Ie Safty Features[INACTIVE]

[chanhle99]

Hi, I've followed another person's thread and ran the DSS to give two files below. Pleaes help me get rid of it!

Thank you!

MAIN:

Deckard's System Scanner v20070905.67

Run by PHS Student on 2007-10-13 23:45:52

Computer is in Normal Mode.

--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --

19: 2007-10-14 06:40:45 UTC - RP180 - Windows Defender Checkpoint

18: 2007-10-14 06:33:22 UTC - RP178 - Windows Update

17: 2007-10-13 03:27:54 UTC - RP177 - Scheduled Checkpoint

16: 2007-10-11 20:36:14 UTC - RP176 - Scheduled Checkpoint

15: 2007-10-10 19:53:26 UTC - RP175 - Scheduled Checkpoint

-- First Restore Point --

1: 2007-09-11 23:17:45 UTC - RP160 - Device Driver Package Install: Hewlett-Packard Printers

Backed up registry hives.

Performed disk cleanup.

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1

Scan saved at 2007-10-13 23:48:00

Platform: Windows Vista (6.00.6000)

MSIE: Internet Explorer (7.00.6000.16386)

Running processes:

C:\Windows\System32\taskeng.exe

C:\Windows\System32\wisptis.exe

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Windows\System32\dwm.exe

C:\Windows\explorer.exe

C:\Program Files\Video Add-on\isfmntr.exe

C:\Program Files\Video Add-on\icthis.exe

C:\Windows\sttray.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Symantec AntiVirus\VPTray.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Video Add-on\icmntr.exe

C:\Program Files\Video Add-on\isfmm.exe

C:\Program Files\Lexmark X1100 Series\LXBKbmgr.exe

C:\Program Files\Lexmark X1100 Series\LXBKbmon.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Users\PHS Student\Program Files\BitTorrent_DNA\dna.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Protector Suite QL\psqltray.exe

C:\Program Files\Creative\Shared Files\CamTray.exe

C:\Program Files\Vpskeys\VPSKEYS.EXE

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Windows\System32\igfxsrvc.exe

C:\Program Files\Google\Google Updater\GoogleUpdater.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Microsoft Office\Office12\WINWORD.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\System32\taskeng.exe

C:\Users\PHS Student\Desktop\dss.exe

C:\Windows\System32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/

R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R0 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch...TB&M=E-155C

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\google\BAE.dll

O2 - BHO: (no name) - {CFE15135-C591-4000-A55E-A50E5F9F82BC} - C:\Program Files\Video Add-on\isfmdl.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll

O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll

O4 - HKEY_LOCAL_MACHINE\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKEY_LOCAL_MACHINE\..\Run: [sigmatelSysTrayApp] sttray.exe

O4 - HKEY_LOCAL_MACHINE\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKEY_LOCAL_MACHINE\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup

O4 - HKEY_LOCAL_MACHINE\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKEY_LOCAL_MACHINE\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKEY_LOCAL_MACHINE\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKEY_LOCAL_MACHINE\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKEY_LOCAL_MACHINE\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKEY_LOCAL_MACHINE\..\Run: [lxbkbmgr.exe] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"

O4 - HKEY_LOCAL_MACHINE\..\Run: [V0250Cfg.exe] V0250Cfg.exe /d:2

O4 - HKEY_LOCAL_MACHINE\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKEY_LOCAL_MACHINE\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKEY_LOCAL_MACHINE\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKEY_LOCAL_MACHINE\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Users\PHS Student\Program Files\BitTorrent_DNA\dna.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"

O4 - HKCU\..\Run: [VPSKEYS] C:\Program Files\Vpskeys\VPSKEYS.EXE

O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra 'Tools' menuitem: (no name) - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)

O9 - Extra 'Tools' menuitem: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)

O9 - Extra button: (no name) - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: (no name) - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O10 - Unknown file in Winsock LSP: C:\Program Files\Bonjour\mdnsNSP.dll

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll

O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: psfus - C:\Windows\System32\psqlpwd.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"

O23 - Service: Bonjour Service - Apple Computer, Inc. - "C:\Program Files\Bonjour\mDNSResponder.exe"

