Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - sohnir

Pages: [1] 2 3
1
Tech Clinic / Need help - removing Spyware Protect 2009 - Win XP Pro SP2
« on: February 28, 2009, 10:56:10 PM »
Hi-

Quote
In addition, Malwarebytes anti-malware should not interfere with McAfee's

I've followed all instructions until running ATF cleaner including removing the service of MCVSRte and rebooting.  Then you ask to run Malwarebytes Anti-malware. But, won't it interfere with my currently running McAfee's Internet Security package. I've not yet run the Malwarebytes's anti-malware. Is it OK to run while McAfee is running? Please advice.


Quote
3- Slow Windows startup as opposed to before

As before what?
Before the installation of McAfee possibly?

Yes, windows startup is slower than prior to installing this new McAfee Internet Security package. I'm assuming that McAfee is checking the STARTUP services/files...?

Thanks for your help.

2
Tech Clinic / Need help - removing Spyware Protect 2009 - Win XP Pro SP2
« on: February 28, 2009, 01:32:57 PM »
Hi-

Thanks for your help.

Followed all your instructions:

0- Removed the entries that you mentioned via HJT
1- De-installed McAfee Internet Security package
2- Made sure that all registry entries and c:\program files had no McAfee files or entries
3- Re-installed McAfee Internet Security package
4- Pasting fresh HJT log below.

Something that I just noticed in new HJT log; and I have a service named MCVSRte with no description and AUTOMATIC after fresh McAfee installation. If you recall we had this entry before we removed the previous install of McAfee.

O23 - Service: MCVSRte - McAfee, Inc. - (no file)

Problems still facing:

1- IE still complains about the YELLOW exclamation marks on some pages. You mentioned that the site might have problems; but I just installed Firefox and that does not complain; for e.g. this thread page loads clean in Firefox but would have YELLOW "Done, but with errors on page" in IE.
2- Slow internet browsing...FYI...I've disable McAfee Site Advisor plugin (both from IE7 and Firefox) and have made that service MANUAL
3- Slow Windows startup as opposed to before; I guess McAfee is checking on STARTUP programs...Is there a way to TUNE this?

###################################

Fresh HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:23:57 PM, on 2/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SecCopy\SecCopy.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Vipul C. Patel\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: 172.16.0.17 oracle2.lifedata.ldl oracle2
O1 - Hosts: 172.16.0.20 oracle1.lifedata.ldl oracle1
O1 - Hosts: 172.16.0.23 rman.lifedata.ldl rman
O1 - Hosts: 172.16.0.13 oracle3.lifedata.ldl oracle3
O1 - Hosts: 24.126.168.138 fynda.getmyip.com gloryto3.domain linux1.domain newman.domain
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon_6600D\Easy-WebPrint\Toolband.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [PDUiP6600DMon] C:\Program Files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Second Copy 2000] "C:\Program Files\SecCopy\SecCopy.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon_6600D\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon_6600D\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon_6600D\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon_6600D\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00191E4B-49C2-48E2-A548-8F702D75622A} - http://linux1.domain:7779/imtapp/res/jar/cnsload.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1173584011437
O16 - DPF: {CAFECAFE-0013-0001-0028-ABCDEFABCDEF} (JInitiator 1.3.1.28) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{1C94D276-D18B-4E37-B99C-DABDC16D715E}: NameServer = 68.87.68.162,68.87.74.162
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: MCVSRte - McAfee, Inc. - (no file)
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OracleOra920_DB_homeAgent - Oracle Corporation - C:\oracle\product\9.2.0\bin\agntsrvc.exe
O23 - Service: OracleOra920_DB_homeClientCache - Unknown owner - C:\oracle\product\9.2.0\BIN\ONRSD.EXE
O23 - Service: OracleOra920_DB_homeHTTPServer - Unknown owner - C:\oracle\product\9.2.0\Apache\Apache\apache.exe
O23 - Service: OracleOra920_DB_homeManagementServer - Unknown owner - C:\oracle\product\9.2.0\bin\OMSNTsrv.exe
O23 - Service: OracleOra920_DB_homePagingServer - Unknown owner - C:\oracle\product\9.2.0/bin/pagntsrv.exe
O23 - Service: OracleOra920_DB_homeSNMPPeerEncapsulator - Unknown owner - C:\oracle\product\9.2.0\BIN\ENCSVC.EXE
O23 - Service: OracleOra920_DB_homeSNMPPeerMasterAgent - Unknown owner - C:\oracle\product\9.2.0\BIN\AGNTSVC.EXE
O23 - Service: OracleOra920_DB_homeTNSListener - Unknown owner - C:\oracle\product\9.2.0\BIN\TNSLSNR.exe
O23 - Service: OracleServiceSAI - Oracle Corporation - c:\oracle\product\9.2.0\bin\ORACLE.EXE
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

