Member Panel

Remember me ?

Forgot password?   

Sponsors and Ads

Join the Team

Live Tag Cloud
PC Forum PC Help Forum » Security & Safety » [Pending] HJT Logs » PC doing strange things

[Pending] HJT Logs - PC doing strange things posted in the Security & Safety forums; Hi again, My pc, a Compaq running Windows 2000 boots up really slower than usual, will sometimes remove all the icons on the desktop and the only way out is ...

JOIN US NOW to remove these Ads

Post New Thread  Reply
Page 1 of 2 1 2 >
  #1  
Old 06-07-2008
thomasb103's Avatar
Bronze Member
  
Join Date: Feb 2006
Posts: 40
thomasb103 - See this Members User comments on their Profile page
Default PC doing strange things
Hi again,

My pc, a Compaq running Windows 2000 boots up really slower than usual, will sometimes remove all the icons on the desktop and the only way out is to reboot. Sometimes just out of the nowhere it will reboot without warning or any actions taken on my part. The internet explorer browser seems to start on startup of the pc. If I do have an internet browser open, I also get popup windows every few seconds. I only use ie when I open certain programs. Popups only come with the ie browser.

I'm embedding my main.txt and extra.txt and the moved.txt files from Deckard....Also will attach the files.

main.txt

Deckard's System Scanner v20071014.68
Run by Administrator on 2008-06-07 09:51:28
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 255 MiB (256 MiB recommended).
System Drive C: has 0.25 GiB (less than 15%) free.


-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:54:01 AM, on 6/7/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\acs.exe
C:\WINNT\system32\spoolsv.exe
C:\COMPAQ\ACLIENT\ACLIENT.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\system32\crypserv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
C:\WINNT\System32\FLRSERV.EXE
C:\WINNT\system32\stisvc.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINNT\System32\TSIRCSRV.EXE
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Trend Micro\OfficeScan Client\ofcdog.exe
C:\WINNT\TSI32\tsircusr.exe
C:\PROGRA~1\ORL\VNC\WinVNC.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\CCM\CcmExec.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\WINNT\system32\Promon.exe
C:\Program Files\Compaq\Easy Access Keyboard\MMKeybd.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Airlink101\AWLL4030\ACU.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Trend Micro\OfficeScan Client\RAUAgent.exe
C:\Program Files\Compaq\Easy Access Keyboard\MMUSBKB2.EXE
C:\WINNT\winlogon.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntupd.exe
C:\WINNT\system32\Rundll32.exe
C:\WINNT\system32\rundll32.exe
C:\PROGRA~1\Webshots\Webshots.scr
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\SBHookSvc.exe
C:\WINNT\System32\MDM.EXE
C:\Documents and Settings\Administrator\Desktop\dss.exe
C:\DOCUME~1\ADMINI~1\Desktop\HIJACK~1\Administrato r.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Yahoo!
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: Advanced Searchbar - {57F02779-3D88-4958-8AD3-83C12D86ADC7} - C:\Program Files\AdvancedSearchbar\advancedsearchbar.dll
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,C:\WINNT\T SI32\tsircusr.exe
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: {5561f32d-eb95-14ab-d604-0414fedd7d41} - {14d7ddef-4140-406d-ba41-59bed23f1655} - C:\WINNT\system32\bsykuxms.dll
O2 - BHO: (no name) - {53FE12C2-4429-488F-847B-7B285F8F6778} - C:\WINNT\system32\yayXnoop.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {6129D6D2-0942-4ECE-B916-51E69EF7C492} - C:\WINNT\system32\qoMccCtr.dll
O2 - BHO: SnapFlash Class - {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} - C:\Program Files\Common Files\justDo\Jd2002.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Advanced Searchbar - {57F02779-3D88-4958-8AD3-83C12D86ADC7} - C:\Program Files\AdvancedSearchbar\advancedsearchbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [Easy Access Keyboard] "C:\Program Files\Compaq\Easy Access Keyboard\MMKeybd.exe"
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Airlink101\AWLL4030\ACU.exe" -nogui
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [RemoteAgent] "C:\Program Files\Trend Micro\OfficeScan Client\RAUAgent.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ntdll.dll] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [runner1] C:\WINNT\mrofinu1000137.exe 61A847B5BBF72813329B385771FE01F0B3E35B6638993F4661 AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [winlogon] C:\WINNT\winlogon.exe
O4 - HKLM\..\Run: [f029ae49] rundll32.exe "C:\WINNT\system32\itlnpple.dll",b
O4 - HKLM\..\Run: [BMf31a9dd5] Rundll32.exe "C:\WINNT\system32\rljpcomu.dll",s
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - .DEFAULT Startup: defuser.bat (User 'Default user')
O4 - .DEFAULT User Startup: defuser.bat (User 'Default user')
O4 - Startup: DW_Start.lnk = C:\WINNT\SYSTEM32\swTMP\hbnx12.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Save F&lash with FlashCapture - res://C:\Program Files\FlashCapture\fciext.dll/FCIEXT.htm
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Common Files\justDo\IECatcher.DLL/FlashCatcher.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Advanced Searchbar - {57F02779-3D88-4958-8AD3-83C12D86ADC7} - C:\Program Files\AdvancedSearchbar\advancedsearchbar.dll
O9 - Extra 'Tools' menuitem: Advanced Searchbar - {57F02779-3D88-4958-8AD3-83C12D86ADC7} - C:\Program Files\AdvancedSearchbar\advancedsearchbar.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: FlashCapture - {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD} - C:\Program Files\FlashCapture\fciext.dll
O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\justDo\IECatcher.DLL
O9 - Extra 'Tools' menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\justDo\IECatcher.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
O15 - Trusted Zone: *.emidev.com (HKLM)
O15 - Trusted Zone: *.emigrp.com (HKLM)
O15 - Trusted IP range: 167.229.*.* (HKLM)
O16 - DPF: Yahoo! Chess - http://download2.games.yahoo.com/gam...ts/y/ct5_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = amr.emigrp.com
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: yayXnoop - C:\WINNT\SYSTEM32\yayXnoop.dll
O23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - C:\COMPAQ\ACLIENT\ACLIENT.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINNT\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\RU1J\command.exe (file missing)
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINNT\SYSTEM32\crypserv.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: License Management Service ESD - element5 - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NetManage FTP Server - NetManage, Inc. - C:\PROGRA~1\NETMAN~1\apps\ftpd\ftpd.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: SBHookSvc - Motive Communications, Inc. - C:\PROGRA~1\SBCSEL~1\SMARTB~1\SBHookSvc.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
O23 - Service: Shared Folders Server (SFOLDER) - NetManage. - C:\WINNT\System32\FLRSERV.EXE
O23 - Service: OfficeScanNT Listener (tmlisten) - Unknown owner - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: TSI Remote Control Service (TSIRCSRV) - LapLink, Inc. - C:\WINNT\System32\TSIRCSRV.EXE
O23 - Service: VNC Server (winvnc) - Olivetti & Oracle Research Lab - C:\PROGRA~1\ORL\VNC\WinVNC.exe

--
End of file - 14115 bytes

-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - C:\Program Files\Bee Icons\Themes\Cool Blue Icons.icl,45
.chm - chm.file - DefaultIcon - C:\Program Files\Bee Icons\Themes\Ruby.icl,45
.hlp - hlpfile - DefaultIcon - C:\Program Files\Bee Icons\Themes\Slicer.icl,45
.ini - GetDiz.Document - DefaultIcon - C:\Program Files\Bee Icons\Themes\SilvaBlue.icl,54
.ini - GetDiz.Document - shell\open\command - notepad.exe %1
.txt - txtfile - DefaultIcon - C:\Program Files\Bee Icons\Themes\SilvaBlue.icl,56


