Trojan Horse Generic10.ASPU Removal

domdeez · 2008/06/27

Windows XP
AVG Anti-Virus/Firewall

I have tried many spyware removal programs and none of them can seem to get rid of this. Symptoms are, slow to no internet connection on both IE and FF. AVG gives a warning of this threat when I navigate my C drive. It places it in the virus Vault but this does not get rid of it. Anyone know of how I can get rid of this? This is killing my ability to do work, internet connection is unuseable do to this.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:10:00 PM, on 6/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Config\csrss.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\sony\SONICS~1\SsAAD.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Config\csrss.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ProAct - {2FF811E6-8925-4084-A649-C159955E67E8} - C:\WINDOWS\system32\asc94.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [VZRemoteCommander] C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe "
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe "
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 13026 bytes

noahdfear · 2008/06/28

Welcome to WindowsBBS domdeez

If you're still in need of assistance, please download Malwarebytes' Anti-Malware (MBAM) from here or here and save the file to your desktop.

Double click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select 'Perform Quick Scan', then click Scan.

The scan may take some time to finish,so please be patient.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note below)

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Post the entire report in your next reply.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Then, download Deckard's System Scanner (dss.exe) and save it to your desktop.

Close all applications and windows.

Double click on dss.exe to run it and follow the prompts.

When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.

Post the contents of main.txt only for now.

domdeez · 2008/06/29

Thank you for your response...

I looked through some similar posts and went ahead and tried combo fix. I thought it was just a hijactthis type of program that generates a log for analysis, but to my surprise, it seems to have removed the trojan. I am on day two and see no more signs of the trojan.

noahdfear · 2008/07/01

I'm happy to hear ComboFix seems to have resolved the problem, but I feel compelled to warn against running tools such as ComboFix without prior recommendation from some trained in it's use. It's a very powerful tool and if used improperly or unnecessarily, could well cripple your system. ComboFix is best used with supervision. That said, I recommend you post the log located at C:\ComboFix.txt, as well as a fresh log from Deckard's System Scanner.

domdeez · 2008/07/02

Combo Fix

Thanks for being so thorough in your response. Here is the combo fix log .

ComboFix 08-06-20.4 - kdonegan 2008-06-27 17:22:45.1 - NTFSx86
Running from: C:\Documents and Settings\kdonegan\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\kdonegan\g2mdlhlpx.exe
C:\smp.bat
C:\WINDOWS\Config\csrss.exe
C:\WINDOWS\setup.exe

.
((((((((((((((((((((((((( Files Created from 2008-05-27 to 2008-06-27 )))))))))))))))))))))))))))))))
.

2008-06-27 14:08 . 2008-06-27 14:08 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-27 00:10 . 2008-06-27 00:53 <DIR> d-------- C:\Program Files\Advanced Spyware Remover
2008-06-26 11:20 . 2008-06-26 11:20 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-06-26 11:20 . 2008-06-26 11:20 1,152 --a------ C:\WINDOWS\system32\windrv.sys
2008-06-26 03:31 . 2008-06-26 03:31 <DIR> d-------- C:\Documents and Settings\kdonegan\Application Data\Thinstall
2008-06-26 03:04 . 2008-06-26 16:39 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-26 03:04 . 2008-06-26 03:04 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-26 02:34 . 2008-06-26 02:34 124,688 --a------ C:\WINDOWS\system32\MSWINSCK.OCX
2008-06-25 16:24 . 2008-06-25 16:25 158 --a------ C:\Documents and Settings\kdonegan\Application Data\wklnhst.dat
2008-06-10 16:01 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 16:01 . 2008-06-13 09:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-03 03:10 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-06-03 03:10 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-06-03 03:10 . 2008-06-03 03:10 2,226 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-03 03:04 . 2005-03-31 02:23 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-06-03 03:04 . 2005-03-31 02:04 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sony Corporation
2008-06-03 03:04 . 2005-03-31 02:18 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Intuit
2008-06-03 03:04 . 2005-03-31 02:34 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InterMute
2008-06-03 03:04 . 2008-06-03 03:04 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-03 02:57 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-06-03 02:57 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-06-03 02:57 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-06-03 02:57 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-06-03 02:57 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-06-03 02:57 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-06-03 02:44 . 2008-06-03 02:44 <DIR> d-------- C:\Documents and Settings\kdonegan\Application Data\Malwarebytes
2008-06-03 02:44 . 2008-06-03 02:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-03 00:23 . 2008-06-27 13:05 <DIR> d--h----- C:\$AVG8.VAULT$
2008-06-03 00:12 . 2008-06-21 08:26 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-03 00:12 . 2008-06-21 08:27 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-06-03 00:12 . 2008-06-21 08:26 12,936 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-06-03 00:12 . 2008-06-21 08:26 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-06-03 00:11 . 2008-06-27 11:26 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-03 00:09 . 2008-06-03 00:09 <DIR> d-------- C:\Program Files\AVG
2008-06-03 00:09 . 2008-06-03 00:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-03 00:09 . 2008-06-21 08:26 45,568 --a------ C:\WINDOWS\system32\avgfwdx.dll
2008-06-03 00:09 . 2008-06-21 08:26 23,296 --a------ C:\WINDOWS\system32\drivers\avgfwdx.sys
2008-06-02 16:51 . 2008-06-02 16:51 52,736 --a------ C:\WINDOWS\system32\blphccq2j0e90r.scr

