Because I can´t see ->

 

 

We´ll try another then -

 

Download Deckard's System Scanner: http://www.techsupportforum.com/sectools/Deckard/dss.exe
Close all applications and windows.
 
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, a text file will open - Main.txt.
 
Click on Format and Uncheck Word wrap, if checked.
Please save this file and close Notepad.
 
A folder, C:\Deckard, will also open. In it will be another text file, Extra.txt. Please save this file too, and exit Notepad.
Note: some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.
 
Post back to the Forum the contents of Main.txt and the contents of C:\Deckard\Extra.txt

---

Here is the results.

 

Main.txt

 

Deckard's System Scanner v20071014.68
Run by Raphael Smith on 2008-04-20 22:56:42
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
24: 2008-04-21 02:56:49 UTC - RP24 - Deckard's System Scanner Restore Point
23: 2008-04-19 17:33:32 UTC - RP23 - Installed Socrates Media Product Browser
22: 2008-04-19 17:26:14 UTC - RP22 - Installed Microsoft .NET Framework 1.1
21: 2008-04-18 15:03:27 UTC - RP21 - Removed Google Earth.
20: 2008-04-18 04:20:57 UTC - RP20 - System Checkpoint

-- First Restore Point --
1: 2008-04-09 01:29:13 UTC - RP1 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

 

-- HijackThis (run as Raphael Smith.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:58:10 PM, on 4/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Documents and Settings\Raphael Smith\lsass.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Symantec AntiVirus\DoScan.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Documents and Settings\Raphael Smith\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Raphael Smith.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: CmjBrowserHelperObject Object - {07A11D74-9D25-4fea-A833-8B0D76A5577A} - C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
O2 - BHO: (no name) - {171AC79C-43EB-415E-A405-BE83D7EC6D19} - C:\WINDOWS\system32\geBtSLEV.dll
O2 - BHO: (no name) - {24E9519B-3F70-429B-99BC-4B2B49B96F66} - C:\WINDOWS\system32\vtUmNHBu.dll
O2 - BHO: (no name) - {29B9395D-1D71-400A-952D-AECF04D6A78F} - (no file)
O2 - BHO: (no name) - {3F40C2F8-E35B-4BF4-9F0C-2B4DBD37405F} - (no file)
O2 - BHO: (no name) - {526E9D4E-66CD-4035-9D0F-A79C89AB5CCB} - C:\WINDOWS\system32\awtqrqpM.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: {facc8823-c8da-a269-8d24-1125b7548a07} - {70a8457b-5211-42d8-962a-ad8c3288ccaf} - C:\WINDOWS\system32\hgxqnqvs.dll
O2 - BHO: (no name) - {B5D972A0-7890-4E64-8873-348F01647C9A} - C:\WINDOWS\system32\hg!!!axx.dll (file missing)
O2 - BHO: (no name) - {E663575C-4F35-4196-896F-398FDF184AA6} - (no file)
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\Raphael Smith\lsass.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BMc72cdfa9] Rundll32.exe "C:\WINDOWS\system32\quaqefiq.dll",s
O4 - HKLM\..\Run: [c41fec35] rundll32.exe "C:\WINDOWS\system32\vnudhqpb.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Send to Mindjet MindManager - {941E1A34-C6AF-4baa-A973-224F9C3E04BF} - C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O20 - Winlogon Notify: vtUmNHBu - C:\WINDOWS\SYSTEM32\vtUmNHBu.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 7462 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 CBTNDIS5 (CBTNDIS5 NDIS Protocol Driver) - c:\windows\system32\cbtndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 NICSer_WPC54G - c:\program files\linksys\wireless-g notebook adapter\nicserv.exe

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-04-09 22:52:39       284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

