Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel(R) Pentium(R) 4 CPU 1.60GHz
Percentage of Memory in Use: 54%
Physical Memory (total/avail): 1023.01 MiB / 462.15 MiB
Pagefile Memory (total/avail): 2460.5 MiB / 1874.23 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1932.98 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 178.98 GiB total, 137.92 GiB free.
D: is Fixed (FAT32) - 20.82 GiB total, 20.65 GiB free.
E: is Fixed (FAT32) - 21.8 GiB total, 21.13 GiB free.
F: is CDROM (No Media)
G: is CDROM (No Media)
H: is Fixed (NTFS) - 74.53 GiB total, 74.38 GiB free.
I: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - WDC WD2500JB-22REA0 - 232.88 GiB - 4 partitions
\PARTITION0 (bootable) - Installable File System - 178.98 GiB - C:
\PARTITION1 - Unknown - 21.81 GiB - E:
\PARTITION2 - Extended w/Extended Int 13 - 32.09 GiB - D:
\\.\PHYSICALDRIVE1 - WDC WD800BB-00JHC0 - 74.53 GiB - 1 partition
\PARTITION0 - Installable File System - 74.53 GiB - H:

-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.
FirstRunDisabled is set.
FW: McAfee Personal Firewall v (McAfee)
AV: ThreatFire v3.5.0.21 (PC Tools)
AV: Spy Sweeper with AntiVirus v5.5.7.124 (Webroot Software Inc)
AV: McAfee VirusScan v (McAfee)
[HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"="C:\\Program Files\\IncrediMail\\bin\\IMApp.exe:*:Enabled:Incre diMail"
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:Inc rediMail"
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:Incr ediMail"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjou r"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Don\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DONPC
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Don
LOGONSERVER=\\DONPC
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\Sys tem32\Wbem;C:\PROGRA~1\DISKEE~1\DISKEE~1\;C:\Progr am Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WS F;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 1 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0102
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Don\LOCALS~1\Temp
TMP=C:\DOCUME~1\Don\LOCALS~1\Temp
USERDOMAIN=DONPC
USERNAME=Don
USERPROFILE=C:\Documents and Settings\Don
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------
Don (admin)
Administrator (admin)
Guest (new local, guest)