--
End of file - 14113 bytes

3
Tech Clinic / Need help - removing Spyware Protect 2009 - Win XP Pro SP2
« on: February 26, 2009, 09:44:46 AM »
Thanks for your help.

Few things to notice:

I was not able to find the following entries that you recommended to remove; so I only removed what I found.

Removed entry was O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

The following were not removed as they were not found:

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)

For Spybot; I found the following entry in the new HJT LOG posted below; but it points to c:\windows\system32\shdocvw.dll instead of previously seen in Spybot folder.

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll


Here are the problems I'm facing:

1- Even though I've completely removed Spybot; it still appears in the IE7 as Tools > Sypbot Search and Destroy Configuration
2- Internet browsing is slow compared to before. Will newer version of McAfee Internet Security package do this? I've disabled their McAfee site advisor tool; as I know that is an extra drag to visiting sites.
3- Windows startup is extremely slow; it takes about 5 to 7 min to completely bring up the system.  If required we can get rid all un-necessary services that it brings up. May McAfee is checking all of them; while bringing up the system. I'll need your help however in rightfully doing this.
4- IE7 page always complains with YELLOW exlcamation mark at the LEFT bottom corner of the page saying "Done, but with errors on page", including this forum thread page.

Thanks again.


##########################

HJT log after rebooting the computer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:29:16 AM, on 2/26/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SecCopy\SecCopy.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\logon.scr
C:\Documents and Settings\Vipul C. Patel\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: 172.16.0.17 oracle2.lifedata.ldl oracle2
O1 - Hosts: 172.16.0.20 oracle1.lifedata.ldl oracle1
O1 - Hosts: 172.16.0.23 rman.lifedata.ldl rman
O1 - Hosts: 172.16.0.13 oracle3.lifedata.ldl oracle3
O1 - Hosts: 24.126.168.138 fynda.getmyip.com gloryto3.domain linux1.domain newman.domain
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon_6600D\Easy-WebPrint\Toolband.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [PDUiP6600DMon] C:\Program Files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Second Copy 2000] "C:\Program Files\SecCopy\SecCopy.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon_6600D\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon_6600D\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon_6600D\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon_6600D\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00191E4B-49C2-48E2-A548-8F702D75622A} - http://linux1.domain:7779/imtapp/res/jar/cnsload.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1173584011437
O16 - DPF: {CAFECAFE-0013-0001-0028-ABCDEFABCDEF} (JInitiator 1.3.1.28) -
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...514/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1C94D276-D18B-4E37-B99C-DABDC16D715E}: NameServer = 68.87.68.162,68.87.74.162
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OracleOra920_DB_homeAgent - Oracle Corporation - C:\oracle\product\9.2.0\bin\agntsrvc.exe
O23 - Service: OracleOra920_DB_homeClientCache - Unknown owner - C:\oracle\product\9.2.0\BIN\ONRSD.EXE
O23 - Service: OracleOra920_DB_homeHTTPServer - Unknown owner - C:\oracle\product\9.2.0\Apache\Apache\apache.exe
O23 - Service: OracleOra920_DB_homeManagementServer - Unknown owner - C:\oracle\product\9.2.0\bin\OMSNTsrv.exe
O23 - Service: OracleOra920_DB_homePagingServer - Unknown owner - C:\oracle\product\9.2.0/bin/pagntsrv.exe
O23 - Service: OracleOra920_DB_homeSNMPPeerEncapsulator - Unknown owner - C:\oracle\product\9.2.0\BIN\ENCSVC.EXE
O23 - Service: OracleOra920_DB_homeSNMPPeerMasterAgent - Unknown owner - C:\oracle\product\9.2.0\BIN\AGNTSVC.EXE
O23 - Service: OracleOra920_DB_homeTNSListener - Unknown owner - C:\oracle\product\9.2.0\BIN\TNSLSNR.exe
O23 - Service: OracleServiceSAI - Oracle Corporation - c:\oracle\product\9.2.0\bin\ORACLE.EXE
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