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe

O23 - Service: Wacom Touch Service (WacomTouchService) - Unknown owner - C:\Windows\System32\WacomTouchService.exe

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S3 SRTSPL - c:\windows\system32\drivers\srtspl.sys <Not Verified; Symantec Corporation; AutoProtect>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>

R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>

R2 STacSV (SigmaTel Audio Service) - c:\program files\sigmatel\c-major audio\wdm\stacsv.exe <Not Verified; SigmaTel, Inc.; C-Major Audio>

R2 WacomTouchService (Wacom Touch Service) - c:\windows\system32\wacomtouchservice.exe <Not Verified; ; Wacom Touch Service>

-- Device Manager: Disabled ----------------------------------------------------

Class GUID:

Description:

Device ID: ROOT\LEGACY_BITS000

Manufacturer:

Name:

PNP Device ID: ROOT\LEGACY_BITS000

Service:

-- Files created between 2007-09-13 and 2007-10-13 -----------------------------

2007-10-13 23:03:27 0 d-------- C:\Program Files\Video Add-on

2007-10-13 18:13:55 60273 --a------ C:\Windows\system32\pthreadGC2.dll <Not Verified; Open Source Software community project; >

2007-10-13 18:13:55 10752 --a------ C:\Windows\system32\ff_vfw.dll

2007-10-13 18:13:53 0 d-------- C:\Program Files\ffdshow

2007-10-09 11:35:17 0 d-------- C:\Windows\system32\x64

2007-10-07 03:35:42 0 d-------- C:\Program Files\WinZix

2007-10-06 18:13:16 0 d-------- C:\Program Files\Veoh Networks

2007-09-22 03:25:13 0 d-------- C:\temp

2007-09-17 13:34:34 0 d-------- C:\Program Files\iPod

2007-09-17 13:34:22 0 d-------- C:\Program Files\iTunes

2007-09-17 11:23:00 823296 --a------ C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>

2007-09-17 11:23:00 823296 --a------ C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>

2007-09-17 11:22:58 802816 --a------ C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>

2007-09-17 11:22:58 739840 --a------ C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>

-- Find3M Report ---------------------------------------------------------------

2007-10-13 23:47:07 0 d-------- C:\Users\PHS Student\AppData\Roaming\BitTorrent DNA

2007-10-13 23:26:38 17408 --a------ C:\Windows\system32\rpcnetp.exe

2007-10-13 23:26:35 41584 --a------ C:\Windows\system32\rpcnet.dll <Not Verified; Absolute Software Corp.; Installation/Management Application>

2007-10-13 23:24:41 12 --a------ C:\Windows\bthservsdp.dat

2007-10-13 20:56:39 0 d-------- C:\Users\PHS Student\AppData\Roaming\dvdcss

2007-10-13 15:50:25 17408 --a------ C:\Windows\system32\rpcnetp.dll

2007-10-12 14:27:23 0 d-------- C:\Users\PHS Student\AppData\Roaming\CyberLink

2007-10-09 12:31:26 0 d-------- C:\Program Files\Windows Mail

2007-10-07 11:37:50 0 d-------- C:\Users\PHS Student\AppData\Roaming\BitTorrent

2007-10-06 18:14:56 0 d--h----- C:\Program Files\InstallShield Installation Information

2007-10-03 23:26:22 0 d-------- C:\Users\PHS Student\AppData\Roaming\Skype

2007-09-29 02:08:12 0 d-------- C:\Users\PHS Student\AppData\Roaming\WinRAR

2007-09-27 20:57:18 0 d-------- C:\Users\PHS Student\AppData\Roaming\Move Networks

2007-09-20 19:50:42 0 d-------- C:\Program Files\DivX

2007-09-19 22:18:26 0 d-------- C:\Users\PHS Student\AppData\Roaming\DivX

2007-09-17 17:20:19 0 d-------- C:\Program Files\Apple Software Update

2007-09-11 18:13:02 0 d-------- C:\Program Files\Yahoo!

2007-09-11 18:11:59 0 d-------- C:\Users\PHS Student\AppData\Roaming\yahoo!