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 bdasupp - c:\winnt\system32\drivers\bdasupp.sys
R1 IBMTwxNM - c:\winnt\system32\drivers\ibmtwxnm.sys
R1 IBMTwxSN - c:\winnt\system32\drivers\ibmtwxsn.sys
R1 NetworkX - c:\winnt\system32\ckldrv.sys
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R1 tsircmir (LapLink Mirror Driver Miniport) - c:\winnt\system32\drivers\tsircmir.sys <Not Verified; LapLink, Inc.; LAPLINK GOLD>
R2 cpqdfw (Compaq Diagnostics Driver) - c:\winnt\system32\drivers\cpqdfw.sys
R2 cq_mem (Compaq Diagnostics Memory Driver) - c:\winnt\system32\drivers\cq_mem.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
R2 cqcpu (Compaq Diagnostics CPU Driver) - c:\winnt\system32\drivers\cqcpu.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
R2 Drvlw (NetManage IPTrace32 NDIS Interface) - c:\winnt\system32\drivers\drvlw.sys
R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.10) - c:\winnt\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.10>
R2 SbcpHid - c:\winnt\system32\drivers\sbcphid.sys
R2 TSISER - c:\winnt\system32\drivers\tsiser.sys <Not Verified; LapLink, Inc.; LAPLINK GOLD>
R2 TSISTRMX (Traveling Software Stream Driver) - c:\winnt\system32\drivers\tsistrmx.sys <Not Verified; LapLink, Inc.; LAPLINK GOLD>
R2 VNSCOAX - \dosdevices\c:\winnt\system32\vnscoax.sys (file missing)
R2 VNSSDLCI - \dosdevices\c:\winnt\system32\vnssdlci.sys (file missing)
R2 VNSSDLCP - \dosdevices\c:\winnt\system32\vnssdlcp.sys (file missing)
R3 NTIDrvr (Upper Class Filter Driver) - c:\winnt\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >
R3 TSIKBF5 (Traveling Software Keyboard Filter Driver) - c:\winnt\system32\drivers\tsikbf5.sys <Not Verified; LapLink, Inc.; LAPLINK GOLD>
R3 TSIMSF5 (Traveling Software Mouse Filter Driver) - c:\winnt\system32\drivers\tsimsf5.sys <Not Verified; LapLink, Inc.; LAPLINK GOLD>

S1 CLNTMGMT (Compaq CIMAgent Driver) - c:\winnt\system32\drivers\clntmgmt.sys (file missing)
S1 IBMTwx - c:\winnt\system32\drivers\ibmtwx.sys
S1 TSIRCINK (Traveling Software Install Driver) - c:\winnt\system32\drivers\tsircink.sys <Not Verified; LapLink, Inc.; LAPLINK GOLD>
S3 AlKernel (Altiris Kernel Driver) - c:\winnt\system32\drivers\alkernel.sys
S3 DCamUSBSQTECH (Dual-Mode DSC(2770)) - c:\winnt\system32\drivers\sqcaptur.sys <Not Verified; Service & Quality Technology.; SQ913>
S3 FBIKB_NT - c:\winnt\system32\drivers\fbikb_nt.sys (file missing)
S3 Partizan - c:\winnt\system32\drivers\partizan.sys <Not Verified; Greatis Software; RegRun Security Suite>
S3 Pcouffin (Low level access layer for CD devices) - c:\winnt\system32\drivers\pcouffin.sys (file missing)
S3 prepdrvr (SMS Process Event Driver) - c:\winnt\system32\ccm\prepdrv.sys <Not Verified; Microsoft Corporation; Systems Management Server>
S3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
S3 SFFSD (Shared Folders File System Driver) - \dosdevices\c:\winnt\system32\drivers\sffsd.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AClient (Altiris Client Service) - c:\compaq\aclient\aclient.exe -service <Not Verified; Altiris, Inc.; Altiris Client Agent for Windows>
R2 ACS (Atheros Configuration Service) - c:\winnt\system32\acs.exe
R2 CcmExec (SMS Agent Host) - c:\winnt\system32\ccm\ccmexec.exe <Not Verified; Microsoft Corporation; Systems Management Server>
R2 Crypkey License - crypserv.exe <Not Verified; Kenonic Controls Ltd.; CrypKey Software Licensing System>
R2 ntrtscan (OfficeScanNT RealTime Scan) - c:\program files\trend micro\officescan client\ntrtscan.exe <Not Verified; Trend Micro Inc.; Trend Micro OfficeScan>
R2 ScsiAccess - c:\program files\photodex\proshowproducer\scsiaccess.exe
R2 SFOLDER (Shared Folders Server) - c:\winnt\system32\flrserv.exe <Not Verified; NetManage.; ViewNow>
R2 tmlisten (OfficeScanNT Listener) - c:\program files\trend micro\officescan client\tmlisten.exe
R2 TSIRCSRV (TSI Remote Control Service) - c:\winnt\system32\tsircsrv.exe <Not Verified; LapLink, Inc.; LAPLINK GOLD>
R2 winvnc (VNC Server) - "c:\progra~1\orl\vnc\winvnc.exe" -service <Not Verified; Olivetti & Oracle Research Lab; Olivetti & Oracle Research Lab - WinVNC>
R3 SBHookSvc - c:\progra~1\sbcsel~1\smartb~1\sbhooksvc.exe <Not Verified; Motive Communications, Inc.; Motive System>

S2 cmdService (Command Service) - c:\winnt\ru1j\command.exe (file missing)
S2 Network Monitor - c:\program files\network monitor\netmon.exe service (file missing)
S3 License Management Service ESD - "c:\program files\common files\element5 shared\service\licence manager esd.exe" <Not Verified; element5; License Management Service ESD>
S3 NetManage FTP Server - c:\progra~1\netman~1\apps\ftpd\ftpd.exe <Not Verified; NetManage, Inc.; ViewNow>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-07 09:23:46 454 --a------ C:\WINNT\Tasks\RegCure Program Check.job
2007-11-21 22:06:45 388 --a------ C:\WINNT\Tasks\RegCure.job