-- Add/Remove Programs ---------------------------------------------------------
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
--> C:\PROGRA~1\Yahoo!\Common\unyt.exe
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\AudioHQ.isu"
--> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
--> MsiExec.exe /X{18F2A00A-9F65-4237-8E39-F48EAE6C2182}
--> MsiExec.exe /X{8548A86C-3FCE-4019-88EE-A52820207988}
1 Click PC Fix v3.5 --> "C:\Program Files\1 Click PC Fix\unins000.exe"
AbiWord 2.4.6 (remove only) --> C:\Program Files\AbiSuite2\UninstallAbiWord2.exe
Acronis True Image Home --> MsiExec.exe /X{E5343B27-55DF-40BD-9FCF-A643C1331E8A}
Actual Booster 3.1 --> C:\Program Files\Loonies\Actual Booster\uninst.exe
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activ eX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugi n.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
AI RoboForm (All Users) --> "C:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe"
Amazon MP3 Downloader 1.0.0+6 --> C:\Program Files\Amazon\MP3 Downloader\Uninstall.exe
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Ashampoo Burning Studio 7.21 --> "C:\Program Files\Ashampoo\Ashampoo Burning Studio 7\unins000.exe"
Ashampoo ClipFinder 1.30 --> "C:\Program Files\Ashampoo\Ashampoo ClipFinder\unins000.exe"
Ashampoo Photo Commander 5 --> "C:\Program Files\Ashampoo\Ashampoo Photo Commander 5\Uninstall\0718_Uninstall.EXE"
AtomTime Pro 3.1d --> "C:\Program Files\AtomTime Pro\unins000.exe"
AutoSave --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\Avanquest\AutoSave\Uninst\setup.exe" -l0x9 -XYZ
Avanquest PerfectImage 11 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4CFA89B7-33A5-4DA9-841D-93A42CF6172B}\Setup.exe" -l0x9
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
CleverKeys 2.00 --> "C:\Program Files\Lexico\CleverKeys\unins000.exe"
Custom Skin Clock version 1.4 --> "C:\Program Files\Custom Skin Clock\unins000.exe"
Diskeeper 2008 Home --> MsiExec.exe /X{0EE93023-B119-43CD-BB42-810E9ABC0EA9}
EASEUS Partition Manager 1.6.3 --> "C:\Program Files\EASEUS\EASEUS Partition Manager 1.6.3\unins000.exe"
ERUNT 1.1j --> "C:\Program Files\ERUNT\unins000.exe"
FoxyTunes for Firefox --> "C:\Program Files\Mozilla Firefox\firefox.exe" -chrome chrome://foxytunes/content/extras/uninstallExtension.xul
FoxyTunes for Internet Explorer --> C:\Program Files\FoxyTunes\ForInternetExplorer\Uninstall.exe
FreadSetupEn --> MsiExec.exe /I{BD5284F2-DCA6-4E7E-BC7F-EB634D6E0E8F}
Free Net TV and Radio Player 2.0 --> "C:\Program Files\Free Net TV and Radio Player\unins000.exe"
FreeCommander 2007.10 --> "C:\Program Files\FreeCommander\unins000.exe"
Freecorder Toolbar 3.0 Application --> "C:\WINDOWS\Freecorder Toolbar\uninstall.exe" "/U:C:\Program Files\Freecorder Toolbar\Uninstall\uninstall.xml"
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
hp psc 900 series --> C:\WINDOWS\system32\hpocon09.exe /u 1194035369 /d "hp psc 900 series"
IncrediMail JunkFilter Plus --> C:\PROGRA~1\INCRED~1\bin\imsetup.exe /remove /addon:JunkFilterPlus