2007-09-11 16:12:18 53248 --a------ C:\Windows\system32\ZTAG.DLL <Not Verified; Zenographics, Inc.; Zenographics ZTag32>

2007-09-11 16:12:18 106496 --a------ C:\Windows\system32\ZSPOOL.DLL <Not Verified; Zenographics, Inc.; SuperPrint>

2007-09-11 16:12:18 430080 --a------ C:\Windows\system32\ZSHP1020.EXE <Not Verified; ; hp Laserjet 1020 series>

2007-09-11 16:12:17 102400 --a------ C:\Windows\system32\ZLhp1020.DLL <Not Verified; Zenographics, Inc.; HP LaserJet Series 1020/2600>

2007-09-11 16:12:16 61440 --a------ C:\Windows\system32\ZIMF.DLL <Not Verified; Zenographics, Inc.; Zenographics SuperPrint>

2007-09-10 15:57:54 0 d-------- C:\Program Files\DeLano Scientific

2007-09-10 15:57:47 0 -rahs---- C:\MSDOS.SYS

2007-09-10 15:57:47 0 -rahs---- C:\IO.SYS

2007-09-10 10:54:33 0 d-------- C:\Program Files\American Airlines TravelDesk

2007-09-10 00:26:40 0 d-------- C:\Users\PHS Student\AppData\Roaming\Apple Computer

2007-09-10 00:25:52 0 d-------- C:\Program Files\Safari

2007-09-10 00:25:52 0 d-------- C:\Program Files\Bonjour

2007-09-07 16:05:10 4 -r-hs---- C:\WINOS.SYS

2007-09-07 15:43:01 0 d-------- C:\Program Files\Sony

2007-09-06 15:51:28 0 d-------- C:\Program Files\Skype

2007-09-06 15:51:20 0 d-------- C:\Program Files\Common Files

2007-09-06 15:51:20 0 d-------- C:\Program Files\Common Files\Skype

2007-09-06 15:41:02 0 d-------- C:\Users\PHS Student\AppData\Roaming\Creative

2007-09-06 15:36:17 0 d-------- C:\Program Files\Creative

2007-09-06 15:27:25 0 d-------- C:\Program Files\Orb Networks

2007-09-06 15:12:15 0 d-------- C:\Program Files\SightSpeed

2007-09-06 01:09:59 0 d-------- C:\Program Files\Common Files\PX Storage Engine

2007-09-04 14:48:08 0 d-------- C:\Program Files\Vpskeys

2007-09-04 00:20:11 0 d-------- C:\Program Files\Windows Calendar

2007-09-01 15:02:40 0 d-------- C:\Program Files\MSXML 4.0

2007-08-31 03:39:25 174 --ahs---- C:\Program Files\desktop.ini

2007-08-31 03:36:34 0 d-------- C:\Program Files\AskPBar

2007-08-30 01:25:10 0 d-------- C:\Users\PHS Student\AppData\Roaming\vlc

2007-08-30 01:24:24 0 d-------- C:\Program Files\VideoLAN

2007-08-29 22:01:14 0 d-------- C:\Program Files\Lexmark X1100 Series

2007-08-29 21:34:40 0 d-------- C:\Program Files\BitTorrent

2007-08-29 21:34:39 0 d-------- C:\Program Files\BitTorrent_DNA

2007-08-29 15:16:49 0 d-------- C:\Users\PHS Student\AppData\Roaming\SampleView

2007-08-29 15:10:52 0 d-------- C:\Users\PHS Student\AppData\Roaming\Google

2007-08-29 15:10:44 0 d-------- C:\Program Files\Google

2007-08-28 23:26:11 0 d-------- C:\Program Files\Trillian

2007-08-28 21:43:26 0 d-------- C:\Program Files\Motorola Phone Tools

2007-08-28 21:39:44 0 d-------- C:\Program Files\Common Files\Motorola Shared

2007-08-28 21:24:36 0 d-------- C:\Program Files\LiveUpdate

2007-08-28 21:24:33 0 d-------- C:\Users\PHS Student\AppData\Roaming\InstallShield