-- Files created between 2008-05-07 and 2008-06-07 -----------------------------

2008-06-07 09:31:42 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_384.dat
2008-06-07 09:03:57 2624 --a------ C:\WINNT\system32\ednfhjfv.exe
2008-06-07 09:00:59 93760 --a------ C:\WINNT\system32\itlnpple.dll
2008-06-07 08:58:00 104512 --a------ C:\WINNT\system32\bsykuxms.dll
2008-06-07 08:55:40 103488 --a------ C:\WINNT\system32\rljpcomu.dll
2008-06-05 08:44:42 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_7ec.dat
2008-06-05 08:42:37 102976 --a------ C:\WINNT\system32\ffghefaj.dll
2008-06-05 08:39:52 2624 --a------ C:\WINNT\system32\emyulwbq.exe
2008-06-05 08:34:14 101440 --a------ C:\WINNT\system32\ijoflrev.dll
2008-06-04 08:43:58 2624 --a------ C:\WINNT\system32\qsvplcmu.exe
2008-06-04 08:37:51 102976 --a------ C:\WINNT\system32\wkbamrvr.dll
2008-06-04 08:31:36 101440 --a------ C:\WINNT\system32\mnkxlshd.dll
2008-06-01 15:00:24 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_7f4.dat
2008-06-01 08:51:40 2624 --a------ C:\WINNT\system32\ohhxfnid.exe
2008-06-01 08:51:30 105024 --a------ C:\WINNT\system32\rppbhepe.dll
2008-06-01 08:45:45 101952 --a------ C:\WINNT\system32\nfhcxict.dll
2008-05-31 08:57:49 2624 --a------ C:\WINNT\system32\akrnmseu.exe
2008-05-31 08:48:56 105024 --a------ C:\WINNT\system32\gctxulmy.dll
2008-05-31 08:45:52 94272 --a------ C:\WINNT\system32\tovcaijr.dll
2008-05-31 08:44:31 101952 --a------ C:\WINNT\system32\wuathmuw.dll
2008-05-30 08:34:23 103488 --a------ C:\WINNT\system32\prdcpode.dll
2008-05-30 08:31:27 2624 --a------ C:\WINNT\system32\dhynctwc.exe
2008-05-30 08:30:29 101952 --a------ C:\WINNT\system32\iyhsmvxg.dll
2008-05-28 09:14:39 2624 --a------ C:\WINNT\system32\bfjyhcfg.exe
2008-05-28 09:08:41 105024 --a------ C:\WINNT\system32\abfmxcti.dll
2008-05-27 09:18:25 104000 --a------ C:\WINNT\system32\oyjesqog.dll
2008-05-27 09:08:00 2624 --a------ C:\WINNT\system32\rjpikhdj.exe
2008-05-27 09:07:41 102976 --a------ C:\WINNT\system32\qaaqyeqk.dll
2008-05-26 08:35:45 104000 --a------ C:\WINNT\system32\xhgtuhrs.dll
2008-05-26 08:32:49 2624 --a------ C:\WINNT\system32\mirvderj.exe
2008-05-26 08:24:03 102464 --a------ C:\WINNT\system32\jchxmyxp.dll
2008-05-25 13:15:28 233472 --a------ C:\WINNT\system32\Ilda32.dll <Not Verified; Creative Development LTD; >
2008-05-25 13:15:27 18944 --a------ C:\WINNT\system32\BORLNDMM.DLL <Not Verified; Inprise Corporation; Borland Memory Manager>
2008-05-25 10:39:10 0 d-------- C:\Program Files\Multimedia Australia
2008-05-25 08:28:26 105024 --a------ C:\WINNT\system32\xnlyoqul.dll
2008-05-25 08:22:44 2624 --a------ C:\WINNT\system32\gogidirb.exe
2008-05-25 08:22:25 102976 --a------ C:\WINNT\system32\deihctdn.dll
2008-05-23 10:10:21 104512 --a------ C:\WINNT\system32\hdpfevyw.dll
2008-05-23 10:10:12 2624 --a------ C:\WINNT\system32\vaulkfjv.exe
2008-05-23 10:07:34 95808 --a------ C:\WINNT\system32\cgbsteqc.dll
2008-05-23 10:07:14 103488 --a------ C:\WINNT\system32\lmltlcsn.dll
2008-05-22 10:15:08 2624 --a------ C:\WINNT\system32\xohrjvxf.exe
2008-05-22 10:12:18 103488 --a------ C:\WINNT\system32\wuvadhvr.dll
2008-05-22 10:06:17 102464 --a------ C:\WINNT\system32\wnuowxlk.dll
2008-05-22 08:33:26 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_700.dat
2008-05-21 10:13:21 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_824.dat
2008-05-21 10:12:01 101440 --a------ C:\WINNT\system32\hkcmoyur.dll
2008-05-21 10:06:07 2624 --a------ C:\WINNT\system32\xuvfwbnv.exe
2008-05-21 10:05:10 99904 --a------ C:\WINNT\system32\jtkwdvky.dll
2008-05-20 09:19:13 101440 --a------ C:\WINNT\system32\mfmjcdce.dll
2008-05-20 09:19:06 2624 --a------ C:\WINNT\system32\udbhhyvv.exe
2008-05-20 09:16:09 99904 --a------ C:\WINNT\system32\tlwjgsuv.dll
2008-05-19 14:35:44 0 d-------- C:\Program Files\DHTMLMenuStudio
2008-05-19 11:31:57 0 d-------- C:\Program Files\123 Flash Menu
2008-05-19 09:27:37 100928 --a------ C:\WINNT\system32\dkhojwwq.dll
2008-05-19 09:18:43 2112 --a------ C:\WINNT\system32\wqwrfxvh.exe
2008-05-19 09:15:41 98880 --a------ C:\WINNT\system32\veieklsh.dll
2008-05-19 09:14:32 3648 --a------ C:\WINNT\system32\kuxewxew.dll
2008-05-18 08:49:18 101952 --a------ C:\WINNT\system32\wvkpeyfv.dll
2008-05-18 08:43:04 2112 --a------ C:\WINNT\system32\jknjxqum.exe
2008-05-18 08:40:09 3648 --a------ C:\WINNT\system32\shkmfawp.dll
2008-05-18 08:39:02 98880 --a------ C:\WINNT\system32\tguktgdp.dll
2008-05-18 08:31:07 101952 --a------ C:\WINNT\system32\pstwayqo.dll
2008-05-18 08:25:23 2112 --a------ C:\WINNT\system32\udndvoog.exe
2008-05-17 08:37:37 100928 --a------ C:\WINNT\system32\qkjjquis.dll
2008-05-17 08:36:59 3648 --a------ C:\WINNT\system32\fewkpgip.dll
2008-05-16 08:36:13 102464 --a------ C:\WINNT\system32\afgdsydr.dll
2008-05-16 08:30:21 2112 --a------ C:\WINNT\system32\paalgkih.exe
2008-05-16 08:27:21 96832 --a------ C:\WINNT\system32\jxcertqt.dll
2008-05-16 08:26:32 3648 --a------ C:\WINNT\system32\noctytoq.dll
2008-05-15 08:53:40 2112 --a------ C:\WINNT\system32\kuqknepk.exe
2008-05-15 08:50:41 101952 --a------ C:\WINNT\system32\seeubrkc.dll
2008-05-14 16:28:55 3648 --a------ C:\WINNT\system32\llqgnclh.dll
2008-05-14 16:26:36 96832 --a------ C:\WINNT\system32\kctdtryq.dll
2008-05-14 08:56:03 100928 --a------ C:\WINNT\system32\txfygnrm.dll
2008-05-14 08:49:56 2112 --a------ C:\WINNT\system32\xfqnfeeu.exe
2008-05-13 16:28:14 3648 --a------ C:\WINNT\system32\apogfbhw.dll
2008-05-13 16:25:18 100928 --a------ C:\WINNT\system32\ynxanyvn.dll
2008-05-12 16:30:07 90688 --a------ C:\WINNT\system32\kjtfcvog.dll
2008-05-12 16:29:24 2112 --a------ C:\WINNT\system32\ieocvgpg.exe
2008-05-12 16:27:06 101440 --a------ C:\WINNT\system32\xfnwtiei.dll
2008-05-12 16:24:30 100416 --a------ C:\WINNT\system32\uhscatof.dll
2008-05-12 16:24:16 3648 --a------ C:\WINNT\system32\hduqrvma.dll
2008-05-11 16:25:56 101952 --a------ C:\WINNT\system32\hlewuudk.dll
2008-05-11 16:25:43 2112 --a------ C:\WINNT\system32\wheqfuxd.exe
2008-05-11 16:23:06 98368 --a------ C:\WINNT\system32\anbwafdg.dll
2008-05-10 16:25:02 102464 --a------ C:\WINNT\system32\hoehixfq.dll
2008-05-10 16:22:26 2112 --a------ C:\WINNT\system32\hmgxcich.exe
2008-05-10 16:22:06 100416 --a------ C:\WINNT\system32\hbxxewjt.dll
2008-05-10 15:39:28 0 d-------- C:\Program Files\Easy Button Menu Maker
2008-05-10 15:29:08 0 d-------- C:\Program Files\HTMLPad 2007
2008-05-10 15:21:35 0 d-------- C:\Program Files\WeBuilder 2007
2008-05-10 15:20:56 114176 --a------ C:\WINNT\winlogon.exe
2008-05-10 09:19:25 102464 --a------ C:\WINNT\system32\phtebgln.dll
2008-05-09 16:26:52 93248 --a------ C:\WINNT\system32\fdhmqchx.dll
2008-05-09 16:23:51 2112 --a------ C:\WINNT\system32\dywvlaet.exe
2008-05-09 16:21:29 98368 --a------ C:\WINNT\system32\ohvssskk.dll
2008-05-09 10:09:03 102976 --a------ C:\WINNT\system32\hgnbnrtp.dll
2008-05-09 10:08:57 2112 --a------ C:\WINNT\system32\fwfnongy.exe
2008-05-09 10:05:59 98368 --a------ C:\WINNT\system32\qpnwpive.dll
2008-05-08 10:12:15 106048 --a------ C:\WINNT\system32\jggssuck.dll
2008-05-08 10:06:12 2112 --a------ C:\WINNT\system32\yplmtujj.exe
2008-05-08 10:04:57 105024 --a------ C:\WINNT\system32\lsibqbli.dll


