keithdevoe Posted April 29, 2008 Report Share Posted April 29, 2008 Hi, I have used McAfee Suite, Adware Blaster and Spybot Search & Destroy and have not been able to get rid of pop-ups. They occur, sometimes, when I open a browser. I see a message over my Tray that says Ad Served By Browsing Software and did a Google search and came upon your site. I have done everything in all of the steps. Please be aware, I have auto updates with Microsoft and my PC is about 3 years old, so I believe I have already loaded Service Pack 2 sometime in the past.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:07:25 PM, on 4/29/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\a-squared Free\a2service.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\program files\common files\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeC:\Program Files\McAfee\MPF\MPFSrv.exeC:\Program Files\McAfee\MSK\MskSrver.exeC:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exeC:\Program Files\SiteAdvisor\6253\SAService.exeC:\Program Files\Dell Support Center\bin\sprtsvc.exeC:\WINDOWS\ehome\ehtray.exeC:\PROGRA~1\McAfee.com\Agent\mcagent.exeC:\Program Files\Apoint\Apoint.exeC:\Program Files\Java\jre1.6.0_05\bin\jusched.exeC:\WINDOWS\system32\WLTRAY.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\Dell\Media Experience\DMXLauncher.exeC:\Program Files\Dell\QuickSet\quickset.exeC:\Program Files\Real\RealPlayer\RealPlay.exeC:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exec:\WINDOWS\system32\ZuneBusEnum.exeC:\WINDOWS\System32\DLA\DLACTRLW.EXEC:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exeC:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exeC:\Program Files\SiteAdvisor\6253\SiteAdv.exeC:\Program Files\Apoint\HidFind.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files\Apoint\Apntex.exeC:\Program Files\Messenger\msmsgs.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\DellSupport\DSAgnt.exeC:\Program Files\Dell Support Center\bin\sprtcmd.exeC:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exeC:\WINDOWS\system32\dllhost.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\eHome\ehmsas.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Digital Line Detect\DLG.exeC:\Program Files\Google\Google Updater\GoogleUpdater.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\McAfee\MSC\mcuimgr.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dllO2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLLO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dllO2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dllO3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exeO4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exeO4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exeO4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exeO4 - HKLM\..\Run: [showLOMControl] O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYERO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exeO4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startupO4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXEO4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exeO4 - HKLM\..\Run: [LyraHD2TrayApp] "C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe"O4 - HKLM\..\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exeO4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkeyO4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startupO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startupO4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenterO4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeO4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeO4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Digital Line Detect.lnk = ?O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exeO8 - Extra context menu item: &Search - ?p=ZRxdm479YYUSO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLLO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cabO16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cabO16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cabO20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLLO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dllO23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exeO23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exeO23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exeO23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exeO23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exeO23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeO23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeO23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exeO23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exeO23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exeO23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exeO23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exeO23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE--End of file - 11834 bytesThank you for your help. Link to post Share on other sites
Andro1d Posted May 4, 2008 Report Share Posted May 4, 2008 Hello and Welcome to BT. I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today. I am not seeing anything suspicous in your log, so lets dig a little deeper.Please download Deckard's System Scanner (DSS) to your desktop.Close all applications and windows.Double-click on dss.exe to run it, and follow the prompts.When the scan is complete, a text file will open - Main.txtCopy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of Main.txt in your thread in the HijackThis Log Help Forum.An additional text file, Extra.txt,will also be available (by default) in the following FOLDER, C:\Deckard\System Scanner.Please go to that folder and also copy the contents of Extra.txt to your post as well.Note: Some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so. Link to post Share on other sites