2007-08-28 16:21:02 0 d-------- C:\Program Files\Gabest

2007-08-28 16:20:17 0 d-------- C:\Program Files\K-Lite Codec Pack

2007-08-28 16:03:05 0 d-------- C:\Program Files\MestRe-C

2007-08-28 15:57:57 0 d-------- C:\Users\PHS Student\AppData\Roaming\Winamp

2007-08-28 15:45:01 0 d-------- C:\Program Files\CambridgeSoft

2007-08-28 15:24:24 0 d-------- C:\Program Files\Winamp

2007-08-28 15:19:20 0 d-------- C:\Program Files\QuickTime

2007-08-28 15:16:27 0 d-------- C:\Program Files\Common Files\Apple

2007-08-28 11:50:38 0 d-------- C:\Users\PHS Student\AppData\Roaming\Adobe

2007-08-24 18:08:24 1275392 --a------ C:\Windows\system32\msxml4.dll <Not Verified; Microsoft Corporation; Microsoft® MSXML 4.0 SP 2>

2007-08-20 17:26:52 196608 --a------ C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>

2007-08-20 17:26:52 81920 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>

2007-08-15 15:33:14 3596288 --a------ C:\Windows\system32\qt-dx331.dll

2007-08-15 15:30:26 12288 --a------ C:\Windows\system32\DivXWMPExtType.dll

2007-08-09 16:58:14 17408 --a------ C:\Windows\system32\instgf32.exe <Not Verified; Absolute Software Corp.; instgf32>

2007-08-09 16:43:18 32256 --a------ C:\Windows\system32\identprv.dll <Not Verified; Absolute Software Corporation; Installation/Management Application>

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CFE15135-C591-4000-A55E-A50E5F9F82BC}]

10/13/2007 11:03 PM 11776 --a------ C:\Program Files\Video Add-on\isfmdl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [07/28/2007 05:43 AM]

"SigmatelSysTrayApp"="sttray.exe" [01/30/2007 01:36 PM C:\Windows\sttray.exe]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [11/17/2006 02:58 PM]

"PSQLLauncher"="C:\Program Files\Protector Suite QL\launcher.exe" [03/28/2007 07:23 PM]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [11/22/2006 05:12 PM]

"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [11/28/2006 06:34 AM]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 03:06 AM]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [06/29/2007 06:24 AM]

"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [05/14/2007 03:22 PM]

"lxbkbmgr.exe"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [04/26/2007 12:02 PM]

"V0250Cfg.exe"="V0250Cfg.exe" [12/16/2005 01:47 AM C:\Windows\V0250Cfg.exe]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [09/07/2007 04:55 PM]

"IgfxTray"="C:\Windows\system32\igfxtray.exe" [08/24/2007 07:54 PM]

"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [08/24/2007 07:54 PM]

"Persistence"="C:\Windows\system32\igfxpers.exe" [08/24/2007 07:54 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [08/29/2007 03:10 PM]

"BitTorrent DNA"="C:\Users\PHS Student\Program Files\BitTorrent_DNA\dna.exe" [08/31/2007 03:40 AM]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [11/02/2006 05:35 AM]

"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CamTray.exe" [10/27/2005 03:00 AM]

"VPSKEYS"="C:\Program Files\Vpskeys\VPSKEYS.EXE" [03/29/2003 11:52 AM]

"@"="" []

"Power2GoExpress"="" []

C:\Users\PHS Student\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [10/26/2006 8:24:54 PM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [1/19/2007 7:51:16 PM]

Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [8/29/2007 3:10:26 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"=2 (0x2)

"DisableCAD"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

"start"=C:\Program Files\Video Add-on\isfmntr.exe

"some"=C:\Program Files\Video Add-on\icthis.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]

C:\Windows\system32\psqlpwd.dll 03/28/2007 07:46 PM 90112 C:\Windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

"Notification Packages"= scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

bthsvcs BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6408d8ae-5ab7-11dc-855e-00e0b8bc08d4}]

AutoRun\command- G:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]

%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

-- End of Deckard's System Scanner: finished at 2007-10-13 23:53:14 ------------

EXTRA:

Deckard's System Scanner v20070905.67

Extra logfile - please post this as an attachment with your post.