-- Find3M Report ---------------------------------------------------------------

2008-06-07 09:55:38 734439 --ahs---- C:\WINNT\system32\rtCccMoq.ini2
2008-06-04 13:49:48 0 d-------- C:\Documents and Settings\Administrator\Application Data\U3
2008-06-01 10:13:24 0 d-------- C:\Program Files\CoffeeCup Software
2008-05-31 09:02:37 0 d-------- C:\Program Files\AdvancedSearchbar
2008-05-22 12:49:55 0 d-------- C:\Program Files\UltimateZip 2007
2008-05-14 13:48:10 0 d-------- C:\Program Files\Selteco
2008-05-13 14:14:06 0 d-------- C:\Program Files\The Logo Creator v5
2008-05-11 14:31:01 0 d-------- C:\Program Files\UltraMenu
2008-05-11 10:04:17 0 d-------- C:\Program Files\KFPSetup
2008-05-11 10:04:14 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-10 12:41:53 0 d-------- C:\Program Files\FlashCapture
2008-05-06 16:19:36 108608 --a------ C:\WINNT\system32\gpnnjdjp.dll
2008-05-06 16:16:34 2112 --a------ C:\WINNT\system32\jkylhanm.exe
2008-05-06 16:13:36 104512 --a------ C:\WINNT\system32\glowgrwb.dll
2008-05-06 15:55:02 0 d-------- C:\Documents and Settings\Administrator\Application Data\AVSMedia
2008-05-06 15:48:30 0 d-------- C:\Program Files\Common Files\AVSMedia
2008-05-06 15:39:07 0 d-------- C:\Program Files\Common Files
2008-05-06 15:36:07 0 d-------- C:\Program Files\AVSMedia
2008-05-06 13:35:01 0 d-------- C:\Program Files\WMStudio4
2008-05-06 11:24:51 0 d-------- C:\Program Files\BearShare
2008-05-06 10:20:07 107584 --a------ C:\WINNT\system32\ddbabukc.dll
2008-05-06 10:16:07 105536 --a------ C:\WINNT\system32\fyxtidpp.dll
2008-05-05 19:23:38 37376 --a------ C:\WINNT\17PHolmes1000137.exe
2008-05-05 19:22:42 42496 --a------ C:\WINNT\system32\iifGWOif.dll
2008-05-05 10:35:51 0 d-------- C:\Program Files\Common Files\Scansoft Shared
2008-05-05 10:15:50 107584 --a------ C:\WINNT\system32\nwggvgxw.dll
2008-05-05 10:12:18 104000 --a------ C:\WINNT\system32\cdrmvxlo.dll
2008-05-04 13:08:42 0 d-------- C:\Program Files\Ulead Systems
2008-05-04 10:15:45 95296 --a------ C:\WINNT\system32\ljjjqchw.dll
2008-05-04 10:12:47 108096 --a------ C:\WINNT\system32\cuinrrhs.dll
2008-05-04 10:10:23 104512 --a------ C:\WINNT\system32\hqjahhll.dll
2008-05-03 10:13:28 104512 --a------ C:\WINNT\system32\tvnpjvpy.dll
2008-05-03 10:08:35 103488 --a------ C:\WINNT\system32\fkpsglrc.dll
2008-05-02 14:26:47 397106 ---h----- C:\WINNT\ShellIconCache
2008-05-02 10:06:00 105536 --a------ C:\WINNT\system32\cqyrhirr.dll
2008-05-02 10:05:45 105536 --a------ C:\WINNT\system32\arotsiwn.dll
2008-04-30 12:14:06 283136 --a------ C:\WINNT\system32\qoMccCtr.dll
2008-04-30 12:11:05 37376 --a------ C:\WINNT\17PHolmes1000106.exe
2008-04-30 12:09:01 269 --a------ C:\WINNT\system32\3972.bat
2008-04-30 12:08:52 38912 --a------ C:\WINNT\system32\yayXnoop.dll
2008-04-30 12:04:45 36864 --a------ C:\WINNT\system32\winlogo.exe <Not Verified; inc; Project1>
2008-04-30 12:04:37 0 --a------ C:\WINNT\system32\taskkill.exe
2008-04-30 12:04:13 147456 --a------ C:\WINNT\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>
2008-04-28 11:28:00 0 d-------- C:\Documents and Settings\Administrator\Application Data\Stylus Studio
2008-04-28 10:49:34 37376 -ra------ C:\WINNT\mrofinu.exe
2008-04-25 13:53:25 0 d-------- C:\Program Files\NewTech Infosystems
2008-04-25 13:53:10 1024 -r-h----- C:\WINNT\system32\NTIBUN4.dll
2008-04-25 13:51:33 50 --ah---c- C:\AUTOEXEC.BAT
2008-04-25 13:51:11 0 d-------- C:\Program Files\Common Files\muvee Technologies
2008-04-25 13:48:33 0 d-------- C:\Program Files\Common Files\NewTech Infosystems
2008-04-25 13:47:16 1024 -r-h----- C:\WINNT\system32\NTICDMK7.dll
2008-04-25 13:46:23 1024 -r-h----- C:\WINNT\system32\NTIFCD3.dll
2008-04-25 13:46:22 1024 -r-h----- C:\WINNT\system32\NTIMPEG2.dll
2008-03-20 01:13:36 1 --a------ C:\WINNT\system32\FlashPaper2PrinterPort


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{14d7ddef-4140-406d-ba41-59bed23f1655}]
06/07/08 08:58a 104512 --a------ C:\WINNT\system32\bsykuxms.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53FE12C2-4429-488F-847B-7B285F8F6778}]
04/30/08 12:08p 38912 --a------ C:\WINNT\system32\yayXnoop.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6129D6D2-0942-4ECE-B916-51E69EF7C492}]
04/30/08 12:14p 283136 --a------ C:\WINNT\system32\qoMccCtr.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Promon.exe"="Promon.exe" [04/13/00 08:34p C:\WINNT\SYSTEM32\promon.exe]
"Easy Access Keyboard"="C:\Program Files\Compaq\Easy Access Keyboard\MMKeybd.exe" [05/13/00 05:08p]
"EM_EXEC"="C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE " [07/26/01 09:29a]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [11/03/03 03:08p]
"ACU"="C:\Program Files\Airlink101\AWLL4030\ACU.exe" [02/24/05 08:46a]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [10/14/03 10:22a]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\Motive SB.exe" [08/24/05 07:51a]
"@"="" []
"Synchronization Manager"="mobsync.exe" [06/19/03 12:05p C:\WINNT\SYSTEM32\mobsync.exe]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/13/07 03:38p]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [12/14/04 02:12a]
"OfficeScanNT Monitor"="C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" [01/19/04 02:50p]
"RemoteAgent"="C:\Program Files\Trend Micro\OfficeScan Client\RAUAgent.exe" [01/08/03 01:38a]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/07 03:06a]
"ntdll.dll"="C:\Program Files\QuickTime\qttask.exe" [11/03/03 03:08p]
"runner1"="C:\WINNT\mrofinu1000137.exe" []
"winlogon"="C:\WINNT\winlogon.exe" [06/01/08 08:23a]
"f029ae49"="C:\WINNT\system32\itlnpple.dll" [06/07/08 09:01a]
"BMf31a9dd5"="C:\WINNT\system32\rljpcomu.dll" [06/07/08 08:55a]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [12/17/07 06:13p]

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoLowDiskSpaceChecks"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/06 02:55p 77824]
"{53FE12C2-4429-488F-847B-7B285F8F6778}"= C:\WINNT\system32\yayXnoop.dll [04/30/08 12:08p 38912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINNT\system32\userinit.exe,C:\WINN T\TSI32\tsircusr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/07 02:41p 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nwprovau]
nwprovau.dll 08/31/06 10:49p 140048 C:\WINNT\SYSTEM32\NWPROVAU.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayXnoop]
yayXnoop.dll 04/30/08 12:08p 38912 C:\WINNT\SYSTEM32\yayXnoop.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
"Authentication Packages"= msv1_0 C:\WINNT\system32\qoMccCtr

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\tga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetManage LaunchNow Init]
RunDLL32 c:\PROGRA~1\NETMAN~1\common\nmgoinn.dll,VerifyStar tMenu

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StoreCleanup]
RunDLL32 c:\PROGRA~1\NETMAN~1\common\nmconfig.dll,StoreClea nup