keithdevoe Posted May 5, 2008 Author Report Share Posted May 5, 2008 Hi MoNsTeReNeRgY22. Here is the first log:Deckard's System Scanner v20071014.68Run by Keith on 2008-05-04 20:22:58Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --50: 2008-05-05 00:23:05 UTC - RP347 - Deckard's System Scanner Restore Point49: 2008-05-04 14:01:48 UTC - RP346 - Installed Age of Empires III - The Asian Dynasties48: 2008-05-04 13:57:14 UTC - RP345 - Removed Age of Empires III - The Asian Dynasties47: 2008-05-01 23:38:05 UTC - RP344 - System Checkpoint46: 2008-04-30 22:42:03 UTC - RP343 - System Checkpoint-- First Restore Point -- 1: 2008-02-18 17:51:27 UTC - RP298 - Installed Notebook System SoftwareBacked up registry hives.Performed disk cleanup.System Drive C: has 4.34 GiB (less than 15%) free.-- HijackThis (run as Keith.exe) -----------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:24:16 PM, on 5/4/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\a-squared Free\a2service.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\program files\common files\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeC:\Program Files\McAfee\MPF\MPFSrv.exeC:\Program Files\McAfee\MSK\MskSrver.exeC:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exeC:\Program Files\SiteAdvisor\6253\SAService.exeC:\Program Files\Dell Support Center\bin\sprtsvc.exec:\WINDOWS\system32\ZuneBusEnum.exeC:\WINDOWS\ehome\ehtray.exeC:\Program Files\Apoint\Apoint.exeC:\Program Files\Java\jre1.6.0_05\bin\jusched.exeC:\WINDOWS\system32\WLTRAY.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\PROGRA~1\McAfee.com\Agent\mcagent.exeC:\Program Files\Dell\Media Experience\DMXLauncher.exeC:\Program Files\Dell\QuickSet\quickset.exeC:\Program Files\Real\RealPlayer\RealPlay.exeC:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\WINDOWS\System32\DLA\DLACTRLW.EXEC:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exeC:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exeC:\Program Files\SiteAdvisor\6253\SiteAdv.exeC:\Program Files\Apoint\HidFind.exeC:\Program Files\Apoint\Apntex.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files\Messenger\msmsgs.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\DellSupport\DSAgnt.exeC:\Program Files\Dell Support Center\bin\sprtcmd.exeC:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exeC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\eHome\ehmsas.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Digital Line Detect\DLG.exeC:\Program Files\Google\Google Updater\GoogleUpdater.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exeC:\Documents and Settings\Keith\Desktop\dss.exeC:\PROGRA~1\TRENDM~1\HIJACK~1\Keith.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm?rev=10313R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dllO2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLLO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dllO2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dllO3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exeO4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exeO4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exeO4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exeO4 - HKLM\..\Run: [showLOMControl] O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYERO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exeO4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startupO4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXEO4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exeO4 - HKLM\..\Run: [LyraHD2TrayApp] "C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe"O4 - HKLM\..\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exeO4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkeyO4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startupO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startupO4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenterO4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeO4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeO4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Digital Line Detect.lnk = ?O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exeO8 - Extra context menu item: &Search - ?p=ZRxdm479YYUSO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLLO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cabO16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cabO16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cabO20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLLO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dllO23 - Service: McAfee Application Installer Cleanup (0045871209924544) (0045871209924544mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP04587~1.EXE (file missing)O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exeO23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exeO23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exeO23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exeO23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exeO23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeO23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeO23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exeO23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exeO23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exeO23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exeO23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exeO23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exeO23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE--End of file - 12067 bytes-- File Associations -----------------------------------------------------------.js - JSFile - DefaultIcon - C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe,2.js - JSFile - shell\open\command - "C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1".reg - regfile - shell\open\command - regedit.exe "%1" %*.scr - scrfile - shell\open\command - "%1" %*-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Inc; OMCI Driver>R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>R3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------R2 a2free (a-squared Free Service) - "c:\program files\a-squared free\a2service.exe" <Not Verified; Emsi Software GmbH; a-squared>R2 NICCONFIGSVC - c:\program files\dell\nicconfigsvc\nicconfigsvc.exe <Not Verified; Dell Inc.; NicConfigSvc>R2 sprtsvc_dellsupportcenter (SupportSoft Sprocket Service (dellsupportcenter)) - c:\program files\dell support center\bin\sprtsvc.exe /service /p dellsupportcenterS2 0045871209924544mcinstcleanup (McAfee Application Installer Cleanup (0045871209924544)) - c:\windows\temp04587~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service (file missing)-- Device Manager: Disabled ----------------------------------------------------No disabled devices found.