--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6000)

Architecture: X86; Language: English

CPU 0: Intel® Core2 CPU U7500 @ 1.06GHz

Percentage of Memory in Use: 49%

Physical Memory (total/avail): 2037.44 MiB / 1032.97 MiB

Pagefile Memory (total/avail): 4292.65 MiB / 3180.43 MiB

Virtual Memory (total/avail): 2047.88 MiB / 1919.36 MiB

C: is Fixed (NTFS) - 102.56 GiB total, 43.64 GiB free.

D: is Fixed (NTFS) - 9.22 GiB total, 3.94 GiB free.

E: is CDROM (No Media)

F: is Removable (FAT)

G: is Fixed (NTFS) - 115.04 GiB total, 3.55 GiB free.

\\.\PHYSICALDRIVE1 - SD1 Device - 982.41 MiB - 1 partition

\PARTITION0 - MS-DOS V4 Huge - 982.38 MiB - F:

\\.\PHYSICALDRIVE0 - Hitachi HTS541612J9SA00 - 111.79 GiB - 2 partitions

\PARTITION0 - Installable File System - 9.22 GiB - D:

\PARTITION1 (bootable) - Installable File System - 102.56 GiB - C:

\\.\PHYSICALDRIVE2 - IC35L120 AVV207-0 USB Device - 115.04 GiB - 1 partition

\PARTITION0 - Installable File System - 115.04 GiB - G:

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.

Windows Internal Firewall is enabled.

AV: Symantec AntiVirus v10.2.0.276 (Symantec Corporation)

AS: Symantec AntiVirus v10.2.0.276 (Symantec Corporation)

AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData

APPDATA=C:\Users\PHS Student\AppData\Roaming

CLASSPATH=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip

CommonProgramFiles=C:\Program Files\Common Files

COMPUTERNAME=GW-E155-1

ComSpec=C:\Windows\system32\cmd.exe

FP_NO_HOST_CHECK=NO

HOMEDRIVE=C:

HOMEPATH=\Users\PHS Student

LOCALAPPDATA=C:\Users\PHS Student\AppData\Local

LOGONSERVER=\\GW-E155-1

NUMBER_OF_PROCESSORS=2

OS=Windows_NT

Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\QuickTime\QTSystem\

PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

PROCESSOR_ARCHITECTURE=x86

PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 2, GenuineIntel

PROCESSOR_LEVEL=6

PROCESSOR_REVISION=0f02

ProgramData=C:\ProgramData

ProgramFiles=C:\Program Files

PROMPT=$P$G

PUBLIC=C:\Users\Public

QTJAVA=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip

SystemDrive=C:

SystemRoot=C:\Windows

TEMP=C:\Users\PHSSTU~1\AppData\Local\Temp

TMP=C:\Users\PHSSTU~1\AppData\Local\Temp

USERDOMAIN=GW-E155-1

USERNAME=PHS Student

USERPROFILE=C:\Users\PHS Student

windir=C:\Windows

-- User Profiles ---------------------------------------------------------------

phsadmin

PHS Student

-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2C81600D-D6C7-4687-9362-DD4A78B3483E}\setup.exe" -l0x9

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D0803DB-8FC8-4C97-AE1F-1C3DCA357B01}\setup.exe" -l0x9

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{513D9FB1-27A2-44E4-8F2D-77A6737921A5}\setup.exe" -l0x9

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E5ABA5FD-EE3D-4F15-895D-B32321E6C96B}\setup.exe" -l0x9

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EAF97B2C-0B9B-403C-829C-EF8099237DA9}\setup.exe" -l0x9

Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}

Advanced Video FX Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D0803DB-8FC8-4C97-AE1F-1C3DCA357B01}\setup.exe" -l0x9 /remove

Agere Systems HDA Modem --> agrsmdel

American Airlines TravelDesk --> "C:\Program Files\American Airlines TravelDesk\unins000.exe"

Apple Mobile Device Support --> MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217}

Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}

Avanquest update --> C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe -runfromtemp -l0x0009 -removeonly