-- Files created between 2008-03-20 and 2008-04-20 -----------------------------

2008-04-20 22:24:35         0 d-------- C:\Documents and Settings\Raphael Smith\Application Data\Yahoo!
2008-04-20 22:24:19     94272 --a------ C:\WINDOWS\system32\hgxqnqvs.dll
2008-04-20 22:21:19     88128 --a------ C:\WINDOWS\system32\vnudhqpb.dll
2008-04-20 22:18:19     96320 --a------ C:\WINDOWS\system32\quaqefiq.dll
2008-04-20 22:15:21         0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-04-20 01:14:24         0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-04-20 00:44:37         0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-04-19 22:22:18     92736 --a------ C:\WINDOWS\system32\ispicpkg.dll
2008-04-19 22:19:28     87616 -----n--- C:\WINDOWS\system32\oxqkwbww.dll
2008-04-19 22:19:18     95296 --a------ C:\WINDOWS\system32\nhiinrhx.dll
2008-04-19 13:33:36         0 d-------- C:\Program Files\SocratesMedia
2008-04-19 13:27:04         0 d-------- C:\WINDOWS\system32\URTTEMP
2008-04-18 10:22:47     94784 --a------ C:\WINDOWS\system32\yvkgdjin.dll
2008-04-18 10:01:21         0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-18 09:54:08         0 d-------- C:\WINDOWS\pss
2008-04-17 23:53:45         0 dr-h----- C:\Documents and Settings\Raphael Smith\Recent
2008-04-17 23:50:27         0 d-------- C:\Program Files\Yahoo!
2008-04-17 23:50:19         0 d-------- C:\Program Files\CCleaner
2008-04-17 22:48:59         0 d-------- C:\Program Files\Trend Micro
2008-04-16 21:01:22     87616 --a------ C:\WINDOWS\system32\mxdjiwuk.dll
2008-04-16 20:58:21     94272 --a------ C:\WINDOWS\system32\qupacuet.dll
2008-04-16 20:56:10     95808 --a------ C:\WINDOWS\system32\sbsrxjmi.dll
2008-04-16 20:55:21    407151 --ahs---- C:\WINDOWS\system32\VELStBeg.ini2
2008-04-16 20:55:17    273408 --a------ C:\WINDOWS\system32\geBtSLEV.dll
2008-04-16 08:00:40         0 d-------- C:\WINDOWS\system32\appmgmt
2008-04-16 07:42:28         0 d-------- C:\Documents and Settings\All Users\Application Data\Smith Micro
2008-04-15 21:43:01    320596 --ahs---- C:\WINDOWS\system32\Mpqrqtwa.ini2
2008-04-15 10:05:03         0 d-------- C:\Program Files\MSXML 6.0
2008-04-15 10:04:44     20569 --a------ C:\WINDOWS\system32\pxc25pm.dll <Not Verified; Tracker Software; PDF-XChange Port Monitor>
2008-04-15 10:00:29         0 d-------- C:\Documents and Settings\All Users\Application Data\Mindjet
2008-04-15 10:00:22         0 d-------- C:\Program Files\Mindjet
2008-04-15 09:47:15         0 d-------- C:\WINDOWS\Downloaded Installations
2008-04-10 14:03:08         0 d-------- C:\Documents and Settings\Default User\Application Data\Apple Computer
2008-04-09 23:01:24         0 d-------- C:\Documents and Settings\Raphael Smith\Application Data\Apple Computer
2008-04-09 22:59:37         0 d-------- C:\Program Files\iPod
2008-04-09 22:59:23         0 d-------- C:\Program Files\iTunes
2008-04-09 22:58:31         0 d-------- C:\Program Files\Bonjour
2008-04-09 22:53:54         0 d-------- C:\Program Files\QuickTime
2008-04-09 22:53:53         0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-09 22:52:11         0 d-------- C:\Program Files\Apple Software Update
2008-04-09 22:51:48         0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-04-09 22:50:58         0 d-------- C:\Documents and Settings\Raphael Smith\Application Data\U3
2008-04-09 22:49:55         0 d-------- C:\Program Files\Common Files\Apple
2008-04-09 22:49:53         0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-04-09 22:26:39         0 d-------- C:\Documents and Settings\Raphael Smith\Application Data\Google
2008-04-09 22:23:36         0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-04-09 11:44:40         0 d-------- C:\Program Files\Google
2008-04-09 11:44:28         0 d-------- C:\Program Files\Picasa2
2008-04-09 01:36:19         0 d---s---- C:\Documents and Settings\Raphael Smith\UserData