-- Scheduled Tasks -------------------------------------------------------------2008-05-01 01:00:58 352 --a------ C:\WINDOWS\Tasks\McQcTask.job2008-01-16 18:04:09 350 --a------ C:\WINDOWS\Tasks\McDefragTask.job-- Files created between 2008-04-04 and 2008-05-04 -----------------------------2008-05-04 14:09:00 0 d-------- C:\WINDOWS\LastGood2008-04-29 18:24:08 0 d-------- C:\Program Files\Trend Micro2008-04-29 06:14:18 0 d-------- C:\fsaua.data2008-04-28 20:42:51 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com2008-04-28 20:42:25 0 d-------- C:\Program Files\SUPERAntiSpyware2008-04-28 20:42:25 0 d-------- C:\Documents and Settings\Keith\Application Data\SUPERAntiSpyware.com2008-04-28 20:41:51 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard2008-04-28 20:10:18 0 d-------- C:\Documents and Settings\Keith\Application Data\Malwarebytes2008-04-28 20:10:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes2008-04-28 20:10:05 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware2008-04-11 20:15:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater-- Find3M Report ---------------------------------------------------------------2008-05-04 14:08:59 0 d-------- C:\Program Files\McAfee2008-05-01 19:22:54 0 d-------- C:\Documents and Settings\Keith\Application Data\SiteAdvisor2008-04-28 20:41:51 0 d-------- C:\Program Files\Common Files2008-04-11 20:20:31 0 d-------- C:\Program Files\Google2008-03-31 20:38:19 0 d-------- C:\Program Files\a-squared Free2008-03-30 12:19:19 0 d-------- C:\Documents and Settings\Keith\Application Data\LimeWire2008-03-29 11:02:35 0 d-------- C:\Program Files\Java2008-03-17 22:45:47 0 d-------- C:\Documents and Settings\Keith\Application Data\Adobe2008-03-04 18:03:33 0 d-------- C:\Program Files\WorldDance2008-02-18 16:30:30 7518 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys2008-02-18 16:30:21 152 -r-hs---- C:\WINDOWS\system32\7A84C988E8.sys2008-02-13 20:25:01 3444 --a------ C:\WINDOWS\unins002.dat2008-02-13 20:23:17 691545 --a------ C:\WINDOWS\unins002.exe2008-02-10 11:28:25 18432 --a------ C:\Documents and Settings\Keith\Application Data\internaldb41.dat2008-02-10 11:28:22 374 --a------ C:\Documents and Settings\Keith\Application Data\internaldb6334.dat2008-02-10 11:25:04 555 --a------ C:\Documents and Settings\Keith\Application Data\internaldb8467.dat-- Registry Dump ---------------------------------------------------------------*Note* empty entries & legit default entries are not shown[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]09/19/2007 06:15 AM 329032 --a------ C:\Program Files\McAfee\MSK\mcapbho.dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [09/29/2005 04:01 PM]"Apoint"="C:\Program Files\Apoint\Apoint.exe" [10/07/2005 08:13 AM]"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [12/19/2005 05:08 PM]"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [08/05/2005 11:05 PM]"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [05/03/2006 03:12 AM]"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [12/15/2005 12:44 PM]"ShowLOMControl"="1 (0x1)" []"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [03/21/2006 11:33 PM]"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/21/2006 11:34 PM]"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [09/08/2005 09:20 PM]"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [09/08/2005 09:20 PM]"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [06/10/2005 12:44 PM]"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [06/10/2005 12:44 PM]"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [09/08/2005 07:20 AM]"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [08/31/2005 01:06 PM]"LyraHD2TrayApp"="C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe" [04/18/2005 05:35 PM]"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [01/17/2007 03:24 PM]"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [08/04/2007 02:33 AM]"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [11/15/2007 10:24 AM]"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [01/11/2008 06:54 PM]"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [04/11/2008 08:20 PM][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 07:00 AM]"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 11:09 AM]"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [11/15/2007 10:23 AM]"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 12:43 PM]"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/29/2008 04:03 PM]C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/31/2006 3:43:00 PM]Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [3/21/2006 11:30:50 PM]Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [4/11/2008 8:15:49 PM][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 12:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]@=""[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@=""[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]AutoRun\command- E:\setup.exe-- Hosts -----------------------------------------------------------------------127.0.0.1 www.007guard.com127.0.0.1 007guard.com127.0.0.1 008i.com127.0.0.1 www.008k.com127.0.0.1 008k.com127.0.0.1 www.00hq.com127.0.0.1 00hq.com127.0.0.1 010402.com127.0.0.1 www.032439.com127.0.0.1 032439.com7899 more entries in hosts file.