-- End of Deckard's System Scanner: finished at 2008-06-07 09:57:29 ------------


extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows 2000 Professional (build 2195) SP 4.0
Architecture: X86; Language: English

CPU 0: Intel Pentium III processor
Percentage of Memory in Use: 72%
Physical Memory (total/avail): 254.42 MiB / 70.09 MiB
Pagefile Memory (total/avail): 515.96 MiB / 178.34 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1942.64 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 12.67 GiB total, 0.25 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Maxtor 91366U4 - 12.67 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 12.67 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=BARRYSPC
ComSpec=C:\WINNT\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator
LOGONSERVER=\\BARRYSPC
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Os2LibPath=C:\WINNT\system32\os2\dll;
Path=C:\CFusionMX7\verity\k2\_nti40\bin;C:\WINNT\s ystem32;c:\dmi\win32\bin;C:\WINNT\system32;C:\WINN T;C:\WINNT\system32\wbem;;C:\PROGRA~1\NETMAN~1\Sys temC:\sqlany50\win32;c:\sybtools\win32C:\sqlany50\ win32;c:\sybtools\win32;C:\Program Files\Borland\Common Files\BDE;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625;C: \PROGRA~1\NETMAN~1\COMMON;C:\PROGRA~1\NETMAN~1\SYS TEM;C:\PROGRA~1\NETMAN~1\APPS\EMULAT~1;C:\PROGRA~1 \NETMAN~1\APPS\X
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WS F;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0803
ProgramFiles=C:\Program Files
PROMPT=$P$G
SQLANY=C:\sqlany50
SystemDrive=C:
SystemRoot=C:\WINNT
TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
USERDOMAIN=BARRYSPC
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator
windir=C:\WINNT