2008-04-08 23:33:18         0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-04-08 23:33:02         0 d-------- C:\Program Files\Common Files\Adobe
2008-04-08 23:27:39         0 d-------- C:\WINDOWS\Sun
2008-04-08 23:27:39         0 d-------- C:\Documents and Settings\Raphael Smith\Application Data\Sun
2008-04-08 23:25:35         0 d-------- C:\Program Files\Java
2008-04-08 23:24:56         0 d-------- C:\Program Files\Common Files\Java
2008-04-08 23:22:46      1160 --a------ C:\WINDOWS\mozver.dat
2008-04-08 23:05:38    184320 --a------ C:\WINDOWS\system32\OESICore.dll <Not Verified; Homestead Technologies, Inc.; Homestead.com Turbo/Site Integration Core>
2008-04-08 23:05:37     45056 --a------ C:\WINDOWS\system32\HSSICore.dll <Not Verified; Homestead Technologies, Inc.; Homestead.com Turbo/Site Integration Core>
2008-04-08 22:58:59    171280 --a------ C:\WINDOWS\system32\jit.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-04-08 22:58:59     46352 --a------ C:\WINDOWS\setdebug.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-04-08 22:58:58    139536 --a------ C:\WINDOWS\system32\javaee.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-04-08 22:58:58    313856 --a------ C:\WINDOWS\system32\dx3j.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Java>
2008-04-08 22:58:58      6550 --a------ C:\WINDOWS\jautoexp.dat
2008-04-08 22:58:21       113 --a------ C:\WINDOWS\system32\zonedon.reg
2008-04-08 22:58:21       113 --a------ C:\WINDOWS\system32\zonedoff.reg
2008-04-08 22:58:21    171792 --a------ C:\WINDOWS\system32\wjview.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-04-08 22:58:20    286992 --a------ C:\WINDOWS\system32\vmhelper.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-04-08 22:58:20     21264 --a------ C:\WINDOWS\system32\msjdbc10.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-04-08 22:58:20    945936 --a------ C:\WINDOWS\system32\msjava.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-04-08 22:58:19    154384 --a------ C:\WINDOWS\system32\msawt.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-04-08 22:58:19    172304 --a------ C:\WINDOWS\system32\jview.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-04-08 22:58:19     15120 --a------ C:\WINDOWS\system32\jdbgmgr.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-04-08 22:58:18    404752 --a------ C:\WINDOWS\system32\javart.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-04-08 22:58:18     63248 --a------ C:\WINDOWS\system32\javaprxy.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-04-08 22:58:18    187152 --a------ C:\WINDOWS\system32\javacypt.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-04-08 22:58:16     49424 --a------ C:\WINDOWS\system32\clspack.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-04-08 22:51:33     91648 --a------ C:\WINDOWS\gzip.exe
2008-04-08 22:49:55         0 d-------- C:\Program Files\Homestead
2008-04-08 22:27:43         0 --a------ C:\WINDOWS\nsreg.dat
2008-04-08 22:27:36         0 d-------- C:\Documents and Settings\Raphael Smith\Application Data\Mozilla
2008-04-08 21:41:02         0 d-------- C:\WINDOWS\system32\PreInstall
2008-04-08 21:40:58         0 d--h----- C:\WINDOWS\$hf_mig$
2008-04-08 21:33:06         0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-04-08 21:29:02    305610 --ahs---- C:\WINDOWS\system32\xxayaGgh.ini2
2008-04-08 21:26:37         0 d-------- C:\Program Files\CyberLink
2008-04-08 21:24:08         0 d-------- C:\WINDOWS\system32\bharebio18
2008-04-08 21:24:07         0 d-------- C:\Temp
2008-04-08 21:23:47     36864 --a------ C:\WINDOWS\system32\vtUmNHBu.dll
2008-04-08 21:23:29     10240 --a------ C:\Documents and Settings\Raphael Smith\services.exe
2008-04-08 21:23:01     94208 --ahs---- C:\Documents and Settings\Raphael Smith\lsass.exe
2008-04-08 21:22:11         0 d-------- C:\Documents and Settings\Raphael Smith\Application Data\Roxio
2008-04-08 21:16:36         0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-08 21:08:11         0 d-------- C:\Program Files\Roxio