BitTorrent 6.0 Beta --> C:\Program Files\BitTorrent\uninst.exe

BitTorrent DNA --> "C:\Users\PHS Student\Program Files\BitTorrent_DNA\dna.exe" /UNINSTALL

Browser Address Error Redirector --> regsvr32 /u /s "c:\google\BAE.dll"

CambridgeSoft Activation Client --> MsiExec.exe /I{863F58EF-467F-4BCC-A40B-D2304630DEA1}

CambridgeSoft ChemBioOffice Ultra 2008 --> C:\Program Files\InstallShield Installation Information\{259A1B71-CA82-4A92-8178-A7FFF58E9853}\setup.exe -runfromtemp -l0x0409

Creative Live! Cam Notebook Pro Driver (1.01.03.0405) --> C:\Windows\CtDrvIns.exe -uninstall -script VF0250.uns -unsext NT -plugin V0250Pin.dll -pluginres CtCamPin.crl

Creative Live! Cam Notebook Pro User's Guide (English) --> C:\Windows\IsUninst.exe -f"C:\Program Files\Creative\Creative Live! Cam Notebook Pro\Creative Live! Cam Notebook Pro User's Guide\English\CTManual.isu"

Creative Photo Calendar --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2C81600D-D6C7-4687-9362-DD4A78B3483E}\setup.exe" -l0x9 /remove

Creative Photo Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{513D9FB1-27A2-44E4-8F2D-77A6737921A5}\setup.exe" -l0x9 /remove

Creative Software AutoUpdate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9 /remove

Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove

Creative WebCam Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E5ABA5FD-EE3D-4F15-895D-B32321E6C96B}\setup.exe" -l0x9 /remove

DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC

DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER

DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER

DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER

DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN

eMusic - 50 Free MP3 offer --> "C:\Program Files\Winamp\eMusic\Uninst-eMusic-promotion.exe"

ffdshow [rev 1324] [2007-07-01] --> "C:\Program Files\ffdshow\unins000.exe"

Gateway Recovery Center Installer --> MsiExec.exe /X{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}

Get Yahoo! Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EAF97B2C-0B9B-403C-829C-EF8099237DA9}\setup.exe" -l0x9 /remove

Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}

Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"

Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall

Information Center --> "C:\Program Files\Video Add-on\icun.exe"

Intel® Graphics Media Accelerator Driver --> C:\Windows\system32\igxpun.exe -uninstall

iTunes --> MsiExec.exe /I{B8A204BC-7177-470E-BBDD-47256D05B325}

Java SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}

K-Lite Codec Pack 2.20 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"

Lexmark X1100 Series --> C:\Program Files\Lexmark X1100 Series\Install\x86\Uninst.exe

LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U

MestReC 4.7.0 --> "C:\Program Files\MestRe-C\unins000.exe"

MICROMEDEX Healthcare Series --> C:\Windows\IsUninst.exe -fC:\mdxw\hcs32\Uninst.isu -c"C:\mdxw\hcs32\wsuninst.dll"

Microsoft Experience Pack for Windows Vista --> MsiExec.exe /I{DC78E7F6-F045-48B1-92C3-37F5BDBBD5BA}

Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}

Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}

Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL

Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}

Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}

Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}

Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}

Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}

Microsoft Office OneNote 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ONENOTER /dll OSETUP.DLL

Microsoft Office OneNote 2007 --> MsiExec.exe /X{91120000-00A1-0000-0000-0000000FF1CE}

Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}

Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}

Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}

Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}

Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}

Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}

Motorola Driver Installation --> MsiExec.exe /I{3324A5DC-C7F6-430A-ACC8-F251CD8F4FC7}

Motorola Phone Tools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe" -l0x9 -removeonly

Move Networks Media Player for Internet Explorer --> C:\Users\PHS Student\AppData\Roaming\Move Networks\ie_bin\Uninst.exe

MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}

Orb --> "C:\Program Files\Orb Networks\Orb\uninstall.exe"

Power2Go 5.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" -uninstall

Protector Suite QL 5.6 --> MsiExec.exe /I{A2289997-10A3-48F2-AA03-99180D761661}

PyMOL --> C:\Windows\IsUninst.exe -f"C:\Program Files\DeLano Scientific\PyMOL\Uninst.isu"

QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}

Safari --> MsiExec.exe /X{3E719879-9914-4C56-843E-96D0C3FCC3FB}

Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for Excel 2007 (KB936509) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A00724F5-82C4-4924-B707-0E5A84B52471}

Security Update for Office 2007 (KB934062) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}

Security Update for Office 2007 (KB934062) --> msiexec /package {91120000-00A1-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}

Security Update for Office 2007 (KB936514) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C7A78F7F-EF32-4477-BAD7-3439EA7571BF}

Security Update for Publisher 2007 (KB936646) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A32E4BAF-6477-45FA-B8AB-E743FA8D63FF}

Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}

Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {91120000-00A1-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}

Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002) --> MsiExec.exe /X{64F3B15C-24C7-4B2B-9B72-65CCBBD7F06B}

SightSpeed (remove only) --> "C:\Program Files\SightSpeed\uninst.exe"

SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\101\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly

Skypeâ„¢ 3.5 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}

Spelling Dictionaries Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}

Station LaunchPad --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D7447B32-518C-442F-A8E4-DCF12D8A6D75}\Setup.exe" -l0x9

Symantec AntiVirus --> MsiExec.exe /I{7C9E6E52-EB11-44DB-A761-82D5D873A8D9}

Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall

Texas Instruments PCIxx21/x515/xx12 drivers. --> C:\Program Files\InstallShield Installation Information\{DB780B85-B4B5-4864-A49C-9B706B169C93}\setup.exe -runfromtemp -l0x0409

Trillian --> C:\Program Files\Trillian\trillian.exe /uninstall

Update for Office 2007 (KB932080) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}

Update for Office 2007 (KB932080) --> msiexec /package {91120000-00A1-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}

Update for Office 2007 (KB934391) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}

Update for Office 2007 (KB934393) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {92FBAD46-E7F6-49FA-89B5-C39FC5BFAD15}

Update for Outlook 2007 (KB937608) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CBB2454D-193F-4523-8A31-FEB343B7C30E}

Update for Outlook 2007 Junk Email Filter (kb942575) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0FC27B9D-5BCD-45C1-B9ED-9F0273F7A18D}

Update for Word 2007 (KB934173) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C6A89125-5473-45E3-B413-ED8186437475}

VeohTV BETA --> C:\Program Files\InstallShield Installation Information\{C35BF80A-6284-485E-AE18-023AA8C43185}\setup.exe -runfromtemp -l0x0409

VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe

VobSub v2.23 (Remove Only) --> "C:\Program Files\Gabest\VobSub\uninstall.exe"

Vpskeys 4.3 --> "C:\Program Files\Vpskeys\unins000.exe"

Wacom Touch Driver --> C:\Program Files\Wacom\Penabled\uninst.exe /u

WIDCOMM Bluetooth Software 6.0.1.3900 --> MsiExec.exe /X{88637F72-B46E-43F9-B306-6DA1FF478D51}

Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"

WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe

Yahoo! Install Manager --> C:\Windows\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL

Yahoo! Internet Mail --> C:\Windows\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll

Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

-- Application Event Log -------------------------------------------------------

Event Record #/Type4541 / Error

Event Submitted/Written: 10/13/2007 11:40:41 PM

Event ID/Source: 8194 / VSS

Event Description:

Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005.

This is often caused by incorrect security settings in either the writer or requestor process.

Operation:

Gathering Writer Data

Context:

Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}

Writer Name: System Writer

Writer Instance ID: {eb908d90-be9c-416a-b690-cc8d28fe5ef5}

Event Record #/Type4522 / Success

Event Submitted/Written: 10/13/2007 11:26:39 PM

Event ID/Source: 5617 / WinMgmt

Event Description:

Event Record #/Type4521 / Success

Event Submitted/Written: 10/13/2007 11:26:38 PM

Event ID/Source: 5615 / WinMgmt

Event Description:

Event Record #/Type4513 / Success

Event Submitted/Written: 10/13/2007 11:25:53 PM

Event ID/Source: 902 / Software Licensing Service

Event Description:

The Software Licensing service has started.