IncrediMail Xe --> C:\Program Files\IncrediMail\bin\ImSetup.exe /remove /addon:IncrediMail /log:IncMail.log
Iomega Automatic Backup Pro --> MsiExec.exe /X{6ABAF1E2-BEB6-4C32-BD9F-0CA733EE7453}
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Logitech QuickCam Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\setup.exe" -l0x9
Logitech® Camera Driver --> "C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Magnifier --> C:\WINDOWS\Magnifier Uninstaller.exe
MahJong Suite 2008 v5.0 --> "C:\Program Files\MahJong Suite\unins000.exe"
MahJong Suite Graphics Pack Volume 1 - v1.7 --> "C:\Program Files\MahJong Suite\unins001.exe"
MahJong Suite Graphics Pack Volume 2 - v2.8 --> "C:\Program Files\MahJong Suite\unins002.exe"
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft Office PowerPoint Viewer 2007 (English) --> MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
PC Magazine ClipTrak Pro 2.1 --> "C:\Program Files\PC Magazine Utilities\ClipTrak Pro\unins000.exe"
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
Process Lasso --> "C:\Program Files\Process Lasso\uninstall.exe"
Quick StartUp 2.1 --> "C:\Program Files\Quick StartUp\unins000.exe"
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RealArcade --> C:\Program Files\Real\RealArcade\Update\rnuninst.exe RealNetworks|RealArcade|1.2
Registry Mechanic 7.0 --> "C:\Program Files\Registry Mechanic\unins000.exe"
Revo Uninstaller 1.71 --> C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
Say the Time 9.0 --> C:\Program Files\Say the Time\uninst.exe
Screensaver Control --> "C:\WINDOWS\lsb_un20.exe" /C=UC /N=Screensaver Control
Spy Sweeper --> "C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
SureThing CD Labeler Deluxe 5 --> "C:\Program Files\SureThing CD Labeler 5\unins000.exe"
SureThing Holiday Labeler --> "C:\Program Files\SureThing Holiday Labeler\unins000.exe"
Taskbar Shuffle version 2.2 --> "C:\Program Files\Taskbar Shuffle\unins000.exe"
The Wonderful Icon --> C:\WINDOWS\w_uninst.exe -C:\Program Files\Wonderful
Thoosje Quick XP Optimizer --> MsiExec.exe /I{8A2BD4FD-4A96-4C64-832D-C64AC2B7AF8C}
ThreatFire 3.5 --> "C:\Program Files\ThreatFire\unins000.exe"
True Launch Bar --> "C:\Program Files\TrueLaunchBar\Uninstall.exe"
Tweak UI --> "C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
URGE --> MsiExec.exe /I{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Volumouse --> C:\WINDOWS\zipinst.exe /uninst "C:\Program Files\Volumouse\uninst1~.nsu"
Webshots Desktop --> "C:\Program Files\Webshots\unins000.exe"
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Winamp Toolbar --> "C:\Program Files\Winamp Toolbar\uninstall.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
XML Paper Specification Shared Components Pack 1.0 -->
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
Yahoo! Widgets --> C:\PROGRA~1\Yahoo!\Widgets\uninstall.exe
Yahtzee --> C:\Program Files\Yahtzee\uninstall.exe
Yahtzee --> C:\WINDOWS\uninst.exe -fC:\WINDOWS\DeIsL1.isu