2008-04-08 21:07:33         0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-04-08 21:04:25         0 d-------- C:\Program Files\Common Files\L&H
2008-04-08 21:04:16         0 d-------- C:\Program Files\Microsoft.NET
2008-04-08 21:04:04         0 d-------- C:\Program Files\Microsoft ActiveSync
2008-04-08 21:03:15         0 d-------- C:\Program Files\Microsoft Works
2008-04-08 21:02:48         0 d-------- C:\WINDOWS\SHELLNEW
2008-04-08 21:01:22         0 d-------- C:\Documents and Settings\Raphael Smith\Application Data\Adobe
2008-04-08 21:00:58         0 d-------- C:\Documents and Settings\Raphael Smith\Application Data\Macromedia
2008-04-08 20:59:03         0 dr-h----- C:\MSOCache
2008-04-08 20:52:48         0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-04-08 20:50:35         0 d-------- C:\Program Files\Funk Software
2008-04-08 20:50:35         0 d-------- C:\Program Files\Common Files\Funk Software
2008-04-08 20:50:23     94208 --a------ C:\WINDOWS\system32\W32N50CT.dll <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2008-04-08 20:50:23     17142 --a------ C:\WINDOWS\system32\CBTNDIS5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2008-04-08 20:50:23         0 d-------- C:\Program Files\Linksys
2008-04-08 20:50:22         0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-08 20:50:10         0 d-------- C:\Program Files\Common Files\InstallShield
2008-04-08 20:48:24         0 d-------- C:\WINDOWS\RegisteredPackages
2008-04-08 20:48:16         0 d-------- C:\Program Files\Symantec
2008-04-08 20:48:06         0 d-------- C:\Program Files\Symantec AntiVirus
2008-04-08 20:48:06         0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-08 20:48:06         0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-08 20:45:44         0 d-------- C:\Documents and Settings\Raphael Smith\Application Data\Identities
2008-04-08 20:45:37         0 d--h----- C:\Documents and Settings\Raphael Smith\Templates
2008-04-08 20:45:37         0 dr------- C:\Documents and Settings\Raphael Smith\Start Menu
2008-04-08 20:45:37         0 dr-h----- C:\Documents and Settings\Raphael Smith\SendTo
2008-04-08 20:45:37         0 d--h----- C:\Documents and Settings\Raphael Smith\PrintHood
2008-04-08 20:45:37   3407872 --ah----- C:\Documents and Settings\Raphael Smith\NTUSER.DAT
2008-04-08 20:45:37         0 d--h----- C:\Documents and Settings\Raphael Smith\NetHood
2008-04-08 20:45:37         0 dr------- C:\Documents and Settings\Raphael Smith\My Documents
2008-04-08 20:45:37         0 d--h----- C:\Documents and Settings\Raphael Smith\Local Settings
2008-04-08 20:45:37         0 dr------- C:\Documents and Settings\Raphael Smith\Favorites
2008-04-08 20:45:37         0 d-------- C:\Documents and Settings\Raphael Smith\Desktop
2008-04-08 20:45:37         0 d---s---- C:\Documents and Settings\Raphael Smith\Cookies
2008-04-08 20:45:37         0 dr-h----- C:\Documents and Settings\Raphael Smith\Application Data
2008-04-08 20:44:36         0 d-------- C:\WINDOWS\SoftwareDistribution
2008-04-08 20:44:35         0 d-------- C:\WINDOWS\Prefetch
2008-04-08 20:44:34         0 d---s---- C:\WINDOWS\system32\Microsoft
2008-04-08 20:44:32    262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-04-08 20:44:32         0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-04-08 20:44:32         0 d---s---- C:\Documents and Settings\LocalService\Cookies
2008-04-08 20:44:32         0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-04-08 20:44:32         0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-04-08 20:44:16    225280 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-04-08 20:44:16         0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-04-08 20:44:16         0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2008-04-08 20:44:16         0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-04-08 20:44:16         0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-04-08 20:40:37         0 d-------- C:\WINDOWS\system32\xircom