-- End of Deckard's System Scanner: finished at 2008-05-04 20:25:19 ------------Here is the Second Log:Deckard's System Scanner v20071014.68Extra logfile - please post this as an attachment with your post.---------------------------------------------------------------------------------- System Information ----------------------------------------------------------Microsoft Windows XP Professional (build 2600) SP 2.0Architecture: X86; Language: EnglishCPU 0: Intel® Pentium® M processor 1.70GHzPercentage of Memory in Use: 61%Physical Memory (total/avail): 1023.37 MiB / 396.79 MiBPagefile Memory (total/avail): 2460.33 MiB / 1936.12 MiBVirtual Memory (total/avail): 2047.88 MiB / 1928.02 MiBC: is Fixed (NTFS) - 32.55 GiB total, 4.34 GiB free. D: is CDROM (CDFS)\\.\PHYSICALDRIVE0 - FUJITSU MHV2040AH - 37.26 GiB - 3 partitions \PARTITION0 - Unknown - 62.72 MiB \PARTITION1 (bootable) - Installable File System - 32.55 GiB - C: \PARTITION2 - Unknown - 4.64 GiB-- Security Center -------------------------------------------------------------AUOptions is scheduled to auto-install.Windows Internal Firewall is enabled.FirstRunDisabled is set.AntiVirusDisableNotify is set.FirewallDisableNotify is set.FW: McAfee Personal Firewall v (McAfee)AV: McAfee VirusScan v (McAfee)[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL""C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL""C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL""%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL""C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL""C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL""C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger""%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000""C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent""C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire""C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"="C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe:*:Enabled:Age of Empires III - The Asian Dynasties"-- Environment Variables -------------------------------------------------------ALLUSERSPROFILE=C:\Documents and Settings\All UsersAPPDATA=C:\Documents and Settings\Keith\Application DataCLIENTNAME=ConsoleCommonProgramFiles=C:\Program Files\Common FilesCOMPUTERNAME=7CMPP91ComSpec=C:\WINDOWS\system32\cmd.exeFP_NO_HOST_CHECK=NOHOMEDRIVE=C:HOMEPATH=\Documents and Settings\KeithLOGONSERVER=\\7CMPP91NUMBER_OF_PROCESSORS=1OS=Windows_NTPath=C:\WINDOWS\system32;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\ESTsoft\ALZip\;C:\Program Files\ESTsoft\ALZip\PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSHPROCESSOR_ARCHITECTURE=x86PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntelPROCESSOR_LEVEL=6PROCESSOR_REVISION=0d08ProgramFiles=C:\Program FilesPROMPT=$P$GSESSIONNAME=ConsoleSonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\SystemDrive=C:SystemRoot=C:\WINDOWSTEMP=C:\DOCUME~1\Keith\LOCALS~1\TempTMP=C:\DOCUME~1\Keith\LOCALS~1\TempUSERDOMAIN=7CMPP91USERNAME=KeithUSERPROFILE=C:\Documents and Settings\Keithwindir=C:\WINDOWS-- User Profiles ---------------------------------------------------------------Keith (admin)Administrator (admin)-- Add/Remove Programs --------------------------------------------------------- --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205} --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6} --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382} --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629} --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.infa-squared Free 3.0 --> "C:\Program Files\a-squared Free\unins000.exe"Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exeAdobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.logAge of Empires III --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97} Age of Empires III - The Asian Dynasties --> C:\Program Files\InstallShield Installation Information\{C43C1415-3DFC-4089-9A32-0BECF28A6046}\setup.exe -runfromtemp -l0x0409ALPS Touch Pad Driver --> C:\Program Files\Apoint\Uninstap.exe ADDREMOVEALZip --> "C:\Program Files\ESTsoft\ALZip\unins000.exe"Amazing Windows XP Screen Saver 1.2 --> C:\WINDOWS\unins001.exeAnark Client 1.0 --> C:\Program Files\Anark\Client\AMInstal.exe -uninstallAOLIcon --> MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe" ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -cleanAudacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"Blackhawk Striker 2 --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\C0A0AA4D-C79B-48CA-8843-2B02B626C9E6\Uninstall.exe"Blasterball 2 --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\D1A6F3FD-7B40-443F-8767-BADB25A0D222\Uninstall.exe"Broadcom Management Programs 2 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{64A77F14-0E08-4A97-A859-E93CFF428756} /l1033 Chuzzle Deluxe --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\E0814F95-5380-4892-B8C8-7FA4B349EF46\Uninstall.exe"Conexant D110 MDC V.9x Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1\HXFSETUP.EXE -U -Idel5422k.infCorel Paint Shop Pro X --> MsiExec.exe /I{1A15507A-8551-4626-915D-3D5FA095CC1B}Corel Photo Album 6 --> MsiExec.exe /X{8A9B8148-DDD7-448F-BD6C-358386D32354}Dell CinePlayer --> MsiExec.exe /I{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /sDell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}Dell Game Console --> "C:\Program Files\WildTangent\Apps\Dell Game Console\Uninstall.exe"Dell Support Center --> MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}Dell Wireless WLAN Card --> "C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}Digital Content Portal --> MsiExec.exe /I{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelEducateU --> MsiExec.exe /I{A683A2C0-821C-486F-858C-FA634DB5E864}ELIcon --> MsiExec.exe /I{4667B940-BB01-428B-986E-A0CC46497BF7}FATE --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\C2D8F0E2-6978-4409-8351-BA8785DA11EE\Uninstall.exe"FileZilla (remove only) --> "C:\Program