Event Record #/Type4504 / Success

Event Submitted/Written: 10/13/2007 11:24:41 PM

Event ID/Source: 903 / Software Licensing Service

Event Description:

The Software Licensing service has stopped.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type17026 / Warning

Event Submitted/Written: 10/13/2007 11:48:17 PM

Event ID/Source: 3004 / WinDefend

Event Description:

%GW-E155-127 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %GW-E155-127 can't undo changes that you allow.

For more information please see the following:

%GW-E155-1275

Scan ID: {0FC9400E-8451-44D9-BB41-C1CABDDDDB1B}

User: GW-E155-1\PHS Student

Name: %GW-E155-1271

ID: %GW-E155-1272

Severity ID: %GW-E155-1273

Category ID: %GW-E155-1274

Path Found: %GW-E155-1276

Alert Type: %GW-E155-1278

Detection Type: 1.1.1505.02

Event Record #/Type17025 / Warning

Event Submitted/Written: 10/13/2007 11:48:17 PM

Event ID/Source: 3004 / WinDefend

Event Description:

%GW-E155-127 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %GW-E155-127 can't undo changes that you allow.

For more information please see the following:

%GW-E155-1275

Scan ID: {31A20610-05E6-4872-A539-1E24A04F2B2D}

User: GW-E155-1\PHS Student

Name: %GW-E155-1271

ID: %GW-E155-1272

Severity ID: %GW-E155-1273

Category ID: %GW-E155-1274

Path Found: %GW-E155-1276

Alert Type: %GW-E155-1278

Detection Type: 1.1.1505.02

Event Record #/Type17024 / Warning

Event Submitted/Written: 10/13/2007 11:48:17 PM

Event ID/Source: 3004 / WinDefend

Event Description:

%GW-E155-127 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %GW-E155-127 can't undo changes that you allow.

For more information please see the following:

%GW-E155-1275

Scan ID: {A7A3905D-473A-4AB9-ADB7-651E6AE2F8B5}

User: GW-E155-1\PHS Student

Name: %GW-E155-1271

ID: %GW-E155-1272

Severity ID: %GW-E155-1273

Category ID: %GW-E155-1274

Path Found: %GW-E155-1276

Alert Type: %GW-E155-1278

Detection Type: 1.1.1505.02

Event Record #/Type17023 / Warning

Event Submitted/Written: 10/13/2007 11:48:14 PM

Event ID/Source: 3004 / WinDefend

Event Description:

%GW-E155-127 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %GW-E155-127 can't undo changes that you allow.

For more information please see the following:

%GW-E155-1275

Scan ID: {3F037FA0-E26E-4422-9576-053404D31F3D}

User: GW-E155-1\PHS Student

Name: %GW-E155-1271

ID: %GW-E155-1272

Severity ID: %GW-E155-1273

Category ID: %GW-E155-1274

Path Found: %GW-E155-1276

Alert Type: %GW-E155-1278

Detection Type: 1.1.1505.02

Event Record #/Type17022 / Warning

Event Submitted/Written: 10/13/2007 11:48:14 PM

Event ID/Source: 3004 / WinDefend

Event Description:

%GW-E155-127 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %GW-E155-127 can't undo changes that you allow.

For more information please see the following:

%GW-E155-1275

Scan ID: {CA359BF5-DD58-478A-A592-6591B4FAA01A}

User: GW-E155-1\PHS Student

Name: %GW-E155-1271

ID: %GW-E155-1272

Severity ID: %GW-E155-1273

Category ID: %GW-E155-1274

Path Found: %GW-E155-1276

Alert Type: %GW-E155-1278

Detection Type: 1.1.1505.02

-- End of Deckard's System Scanner: finished at 2007-10-13 23:53:14 ------------

[Andro1d]

Hello and Welcome to BT.

I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today.

Sorry for the delay, we have been quite busy around here.

Download ComboFix from Here or Here to your Desktop.

• Double click combofix.exe and follow the prompts.
  
• When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
  

Note: Do not mouseclick combofix's window while its running. That may cause it to stall