2008-04-08 20:40:37         0 d-------- C:\Program Files\microsoft frontpage
2008-04-08 20:40:20    225280 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-04-08 20:40:12         0 -rahs---- C:\MSDOS.SYS
2008-04-08 20:40:12         0 -rahs---- C:\IO.SYS
2008-04-08 20:40:12         0 --a------ C:\CONFIG.SYS
2008-04-08 20:40:12         0 --a------ C:\AUTOEXEC.BAT
2008-04-08 20:38:56         0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-04-08 20:38:43         0 dr------- C:\WINDOWS\Offline Web Pages
2008-04-08 20:38:43         0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-04-08 20:38:29         0 d--h----- C:\Program Files\WindowsUpdate
2008-04-08 20:38:08         0 d-------- C:\WINDOWS\system32\DirectX
2008-04-08 20:37:40         0 d---s---- C:\WINDOWS\Tasks
2008-04-08 20:37:39         0 d-------- C:\Program Files\Common Files\MSSoap
2008-04-08 20:37:36         0 d-------- C:\WINDOWS\srchasst
2008-04-08 20:37:35         0 d-------- C:\WINDOWS\system32\Macromed
2008-04-08 20:37:28         0 d-------- C:\Program Files\Movie Maker
2008-04-08 20:37:21         0 d-------- C:\WINDOWS\system32\Restore
2008-04-08 20:36:36     21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-04-08 20:36:16         0 d-------- C:\WINDOWS\Registration
2008-04-08 20:36:07         0 d-------- C:\Program Files\Online Services
2008-04-08 20:36:00         0 d-------- C:\Program Files\Messenger
2008-04-08 20:35:57         0 d-------- C:\Program Files\MSN Gaming Zone
2008-04-08 20:35:23         0 d-------- C:\Program Files\Windows NT
2008-04-08 20:35:20         0 d-------- C:\WINDOWS\system32\MsDtc
2008-04-08 20:35:19         0 d-------- C:\WINDOWS\system32\Com
2008-04-08 16:29:34         0 d--hs---- C:\WINDOWS\Installer
2008-04-08 16:29:33         0 d-------- C:\Program Files\Common Files\ODBC
2008-04-08 16:29:30         0 dr------- C:\Program Files
2008-04-08 16:29:30         0 d-------- C:\Program Files\Common Files
2008-04-08 16:29:30         0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-04-08 16:29:05         0 d--h----- C:\Documents and Settings\Default User\Templates
2008-04-08 16:29:05         0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-04-08 16:29:05         0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-04-08 16:29:05         0 d--h----- C:\Documents and Settings\Default User\Recent
2008-04-08 16:29:05         0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-04-08 16:29:05         0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-04-08 16:29:05         0 d-------- C:\Documents and Settings\Default User\My Documents
2008-04-08 16:29:05         0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-04-08 16:29:05         0 d-------- C:\Documents and Settings\Default User\Favorites
2008-04-08 16:29:05         0 d-------- C:\Documents and Settings\Default User\Desktop
2008-04-08 16:29:05         0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-04-08 16:29:05         0 d--h----- C:\Documents and Settings\All Users\Templates
2008-04-08 16:29:05         0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-04-08 16:29:05         0 d-------- C:\Documents and Settings\All Users\Favorites
2008-04-08 16:29:05         0 dr------- C:\Documents and Settings\All Users\Documents
2008-04-08 16:29:05         0 d-------- C:\Documents and Settings\All Users\Desktop
2008-04-08 16:28:52         0 d-------- C:\WINDOWS\system32\CatRoot2
2008-04-08 16:28:52         0 d-------- C:\WINDOWS\system32\CatRoot
2008-04-08 16:28:46         0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-04-08 16:28:46         0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-04-08 16:28:46         0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-04-08 16:28:46         0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-04-08 16:28:26         0 d-------- C:\Documents and Settings