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-27 20:58 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-27 05:02 --------- d-----w C:\Program Files\Google
2008-06-17 06:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-12 18:13 --------- d-----w C:\Program Files\Notepad++
2008-06-12 18:13 --------- d-----w C:\Documents and Settings\kdonegan\Application Data\Notepad++
2008-06-06 14:44 --------- d-----w C:\Program Files\Java
2008-06-04 22:56 --------- d-----w C:\Documents and Settings\kdonegan\Application Data\LimeWire
2008-06-03 06:56 --------- d-----w C:\Program Files\Spyware Doctor
2008-06-03 06:19 788,420 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-03 06:19 58,788,384 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-03 06:19 340,400 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-06-03 06:19 3,613,984 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-03 00:01 512 ----a-w C:\ScanSectorLog.dat
2008-05-22 05:27 --------- d-----w C:\Documents and Settings\kdonegan\Application Data\FileZilla
2008-05-20 23:17 --------- d-----w C:\Documents and Settings\kdonegan\Application Data\wsInspector
2008-05-20 22:54 --------- d-----w C:\Program Files\Startup Inspector for Windows
2008-05-16 21:13 --------- d-----w C:\Documents and Settings\kdonegan\Application Data\Skype
2008-05-14 21:24 --------- d-----w C:\Program Files\Citrix
2008-05-12 15:27 --------- d-----w C:\Program Files\DreamFactory
2008-05-09 17:19 --------- d-----w C:\Documents and Settings\kdonegan\Application Data\AdobeUM
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-30 15:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Axure
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]
"updateMgr "= "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"RoboForm "= "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-02-09 12:10 160592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [2005-02-17 18:31 5406720]
"Apoint "= "C:\Program Files\Apoint\Apoint.exe" [2003-11-07 20:21 114688]
"VAIO Recovery "= "C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 01:08 28672]
"SonyPowerCfg "= "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [2005-01-14 20:18 184320]
"Switcher.exe "= "C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2005-01-21 00:24 167936]
"ISBMgr.exe "= "C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 18:12 32768]
"IgfxTray "= "C:\WINDOWS\system32\igfxtray.exe" [2005-02-22 20:37 155648]
"HotKeysCmds "= "C:\WINDOWS\system32\hkcmd.exe" [2005-02-22 20:34 126976]
"Mouse Suite 98 Daemon "= "ICO.EXE" []
"VZRemoteCommander "= "C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe" [2005-01-31 14:10 192512]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"SsAAD.exe "= "C:\PROGRA~1\sony\SONICS~1\SsAAD.exe" [2005-01-24 23:58 81920]
"GrooveMonitor "= "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016]
"AVG8_TRAY "= "C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-21 08:27 1231128]

C:\Documents and Settings\kdonegan\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 21:24:54 98632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2005-01-18 16:48 73728 C:\WINDOWS\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd "= C:\PROGRA~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
backup=C:\WINDOWS\pss\Service Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeVersionCue]
--a------ 2004-03-25 12:35 1732608 C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2003-12-22 08:38 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2004-02-18 13:55 49152 C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 2004-03-04 11:46 172032 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-09-26 14:42 267064 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\j2 4.2]
--a------ 2006-07-14 16:03 107008 C:\Program Files\j2 Messenger 4.2\J2GDllCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 16:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 2]
--a------ 2005-01-14 17:43 151552 C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"C:\\Program Files\\Messenger\\msmsgs.exe "=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe "=
"C:\\Program Files\\MSN Messenger\\livecall.exe "=
"C:\\Program Files\\iTunes\\iTunes.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE "=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
"C:\\Program Files\\LimeWire\\LimeWire.exe "=
"C:\\Program Files\\Skype\\Phone\\Skype.exe "=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe "=
"C:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe "=
"C:\\Program Files\\Ipswitch\\WS_FTP Professional\\wsftpgui.exe "=

R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-06-21 08:26]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-21 08:26]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-21 08:26]
R2 avgfws8;AVG8 Firewall;C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2008-06-21 08:26]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-06-21 08:27]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe [2002-12-17 21:26]
R3 Avgfwdx;Avgfwdx;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-06-21 08:26]
R3 NWADI;NWADI Bus Enumerator;C:\WINDOWS\system32\DRIVERS\NWADIenum.sys [2005-04-15 18:23]
S1 SocketQuadSerial;Novatel Wireless CDMA 1.9GHz Modem driver;C:\WINDOWS\system32\DRIVERS\nvtlg2k.sys [2004-05-27 19:57]
S3 Avgfwfd;AVG network filter service;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-06-21 08:26]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\Image Converter 2\IcVzMon.exe [2005-02-15 01:30]
S3 KMW_KBD;Kensington Input Devices Class filter driver;C:\WINDOWS\system32\DRIVERS\KMW_KBD.sys []
S3 KMW_USB;Kensington MouseWorks USB filter driver;C:\WINDOWS\system32\DRIVERS\KMW_USB.sys []
S3 kwkxusb;Kyocera CDMA Wireless Modem Driver;C:\WINDOWS\system32\DRIVERS\kwusb2k.sys []
S3 RimSerPort;RIM Virtual Serial Port;C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2006-06-30 16:10]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE [2002-12-17 21:23]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-20 22:22:47 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job "
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-27 17:30:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-27 17:36:52
ComboFix-quarantined-files.txt 2008-06-27 21:36:48

Pre-Run: 37,597,794,304 bytes free
Post-Run: 37,650,378,752 bytes free

197 --- E O F --- 2008-06-21 07:14:21

domdeez · 2008/07/02

DSS Log

Deckard's System Scanner v20071014.68
Run by kdonegan on 2008-07-01 22:13:08
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 503 MiB (512 MiB recommended).