-- User Profiles ---------------------------------------------------------------

Morpheus (new local)
Administrator (admin)
gongorav
moffettp
hughese
andesd



-- Add/Remove Programs ---------------------------------------------------------

--> C:\PROGRA~1\SBCSEL~1\CustomUninstall.exe SBC
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> MsiExec.exe /I{59973D03-28D0-43C7-A9C1-189093EBEDD4}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{854A5F01-D692-11D4-A984-009027EC0A9C}\setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{945E2519-C2B9-11D3-9D56-0060B0A4823E}\setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CD47EFC1-D692-11D4-A984-009027EC0A9C}\setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7E518B2-B174-11D3-9D4E-0060B0A4823E}\setup.exe"
123 Flash Menu v3.5.0.1340 --> "C:\Program Files\123 Flash Menu\uninstall.exe"
Adobe Acrobat 7.0 Professional --> msiexec /I {AC76BA86-1033-0000-7760-000000000002}
Adobe Flash Player ActiveX --> C:\WINNT\system32\Macromed\Flash\uninstall_activeX .exe
Adobe Flash Player Plugin --> C:\WINNT\system32\Macromed\Flash\uninstall_plugin. exe
Adobe Help Center 1.1 --> MsiExec.exe /I{B23FB499-ECB8-4D42-AD8E-B963C76754A1}
Adobe Illustrator CS2 --> msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}
Adobe InDesign CS2 --> msiexec /I{7F4C8163-F259-49A0-A018-2857A90578BC}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Shockwave Player --> C:\WINNT\SYSTEM32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINNT\SYSTEM32\Macromed\SHOCKW~2\Install.log
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Advanced Searchbar --> C:\PROGRA~1\ADVANC~1\UNWISE.EXE C:\PROGRA~1\ADVANC~1\INSTALL.LOG
Alibre Design --> MsiExec.exe /X{47F21113-0D9A-11D5-8132-00C04FA0998D}
Alligator Flash Designer 7 (7.0.7.3) Trial --> C:\PROGRA~1\Selteco\ALLIGA~1\Setup.exe /remove
AllWebMenus PRO v4 --> C:\PROGRA~1\ALLWEB~1\UNWISE.EXE C:\PROGRA~1\ALLWEB~1\INSTALL.LOG
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
ArcSoft PhotoImpression --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35B8CC58-F128-4169-82EB-0E6CB0C3AFE6}\setup.exe" -l0x9 -uninst
ArcSoft VideoImpression 1.6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEF2E5A3-0317-4822-B930-8B721EB483E4}\setup.exe" -l0x9 -uninst
ArtIcons Pro --> "C:\Program Files\ArtIcons Pro\uninstall.exe"
AT&T Self Support Tool --> C:\WINNT\Motive\SBC\MCCUninst.exe
Atheros Client Installation Program --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\070 1\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\Setup.exe" -l0x9
Auto Outlook Profile --> MsiExec.exe /X{960BC37E-A6EE-46AE-B746-CC0B260BD307}
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
AVS DVDMenu Editor 1.2.1.19 --> "C:\Program Files\Common Files\AVSMedia\AVS DVDMenu Editor\unins000.exe"
AVS Video Tools 5.6 --> "C:\Program Files\AVSMedia\VideoTools\unins000.exe"
Backyard Basketball --> C:\WINNT\IsUninst.exe -fC:\HEGames\Basketball\Uninst.isu -c"C:\HEGames\Basketball\Uninst.dll
BDE Information Utility --> C:\WINNT\UNWISE.EXE C:\WINNT\INSTALL_BDEINFO.LOG
BearShare --> C:\PROGRA~1\BEARSH~1\UNWISE.EXE C:\PROGRA~1\BEARSH~1\INSTALL.LOG
Bee Icons v 4.0.2 --> "C:\Program Files\Bee Icons\unins000.exe"
Belarc Advisor 6.1 --> C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG
BestAddress HTML Editor 2008 Professional --> MsiExec.exe /I{DB4ADDFB-D2CB-4A8C-906F-CAE535695FF1}
Blaze Media Pro --> "C:\Documents and Settings\All Users\Application Data\{97C98EBE-E958-46FE-B664-F02D2D2CD491}\setup_blazemp.exe" REMOVE=TRUE MODIFY=FALSE
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Citrix ICA Client --> C:\WINNT\ISUNINST.EXE -fC:\PROGRA~1\Citrix\ICACLI~1\Uninst.isu -cC:\PROGRA~1\Citrix\ICACLI~1\uninstpn.dll
Citrix ICA Web Client --> C:\WINNT\System32\ctxsetup.exe /uninst C:\PROGRA~1\Citrix\icaweb32\uninst.inf
Coalesys WebMenu Studio 4.0 - Build 84 (Evaluation) --> MsiExec.exe /I{22DF8EE9-6A6B-11D0-A74C-444553540000}
CoffeeCup Flash Blogger - Registered --> C:\PROGRA~1\COFFEE~1\CO997E~1\UNWISE.EXE C:\PROGRA~1\COFFEE~1\CO997E~1\INSTALL.LOG
CoffeeCup Flash Menu Builder --> C:\PROGRA~1\COFFEE~1\COFFEE~2\UNWISE.EXE C:\PROGRA~1\COFFEE~1\COFFEE~2\INSTALL.LOG
CoffeeCup Flash Photo Gallery - Registered --> C:\PROGRA~1\COFFEE~1\COFFEE~3\UNWISE.EXE C:\PROGRA~1\COFFEE~1\COFFEE~3\INSTALL.LOG
CoffeeCup HTML Editor 2008 --> C:\PROGRA~1\COFFEE~1\UNWISE.EXE C:\PROGRA~1\COFFEE~1\INSTALL.LOG
CoffeeCup Web Calendar --> C:\PROGRA~1\COFFEE~1\COFFEE~1\UNWISE.EXE C:\PROGRA~1\COFFEE~1\COFFEE~1\INSTALL.LOG
CoffeeCup Web JukeBox - Registered --> C:\PROGRA~1\COFFEE~1\COFFEE~4\UNWISE.EXE C:\PROGRA~1\COFFEE~1\COFFEE~4\INSTALL.LOG
Command --> wscript "C:\WINNT\RU1J\loYL.vbs"
Compaq Diagnostics for Windows --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1881AE03-2BD4-11D4-86BF-00508B10AA88}\Setup.exe"
Cool Edit Pro 2.0 --> C:\Program Files\coolpro2\cep2unin.exe
Demicron WireFusion 4.0 --> "C:\Program Files\WireFusion 4.0\UninstallerData\Uninstall wf.exe"
DeskTopAuthor Evaluation --> MsiExec.exe /I{C27B94AA-60AB-4B50-9D63-0928CDC889C3}
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Easy Access Keyboard --> C:\WINNT\ISUNINST.EXE -f"C:\Program Files\Compaq\Easy Access Keyboard\Uninst.isu" -c"C:\Program Files\Compaq\Easy Access Keyboard\uninst.dll"
Easy Button & Menu Maker 1.1 --> "C:\Program Files\Easy Button Menu Maker\unins000.exe"
EPSON Printer Software --> C:\WINNT\system32\spool\DRIVERS\W32X86\3\EPUPDATE. EXE /R
Executive Viewer Web Client 5.0 (English) --> C:\WINNT\DOWNLO~1\wcuninst5en.exe C:\WINNT\Downloaded Program Files\wcuninst5en.dat
ExeIco (remove only) --> "C:\Program Files\ExeIco\uninstall.exe"
Express Burn Uninstall --> C:\Program Files\NCH Swift Sound\ExpressBurn\uninst.exe
FaceGen Modeller --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\ID river.exe /M{5455CB33-E3FF-4E71-9FAD-0D5DCA2686B7}
Fast eCart DEMO --> C:\WINNT\iun6002.exe "C:\Program Files\Fast eCart DEMO\irunin.ini"
Fast eCart Theme Pack Demo --> C:\WINNT\iun6002.exe "C:\program files\Fast eCart\irunin.ini"
Flash Decompiler --> "C:\Program Files\Eltima Software\Flash Decompiler\unins000.exe"
Flash Slideshow Maker Pro 4.79 --> F:\Program Files\Flash Slideshow Maker Professional\uninst.exe
Flashation Menu Builder --> "C:\Program Files\Flashation Menu Builder\unins000.exe"
FlashCapture v1.5 --> "C:\Program Files\FlashCapture\unins000.exe"
FlashCapture v1.9.0.959 --> "C:\Program Files\FlashCapture\uninstall.exe"
FlashCatcher --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{867AE74B-855F-4ABD-BCA1-7B4C0ECF2DD9}\setup.exe"
GetDiz 3.0 --> C:\PROGRA~1\GetDiz\UNINST~1\UNWISE.EXE C:\PROGRA~1\GetDiz\UNINST~1\install.log
HijackThis 2.0.2 --> "C:\Documents and Settings\Administrator\Desktop\HijackThis\HijackTh is.exe" /uninstall
hp deskjet 920c series (Remove only) --> C:\Program Files\hp deskjet 920c series\hpfiui.exe -c -vdivid=HPF -vpnum=95 -vinstport=LPT1: -vproduct=920c -huninstall
HTMLPad 2007 Pro v8.2 --> "C:\Program Files\HTMLPad 2007\unins000.exe"
HTTPWeazel Version 1.09 --> "C:\Program Files\HTTP Weazel\unins000.exe"
Icon Converter Plus --> C:\WINNT\Icon Converter Plus Uninstaller.exe
IconChanger --> C:\Program Files\IconChanger\Install.exe uninstall
Infine CaptureFlash version 1.3 --> "C:\Program Files\Infine\CaptureFlash\unins000.exe"
Intel(R) PRO Network Adapters and Drivers --> Prounstl.exe
Internet Explorer Q903235 --> C:\WINNT\ieuninst.exe C:\WINNT\INF\Q903235.inf
Ipswitch WS_FTP Professional 2007 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\ 50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}\setup.exe" -l0x9 -removeonly
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
ixla Web Easy 1.4 --> C:\WINNT\IsUninst.exe -f"C:\Program Files\ixla Web Easy\Uninst.isu"
Lame ACM MP3 Codec --> C:\WINNT\system32\rundll32.exe setupapi,InstallHinfSection Remove_LameMP3 132 C:\WINNT\INF\LameACM.inf
LapLink Gold Corporate --> C:\PROGRA~1\LAPLIN~1\LLUninst.exe
Logitech MouseWare 9.29 .3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\Setup.exe" -l0009 UNINSTALL
Macromedia Captivate --> MsiExec.exe /X{A7651FB4-AC2E-4020-90E2-B71C8C379F48}
Macromedia Dreamweaver 8 --> MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Fireworks 8 --> MsiExec.exe /I{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}
Macromedia Flash 8 --> MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
Macromedia Flash 8 Video Encoder --> MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Macromedia Flash Player 8 --> MsiExec.exe /X{885A63EA-382B-4DD4-A755-14809B8557D6}
Macromedia FlashPaper 2 --> MsiExec.exe /X{F977FD4B-C9A6-4BAA-B4BB-DE3023288253}
Macromedia FreeHand 10 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D826618-59C6-11D4-976E-00C04F8EEB39}\Setup.exe" UNINSTALL
Macromedia FreeHand MXa --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{939740B5-0064-4779-854A-8C1086181C05}\Setup.exe" -l0x9 UNINSTALL
Microsoft .NET Framework (English) --> MsiExec.exe /X{B43357AA-3A6D-4D94-B56E-43C44D09E548}
Microsoft .NET Framework (English) v1.0.3705 --> C:\WINNT\Microsoft.NET\Framework\Install.exe /u /p Microsoft .NET Framework Full v1.0.3705 (1033)
Microsoft .NET Framework 1.0 Hotfix (KB928367) --> "C:\WINNT\Microsoft.NET\Framework\v1.0.3705\Update s\hotfix.exe" "C:\WINNT\Microsoft.NET\Framework\v1.0.3705\Update s\M928367\M928367Uninstall.msp"
Microsoft .NET Framework 1.1 --> msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 Hotfix (KB928366) --> "C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Update s\hotfix.exe" "C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Update s\M928366\M928366Uninstall.msp"
Microsoft Office 2000 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft Office FrontPage 2003 --> MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
MixPad --> C:\Program Files\NCH Swift Sound\MixPad\uninst.exe
MMAS Database Merge --> MsiExec.exe /I{FF5A2D5D-7CC6-4BC1-A0FC-CCF340DA4A6D}
MSN Messenger 4.6 --> RunDll32 advpack.dll,LaunchINFSection C:\WINNT\INF\msmsgs.inf,BLC.Remove
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML4 --> MsiExec.exe /I{1D522349-290D-4B9D-872D-9F94CA5C9DC7}
My DSC --> C:\Program Files\InstallShield Installation Information\{225af9a1-b556-88d5-94aa-0010b5426419}\setup.exe
MyProfessionalBusinessCards --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\070 1\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D3440743-FCC9-4BFC-B630-4EFC0C1A8D44}\setup.exe" -l0x9 UNINSTALL
Netscape Navigator (9.0.0.6) --> C:\Program Files\Netscape\Navigator 9\uninstall\helper.exe
Network Monitor --> wscript "C:\WINNT\uninstall_nmon.vbs"
NTI Backup NOW! 4 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\ID river.exe /M{DAAC0BF0-BB13-40F7-9F9E-4F7C8ADD142C} BUN4
NTI CD & DVD-Maker Platinum --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\ID river.exe /M{95B87E45-CC33-49B6-9B4C-6570941FA90C} CDM7
Photo Lab 4.0.0.1 --> C:\PROGRA~1\Selteco\PHOTOL~1\Setup.exe /remove
Photodex Presenter --> C:\Program Files\Photodex Presenter\uninst.exe
PicaJet FX 2.5.0.440 Beta --> "C:\Program Files\PicaJet\unins000.exe"
Pinnacle Hollywood FX 5 --> C:\WINNT\unvise32.exe C:\Program Files\Pinnacle\Hollywood FX 5\uninstal.log
Pinnacle Hollywood FX Pack1 - Holiday FX --> C:\WINNT\unvise32.exe C:\WINNT\unhfxpack1.log
Privacy Guardian 3.2 --> "C:\Program Files\Privacy Guardian\unins000.exe"
ProShow Producer --> C:\Program Files\Photodex\ProShowProducer\proshow.exe . -u
QuickTime --> C:\WINNT\unvise32qt.exe C:\WINNT\System32\QuickTime\Uninstall.log
RecordPad Sound Recorder --> C:\Program Files\NCH Swift Sound\RecordPad\uninst.exe
RegCure 1.5.0.0 --> C:\Program Files\RegCure\uninst.exe
Rhapsody Player Engine --> MsiExec.exe /I{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}
ScanSoft PDF Create 2.0 --> MsiExec.exe /I{6870FD05-9324-4E8A-90EB-6DBDAC29B74F}
Security Update for DirectX 9 (KB941568) --> "C:\WINNT\$NtUninstallKB941568_DX9$\spuninst\spuni nst.exe"
Security Update for Windows 2000 (KB904706) -->
Security Update for Windows 2000 (KB941569) --> "C:\WINNT\$NtUninstallKB941569$\spuninst\spuninst. exe"
Selteco Menu Maker 4 --> C:\WINNT\IsUninst.exe -f"C:\Program Files\Selteco\Menu Maker\Uninst.isu"
Shockwave --> C:\WINNT\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINNT\SYSTEM32\Macromed\SHOCKW~1\Install.log
ShopFactory V5 Developer --> C:\PROGRA~1\SHOPFA~1\UNWISE.EXE C:\PROGRA~1\SHOPFA~1\INSTALL.LOG
ShowIP v1.6.4 --> "C:\Program Files\ShowIP\unins000.exe"
SnagIt 8 --> MsiExec.exe /I{A900E37C-AAE3-44FB-8EE7-7E61F7087CE7}
Sothink DHTMLMenu --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5DEAD0FC-C1CF-4FAB-9634-5996AC08BFC8}\Setup.exe" -l0x9
Sothink SWF Decompiler --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{87ECFEA1-7882-4FC7-A2E2-2AC0CC262EBC}\Setup.exe" -l0x9
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
Stylus Studio 2008 XML Enterprise Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8957C491-26E2-4B31-AC93-DD5E9D656620}\setup.exe" -uninstall
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
SupportNow --> C:\WINNT\IsUninst.exe -f"C:\Program Files\SupportNow\Uninst.isu" -c"C:\Program Files\NetManage\OpSession\SupportNow\uninstall.dll
SWF Extractor 2.2 --> "C:\Program Files\GlobFX Technologies\SWF Extractor\unins000.exe"
Swiff Chart 3.1 Pro Evaluation --> "C:\Program Files\GlobFX\Swiff Chart 3 Pro Evaluation\unins000.exe"
SWiSHmax --> C:\WINNT\unvise32.exe c:\program files\swishmax 2006\uninstal.log
SWiSHstudio --> C:\WINNT\unvise32.exe C:\Program Files\SWiSHstudio\uninstal.log
SWiSHvideo --> C:\WINNT\unvise32.exe C:\Program Files\SWiSHvideo\uninstal.log
Switch --> C:\Program Files\NCH Swift Sound\Switch\uninst.exe
Sybase SQL Anywhere 5.0 --> C:\sqlany50\win32\setup.exe -u
The Logo Creator v5 --> C:\WINNT\unvise32.exe C:\Program Files\The Logo Creator v5\uninstal.log
Trend Micro OfficeScan Client --> "C:\Program Files\Trend Micro\OfficeScan Client\ntrmv.exe"
Ulead GIF Animator 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8AF3E926-ED59-11D4-A44B-0000E86D2305}\Setup.exe"
UltimateZip 2007 --> "C:\Program Files\UltimateZip 2007\unins000.exe"
UltraISO Premium V8.2 --> "C:\Program Files\UltraISO\unins000.exe"
UltraMenu --> C:\PROGRA~1\ULTRAM~1\UNWISE.EXE C:\PROGRA~1\ULTRAM~1\INSTALL.LOG
Universal Media Player --> C:\WINNT\IsUninst.exe -f"C:\Program Files\LocalAutorun\Uninst.isu"
Upland Game Hunter --> C:\WINNT\uninst.exe -f"C:\Program Files\HeadGames\Upland Game Hunter\DeIsL1.isu" -c"C:\Program Files\HeadGames\Upland Game Hunter\_ISREG32.DLL"
VideoCharge --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{613EA65C-E570-4BE0-B26F-1EDF2536B3EA}\Setup.exe" -u
ViewNow 1.0.5.5 --> "C:\Program Files\NetManage\setup\uninst.exe" VNOW "C:\Program Files\NetManage\VNOW.src"
Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
WavePad Uninstall --> C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
Web Cal Plus TRIAL --> C:\PROGRA~1\WebCal\UNWISE.EXE C:\PROGRA~1\WebCal\INSTALL.LOG
Webshots Desktop --> "C:\Program Files\Webshots\unins000.exe"
WebSite Extractor --> C:\Program Files\WebSite Extractor\uninstall.exe
WeBuilder 2007 v8.3 --> "C:\Program Files\WeBuilder 2007\unins000.exe"
Windows 2000 Application Compatibility Update --> C:\WINNT\AppPatch\wuinst.exe -u
Windows Media Player system update (9 Series) --> C:\PROGRA~1\WINDOW~1\setup_wm.exe /Uninstall
WinVNC 3.3.2 --> C:\WINNT\IsUninst.exe -f"C:\Program Files\ORL\VNC\Uninst.isu"
WinZip 11.1 --> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
WireFusion 4 Enterprise (Shared Components) --> C:\Program Files\Common Files\element5 Shared\Uninstall\WireFusion 4 Enterprise\B2DDC000\UninstApplet.exe /uninstall
Wondershare Flash SlideShow Builder (2.0.0.0) --> "C:\Program Files\Wondershare\Flash SlideShow Builder\unins000.exe"
Xara Dreamweaver Extension 1.03 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4498655A-94A6-4F12-929B-D8D6DCA5E0AF}\setup.exe" -l0x9
Xara FrontPage Add-in 1.01 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4F949C30-F3C8-459C-8126-0D174746EF9B}\setup.exe" -l0x9
Xara Menu Maker 1.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5926ED96-D094-467B-B302-0D1B17DCE852}\setup.exe" -l0x9
Xara ScreenMaker3D --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA0397D0-59AE-4BDF-842B-50761216B75F}\setup.exe" -l0x9
Xtivity --> C:\WINNT\XTivity_UnInstaller.exe
Xtreeme DHTML Menu Studio Pro 4.0 Demo --> "C:\Program Files\DHTMLMenuStudio\unins000.exe"
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager --> C:\WINNT\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINNT\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type5187 / Warning
Event Submitted/Written: 06/07/2008 09:26:11 AM
Event ID/Source: 61 / WinMgmt
Event Description:
WMI ADAP was unable to process the RemoteAccess performance library due to a time violation in the open function