2008-04-08 16:28:25         0 d--hs---- C:\System Volume Information
2008-04-08 16:21:33         0 d-------- C:\WINDOWS
2008-04-08 16:21:33         0 d-------- C:\WINDOWS\WinSxS
2008-04-08 16:21:33         0 dr------- C:\WINDOWS\Web
2008-04-08 16:21:33         0 d-------- C:\WINDOWS\twain_32
2008-04-08 16:21:33         0 d-------- C:\WINDOWS\system32
2008-04-08 16:21:33         0 d-------- C:\WINDOWS\system32\wins
2008-04-08 16:21:33         0 d-------- C:\WINDOWS\system32\wbem
2008-04-08 16:21:33         0 d-------- C:\WINDOWS\system32\usmt
2008-04-08 16:21:33         0 d-------- C:\WINDOWS\system32\spool
2008-04-08 16:21:33         0 d-------- C:\WINDOWS\system32\ShellExt
2008-04-08 16:21:33         0 d-------- C:\WINDOWS\system32\Setup
2008-04-08 16:21:33         0 d-------- C:\WINDOWS\system32\ras
2008-04-08 16:21:33         0 d-------- C:\WINDOWS\system32\oobe
2008-04-08 16:21:33         0 d-------- C:\WINDOWS\system32\npp
2008-04-08 16:21:33         0 d-------- C:\WINDOWS\system32\mui
2008-04-08 16:21:33         0 d-------- C:\WINDOWS\system32\inetsrv
2008-04-08 16:21:33         0 d-------- C:\WINDOWS\system32\IME
2008-04-08 16:21:33         0 d-------- C:\WINDOWS\system32\icsxml
2008-04-08 16:21:33         0 d-------- C:\WINDOWS\system32\ias
2008-04-08 16:21:33         0 d-------- C:\WINDOWS\system32\export
2008-04-08 16:21:33         0 d-------- C:\WINDOWS\system32\drivers
2008-04-08 16:21:33         0 d-------- C:\WINDOWS\system32\drivers\etc
2008-04-08 16:21:33         0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-04-08 16:21:33         0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-04-08 16:21:33         0 d-------- C:\WINDOWS\system32\dhcp
2008-04-08 16:21:33         0 d-------- C:\WINDOWS\system32\config
2008-04-08 16:21:33         0 d-------- C:\WINDOWS\system32\3com_dmi
2008-04-08 16:21:33         0 d-------- C:\WINDOWS\system32\3076
2008-04-08 16:21:33         0 d-------- C:\WINDOWS\system32\2052
2008-04-08 16:21:33         0 d-------- C:\WINDOWS\system32\1054
2008-04-08 16:21:33         0 d-------- C:\WINDOWS\system32\1042
2008-04-08 16:21:33         0 d-------- C:\WINDOWS\system32\1041
2008-04-08 16:21:33         0 d-------- C:\WINDOWS\system32\1037
2008-04-08 16:21:33         0 d-------- C:\WINDOWS\system32\1033
2008-04-08 16:21:33         0 d-------- C:\WINDOWS\system32\1031
2008-04-08 16:21:33         0 d-------- C:\WINDOWS\system32\1028
2008-04-08 16:21:33         0 d-------- C:\WINDOWS\system32\1025
2008-04-08 16:21:33         0 d-------- C:\WINDOWS\system
2008-04-08 16:21:33         0 d-------- C:\WINDOWS\security
2008-04-08 16:21:33         0 d-------- C:\WINDOWS\Resources
2008-04-08 16:21:33         0 d-------- C:\WINDOWS\repair
2008-04-08 16:21:33         0 d-------- C:\WINDOWS\Provisioning
2008-04-08 16:21:33         0 d-------- C:\WINDOWS\PeerNet
2008-04-08 16:21:33         0 d-------- C:\WINDOWS\pchealth
2008-04-08 16:21:33         0 d-------- C:\WINDOWS\mui
2008-04-08 16:21:33         0 d-------- C:\WINDOWS\msapps
2008-04-08 16:21:33         0 d-------- C:\WINDOWS\msagent
2008-04-08 16:21:33         0 d-------- C:\WINDOWS\Media
2008-04-08 16:21:33         0 d-------- C:\WINDOWS\java
2008-04-08 16:21:33         0 d--h----- C:\WINDOWS\inf
2008-04-08 16:21:33         0 d-------- C:\WINDOWS\ime
2008-04-08 16:21:33         0 d-------- C:\WINDOWS\Help
2008-04-08 16:21:33         0 dr--s---- C:\WINDOWS\Fonts
2008-04-08 16:21:33         0 d-------- C:\WINDOWS\ehome
2008-04-08 16:21:33         0 d-------- C:\WINDOWS\Driver Cache
2008-04-08 16:21:33         0 d-------- C:\WINDOWS\Debug
2008-04-08 16:21:33         0 d-------- C:\WINDOWS\Cursors
2008-04-08 16:21:33         0 d-------- C:\WINDOWS\Connection Wizard
2008-04-08 16:21:33         0 d-------- C:\WINDOWS\Config
2008-04-08 16:21:33         0 d-------- C:\WINDOWS\AppPatch
2008-04-08 16:21:33         0 d-------- C:\WINDOWS\addins