-- HijackThis (run as kdonegan.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:18:56 PM, on 7/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\sony\SONICS~1\SsAAD.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\kdonegan\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\kdonegan.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [VZRemoteCommander] C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe "
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe "
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 12975 bytes

-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - unable to read value
.js - JSFile - shell\open\command - unable to read value

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.1.6.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.1.6.0>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>

S3 catchme - c:\combofix\catchme.sys (file missing)
S3 KMW_KBD (Kensington Input Devices Class filter driver) - c:\windows\system32\drivers\kmw_kbd.sys (file missing)
S3 KMW_USB (Kensington MouseWorks USB filter driver) - c:\windows\system32\drivers\kmw_usb.sys (file missing)
S3 kwkxusb (Kyocera CDMA Wireless Modem Driver) - c:\windows\system32\drivers\kwusb2k.sys (file missing)
S3 PCTINDIS5 (PCTINDIS5 NDIS Protocol Driver) - c:\windows\system32\pctindis5.sys (file missing)
S3 SMNDIS5 (SMNDIS5 NDIS Protocol Driver) - c:\progra~1\verizo~1\vzacce~1\smndis5.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 RegSrvc - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; RegSrvc Module>
R2 VzFw (VAIO Entertainment File Import Service) - c:\program files\common files\sony shared\vaio entertainment platform\vzcdb\vzfw.exe
R3 Vcsw (VAIO Entertainment UPnP Client Adapter) - c:\program files\common files\sony shared\vaio entertainment platform\vcsw\vcsw.exe -runbyscm

S3 AdobeVersionCue - c:\program files\adobe\adobe version cue\service\versioncue.exe <Not Verified; Adobe Sytems; Adobe Version Cueâ„¢>

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) PRO/Wireless 2200BG Network Connection
Device ID: PCI\VEN_8086&DEV_4220&SUBSYS_27518086&REV_05\4&2FA23535&0&20F0
Manufacturer: Intel(R) Corporation
Name: Intel(R) PRO/Wireless 2200BG Network Connection
PNP Device ID: PCI\VEN_8086&DEV_4220&SUBSYS_27518086&REV_05\4&2FA23535&0&20F0
Service: w29n51

-- Scheduled Tasks -------------------------------------------------------------

2008-06-27 18:22:03 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

-- Files created between 2008-06-01 and 2008-07-01 -----------------------------

2008-06-28 16:48:09 2187 --a------ C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
2008-06-27 17:19:25 68096 --a------ C:\WINDOWS\zip.exe
2008-06-27 17:19:25 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-27 17:19:25 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-27 17:19:25 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-27 17:19:25 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-27 17:19:25 98816 --a------ C:\WINDOWS\sed.exe
2008-06-27 17:19:25 80412 --a------ C:\WINDOWS\grep.exe
2008-06-27 17:19:25 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-27 16:30:26 0 dr-h----- C:\Documents and Settings\kdonegan\Recent
2008-06-27 14:08:50 0 d-------- C:\Program Files\Trend Micro
2008-06-27 00:10:45 0 d-------- C:\Program Files\Advanced Spyware Remover
2008-06-26 11:20:58 1152 --a------ C:\WINDOWS\system32\windrv.sys
2008-06-26 11:20:23 0 d-------- C:\Program Files\Common Files\Download Manager
2008-06-26 03:31:35 0 d-------- C:\Documents and Settings\kdonegan\Application Data\Thinstall
2008-06-25 16:24:58 158 --a------ C:\Documents and Settings\kdonegan\Application Data\wklnhst.dat
2008-06-03 03:10:39 2226 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-03 03:10:02 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-06-03 03:10:02 82944 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-06-03 03:04:57 0 d-------- C:\Documents and Settings\Administrator\Application Data\InterMute
2008-06-03 03:04:57 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-06-03 03:04:56 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-06-03 03:04:56 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-06-03 03:04:56 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-06-03 03:04:56 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-06-03 03:04:56 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-06-03 03:04:56 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-06-03 03:04:56 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-06-03 03:04:56 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-06-03 03:04:56 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-06-03 03:04:56 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-06-03 03:04:56 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-06-03 03:04:56 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sony Corporation
2008-06-03 03:04:56 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-06-03 03:04:56 0 d-------- C:\Documents and Settings\Administrator\Application Data\Intuit
2008-06-03 03:04:55 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-06-03 03:04:55 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-06-03 03:04:54 1048576 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-06-03 02:57:35 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-06-03 02:57:35 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-06-03 02:57:34 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-06-03 02:57:33 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-06-03 02:57:33 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-06-03 02:57:30 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-06-03 02:44:29 0 d-------- C:\Documents and Settings\kdonegan\Application Data\Malwarebytes
2008-06-03 02:44:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-03 00:23:58 0 d--h----- C:\$AVG8.VAULT$
2008-06-03 00:11:48 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-03 00:09:17 0 d-------- C:\Program Files\AVG
2008-06-03 00:09:13 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-02 16:51:51 52736 --a------ C:\WINDOWS\system32\blphccq2j0e90r.scr <Not Verified; Peter's Productions; Bugs!>