--
End of file - 14759 bytes

4
Tech Clinic / Need help - removing Spyware Protect 2009 - Win XP Pro SP2
« on: February 25, 2009, 11:09:14 PM »
Questolo-

Can you please review the log files that I'd uploaded and let me know if you see anything suspicious.

Thanks.

5
Tech Clinic / Need help - removing Spyware Protect 2009 - Win XP Pro SP2
« on: February 23, 2009, 09:22:17 PM »
It appears that I'm having trouble with IE 7 itself. For e.g. on this page; on the left hand bottom corner; I always get the yellow exclamation mark saying "Done, but with errors on page". At the top right of the thread; right next to "Rating" drop-down; I'm having a RED X suggesting that something has failed to load.

Also, as I mentioned; even after de-installing Spybot; I've a menu-item in Tools > Spybot - Search and Destroy configuartion. Something does not sound right?

Thanks.

6
Tech Clinic / Need help - removing Spyware Protect 2009 - Win XP Pro SP2
« on: February 23, 2009, 08:07:17 PM »
Sorry forgot to upload info.txt...

info.txt logfile of random's system information tool 1.05 2009-02-23 19:49:16

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->MsiExec.exe /I{07159635-9DFE-4105-BFC0-2817DB540C68}
-->MsiExec.exe /I{0D397393-9B50-4C52-84D5-77E344289F87}
-->MsiExec.exe /I{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}
-->MsiExec.exe /I{83FFCFC7-88C6-41C6-8752-958A45325C82}
-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
-->MsiExec.exe /I{F543B12A-13F5-487E-9314-F7D25E1BBE3E}
-->MsiExec.exe /X{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe Acrobat 6.0 Professional-->MsiExec.exe /I{AC76BA86-1033-0000-7760-000000000001}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
AnyDVD-->"C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
AOLIcon-->MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
APC PowerChute Personal Edition-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5A0C892E-FD1C-4203-941E-0956AED20A6A}\Setup.exe" -l0x9
BlackBerry Desktop Software 4.2.2-->MsiExec.exe /I{98605CAA-5F52-44EC-8AF7-2EC1A4C35F2D}
BlackBerry Desktop Software 4.2.2-->MsiExec.exe /i{98605CAA-5F52-44EC-8AF7-2EC1A4C35F2D}
BUM-->MsiExec.exe /I{55937F00-A69B-4049-8D3A-1C7729742B6F}
Canon Camera Support Core Library-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{E83DE21D-AE48-49CC-8DB4-C45598CEB96E} /l1033
Canon Camera Window for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{B34BE30D-A759-4EC2-B58F-19FE2DEBF651}
Canon iP6600D Memory Card Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{86D28491-78AB-445C-A507-6F3FA81D7611}\setup.exe"  /PDUUninstall
Canon iP6600D-->C:\WINDOWS\system32\CNMCP7D.exe "-PRINTERNAMECanon iP6600D" "-HELPERDLLC:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP6600D Installer\Inst2\cnmis.dll" "-RCDLLcnmi0409.dll"
Canon MovieEdit Task for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{DE286975-ACF1-45B8-9EF7-34E162B2C817}
Canon PhotoRecord-->MsiExec.exe /X{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}
Canon RAW Image Task for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{68E7E8BD-2233-49BE-81D6-1A1FAF1B5196}
Canon RemoteCapture Task for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{CF2C1A86-5A98-4862-A3AE-9992E3A6427D}
Canon Utilities Easy-PhotoPrint-->C:\Program Files\Canon_6600D\Easy-PhotoPrint\uninst.exe uninst.ini
Canon Utilities PhotoStitch 3.1-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}
Canon Utilities ZoomBrowser EX-->MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
CloneCD-->"C:\Program Files\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Program Files\SlySoft\CloneCD"
CloneDVD2-->"C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2"