Files\FileZilla\uninstall.exe"GemMaster Mystic --> "C:\Program Files\GemMaster\uninstallgemmaster.exe"Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstallGoogle Earth --> MsiExec.exe /I{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstallHijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstallHoliday Snowflakes Screen Saver 1.2 --> C:\WINDOWS\unins000.exeHotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"Internal Network Card Power Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F528948-0E80-4C96-B455-DE4167CB1DF7}\setup.exe" -l0x9 UNINSTALL APPDRVNT4J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}Java 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}Java 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}Java 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}Java SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exeLimeWire 4.16.6 --> "C:\Program Files\LimeWire\uninstall.exe"Lyra Jukebox Applications --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3374B4A6-5595-4667-882D-755ABE093806}\Setup.exe" -l0x9 -removeMacromedia Dreamweaver MX 2004 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}\Setup.exe" -l0x9 mmUninstallMacromedia Extension Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstallMalwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exeMcAfee Uninstaller --> C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /uninstall=1 /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\comrem.dll::uninstall.htmMCU --> MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}Microsoft Age of Empires II --> "C:\Program Files\Microsoft Games\Age of Empires II\UNINSTAL.EXE" /runtemp /uninstallMicrosoft Age of Empires II: The Conquerors Expansion --> "C:\Program Files\Microsoft Games\Age of Empires II\UNINSTALX.EXE" /runtemp /addremoveMicrosoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"Microsoft Zoo Tycoon --> "C:\Program Files\Microsoft Games\Zoo Tycoon\UNINSTAL.EXE" /runtemp /addremoveModem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelMSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARPMusicmatch® Jukebox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9 -uninst NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyTextOTOY --> RunDll32 C:\WINDOWS\DOWNLO~1\OTOYAX.dll,_RemoveGroove@16Otto --> "C:\Program Files\EnglishOtto\uninstallotto.exe"Polar Golfer --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\651956B7-1969-42AA-9453-E0B813019D54\Uninstall.exe"ProtoSphereDemo --> C:\PROGRA~1\PROTOS~1\UNWISE.EXE C:\PROGRA~1\PROTOS~1\INSTALL.LOGQuickSet --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 APPDRVNT4QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.logRealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0Roxio DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}Roxio MyDVD LE --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}Roxio RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}Roxio RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}Roxio RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}Search Assist --> MsiExec.exe /X{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}SecondLife (remove only) --> "C:\Program Files\SecondLife\uninst.exe" /P="SecondLife"Sonic Activation Module --> MsiExec.exe /I{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}Sonic Encoders --> MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins002.exe"Star Wars Empire at War --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\110\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{99AE7207-8612-4DBA-A8F8-BAE5C633390D}\Setup.exe" -l0x9 -removeonlyStar Wars® Knights of the Old Republic® II: The Sith Lords --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\101\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{629F65FB-7F3C-4D66-A1C0-20722744B7B6}\setup.exe" -l0x9 -removeonlySUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}Tradewinds --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\3C48F877-A164-45E9-B9DA-26A049FFC207\Uninstall.exe"Type to Learn 3 Home --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C51CD33D-D7A0-4328-A802-3CD9DA437208}\setup.exe" -l0x9 Update Rollup 2 for Windows XP Media Center Edition 2005 --> C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exeURL Assistant --> regsvr32 /u /s "c:\Program Files\BAE\BAE.dll"Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /uWebCyberCoach 3.2 Dell --> "C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"Windows XP Media Center Edition 2005 KB908246 --> "C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"Windows XP Media Center Edition 2005 KB925766 --> "C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"Windows XP Winter Fun Pack Screensavers --> MsiExec.exe /I{27D0C7AB-59F1-4D4D-A0BB-05A31AC919EA}World Dance --> MsiExec.exe /X{C83C2005-B030-11D5-8CE8-0003470BB21B}Zune --> MsiExec.exe /X{7583239A-D4BE-48CA-A253-396122B3D3E9}Zune Language Pack (ES) --> MsiExec.exe /X{EE4ACABF-531E-419A-9225-B8E0FA4955AF}Zune Language Pack (FR) --> MsiExec.exe /X{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}-- Application Event Log -------------------------------------------------------Event Record #/Type4445 / ErrorEvent Submitted/Written: 04/29/2008 06:12:39 AMEvent ID/Source: 8 / crypt32Event Description:Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.Event Record #/Type4436 / ErrorEvent Submitted/Written: 04/28/2008 08:36:32 PMEvent ID/Source: 1002 / Application HangEvent Description:Hanging application iexplore.exe, version 7.0.6000.16640, hang module hungapp, version 0.0.0.0, hang address 0x00000000.Event Record #/Type4404 / ErrorEvent Submitted/Written: 04/23/2008 11:38:52 PMEvent ID/Source: 1000 / Application ErrorEvent Description:Faulting application iexplore.exe, version 7.0.6000.16640, faulting module browsingsoftware-2.dll, version 1.0.0.1, fault address 0x0004639c.Processing media-specific event for [iexplore.exe!ws!]Event Record #/Type4365 / ErrorEvent Submitted/Written: 04/18/2008 10:07:33 PMEvent ID/Source: 1002 / Application HangEvent Description:Hanging application rundll32.exe, version 5.1.2600.