-- Find3M Report ---------------------------------------------------------------

2008-06-27 11:31:27 0 d-------- C:\Documents and Settings\kdonegan\Application Data\Mozilla
2008-06-27 01:02:19 0 d-------- C:\Program Files\Google
2008-06-26 11:20:23 0 d-------- C:\Program Files\Common Files
2008-06-14 12:56:34 0 d-------- C:\Documents and Settings\kdonegan\Application Data\Google
2008-06-12 14:13:32 0 d-------- C:\Documents and Settings\kdonegan\Application Data\Notepad++
2008-06-12 14:13:16 0 d-------- C:\Program Files\Notepad++
2008-06-06 10:44:51 0 d-------- C:\Program Files\Java
2008-06-04 18:56:13 0 d-------- C:\Documents and Settings\kdonegan\Application Data\LimeWire
2008-06-03 02:56:42 0 d-------- C:\Program Files\Spyware Doctor
2008-06-02 20:01:45 512 --a------ C:\ScanSectorLog.dat
2008-05-22 22:12:17 0 d-------- C:\Documents and Settings\kdonegan\Application Data\Adobe
2008-05-22 01:27:03 0 d-------- C:\Documents and Settings\kdonegan\Application Data\FileZilla
2008-05-20 19:17:29 0 d-------- C:\Documents and Settings\kdonegan\Application Data\wsInspector
2008-05-20 18:54:48 0 d-------- C:\Program Files\Startup Inspector for Windows
2008-05-16 17:13:35 0 d-------- C:\Documents and Settings\kdonegan\Application Data\Skype
2008-05-14 17:24:55 0 d-------- C:\Program Files\Citrix
2008-05-12 11:27:34 0 d-------- C:\Program Files\DreamFactory
2008-05-09 13:19:48 0 d-------- C:\Documents and Settings\kdonegan\Application Data\AdobeUM
2008-04-27 16:10:01 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [02/17/2005 06:31 PM]
"Apoint "= "C:\Program Files\Apoint\Apoint.exe" [11/07/2003 08:21 PM]
"VAIO Recovery "= "C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [04/20/2003 01:08 AM]
"SonyPowerCfg "= "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [01/14/2005 08:18 PM]
"Switcher.exe "= "C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe" [01/21/2005 12:24 AM]
"ISBMgr.exe "= "C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [02/20/2004 06:12 PM]
"IgfxTray "= "C:\WINDOWS\system32\igfxtray.exe" [02/22/2005 08:37 PM]
"HotKeysCmds "= "C:\WINDOWS\system32\hkcmd.exe" [02/22/2005 08:34 PM]
"Mouse Suite 98 Daemon "= "ICO.EXE" []
"VZRemoteCommander "= "C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe" [01/31/2005 02:10 PM]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"SsAAD.exe "= "C:\PROGRA~1\sony\SONICS~1\SsAAD.exe" [01/24/2005 11:58 PM]
"GrooveMonitor "= "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 01:47 AM]
"AVG8_TRAY "= "C:\PROGRA~1\AVG\AVG8\avgtray.exe" [06/21/2008 08:27 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 AM]
"updateMgr "= "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 04:45 PM]
"RoboForm "= "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [02/09/2008 12:10 PM]

C:\Documents and Settings\kdonegan\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [10/26/2006 9:24:54 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools "=0 (0x0)
"HideLegacyLogonScripts "=0 (0x0)
"HideLogoffScripts "=0 (0x0)
"RunLogonScriptSync "=1 (0x1)
"RunStartupScriptSync "=0 (0x0)
"HideStartupScripts "=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts "=0 (0x0)
"HideLogoffScripts "=0 (0x0)
"RunLogonScriptSync "=1 (0x1)
"RunStartupScriptSync "=0 (0x0)
"HideStartupScripts "=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 01/18/2005 04:48 PM 73728 C:\WINDOWS\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls "=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
backup=C:\WINDOWS\pss\Service Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeVersionCue]
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\j2 4.2]
"C:\Program Files\j2 Messenger 4.2\J2GDllCmd.exe" /R

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 2]
"C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary

-- End of Deckard's System Scanner: finished at 2008-07-01 22:20:01 ------------

domdeez · 2008/07/02

extra dss

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) M processor 1.60GHz
Percentage of Memory in Use: 67%
Physical Memory (total/avail): 502.42 MiB / 161.71 MiB
Pagefile Memory (total/avail): 1226.89 MiB / 846.2 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1928.88 MiB

C: is Fixed (NTFS) - 69.52 GiB total, 34.94 GiB free.
D: is Removable (No Media)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE1 - MemoryStick or MemoryStickPro Device

\\.\PHYSICALDRIVE0 - HITACHI_DK23FA-80 - 74.53 GiB - 2 partitions
\PARTITION0 - Unknown - 5.01 GiB
\PARTITION1 (bootable) - Installable File System - 69.52 GiB - C:

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallOverride is set.