Event Record #/Type5186 / Error
Event Submitted/Written: 06/07/2008 09:24:20 AM
Event ID/Source: 2000 / NetManage Performance Counters
Event Description:


Event Record #/Type5183 / Error
Event Submitted/Written: 06/07/2008 08:51:14 AM / 06/07/2008 08:51:15 AM
Event ID/Source: 2000 / NetManage Performance Counters
Event Description:


Event Record #/Type5179 / Warning
Event Submitted/Written: 06/05/2008 11:12:08 AM
Event ID/Source: 61 / WinMgmt
Event Description:
WMI ADAP was unable to process the RemoteAccess performance library due to a time violation in the open function

Event Record #/Type5178 / Error
Event Submitted/Written: 06/05/2008 11:10:15 AM / 06/05/2008 11:10:16 AM
Event ID/Source: 2000 / NetManage Performance Counters
Event Description:




-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type8461 / Warning
Event Submitted/Written: 06/07/2008 09:39:54 AM
Event ID/Source: 11155 / DnsApi
Event Description:
The system failed to register network adapter with settings:


Adapter Name : {F7B50C29-AE3E-4964-9344-A34205939EA1}

Host Name : BarrysPC

Adapter-specific Domain Suffix : amr.emigrp.com

DNS server list :

192.168.1.254

Sent update to server : None

IP Address(es) :

192.168.1.65


The reason the DNS update request could not be completed was because
of a system problem. You can manually retry DNS registration of the
network adapter and its settings by typing "ipconfig /registerdns"
at the command prompt. If problems still persist, contact your DNS
server or network systems administrator. For specific error code
information, see the record data displayed below.