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.Event Record #/Type4327 / ErrorEvent Submitted/Written: 04/14/2008 08:20:49 AMEvent ID/Source: 1002 / Application HangEvent Description:Hanging application dsc.exe, version 7.0.560.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.-- Security Event Log ----------------------------------------------------------No Errors/Warnings found.-- System Event Log ------------------------------------------------------------Event Record #/Type10748 / WarningEvent Submitted/Written: 05/04/2008 11:16:45 AMEvent ID/Source: 256 / PlugPlayManagerEvent Description:Timed out sending notification of device interface change to window of "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe"Event Record #/Type10661 / WarningEvent Submitted/Written: 05/01/2008 07:03:54 AMEvent ID/Source: 36 / W32TimeEvent Description:The time service has not been able to synchronize the system timefor 49152 seconds because none of the time providers has been able toprovide a usable time stamp. The system clock is unsynchronized.Event Record #/Type10621 / WarningEvent Submitted/Written: 04/29/2008 11:05:39 PMEvent ID/Source: 36 / W32TimeEvent Description:The time service has not been able to synchronize the system timefor 49152 seconds because none of the time providers has been able toprovide a usable time stamp. The system clock is unsynchronized.Event Record #/Type10483 / WarningEvent Submitted/Written: 04/28/2008 05:05:37 AMEvent ID/Source: 36 / W32TimeEvent Description:The time service has not been able to synchronize the system timefor 49152 seconds because none of the time providers has been able toprovide a usable time stamp. The system clock is unsynchronized.Event Record #/Type10480 / ErrorEvent Submitted/Written: 04/27/2008 03:20:02 PMEvent ID/Source: 29 / W32TimeEvent Description:The time provider NtpClient is configured to acquire time from one or moretime sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes.NtpClient has no source of accurate time.-- End of Deckard's System Scanner: finished at 2008-05-04 20:25:19 ------------Thank you in advance.Keith Link to post Share on other sites
Andro1d Posted May 5, 2008 Report Share Posted May 5, 2008 Hello again,Step 1Please download ATF Cleaner by Atribune.This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.Under Main choose: Select AllClick the Empty Selected button.If you use Firefox browserClick Firefox at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browserClick Opera at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Step 2Please do an online scan with Kaspersky WebScannerClick on AcceptYou will be promted to install an ActiveX component from Kaspersky, Click Yes.The program will launch and then begin downloading the latest definition files:Once the files have been downloaded click on NEXTNow click on Scan SettingsIn the scan settings make that the following are selected:Scan using the following Anti-Virus database:Extended (if available otherwise Standard)Scan Options:Scan ArchivesScan Mail Bases[*]Click OK[*]Now under select a target to scan:Select My Computer[*]This will program will start and scan your system.[*]The scan will take a while so be patient and let it run.[*]Once the scan is complete it will display if your system has been infected.Now click on the Save as Text button:[*]Save the file to your desktop.[*]Copy and paste that information in your next post.Step 3Please register (it's free, don't worry) with PCPitStop and run the full tests here:http://www.pcpitstop.com/pcpitstop/default.aspWhen the tests are complete, a results page will pop up. Click "Share these results with TechExpress" on the right-hand side. Then copy the URL provided and post it here for me. Link to post Share on other sites
keithdevoe Posted May 7, 2008 Author Report Share Posted May 7, 2008 Hi, here are the results you asked for:------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Wednesday, May 07, 2008 7:34:58 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 7/05/2008 Kaspersky Anti-Virus database records: 745180-------------------------------------------------------------------------------Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: trueScan Target - My Computer: C:\ D:\Scan Statistics: Total number of scanned objects: 123716 Number of viruses found: 3 Number of infected objects: 4 Number of suspicious objects: 0 Duration of the scan process: 01:55:48Infected Object Name / Virus Name / Last ActionC:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\b5a59423a0c6\dbc2e.ht1 Object is locked skippedC:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\b5a59423a0c6\dbdam Object is locked skippedC:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\b5a59423a0c6\dbdao Object is locked skippedC:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\b5a59423a0c6\dbeam Object is locked skippedC:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\b5a59423a0c6\dbeao Object is locked skippedC:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\b5a59423a0c6\dbm Object is locked skippedC:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\b5a59423a0c6\dbu2d.ht1 Object is locked skippedC:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\b5a59423a0c6\dbvm.cf1 Object is locked skippedC:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\b5a59423a0c6\dbvmh.ht1 Object is locked skippedC:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\b5a59423a0c6\fii.cf1 Object is locked skippedC:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\b5a59423a0c6\fiih.ht1 Object is locked skippedC:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\b5a59423a0c6\hp Object is locked skippedC:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\b5a59423a0c6\hpt2i.ht1 Object is locked skippedC:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\b5a59423a0c6\rpm.cf1 