FW: AVG Firewall v8.0 (AVG Technologies CZ, s.r.o.) Disabled
AV: AVG Anti-Virus v8.0 (AVG Technologies)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\\Program Files\\MSN Messenger\\msncall.exe "= "C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) "
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe "= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 "
"C:\\Program Files\\MSN Messenger\\livecall.exe "= "C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) "
"%windir%\\Network Diagnostic\\xpnetdiag.exe "= "%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\\Program Files\\Messenger\\msmsgs.exe "= "C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger "
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe "= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 "
"C:\\Program Files\\MSN Messenger\\livecall.exe "= "C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) "
"C:\\Program Files\\iTunes\\iTunes.exe "= "C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes "
"%windir%\\Network Diagnostic\\xpnetdiag.exe "= "%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger "
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server "
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook "
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE "= "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove "
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote "
"C:\\Program Files\\LimeWire\\LimeWire.exe "= "C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire "
"C:\\Program Files\\Skype\\Phone\\Skype.exe "= "C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype "
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe "= "C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe "
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe "= "C:\\Program Files\\AVG\\AVG8\\avgnsx.exe:*:Enabled:avgnsx.exe "
"C:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe "= "C:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe:*:Enabledreamweaver 8 "
"C:\\Program Files\\Ipswitch\\WS_FTP Professional\\wsftpgui.exe "= "C:\\Program Files\\Ipswitch\\WS_FTP Professional\\wsftpgui.exe:*:Enabled:WS_FTP Pro Application "

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\kdonegan\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=KEENAN
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\kdonegan
LOGONSERVER=\\KEENAN
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn;C:\Program Files\Intel\Wireless\Bin;;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d08
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\kdonegan\LOCALS~1\Temp
TMP=C:\DOCUME~1\kdonegan\LOCALS~1\Temp
USERDOMAIN=KEENAN
USERNAME=kdonegan
USERPROFILE=C:\Documents and Settings\kdonegan
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI

-- User Profiles ---------------------------------------------------------------

kdonegan (admin)
Administrator (new local, admin)