-- Application Event Log -------------------------------------------------------
Event Record #/Type324 / Warning
Event Submitted/Written: 07/03/2008 01:39:21 PM
Event ID/Source: 1008 / Windows Search Service
Event Description:
The Windows Search Service is attempting to remove the old catalog.
Event Record #/Type321 / Warning
Event Submitted/Written: 07/03/2008 01:38:42 PM
Event ID/Source: 1008 / Windows Search Service
Event Description:
The Windows Search Service is attempting to remove the old catalog.
Event Record #/Type320 / Error
Event Submitted/Written: 07/03/2008 01:38:42 PM
Event ID/Source: 3058 / Windows Search Service
Event Description:
The application cannot be initialized.
Context: Windows Application
Details:
The registry value cannot be read because the configuration is invalid. Recreate the content index configuration by removing the content index. (0x80040d03)
Event Record #/Type319 / Error
Event Submitted/Written: 07/03/2008 01:38:42 PM
Event ID/Source: 3028 / Windows Search Service
Event Description:
The gatherer object cannot be initialized.
Context: Windows Application, SystemIndex Catalog
Details:
The registry value cannot be read because the configuration is invalid. Recreate the content index configuration by removing the content index. (0x80040d03)
Event Record #/Type313 / Error
Event Submitted/Written: 07/03/2008 01:38:30 PM
Event ID/Source: 3038 / Windows Search Service
Event Description:
The gatherer is unable to read the registry DocIdMapFile.
Context: Application, SystemIndex Catalog
Details:
The system cannot find the file specified. (0x80070002)

-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------
Event Record #/Type8768 / Error
Event Submitted/Written: 07/03/2008 01:51:02 PM
Event ID/Source: 59 / SideBySide
Event Description:
Generate Activation Context failed for C:\Program Files\IncrediMail\bin\MFC80U.DLL.
Reference error message: The operation completed successfully.
.
Event Record #/Type8767 / Error
Event Submitted/Written: 07/03/2008 01:51:02 PM
Event ID/Source: 59 / SideBySide
Event Description:
Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC.
Reference error message: The referenced assembly is not installed on your system.
.
Event Record #/Type8766 / Error
Event Submitted/Written: 07/03/2008 01:51:02 PM
Event ID/Source: 32 / SideBySide
Event Description:
Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system.
Event Record #/Type8765 / Error
Event Submitted/Written: 07/03/2008 01:51:02 PM
Event ID/Source: 59 / SideBySide
Event Description:
Generate Activation Context failed for C:\Program Files\IncrediMail\bin\MFC80U.DLL.
Reference error message: The operation completed successfully.
.
Event Record #/Type8764 / Error
Event Submitted/Written: 07/03/2008 01:51:02 PM
Event ID/Source: 59 / SideBySide
Event Description:
Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC.
Reference error message: The referenced assembly is not installed on your system.
.