ClueFinders 3rd Grade Adventures-->C:\WINDOWS\TLCUninstall.exe -f  "C:\Program Files\The Learning Company\ClueFinders 3rd Grade Adventures\Uninstall.xml"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant D850 56K V.9x DFVc Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Dell Digital Jukebox Driver-->C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Media Experience-->MsiExec.exe /I{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}
Dell Picture Studio v3.0-->MsiExec.exe /I{AF06CAE4-C134-44B1-B699-14FBDB63BD37}
Dell Support 3.1-->MsiExec.exe /X{548EEA8E-8299-497F-8057-811D2D7097DC}
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Easy-WebPrint-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon_6600D\Easy-WebPrint\Uninst.isu"
getPlus® for Adobe-->"C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1
Google Earth-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9  -removeonly
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar4.dll"
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Documents and Settings\Vipul C. Patel\Desktop\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel Matrix Storage Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}\setup.exe"   -l0409 -INTELUNINST
Intel® PRO Network Connections Software v9.2.4.11-->C:\Program Files\Intel\DMIX\uninst\DxSetup.exe /x /qr /le C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\PROSetDX\DMIX\\DxUninst.log
Intel® PROSafe for Wired Connections-->MsiExec.exe /I{36BD0774-6CD6-4FF9-A148-83CA09AC123E}
Intel® PROSafe for Wired Connections-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
Internet Explorer Default Page-->MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
IQChart 5-->"C:\Program Files\IQChart 5\Uninstall_IQChart 5\Uninstall IQChart 5.exe"
Jasc Paint Shop Photo Album 5-->MsiExec.exe /I{4192EAC0-6B36-4723-B216-D0E86E7757AC}
Jasc Paint Shop Pro Studio, Dell Editon-->MsiExec.exe /I{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}
Jasc Paint Shop Pro Studio.01 , Dell Edition 1.0.1.1 Patch-->C:\Program Files\Jasc Software Inc\Paint Shop Pro Studio\Unwise.exe /R /U C:\PROGRA~1\JASCSO~1\PAINTS~1\INSTALL.LOG
Java(tm) 6 Update 12-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
Knowledge Xpert for PLSQL V8.6-->C:\PROGRA~1\QUESTS~1\KNOWLE~1\PLSQL\UNWISE.EXE C:\PROGRA~1\QUESTS~1\KNOWLE~1\PLSQL\INSTALL.LOG
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
LiveReg (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 2.5 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Macromedia Flash Player-->MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office FrontPage 2003-->MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9}
Microsoft Office OneNote 2003-->MsiExec.exe /I{90A10409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Project Professional 2003-->MsiExec.exe /I{903B0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Visio Professional 2003-->MsiExec.exe /I{90510409-6000-11D3-8CFE-0150048383C9}
Microsoft Outlook Web Access S/MIME-->MsiExec.exe /X{6CF08AD2-00C5-4A63-B74B-2EFFFAFEBE1A}
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
Musicmatch for Windows Media Player-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E93E5EF6-D361-481E-849D-F16EF5C78EBC}\setup.exe" -l0x9 remove
Musicmatch� Jukebox-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}\setup.exe" -l0x9  -uninst
NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Oracle Data Provider for .NET Help-->MsiExec.exe /I{6AA003BF-73E5-4911-ADB7-71DD5674DDD4}
Oracle JInitiator 1.3.1.28-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAFECAFE-0013-0001-0128-ABCDEFABCDEF}\Setup.exe" -l0x9  -uninst