-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> Dummy
--> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {471159EB-BECC-453C-B6F2-FE4FAB29B3F3}
--> MsiExec.exe /I{AC76BA86-1033-0000-7760-000000000001}
--> RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll ",LaunchSetup "C:\Program Files\InstallShield Installation Information\{416DFEDD-9F1B-4EFC-AF70-FCA891AE0251}\zidxp.exe "
--> RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll ",LaunchSetup "C:\Program Files\InstallShield Installation Information\{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}\setup.exe "
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{01958032-9877-4118-B87F-9EFA74B3F15F}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D3E4251D-8364-4698-B0E0-A7C799384403}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Creative Suite --> C:\PROGRA~1\INSTAL~1\{D52EC~1\setup.exe /Relaunched=yes /Uninstall /Relaunched=yes
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
AI RoboForm (All Users) --> "C:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe "
Apple Mobile Device Support --> MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AVG 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Axure RP Pro 4 --> "C:\Documents and Settings\All Users\Application Data\{A13631F3-4B4E-4D16-A15C-B6E45A98E464}\AxureRP.exe" REMOVE=TRUE MODIFY=FALSE
BlackBerry Desktop Software 4.2 --> MsiExec.exe /I{37E1EB56-C59B-4C5C-B0B3-B5076046EF8A}
BlackBerry Desktop Software 4.2 --> MsiExec.exe /i{37E1EB56-C59B-4C5C-B0B3-B5076046EF8A}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe "
Click to DVD 2.0.03 Menu Data --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E407618-D9CD-4F39-9490-9ED45294073D}\setup.exe" -l0x9 -removeonly
Click to DVD 2.4.02 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E809063C-51A3-4269-8984-D1EB742F2151}\setup.exe" -l0x9 -removeonly
DreamFactory Runtime for Netscape, Mozilla, and Firefox --> C:\WINDOWS\unvise32.exe C:\Program Files\DreamFactory\winplug.log
DVgate Plus --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{685BCC47-B8EC-45EC-BBCE-77DF2451502C}\Setup.exe" -l0x9
Flash Slideshow Maker Pro 4.75 --> C:\Program Files\Flash Slideshow Maker Professional\uninst.exe
Gallery Remote --> "C:\Program Files\Gallery Remote\UninstallerData\Uninstall gallery_remote.exe "
HDAUDIO SoftV92 Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200\HXFSETUP.EXE -U -IHDAUDIO\FUNC_02&VEN_14F1&DEV_2BFA&SUBSYS_104D0200
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe "
HP Deskjet 3840 --> msiexec /x{B1591C79-1C35-4E09-AA15-F7D6923AFB96}
HP Software Update --> MsiExec.exe /X{B81023A5-71ED-46EB-BE3B-9F974D1155F1}
Image Converter 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9155A84B-A94B-496E-9661-9978EB0CBC7C}\Setup.exe" /UNINSTALL
Intel(R) Graphics Media Accelerator Driver for Mobile --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
Intel(R) PRO Network Connections Drivers --> Prounstl.exe
Intel(R) PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
InterVideo WinDVD for VAIO --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
InterVideo WinDVDX --> "C:\Program Files\InstallShield Installation Information\{1A91D1FA-B9B3-4556-9878-5C61059A19B2}\setup.exe" REMOVEALL
Ipswitch WS_FTP Professional 2006 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}\setup.exe" -l0x9
iTunes --> MsiExec.exe /I{B045B608-4A47-4C77-9EAD-06C394503306}
j2 Messenger 4.2 --> C:\Program Files\j2 Messenger 4.2\Uninstall.exe
J2SE Runtime Environment 5.0 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LimeWire 4.14.10 --> "C:\Program Files\LimeWire\uninstall.exe "
Macromedia Contribute 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C1D62274-F150-4A93-8A13-71E42B34EDFE}\Setup.exe" -l0x9 mmUninstall
Macromedia Dreamweaver 8 --> MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Fireworks 8 --> MsiExec.exe /I{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}
Macromedia Flash 8 --> MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
Macromedia Flash 8 Video Encoder --> MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Macromedia Flash Paper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{415DB050-CAF2-4E66-91EE-5B4BFDFC3475}\setup.exe" -l0x9 mmUninstall
Macromedia Flash Player 8 --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
mCore --> MsiExec.exe /I{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}
mDriver --> MsiExec.exe /I{28DA872A-0848-48CF-B749-19A198157A2A}
Memory Stick Formatter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27337663-2619-11D4-99DC-0000F49094C7}\setup.exe" -l0x9 /UNINSTALL
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe "
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Project MUI (English) 2007 --> MsiExec.exe /X{90120000-00B4-0409-0000-0000000FF1CE}
Microsoft Office Project Professional 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PRJPRO /dll OSETUP.DLL
Microsoft Office Project Professional 2007 --> MsiExec.exe /X{90120000-003B-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Visio MUI (English) 2007 --> MsiExec.exe /X{90120000-0054-0409-0000-0000000FF1CE}
Microsoft Office Visio Professional 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISPRO /dll OSETUP.DLL
Microsoft Office Visio Professional 2007 --> MsiExec.exe /X{90120000-0051-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft SQL Server Desktop Engine (VAIO_VEDB) --> MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe "
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
MoodLogic --> C:\WINDOWS\ml-uninstall-v10.exe
Mozilla Firefox (3.0) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
Nokia Connectivity Adapter Cable DKU-5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F1BA3CD5-89DC-4273-8603-A75F33E9B335}\Setup.exe" -l0x9
Notepad++ --> C:\Program Files\Notepad++\uninstall.exe
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OpenMG Limited Patch 4.1-05-13-31-01 --> C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.1-05-13-31-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.1.00 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{2F151B50-B434-4838-B51D-70442EBA093E} UNINSTALL
PersonalBrain 4.0.3.1 --> C:\Program Files\PersonalBrain\uninstall.exe
PictureGear Studio 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88DA0A52-3372-4803-971A-ADFB961707E8}\Setup.exe"
Quicken 2005 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2DBE41DD-2129-4C65-A3D3-5647236A60F3} anything
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" REMOVE
Registry Mechanic 7.0 --> "C:\Program Files\Registry Mechanic\unins000.exe "
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB934062) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Office 2007 (KB934062) --> msiexec /package {90120000-003B-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Office 2007 (KB934062) --> msiexec /package {90120000-0051-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe "
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe "
Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {90120000-003B-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {90120000-0051-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
Security Update for Visio 2007 (KB947590) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Security Update for Visio 2007 (KB947590) --> msiexec /package {90120000-0051-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Setting Utility Series --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59452470-A902-477F-9338-9B88101681BD}\setup.exe" -l0x9
Skype 3.1 --> "C:\Program Files\Skype\Phone\unins000.exe "
Skype Plugin Manager --> MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
SonicStage 3.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0EB195B-5876-48E6-879D-33D4B2102610}\setup.exe" -l0x9 UNINSTALL -removeonly
SonicStage Mastering Studio Audio Filter Custom Preset --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{013E1BA8-C815-4E27-BCB9-D6B1B2E24094}\setup.exe" -l0x9
Sony Certificate PCH --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0448678-1203-4158-A58F-B3D0B616BF9E}\setup.exe"
Sony MP4 Shared Library --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}\setup.exe" -l0x9 -removeonly
Sony USB Mouse --> Pmuninst.exe MouseSuite98
Sony Utilities DLL --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF3D45BB-2260-4008-88EA-492E7744A9DF}\setup.exe" -l0x9
Sony Video Shared Library --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}\setup.exe" -l0x9 -removeonly
Sothink SWF Decompiler --> "C:\Program Files\SourceTec\Sothink SWF Decompiler\unins000.exe "
Sothink SWF to Video Converter --> "C:\Program Files\SourceTec\Sothink SWF to Video Converter\unins000.exe "
Sothink Video Encoder for Adobe Flash (Command-Line Version) --> "C:\Program Files\SourceTec\fvec\unins000.exe "
Uninstall Startup Inspector --> "C:\Program Files\Startup Inspector for Windows\unins000.exe "
Update for Office 2007 (KB932080) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB932080) --> msiexec /package {90120000-003B-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB932080) --> msiexec /package {90120000-0051-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Office 2007 (KB946691) --> msiexec /package {90120000-003B-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0051-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb950378) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F6296086-AED5-4EC0-938B-08EA0254F20E}
V620 Driver Setup --> MsiExec.exe /I{D744BF30-C1F8-4474-9C6A-446389738887}
VAIO Control Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E993095-28F2-4060-9101-99C1FD1195C0}\setup.exe" -l0x9
VAIO Entertainment Platform --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D917FD82-6CE5-489A-AAF8-C701AAC85C4D}\setup.exe" -l0x9
VAIO Event Service --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}\setup.exe" -l0x9
VAIO Launcher --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A43F939E-A863-433D-AC78-0897E44CFEB2}\setup.exe" -l0x9
VAIO Light Flo Wallpaper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{639BB4D3-AA30-4A7B-8CB5-6DE681AD6659}\setup.exe" -l0x9
VAIO Media 4.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EB317D8-8945-4FD6-B37F-DF470317C6AB}\Setup.exe" -l0x9 UNINSTALL
VAIO Media AC3 Decoder 1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2063C2E8-3812-4BBD-9998-6610F80C1DD4}\Setup.exe" -l0x9 UNINSTALL
VAIO Media Integrated Server 4.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A79D11B-FD82-4A5E-834F-20173515DD14}\setup.exe" -l0x9 UNINSTALL -removeonly
VAIO Media Redistribution 4.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7128C69B-8F7E-4336-8698-3FD3CDD955EC}\Setup.exe" -l0x9 UNINSTALL
VAIO Media Registration Tool 4.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}\setup.exe" -l0x9 UNINSTALL
VAIO Original Screen Saver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1BEF9285-5530-426B-A5F1-5836B95C7EB1}\setup.exe" -l0x9
VAIO Original Screen Saver VAIO Motion SD Wide Contents --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51735133-A296-4EB0-BF16-AD93B55BD000}\setup.exe" -l0x9
VAIO Power Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E319E96-ED8E-4B01-9775-C521A1869A25}\setup.exe" -l0x9
VAIO Registration --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{315BA29D-2644-4760-B5FD-5AC04A52B8C5}
VAIO Survey Standalone --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}
VAIO TV Tuner Library 1.4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC6E3CD5-A93D-44EA-85AE-894C1603B7E2}\setup.exe"
VAIO Update 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48820099-ED7D-424B-890C-9A82EF00656D}\setup.exe" -l0x9
VAIO Wireless Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DF00135-D5A7-476A-BFB3-EDFF2840076A}\Setup.exe" -l0x9
VAIO Zone --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ED8D39F2-7FFA-45EC-B148-EF2472955BB4}\Setup.exe" -l0x9
VAIO Zone Remote Commander --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E09E82C3-6C4D-45B0-8790-BBBEE39F1A3C}\Setup.exe" -l0x9
Wave MP3 Editor v11.9.2 - KISS Free Version --> MsiExec.exe /I{AEC01EFA-2C3B-40F1-8F5B-AA49D2490979}
Windows Backup Utility --> MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{F652D238-5F29-42D5-BAF3-0115EF977EC2}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe "
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Wireless Switch Setting Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}\setup.exe" -l0x9
Wondershare Video To Flash Encoder Trial Version --> "C:\Program Files\Wondershare\Video To Flash Encoder\unins000.exe "
Xtreeme SiteXpert 9.0 --> "C:\Program Files\SiteXpert\unins000.exe "
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