-- End of Deckard's System Scanner: finished at 2008-07-03 13:55:41 ------------
Deckard's System Scanner v20071014.68
Run by Don on 2008-07-03 13:45:45
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
CreateFirstRunRp is disabled or missing; attempting to fix...success.
Failed to create restore point; unknown error code 0x00000003

Backed up registry hives.
Performed disk cleanup.

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-03 13:49:07
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\SBLive\AudioHQ\ahqtb.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Custom Skin Clock\Clock.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AtomTime Pro\AtomTime.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\FreeClip\Spartan.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Process Lasso\ProcessGovernor.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Loonies\Actual Booster\ActlBstr.exe
C:\Program Files\PC Magazine Utilities\ClipTrak Pro\ClipTrak Pro.exe
C:\Program Files\TrueLaunchBar\tlbHost.exe
C:\Program Files\Wonderful\wonderfl.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\Program Files\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Lexico\CleverKeys\CK.exe
C:\Program Files\Screensaver Control\ScreensaverControl.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Volumouse\volumouse.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\Program Files\McAfee\VirusScan\mcods.exe
C:\Program Files\McAfee\MSC\mcpromgr.exe
C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
C:\Program Files\Common Files\McAfee\RedirSvc\RedirSvc.exe
C:\Program Files\McAfee\VirusScan\Mcshield.exe
C:\Program Files\McAfee\VirusScan\mcsysmon.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\McAfee\MPS\mps.exe
C:\Program Files\Say the Time\SayTimeMain.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\Say the Time\SayTimeMain.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\system32\ups.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\WINDOWS\system32\alg.exe
C:\WINDOWS\system32\searchindexer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Say the Time\stttsm.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\Bin\hposts07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\Bin\hpofxm07.exe
C:\WINDOWS\system32\searchprotocolhost.exe
C:\Program Files\Common Files\McAfee\EmProxy\emproxy.exe
C:\Documents and Settings\Don\desktop\dss.exe
C:\WINDOWS\system32\searchfilterhost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = TOOLBAR - Comcast.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Comcast.net Home
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Google Search
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ie.search.msn.com/{sub_rfc176...t/srchasst.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = Google Search
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: FoxyTunes Toolbar Helper - {784D8FBC-4165-4D88-90FB-62907ACDD045} - C:\Program Files\FoxyTunes\ForInternetExplorer\components\IE\ FoxyTunesForIE.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\s wg.dll
O3 - Toolbar: (no name) - {C17590D2-ECB4-4b15-8820-F58798DCC118} - (no file)
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O3 - Toolbar: FoxyTunes Toolbar - {1D1901C3-F72A-46f3-9DBB-0AAA0DEEF6DF} - C:\Program Files\FoxyTunes\ForInternetExplorer\components\IE\ FoxyTunesForIE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AudioHQ] "C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE"
O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
O4 - HKLM\..\Run: [Custom Skin Clock] C:\Program Files\Custom Skin Clock\Clock.exe
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Say the Time] "C:\Program Files\Say the Time\SayTime.exe"
O4 - HKCU\..\Run: [Atom Time] "C:\Program Files\AtomTime Pro\AtomTime.EXE"
O4 - HKCU\..\Run: [ERUNT] "C:\Program Files\ERUNT\ERUNT.EXE"
O4 - HKCU\..\Run: [McAfee] "C:\Program Files\McAfee.com\Agent\mcagent.exe"
O4 - HKCU\..\Run: [Spartan] "C:\Program Files\FreeClip\Spartan.exe"
O4 - HKCU\..\Run: [Process Lasso] "C:\Program Files\Process Lasso\ProcessLasso.exe"
O4 - HKCU\..\Run: [Registry Mechanic] "C:\Program Files\Registry Mechanic\RegMech.exe"
O4 - HKCU\..\Run: [I Click PC Fix] "C:\Program Files\1 Click PC Fix\1clickpcfix.exe"
O4 - HKCU\..\Run: [Actual Booster] "C:\Program Files\Loonies\Actual Booster\ActlBstr.exe"
O4 - HKCU\..\Run: [Clip Track Pro] "C:\Program Files\PC Magazine Utilities\ClipTrak Pro\ClipTrak Pro.exe"
O4 - HKCU\..\Run: [True Launch Bar] "C:\Program Files\TrueLaunchBar\tlbHost.exe"
O4 - HKCU\..\Run: [Wonderful Icon] "C:\Program Files\Wonderful\wonderfl.exe"
O4 - HKCU\..\Run: [Windows Search] "C:\Program Files\Windows Desktop Search\WindowsSearch.exe"
O4 - HKCU\..\Run: [Free Ram Pro] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe"
O4 - HKCU\..\Run: [Yahoo Widget Engine] "C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe"
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Clever Keys] "C:\Program Files\Lexico\CleverKeys\CK.exe"
O4 - HKCU\..\Run: [Screensaver Control] "C:\Program Files\Screensaver Control\ScreensaverControl.exe"
O4 - HKCU\..\Run: [Winamp] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [ClipTrak Pro] "C:\Program Files\PC Magazine Utilities\ClipTrak Pro\ClipTrak Pro.exe" /startwithwindows
O4 - HKCU\..\Run: [Incredimail] "C:\Program Files\IncrediMail\bin\IncMail.exe" /c
O4 - HKCU\..\Run: [HPAIO] "C:\Program Files\Hewlett-Packard\AiO\Shared\Bin\hpodir07.exe"
O4 - HKCU\..\Run: [Webshots] "C:\Program Files\Webshots\wsaxupdater.exe"
O4 - HKCU\..\Run: [Spysweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe"
O4 - HKCU\..\Run: [ScreenSaverControl] C:\Program Files\Screensaver Control\ScreensaverControl.exe
O4 - HKCU\..\Run: [$Volumouse$] "C:\Program Files\Volumouse\volumouse.exe" /nodlg
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Mahjong%2...es/stg_drm.ocx
O16 - DPF: {15589FA1-C456-11CE-BF01-000000000000} () - http://www.errornuker.com/products/e...rInstaller.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1186425377390
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1201311928825
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get.../ultrashim.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} () - file:///C:/Program%20Files/Yahtzee/Images/armhelper.ocx
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://playgames.comcast.net/Gameshe...onGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - Winlogon Notify: !SASWinLogon - C:\WINDOWS\system32\
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\RedirSvc\RedirSvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\Mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MpfSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\Program Files\McAfee\MPS\mps.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 15494 bytes
-- File Associations -----------------------------------------------------------
.txt - txtfile - shell\open\command - Notepad.exe %1