Oracle Web Conferencing Console-->"C:\Program Files\Common Files\Oracle\RTC Client\3.0.3.667\en\cnsrun.exe" --dll:cnssetup.dll --entry:5 --cmd:/u
Photo Click-->MsiExec.exe /I{6E179C77-7335-458D-9537-4F4EAC0181ED}
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
Pinnacle Hollywood FX for Studio-->C:\WINDOWS\unvise32.exe C:\Program Files\Pinnacle\Hollywood FX for Studio\5.5\uninstal.log
PowerDVD 5.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe"  -uninstall
Qualxserve Service Agreement-->MsiExec.exe /X{0F756CD9-4A1E-409B-B101-601DDC4C03AA}
Quest Software Toad for Oracle Version 8.6.1-->C:\PROGRA~1\QUESTS~1\TOADFO~1\UNINST~1.EXE
Quest SQL Tuning for Oracle-->C:\PROGRA~1\QUESTS~1\TOADFO~1\TUNING~1\UNWISE.EXE C:\PROGRA~1\QUESTS~1\TOADFO~1\TUNING~1\INSTALL.LOG
QuickBooks Simple Start Special Edition-->msiexec.exe /I {F543B12A-13F5-487E-9314-F7D25E1BBE3E} UNIQUE_NAME="atomlimited" QBFULLNAME="QuickBooks Simple Start Special Edition" ADDREMOVE=1
Quicken 2007-->MsiExec.exe /X{0D2E80C8-0875-43EB-9623-47118E2DFBCA}
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
Reader Rabbit Math Ages 6-9-->C:\Program Files\The Learning Company\Reader Rabbit Math Ages 6-9\uninstal.exe
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Roxio Media Manager-->MsiExec.exe /X{66D171AA-670F-4309-9C74-5BA7F7DBA0B3}
Second Copy 2000-->C:\PROGRA~1\SecCopy\UNWISE.EXE C:\PROGRA~1\SecCopy\INSTALL.LOG
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Self Test Practice Test Engine-->C:\PROGRA~1\SelfTest\UNWISE.EXE C:\PROGRA~1\SelfTest\INSTALL.LOG
Self Test Software:  Exam 1Z0-030 -->C:\PROGRA~1\SelfTest\EXAMFI~1\EXAMID~1\UNWISE.EXE C:\PROGRA~1\SelfTest\EXAMFI~1\EXAMID~1\INSTALL.LOG
SmartSound Quicktracks Plugin-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic MyDVD LE-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
SpongeBob SquarePants Typing-->C:\WINDOWS\TLCUninstall.exe -f  "C:\Program Files\The Learning Company\SpongeBob SquarePants Typing\Uninstall.xml"
SSH Secure Shell-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}\Setup.exe"
Storm Codec-->C:\Program Files\Ringz Studio\Storm Codec\uninst6.07.17.exe
Studio 9.4 Patch-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{16E217EA-C3E0-402D-8D4F-6189DB74497A}\setup.exe" -l0x9  UNINSTALL
Studio 9-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E491AB7-4589-48CA-9CBB-874CB2788391}\Setup.exe" -l0x9  UNINSTALL
Symantec pcAnywhere-->MsiExec.exe /I{115E8183-866A-11D3-97DF-0000F8D8F2E9}
TextPad 4.7-->MsiExec.exe /X{B510A987-487E-4C66-9F4F-D386AC275715}
Trillian-->C:\Program Files\Trillian\trillian.exe /uninstall
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
VanDyke Software SecureCRT 5.0-->C:\PROGRA~1\SECURE~1\UNINSTAL.EXE C:\PROGRA~1\SECURE~1\INSTALL.LOG
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
VNC Free Edition 4.1.1-->"C:\Program Files\RealVNC\VNC4\unins000.exe"
VPN Client-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5624C000-B109-11D4-9DB4-00E0290FCAC5}\Setup.exe" -l0x9  VpnUninstall
WD Diagnostics-->MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
WebCyberCoach 3.2 Dell-->"C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg  "enginecf.inf,RealUninstallSection,,4"
Whisper 32-->MsiExec.exe /I{9F0E4EC2-2398-4BB8-9FBB-B4E7C4E128E6}
Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinSCP 3.8.2-->"C:\Program Files\WinSCP3\unins000.exe"
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Yahoo! extras-->C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Photos Easy Upload Tool-->C:\WINDOWS\system32\regsvr32 /u /s "C:\WINDOWS\cache\YDropper.dll"
Zoombinis Island Odyssey-->C:\WINDOWS\TLCUninstall.exe -f  "C:\Program Files\The Learning Company\Zoombinis Island Odyssey\Uninstall.xml"