-- Application Event Log -------------------------------------------------------

Event Record #/Type14092 / Warning
Event Submitted/Written: 07/01/2008 02:07:43 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{90120000-0030-0000-0000-0000000FF1CE}', feature 'OUTLOOKFiles' failed during request for component '{0638C49D-BB8B-4CD1-B191-055E8F325736}'

Event Record #/Type14091 / Warning
Event Submitted/Written: 07/01/2008 02:07:43 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{90120000-0030-0000-0000-0000000FF1CE}', feature 'OUTLOOKFiles', component '{FD7878D4-39CC-4BE5-91F6-330ED22AC5FD}' failed. The resource 'HKEY_CLASSES_ROOT\.pst\' does not exist.

Event Record #/Type14084 / Warning
Event Submitted/Written: 07/01/2008 11:35:23 AM
Event ID/Source: 19011 / MSSQL$VAIO_VEDB
Event Description:
(SpnRegister) : Error 1355

Event Record #/Type14080 / Warning
Event Submitted/Written: 07/01/2008 10:33:44 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{90120000-0030-0000-0000-0000000FF1CE}', feature 'OUTLOOKFiles' failed during request for component '{0638C49D-BB8B-4CD1-B191-055E8F325736}'

Event Record #/Type14079 / Warning
Event Submitted/Written: 07/01/2008 10:33:44 AM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{90120000-0030-0000-0000-0000000FF1CE}', feature 'OUTLOOKFiles', component '{FD7878D4-39CC-4BE5-91F6-330ED22AC5FD}' failed. The resource 'HKEY_CLASSES_ROOT\.pst\' does not exist.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type51393 / Warning
Event Submitted/Written: 07/01/2008 07:35:47 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type51391 / Error
Event Submitted/Written: 07/01/2008 00:55:25 PM
Event ID/Source: 30013 / ipnathlp
Event Description:
The DHCP allocator has disabled itself on IP address 74.72.233.23,
since the IP address is outside the 192.168.0.0/255.255.255.0 scope
from which addresses are being allocated to DHCP clients.
To enable the DHCP allocator on this IP address,
please change the scope to include the IP address,
or change the IP address to fall within the scope.