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 BootScreen - c:\windows\\systemroot\system32\drivers\vidstub.sy s (file missing)
R0 IABFilt (Iomega Snapshot Volume Filter) - c:\windows\system32\drivers\iabfilt.sys <Not Verified; Iomega; Iomega Volume Filter Driver>
R3 AgereSoftModem (Agere Systems Soft Modem) - c:\windows\system32\drivers\agrsm.sys <Not Verified; Agere Systems; Agere SoftModem Driver>
S0 inic1622 - c:\windows\system32\drivers\inic162x.sys <Not Verified; Initio Corp.; Initio SATA RAID Adapter>
S3 ptiusbf (PTI USB Filter) - c:\windows\system32\drivers\ptiusbf.sys <Not Verified; Parallel Technologies, Inc.; PTI USB Filter Driver>
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>

-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318}
Description: Video Controller (VGA Compatible)
Device ID: PCI\VEN_10DE&DEV_0110&SUBSYS_009110DE&REV_B2\4&12F A89B4&0&0008
Manufacturer:
Name: Video Controller (VGA Compatible)
PNP Device ID: PCI\VEN_10DE&DEV_0110&SUBSYS_009110DE&REV_B2\4&12F A89B4&0&0008
Service:

-- Scheduled Tasks -------------------------------------------------------------
2008-07-01 17:47:00 398 --a------ C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job
2008-06-23 14:46:01 266 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
2008-05-16 19:54:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-04-15 17:54:04 336 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2008-04-15 17:54:03 328 --a------ C:\WINDOWS\Tasks\McQcTask.job
2008-03-25 14:46:31 388 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
2008-02-29 22:03:25 286 --ah----- C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IPoint_ exe.job
2008-02-05 04:30:00 382 --a------ C:\WINDOWS\Tasks\RegSweep Scheduled Scan.job

-- Files created between 2008-06-03 and 2008-07-03 -----------------------------
2008-07-02 16:31:29 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-07-01 15:55:09 0 d-------- C:\Documents and Settings\Don\Application Data\ErrorSmart
2008-06-30 18:00:23 0 d-------- C:\MyBackup
2008-06-27 20:01:05 0 d-------- C:\Documents and Settings\Don\Application Data\Windows Search
2008-06-27 19:35:50 0 d-------- C:\Documents and Settings\Don\Application Data\Yahoo!
2008-06-27 14:50:48 0 d-------- C:\Program Files\Cleanafterme
2008-06-27 14:09:16 0 d-------- C:\Documents and Settings\All Users\Templates
2008-06-27 11:28:40 0 d-------- C:\Documents and Settings\All Users\Application Data\M8 Software
2008-06-27 11:28:18 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-06-18 12:11:11 0 d-------- C:\Program Files\Quick StartUp
2008-06-17 20:21:49 0 d-------- C:\Documents and Settings\Don\Application Data\GoodSync
2008-06-14 21:59:01 0 d-------- C:\Documents and Settings\All Users\Application Data\IM
2008-06-14 21:31:50 0 d-------- C:\Documents and Settings\All Users\Application Data\IncrediMail
2008-06-14 20:19:51 0 --a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-14 20:09:43 0 d-------- C:\Documents and Settings\Don\Application Data\RetinaX
2008-06-14 17:31:11 0 d-------- C:\Documents and Settings\Don\Application Data\Opera
2008-06-14 17:30:25 0 d-------- C:\Program Files\Opera
2008-06-12 13:06:11 797696 -ra------ C:\WINDOWS\system32\bootman.exe
2008-06-12 13:06:09 0 d-------- C:\Program Files\EASEUS
2008-06-07 14:16:05 0 d-------- C:\Program Files\NKProds