Event Record #/Type8459 / Warning
Event Submitted/Written: 06/07/2008 09:25:14 AM
Event ID/Source: 2013 / Srv
Event Description:
The C: disk is at or near capacity. You may need to delete some files.

Event Record #/Type8458 / Error
Event Submitted/Written: 06/07/2008 09:24:13 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
CLNTMGMT

Event Record #/Type8454 / Error
Event Submitted/Written: 06/07/2008 09:20:11 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Network Monitor service failed to start due to the following error:
%%2

Event Record #/Type8452 / Warning
Event Submitted/Written: 06/07/2008 09:07:52 AM
Event ID/Source: 11155 / DnsApi
Event Description:
The system failed to register network adapter with settings:


Adapter Name : {F7B50C29-AE3E-4964-9344-A34205939EA1}

Host Name : BarrysPC

Adapter-specific Domain Suffix : amr.emigrp.com

DNS server list :

192.168.1.254

Sent update to server : None

IP Address(es) :

192.168.1.65


The reason the DNS update request could not be completed was because
of a system problem. You can manually retry DNS registration of the
network adapter and its settings by typing "ipconfig /registerdns"
at the command prompt. If problems still persist, contact your DNS
server or network systems administrator. For specific error code
information, see the record data displayed below.



-- End of Deckard's System Scanner: finished at 2008-06-07 09:57:29 ------------

moved.txt

Directories/Files moved to C:\Deckard\System Scanner\backup

2008-06-05 09:07:43 0 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aax8.tmp
2008-06-05 09:07:44 0 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aax9.tmp
2008-06-05 10:02:31 0 d-------- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Adobe
2008-06-05 10:07:25 59964 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Adobelm_Cleanup .0001 <Not Verified; Macrovision Europe Ltd.; Macrovision Europe Ltd. Cleanup>
2008-06-04 10:24:46 0 d-------- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Adobelm_Cleanup .0001.dir.0000
2008-06-05 10:07:42 0 d-------- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Adobelm_Cleanup .0001.dir.0001
2008-05-26 08:34:49 21176 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\applejacks5.bmp
2008-05-27 09:12:54 0 d-------- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ASBCustomButton s
2008-06-05 08:55:15 12818 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\control.xml
2008-06-04 14:32:58 6316032 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DBTmp2268496989 0
2008-06-04 14:32:59 90112 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DBTmp2268528168 7
2008-06-04 10:36:07 90112 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DBTmp2268530521 8
2008-06-04 14:32:59 155648 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DBTmp2268531643 7
2008-06-04 14:32:59 155648 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DBTmp2268533490 6
2008-06-04 14:32:59 155648 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DBTmp2268535857 8
2008-06-04 14:32:59 155648 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DBTmp2268536231 2
2008-05-26 08:34:51 21176 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\doritosquest.bm p
2008-05-26 08:34:52 21176 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\emoticats.bmp
2008-06-05 09:12:07 0 d-------- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\FTPNSTMP
2008-05-26 08:34:51 21176 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\gillettevenus.b mp
2008-05-26 08:34:51 21176 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\hanes.bmp
2008-06-07 09:07:22 21176 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\hondafitremix.b mp
2000-10-05 10:01:06 339565 -ra------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IEC5.tmp
2000-10-05 10:01:06 339565 -ra------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IEC6.tmp
2008-06-05 09:07:40 0 d-------- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mod7.tmp
2008-06-04 08:56:41 0 d-------- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\msoclip1
2008-05-27 13:48:38 0 d-------- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\plugtmp
2008-05-30 09:25:06 0 d-------- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\plugtmp-1
2008-05-31 09:05:05 0 d-------- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\plugtmp-2
2008-06-01 10:49:28 0 d-------- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\plugtmp-3
2008-06-01 13:56:47 0 d-------- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\plugtmp-4
2008-06-05 10:30:49 0 d-------- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\plugtmp-5
2008-05-26 08:34:48 21176 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pthideseek.bmp
2008-05-31 11:06:41 0 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\px93ED.tmp
2008-05-31 11:06:41 0 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\px93F1.tmp
2008-05-31 11:10:42 0 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\px93FD.tmp
2008-05-31 11:10:43 0 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\px9401.tmp
2008-05-27 13:15:43 194 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\robohelp_csh.ht m
2008-06-05 10:02:01 0 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\s1t4.pdf
2008-05-26 09:14:42 0 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\TWAIN.LOG
2008-06-01 15:34:39 3 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Twain001.Mtx
2008-06-04 13:50:08 22582 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\U3Launcher.log
2008-05-26 09:32:53 0 d-------- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\VBE
2008-06-04 09:40:31 0 d-------- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WebshotsTemp
2008-05-31 09:01:15 16384 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF18A1.tmp
2008-06-05 09:07:52 49152 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF26ED.tmp
2008-05-31 11:51:11 114688 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF3695.tmp
2008-06-04 13:50:28 81920 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF3BD2.tmp
2008-05-28 09:12:32 16384 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF46F8.tmp
2008-06-05 08:50:04 16384 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF6B67.tmp
2008-05-26 08:27:52 16384 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF809E.tmp
2008-05-31 09:00:12 114688 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFAE31.tmp
2008-05-31 09:00:42 114688 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFB929.tmp
2008-05-30 09:11:01 16384 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFC780.tmp
2008-05-31 09:27:31 114688 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFDABD.tmp
2008-06-01 10:17:48 16384 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFDD41.tmp
2008-05-31 14:26:03 114688 --a------ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFF46B.tmp
2007-12-10 02:44:46 0 d-------- C:\WINNT\temp\CDM
2007-11-20 11:47:08 0 d-------- C:\WINNT\temp\WebshotsTemp
2007-12-08 20:29:40 0 d-------- C:\WINNT\temp\_avast4_
2003-12-18 17:33:08 163840 --a----c- C:\WINNT\Downloaded Program Files\evctrl5en.exe <Not Verified; Temtec International B.V.; Executive Viewer Proxy Service>
2003-12-18 17:58:30 36864 --a----c- C:\WINNT\Downloaded Program Files\wcuninst5en.exe
2003-12-18 15:04:22 335872 --a----c- C:\WINNT\Downloaded Program Files\evcrt.dll <Not Verified; Temtec International B.V.; Executive Viewer (R)>
2003-12-18 15:04:58 487424 --a----c- C:\WINNT\Downloaded Program Files\evcrt_p.dll <Not Verified; Temtec International B.V.; Executive Viewer (R)>
2003-12-18 15:10:16 958464 --a----c- C:\WINNT\Downloaded Program Files\evmfc.dll <Not Verified; Temtec International B.V.; Executive Viewer (R)>
2003-12-18 13:50:38 571072 --a----c- C:\WINNT\Downloaded Program Files\olch2d7.dll <Verified; ComponentOne LLC; ComponentOne Chart 7.0 2D Control>
2003-12-18 17:41:28 2838528 --a----c- C:\WINNT\Downloaded Program Files\evctrl5en.ocx <Not Verified; Temtec International B.V.; Executive Viewer>
2007-09-07 18:51:11 88136 --a------ C:\WINNT\Downloaded Program Files\HPGetDownloadManager.ocx <Verified; Netopsystems AG; get_ActiveX>
2005-01-31 23:26:46 117800 --a------ C:\WINNT\Downloaded Program Files\ZIntro.ocx <Not Verified; Microsoft Corporation; MSNŽ Games by Zone.com>

-*- End of Logfile -*-


Again these files are attached to this email.

I look forward to all the help you can give me and am anxious awaiting your advise. Thank you so much.

thomasb103
Attached Files
File Type: txt main.txt (36.4 KB, 0 views)
File Type: txt extra.txt (26.2 KB, 0 views)
File Type: txt moved.txt (6.6 KB, 0 views)


  #2  
Old 06-08-2008
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 2,938
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: PC doing strange things
Ok.Lets download ComboFix.exe. This will give me a better view to the files running and also hidden on your computer and also those in the registry.
Please visit this webpage for download links, and instructions for running ComboFix
When the tool is finishe