Event Record #/Type51388 / Error
Event Submitted/Written: 07/01/2008 11:48:40 AM / 07/01/2008 00:50:05 PM
Event ID/Source: 1 / ACPIEC
Event Description:
\Device\ACPIEC: The embedded controller (EC) hardware didn't respond within the timeout period. This may indicate an error in the EC hardware or firmware, or possibly a poorly designed BIOS which accesses the EC in an unsafe manner. The EC driver will retry the failed transaction if possible.

Event Record #/Type51385 / Warning
Event Submitted/Written: 07/01/2008 11:38:56 AM
Event ID/Source: 1007 / Dhcp
Event Description:
Your computer has automatically configured the IP address for the Network
Card with network address 00014A5FC20E. The IP address being used is 169.254.143.242.

Event Record #/Type51382 / Error
Event Submitted/Written: 07/01/2008 11:35:58 AM
Event ID/Source: 30013 / ipnathlp
Event Description:
The DHCP allocator has disabled itself on IP address 169.254.143.242,
since the IP address is outside the 192.168.0.0/255.255.255.0 scope
from which addresses are being allocated to DHCP clients.
To enable the DHCP allocator on this IP address,
please change the scope to include the IP address,
or change the IP address to fall within the scope.

-- End of Deckard's System Scanner: finished at 2008-07-01 22:20:01 ------------

noahdfear · 2008/07/02

Everything appears to be in order. Did you install the Bugs! screen saver?

domdeez · 2008/07/03

No, I didn't. My screensaver for my laptop seems to be shut off, kind of link the setting was changed to hibernate instead of do the screen saver. Let me check the settings..

domdeez · 2008/07/03

Coincidentally, after about a week of everything going well I just got an alert from my AVG program, it says "Threat" and I put it in my vault. it says it is located here: C:\System Volume Information\_restore{random numbers here}

noahdfear · 2008/07/04

That detection is from a System Restore point. We'll take care of that now, as well as a few other tidbits. Since you didn't install it, I recommend you delete that screensaver file.

C:\WINDOWS\system32\blphccq2j0e90r.scr

You've got some leftovers from SmitfraudFix that can be removed as well.

C:\WINDOWS\system32\WS2Fix.exe
C:\WINDOWS\system32\IEDFix.exe
C:\WINDOWS\system32\VCCLSID.exe
C:\WINDOWS\system32\SrchSTS.exe
C:\WINDOWS\system32\dumphive.exe
C:\WINDOWS\system32\Process.exe
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\VACFix.exe
C:\WINDOWS\system32\404Fix.exe

You should also delete SmitfraudFix.exe and the SmitfraudFix folder.

Now provided you still have ComboFix on your desktop (if not, download and save it to your desktop again), click Start>Run and type ComboFix /u then hit Enter to uninstall ComboFix and remove the files it has quarantined. This action will also reset the System Restore points, removing the infected files there as well. The C:\Deckard's folder will also be removed. You can delete any logs that were created/saved too.

Next, download ATF Cleaner by Atribune and save it to your Desktop.

Double click ATF-Cleaner.exe to run the program.

Check the boxes to the left of:

Windows Temp

Current User Temp

All Users Temp

Temporary Internet Files

Prefetch

Java Cache

Recycle bin

The rest are optional - if you want it to remove everything check "Select All ".

Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.

Reboot

And finally, lets do an online scan to be sure we haven't missed something. Please scan with Kaspersky WebScanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:

Once the files have been downloaded click on NEXT

Now click on Scan Settings

In the scan settings make that the following are selected:

Scan using the following Anti-Virus database:

Extended (if available otherwise Standard)

Scan Options:

Scan Archives
Scan Mail Bases

Click OK

Now under select a target to scan:

Select My Computer

This will program will start and scan your system.

The scan will take a while so be patient and let it run.

Once the scan is complete it will display if your system has been infected.

Now click on the Save as Text button:

Save the file to your desktop.

Post the Kaspersky log and a fresh HijackThis log to this topic.

Log in or Sign up

Trojan Horse Generic10.ASPU Removal

domdeez Inactive Thread Starter

noahdfear Inactive

domdeez Inactive Thread Starter

noahdfear Inactive

domdeez Inactive Thread Starter

domdeez Inactive Thread Starter

domdeez Inactive Thread Starter

noahdfear Inactive

domdeez Inactive Thread Starter

domdeez Inactive Thread Starter

noahdfear Inactive

Share This Page

Log in or Sign up

Trojan Horse Generic10.ASPU Removal

domdeez Inactive Thread Starter

noahdfear Inactive

domdeez Inactive Thread Starter

noahdfear Inactive

domdeez Inactive Thread Starter

domdeez Inactive Thread Starter

domdeez Inactive Thread Starter

noahdfear Inactive

domdeez Inactive Thread Starter

domdeez Inactive Thread Starter

noahdfear Inactive

Share This Page

Useful Searches