-- Find3M Report ---------------------------------------------------------------
2008-07-02 18:13:19 0 d-------- C:\Documents and Settings\Don\Application Data\MahJong Suite
2008-07-02 18:03:02 0 --a------ C:\AUTOEXEC.BAT
2008-06-26 16:36:22 0 d-------- C:\Documents and Settings\Don\Application Data\Mozilla
2008-06-26 16:32:15 0 d-------- C:\Documents and Settings\Don\Application Data\Adobe
2008-06-24 21:30:24 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-06-20 16:44:03 0 d-------- C:\Program Files\Vista Start Menu
2008-06-19 15:05:03 0 d-------- C:\Documents and Settings\Don\Application Data\ProcessLasso
2008-06-17 21:16:54 0 d-------- C:\Program Files\Siber Systems
2008-06-14 21:40:21 27560 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2008-06-14 21:37:22 0 d-------- C:\Program Files\IncrediMail
2008-06-14 20:19:29 0 d-------- C:\Program Files\Yahtzee
2008-06-14 20:19:28 0 d-------- C:\Program Files\Winamp Toolbar
2008-06-14 20:19:26 0 d-------- C:\Program Files\jZip
2008-06-14 20:19:26 0 d-------- C:\Program Files\Freecorder
2008-06-14 20:19:26 0 d-------- C:\Program Files\FreeClip
2008-06-14 20:19:25 0 d-------- C:\Program Files\AbiSuite2
2008-06-11 17:52:53 0 d-------- C:\Program Files\Yahoo!
2008-06-09 15:48:46 0 d-------- C:\Documents and Settings\Don\Application Data\DeepBurner
2008-06-09 15:48:44 0 d-------- C:\Program Files\PC Check-up
2008-06-05 14:52:25 0 d-------- C:\Program Files\MahJong Suite
2008-06-04 13:34:12 0 d-------- C:\Program Files\Process Lasso
2008-05-31 12:14:09 76246074 --a------ C:\HKCR.reg
2008-05-31 12:05:07 0 d-------- C:\Program Files\Common Files
2008-05-31 12:04:54 0 d-------- C:\Program Files\DiskTrix
2008-05-30 14:35:46 0 d-------- C:\Documents and Settings\Don\Application Data\PC Magazine Utilities
2008-05-30 14:34:49 0 d-------- C:\Program Files\PC Magazine Utilities
2008-05-29 15:02:10 0 d-------- C:\Program Files\Wise Registry Cleaner 3
2008-05-29 14:58:18 0 d-------- C:\Program Files\Winamp
2008-05-29 14:56:40 0 d-------- C:\Program Files\QuickTime
2008-05-29 14:55:48 0 d-------- C:\Program Files\DriverBackup
2008-05-29 14:55:42 0 d-------- C:\Program Files\Common Files\Real
2008-05-29 14:55:12 0 d-------- C:\Program Files\Ashampoo
2008-05-29 14:53:43 0 d-------- C:\Documents and Settings\Don\Application Data\Ashampoo
2008-05-28 13:27:28 0 d-------- C:\Program Files\McAfee Rootkit Detective
2008-05-28 13:27:08 0 d-------- C:\Program Files\iPod
2008-05-19 15:29:05 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-16 20:42:09 0 d-------- C:\Documents and Settings\Don\Application Data\Apple Computer
2008-05-16 18:22:58 0 d-------- C:\Program Files\iTunes
2008-05-16 18:20:24 0 d-------- C:\Program Files\Bonjour
2008-05-16 18:12:23 0 d-------- C:\Program Files\Apple Software Update
2008-05-16 18:09:38 0 d-------- C:\Program Files\Common Files\Apple
2008-05-11 14:32:40 0 d-------- C:\Program Files\1 Click PC Fix
2008-05-09 14:28:57 0 d-------- C:\Program Files\ThreatFire
2008-04-19 15:31:28 32 --a------ C:\Documents and Settings\Don\Application Data\Settings.ini
2008-04-17 16:22:18 208896 --a------ C:\WINDOWS\system32\ConTest.dll <Not Verified; Ascentive; ConnectionTester>
2008-04-17 12:22:57 164 --a------ C:\install.dat