-- Find3M Report ---------------------------------------------------------------

2008-04-08 16:29:05        62 --ahs---- C:\Documents and Settings\Raphael Smith\Application Data\desktop.ini

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07A11D74-9D25-4fea-A833-8B0D76A5577A}]
01/14/2008 06:31 PM 70944 --a------ C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{171AC79C-43EB-415E-A405-BE83D7EC6D19}]
04/16/2008 08:55 PM 273408 --a------ C:\WINDOWS\system32\geBtSLEV.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{24E9519B-3F70-429B-99BC-4B2B49B96F66}]
04/08/2008 09:23 PM 36864 --a------ C:\WINDOWS\system32\vtUmNHBu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{29B9395D-1D71-400A-952D-AECF04D6A78F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3F40C2F8-E35B-4BF4-9F0C-2B4DBD37405F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{526E9D4E-66CD-4035-9D0F-A79C89AB5CCB}]
   C:\WINDOWS\system32\awtqrqpM.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{70a8457b-5211-42d8-962a-ad8c3288ccaf}]
04/20/2008 10:24 PM 94272 --a------ C:\WINDOWS\system32\hgxqnqvs.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B5D972A0-7890-4E64-8873-348F01647C9A}]
   C:\WINDOWS\system32\hg!!!axx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E663575C-4F35-4196-896F-398FDF184AA6}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [11/21/2006 05:38 PM]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [03/14/2007 07:49 PM]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [05/01/2003 06:44 PM]
"LSA Shellu"="C:\Documents and Settings\Raphael Smith\lsass.exe" [03/22/2008 12:17 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"pdfSaver3"="" []
"BMc72cdfa9"="C:\WINDOWS\system32\quaqefiq.dll" [04/20/2008 10:18 PM]
"c41fec35"="C:\WINDOWS\system32\vnudhqpb.dll" [04/20/2008 10:21 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Wireless-G Notebook Adapter.lnk - C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe [4/8/2008 8:50:24 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{24E9519B-3F70-429B-99BC-4B2B49B96F66}"= C:\WINDOWS\system32\vtUmNHBu.dll [04/08/2008 09:23 PM 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtUmNHBu]
vtUmNHBu.dll 04/08/2008 09:23 PM 36864 C:\WINDOWS\system32\vtUmNHBu.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\geBtSLEV

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
"C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMReminderService]
C:\Program Files\Mindjet\MindManager 7\MMReminderService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfSaver3]
"C:\Program Files\Mindjet\MindManager 7\PDF-XChange\pdfSaver\pdfSaver3.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
"C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
"C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{46ec18ec-05ce-11dd-bee0-0018f8be5e03}]
Auto\command- E:\Start.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b0b4c30-0c9d-11dd-befe-0002a5c1ae77}]
Auto\command- E:\Start.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

 

-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8387 more entries in hosts file.

-- End of Deckard's System Scanner: finished at 2008-04-20 23:00:36 ------------

 

Extra.txt

 

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Mobile Intel(R) Pentium(R) 4 - M CPU 2.00GHz
Percentage of Memory in Use: 72%
Physical Memory (total/avail): 511.36 MiB / 140.22 MiB
Pagefile Memory (total/avail): 1249.99 MiB / 911.7 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1911.63 MiB

C: is Fixed (NTFS) - 74.52 GiB total, 64.16 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - HTS541080G9AT00 - 74.53 GiB - 1 partition
  \PARTITION0 (bootable) - Installable File System - 74.52 GiB - C:

 

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: Symantec AntiVirus Corporate Edition v10.1.6.6000 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"="C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe:*:Enabled:CyberLink PowerDVD"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Raphael Smith\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=RAPHAEL-9FE18F7
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Raphael Smith
LOGONSERVER=\\RAPHAEL-9FE18F7
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0207
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\RAPHAE~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\RAPHAE~1\LOCALS~1\Temp
USERDOMAIN=RAPHAEL-9FE18F7
USERNAME=Raphael Smith
USERPROFILE=C:\Documents and Settings\Raphael Smith
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

Raphael Smith [I](admin)[/I]