Object is locked skippedC:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\b5a59423a0c6\rpm1m.cf1 Object is locked skippedC:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\b5a59423a0c6\rpm1mh.ht1 Object is locked skippedC:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\b5a59423a0c6\rpmh.ht1 Object is locked skippedC:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\b5a59423a0c6\safeweb\goog-black-enchashm.cf1 Object is locked skippedC:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\b5a59423a0c6\safeweb\goog-black-enchashmh.ht1 Object is locked skippedC:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\b5a59423a0c6\safeweb\goog-black-urlm.cf1 Object is locked skippedC:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\b5a59423a0c6\safeweb\goog-black-urlmh.ht1 Object is locked skippedC:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\b5a59423a0c6\safeweb\goog-malware-domainm.cf1 Object is locked skippedC:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\b5a59423a0c6\safeweb\goog-malware-domainmh.ht1 Object is locked skippedC:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\b5a59423a0c6\safeweb\goog-white-domainm.cf1 Object is locked skippedC:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\b5a59423a0c6\safeweb\goog-white-domainmh.ht1 Object is locked skippedC:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skippedC:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skippedC:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{7A227D7C-EA77-4072-A962-D67C211609AF}.log Object is locked skippedC:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skippedC:\Documents and Settings\All Users\Application Data\McAfee\MSK\MSKWMDB.dat Object is locked skippedC:\Documents and Settings\All Users\Application Data\McAfee\MSK\settingsdb.dat Object is locked skippedC:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skippedC:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skippedC:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skippedC:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skippedC:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skippedC:\Documents and Settings\All Users\Application Data\QSLLPSVCShare Object is locked skippedC:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\SYSTEM\state\logs\sprtcmd.log Object is locked skippedC:\Documents and Settings\Keith\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skippedC:\Documents and Settings\Keith\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt_GTActions.log Object is locked skippedC:\Documents and Settings\Keith\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\gdql_d_DSAgnt.log Object is locked skippedC:\Documents and Settings\Keith\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\glog.log Object is locked skippedC:\Documents and Settings\Keith\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-5-4-2008( 22-43-55 ).LOG Object is locked skippedC:\Documents and Settings\Keith\Cookies\index.dat Object is locked skippedC:\Documents and Settings\Keith\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skippedC:\Documents and Settings\Keith\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skippedC:\Documents and Settings\Keith\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skippedC:\Documents and Settings\Keith\Local Settings\Application Data\Musicmatch\Jukebox\mmjbaltlog.txt Object is locked skippedC:\Documents and Settings\Keith\Local Settings\Application Data\Musicmatch\Jukebox\mmjblog.txt Object is locked skippedC:\Documents and Settings\Keith\Local Settings\Application Data\Musicmatch\MIM\Database\Default.ldb Object is locked skippedC:\Documents and Settings\Keith\Local Settings\Application Data\Musicmatch\MIM\Database\Default.mdb Object is locked skippedC:\Documents and Settings\Keith\Local Settings\Application Data\SupportSoft\DellSupportCenter\Keith\state\logs\sprtcmd.log Object is locked skippedC:\Documents and Settings\Keith\Local Settings\History\History.IE5\index.dat Object is locked skippedC:\Documents and Settings\Keith\Local Settings\History\History.IE5\MSHist012008050720080508\index.dat Object is locked skippedC:\Documents and Settings\Keith\Local Settings\Temp\JETF69F.tmp Object is locked skippedC:\Documents and Settings\Keith\Local Settings\Temp\sqlite_mrZqRhnVdKikMAm Object is locked skippedC:\Documents and Settings\Keith\Local Settings\Temp\~DF74E5.tmp Object is locked skippedC:\Documents and Settings\Keith\Local Settings\Temp\~DF8144.tmp Object is locked skippedC:\Documents and Settings\Keith\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skippedC:\Documents and Settings\Keith\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skippedC:\Documents and Settings\Keith\My Documents\LimeWire\Saved7 Track 7.wma Infected: Trojan-Downloader.WMA.Wimad.l skippedC:\Documents and Settings\Keith\My Documents\LimeWire\Saved\Eighties classic.wma Infected: Trojan-Downloader.WMA.Wimad.l skippedC:\Documents and Settings\Keith\NTUSER.DAT Object is locked skippedC:\Documents and Settings\Keith\ntuser.dat.LOG Object is locked skippedC:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skippedC:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skippedC:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skippedC:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skippedC:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skippedC:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skippedC:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skippedC:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skippedC:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skippedC:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skippedC:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skippedC:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skippedC:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP341\A0068919.