-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
21/02/2008 02:41 PM 1555480 --a------ C:\Program Files\Freecorder\tbFre1.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
04/10/2007 04:06 PM 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [04/10/2007 04:06 PM 1135968]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= C:\Program Files\Freecorder\tbFre1.dll [21/02/2008 02:41 PM 1555480]
[-HKEY_CLASSES_ROOT\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[-HKEY_CLASSES_ROOT\CLSID\{1392B8D2-5C05-419F-A8F6-B9F15A596612}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"AudioHQ"="C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE" [11/05/2000 02:00 AM]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [08/06/2005 03:14 PM]
"Custom Skin Clock"="C:\Program Files\Custom Skin Clock\Clock.exe" [30/01/2008 02:25 PM]
"ThreatFire"="C:\Program Files\ThreatFire\TFTray.exe" [24/04/2008 04:52 PM]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [04/01/2008 08:56 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [08/08/2007 04:00 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [28/02/2006 08:00 AM]
"Say the Time"="C:\Program Files\Say the Time\SayTime.exe" [18/05/2007 12:00 AM]
"Atom Time"="C:\Program Files\AtomTime Pro\AtomTime.EXE" [03/12/2004 11:04 AM]
"ERUNT"="C:\Program Files\ERUNT\ERUNT.EXE" [20/10/2005 01:00 PM]
"McAfee"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [05/01/2007 04:21 PM]
"Spartan"="C:\Program Files\FreeClip\Spartan.exe" [05/12/2007 11:32 AM]
"Process Lasso"="C:\Program Files\Process Lasso\ProcessLasso.exe" [03/06/2008 11:44 AM]
"Registry Mechanic"="C:\Program Files\Registry Mechanic\RegMech.exe" [20/09/2007 06:10 PM]
"I Click PC Fix"="C:\Program Files\1 Click PC Fix\1clickpcfix.exe" [17/01/2008 02:52 PM]
"Actual Booster"="C:\Program Files\Loonies\Actual Booster\ActlBstr.exe" [10/12/2005 11:43 AM]
"Clip Track Pro"="C:\Program Files\PC Magazine Utilities\ClipTrak Pro\ClipTrak Pro.exe" [09/06/2008 06:21 PM]
"True Launch Bar"="C:\Program Files\TrueLaunchBar\tlbHost.exe" [20/09/2007 04:03 PM]
"Wonderful Icon"="C:\Program Files\Wonderful\wonderfl.exe" [25/03/2008 07:23 PM]
"Windows Search"="C:\Program Files\Windows Desktop Search\WindowsSearch.exe" [25/03/2008 05:59 AM]
"Free Ram Pro"="C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [09/08/2007 08:17 PM]
"Yahoo Widget Engine"="C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe" [20/07/2007 01:57 PM]
"FreeRAM XP"="C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [09/08/2007 08:17 PM]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [15/02/2008 02:42 PM]
"Clever Keys"="C:\Program Files\Lexico\CleverKeys\CK.exe" [10/01/2006 09:15 AM]
"Screensaver Control"="C:\Program Files\Screensaver Control\ScreensaverControl.exe" [16/02/2008 09:49 PM]
"Winamp"="C:\Program Files\Winamp\winampa.exe" [01/04/2008 02:49 PM]
"ClipTrak Pro"="C:\Program Files\PC Magazine Utilities\ClipTrak Pro\ClipTrak Pro.exe" [09/06/2008 06:21 PM]
"Incredimail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [05/06/2008 12:48 PM]
"HPAIO"="C:\Program Files\Hewlett-Packard\AiO\Shared\Bin\hpodir07.exe" [26/09/2002 03:23 PM]
"Webshots"="C:\Program Files\Webshots\wsaxupdater.exe" [29/10/2007 06:29 PM]
"Spysweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [04/01/2008 08:56 PM]
"ScreenSaverControl"="C:\Program Files\Screensaver Control\ScreensaverControl.exe" [16/02/2008 09:49 PM]
"$Volumouse$"="C:\Program Files\Volumouse\volumouse.exe" [01/11/2007 05:38 AM]
C:\Documents and Settings\Don\Start Menu\Programs\Startup\
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [17/08/2007 5:01:16 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)
"NolnernetOpenWith"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoClose"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [25/03/2008 05:56 AM 303616]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
"Authentication Packages"= msv1_0 relog_ap
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^backgroundclean.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoSave]
"C:\Program Files\Avanquest\AutoSave\AutoSave.exe" /Autorun
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC-Checkup]


-- End of Deckard's System Scanner: finished at 2008-07-03 13:55:41 ------------

Moved to [New] HJT logs.

Please be patient, a Security Analyst will look at your log as soon as they become available.

Not quite sure what you problem is as nothing shows in your log...

Ok.Lets download ComboFix.exe. This will give me a better view to the files running and also hidden on your computer and also those in the registry..Please visit this webpage for downloading and instructions for running the tool:

Go here ======> A guide and tutorial on using ComboFix <====== Go here

Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use SP2

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should get a prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

(1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
(2) Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Mal use can cause serious computer problems

NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.

Hello,

This thread has been moved into the Unfinished HJT forum due to inactivity. Please follow the procedure at the top of the forum if you still require assistance

Regards,
Crush
PCHF Security Team Leader