-- Add/Remove Programs ---------------------------------------------------------

 --> C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
 --> MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}
 --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Setup --> MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Easy CD & DVD Creator 6 --> MsiExec.exe /I{46DDF76F-ACD4-42BC-B48F-B89C4EE2E1A9}
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
LiveUpdate 3.1 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mindjet MindManager Pro 7 --> MsiExec.exe /I{B1D225DB-73E7-4EB3-B70A-420E2063ED3C}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Odyssey Client --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{99D42EC7-652B-4819-B3E6-6450C815E03F}
PDF-XChange 3.0 --> "C:\Program Files\Mindjet\MindManager 7\PDF-XChange\unins000.exe"
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
PowerDVD --> "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -l0x000409 /z-uninstall
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Socrates Media Product Browser --> MsiExec.exe /X{DBD63176-CA6A-4E3B-8D09-8D0592F869EF}
Symantec AntiVirus --> MsiExec.exe /I{50E125D1-88E5-48CE-80AE-98EC9698E639}
Wireless-G Notebook Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A2EDF5F-F3C6-4919-AE34-C08A71AD034A}\Setup.exe" -l0x9
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! ¤u¨ã¦C --> C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

-- Application Event Log -------------------------------------------------------

Event Record #/Type1040 / Error
Event Submitted/Written: 04/19/2008 11:46:59 PM
Event ID/Source: 51 / Symantec AntiVirus
Event Description:
Security Risk Found!Risk: Downloader in File: C:\Documents and Settings\Raphael Smith\Local Settings\Temporary Internet Files\Content.IE5\CPEZODMN\scan[1].htm by: Auto-Protect scan.  Action: Cleaned by Deletion.  Action Description:

Event Record #/Type1039 / Error
Event Submitted/Written: 04/19/2008 11:46:59 PM
Event ID/Source: 5 / Symantec AntiVirus
Event Description:
Risk Found!Risk: Downloader in File: C:\Documents and Settings\Raphael Smith\Local Settings\Temporary Internet Files\Content.IE5\CPEZODMN\scan[1].htm by: Auto-Protect scan.  Action: Cleaned by Deletion.  Action Description:

Event Record #/Type1038 / Error
Event Submitted/Written: 04/19/2008 11:46:58 PM
Event ID/Source: 46 / Symantec AntiVirus
Event Description:
Security Risk Found!Risk: Downloader in File: C:\Documents and Settings\Raphael Smith\Local Settings\Temporary Internet Files\Content.IE5\CPEZODMN\scan[1].htm by: Auto-Protect scan.  Action: Cleaned by Deletion.  Action Description:

Event Record #/Type1037 / Error
Event Submitted/Written: 04/19/2008 11:46:41 PM
Event ID/Source: 51 / Symantec AntiVirus
Event Description:
Security Risk Found!Risk: Downloader in File: C:\Documents and Settings\Raphael Smith\Local Settings\Temporary Internet Files\Content.IE5\09QN4LM7\5_swp[1].htm by: Auto-Protect scan.  Action: Cleaned by Deletion.  Action Description:

Event Record #/Type1036 / Error
Event Submitted/Written: 04/19/2008 11:46:41 PM
Event ID/Source: 5 / Symantec AntiVirus
Event Description:
Risk Found!Risk: Downloader in File: C:\Documents and Settings\Raphael Smith\Local Settings\Temporary Internet Files\Content.IE5\09QN4LM7\5_swp[1].htm by: Auto-Protect scan.  Action: Cleaned by Deletion.  Action Description:

 

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type1883 / Warning
Event Submitted/Written: 04/20/2008 10:06:19 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0018F8BE5E03.  The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type1881 / Error
Event Submitted/Written: 04/20/2008 10:06:07 PM / 04/20/2008 10:06:08 PM
Event ID/Source: 14103 / PSched
Event Description:
QoS [Adapter {7E26D523-9172-49BE-A23E-07376C63590A}]:
The netcard driver failed the query for OID_GEN_LINK_SPEED.

Event Record #/Type1878 / Warning
Event Submitted/Written: 04/20/2008 08:41:03 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0018F8BE5E03.  The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type1809 / Warning
Event Submitted/Written: 04/20/2008 00:42:15 AM
Event ID/Source: 2504 / Server
Event Description:
The server could not bind to the transport \Device\NetBT_Tcpip_{7E26D523-9172-49BE-A23E-07376C63590A}.

Event Record #/Type1717 / Warning
Event Submitted/Written: 04/19/2008 01:23:32 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0018F8BE5E03.  The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

 

-- End of Deckard's System Scanner: finished at 2008-04-20 23:00:36 ------------

 

Thank you.