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bj skippedC:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP341\A0069001.exe Infected: not-a-virus:AdWare.Win32.Sahat.bp skippedC:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP349\change.log Object is locked skippedC:\WINDOWS\CSC0000001 Object is locked skippedC:\WINDOWS\Debug\PASSWD.LOG Object is locked skippedC:\WINDOWS\ModemLog_Conexant D110 MDC V.9x Modem.txt Object is locked skippedC:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{CC7D6538-2FCE-4C9A-8D1C-75FE67F40F19}.crmlog Object is locked skippedC:\WINDOWS\SchedLgU.Txt Object is locked skippedC:\WINDOWS\SoftwareDistribution\EventCache\{8721AF9F-51D5-40E9-BCCF-4A250C433D0A}.bin Object is locked skippedC:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skippedC:\WINDOWS\Sti_Trace.log Object is locked skippedC:\WINDOWS\system32\CatRoot2\edb.log Object is locked skippedC:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skippedC:\WINDOWS\system32\config\AppEvent.Evt Object is locked skippedC:\WINDOWS\system32\config\DEFAULT Object is locked skippedC:\WINDOWS\system32\config\default.LOG Object is locked skippedC:\WINDOWS\system32\config\Internet.evt Object is locked skippedC:\WINDOWS\system32\config\Media Ce.evt Object is locked skippedC:\WINDOWS\system32\config\SAM Object is locked skippedC:\WINDOWS\system32\config\SAM.LOG Object is locked skippedC:\WINDOWS\system32\config\SecEvent.Evt Object is locked skippedC:\WINDOWS\system32\config\SECURITY Object is locked skippedC:\WINDOWS\system32\config\SECURITY.LOG Object is locked skippedC:\WINDOWS\system32\config\SOFTWARE Object is locked skippedC:\WINDOWS\system32\config\software.LOG Object is locked skippedC:\WINDOWS\system32\config\SysEvent.Evt Object is locked skippedC:\WINDOWS\system32\config\SYSTEM Object is locked skippedC:\WINDOWS\system32\config\system.LOG Object is locked skippedC:\WINDOWS\system32\h323log.txt Object is locked skippedC:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skippedC:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skippedC:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skippedC:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skippedC:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skippedC:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skippedC:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skippedC:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skippedC:\WINDOWS\Temp\mcmsc_1DtNgzQG1UYG3P4 Object is locked skippedC:\WINDOWS\Temp\mcmsc_Ggenh8BqEE40KNl Object is locked skippedC:\WINDOWS\Temp\mcmsc_hav3c6uJloqmbeJ Object is locked skippedC:\WINDOWS\Temp\sqlite_fzOXQgPDvGqCUIe Object is locked skippedC:\WINDOWS\Temp\sqlite_jbni1zn0QpGoHkX Object is locked skippedC:\WINDOWS\Temp\sqlite_PuaSRZVfQ84ZILi Object is locked skippedC:\WINDOWS\wiadebug.log Object is locked skippedC:\WINDOWS\wiaservc.log Object is locked skippedC:\WINDOWS\WindowsUpdate.log Object is locked skippedScan process completed.Here is the URL from PC PitStop:http://www.pcpitstop.com/techexpress.asp?id=DYM4TWRZKUGSAZE9I hope this helps. Once again, thank you. Link to post Share on other sites
Andro1d Posted May 8, 2008 Report Share Posted May 8, 2008 Hello again,Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these files (if present):C:\Documents and Settings\Keith\My Documents\LimeWire\Saved7 Track 7.wmaC:\Documents and Settings\Keith\My Documents\LimeWire\Saved\Eighties classic.wmaAlso, according to the PC Pit Stop Dell has also reacalled many of their laptops for battery issues. You may be elgible for this. Check out the following link for more info.http://www.pcpitstop.com/pcpitstop/DellBatteryRecall.aspOther than that nice job your log looks clean! How is it running?Please use the following suggestion to help prevent reinfection.Also, you may delete any tools I had you download during the cleaning process.Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)Now we need to make a new System Restore Point for your PC, please do the followingClick Start, Settings, Control PanelDouble-click the System iconClick the Performance tab, File System, Troubleshooting tabCheck "Turn off System Restore" and click "Apply". Please give a moment as it will delete the old System Restore pointsThen uncheck "Turn off System Restore" which will create a new System Restore pointClick OKI highly recommend downloading the following programs, to keep malware of your computer to begin with.The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.Malwarebytes' Anti-Malware - A very powerful tool which searches and kills malware that infects your system. SpywareBlaster - Great prevention tool to keep malware from installing on your system.**Tutorial on installing & using this product can be found HERE**SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.**Tutorial on installing & using this product can be found HERE**IE-SpyAd - Puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.**Tutorial on installing & using this product can be found HERE**ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out malware that like to reside in the temp folders.Antivirus Program An Antivirus program is a must in today's digital world! I recommend avast! 4 Home Edition, AVG, or Anti-Vir. DO NOT install more than one Antivirus program. They will conflict, and provide less protection, not more.Firewall A firewall is definitely a must have to protect your computer from hackers. I recommend Comodo, Online Armor, or Outpost.**Tutorial on Firewalls can be found HERE**Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.You must stay on top of your updates at all times, for the above mentioned applications.It is vitally important to stay on top of your critical updates provided by Microsoft.And finally a little How did I get infected in the first place?(by Tony Klein)Good luck and safe surfing Link to post Share on other sites
Andro1d Posted May 17, 2008 Report Share Posted May 17, 2008 Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic. Link to post Share on other sites
Recommended Posts