======Hosts File======

172.16.0.17 oracle2.lifedata.ldl oracle2
172.16.0.20 oracle1.lifedata.ldl oracle1
172.16.0.23 rman.lifedata.ldl rman
172.16.0.13 oracle3.lifedata.ldl oracle3
192.168.1.9 krisna.alps.com krisna
10.16.102.116 testacapp.cellularsouth.net testacapp
10.16.102.117 testacdb.cellularsouth.net testacdb
10.16.2.18      spartan.cellularsouth.net spartan
10.16.106.229   prodappc1.cellularsouth.net prodappc1
10.16.106.188   proddb21.cellularsouth.net proddb21

======Security center information======

AV: McAfee VirusScan
FW: McAfee Personal Firewall

System event log

Computer Name: SHANTI
Event Code: 7036
Message: The Fax service entered the stopped state.

Record Number: 39494
Source Name: Service Control Manager
Time Written: 20081202112741.000000-300
Event Type: information
User:

Computer Name: SHANTI
Event Code: 7036
Message: The Roxio Hard Drive Watcher 9 service entered the stopped state.

Record Number: 39493
Source Name: Service Control Manager
Time Written: 20081202112741.000000-300
Event Type: information
User:

Computer Name: SHANTI
Event Code: 7035
Message: The Remote Access Connection Manager service was successfully sent a start control.

Record Number: 39492
Source Name: Service Control Manager
Time Written: 20081202112736.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: SHANTI
Event Code: 7036
Message: The Application Layer Gateway Service service entered the running state.

Record Number: 39491
Source Name: Service Control Manager
Time Written: 20081202112735.000000-300
Event Type: information
User:

Computer Name: SHANTI
Event Code: 7035
Message: The Application Layer Gateway Service service was successfully sent a start control.

Record Number: 39490
Source Name: Service Control Manager
Time Written: 20081202112735.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Application event log

Computer Name: SHANTI
Event Code: 1904
Message:
Record Number: 5599
Source Name: HHCTRL
Time Written: 20070318101348.000000-240
Event Type: information
User:

Computer Name: SHANTI
Event Code: 1904
Message:
Record Number: 5598
Source Name: HHCTRL
Time Written: 20070318101348.000000-240
Event Type: information
User:

Computer Name: SHANTI
Event Code: 1904
Message:
Record Number: 5597
Source Name: HHCTRL
Time Written: 20070318101348.000000-240
Event Type: information
User:

Computer Name: SHANTI
Event Code: 1904
Message:
Record Number: 5596
Source Name: HHCTRL
Time Written: 20070318101348.000000-240
Event Type: information
User:

Computer Name: SHANTI
Event Code: 1904
Message:
Record Number: 5595
Source Name: HHCTRL
Time Written: 20070318101348.000000-240
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\oracle\product\9.2.0\bin;C:\Program Files\Oracle\jre\1.3.1\bin;C:\Program Files\Oracle\jre\1.1.8\bin;C:\oracle\product\10.2.0\client_1\bin;C:\Program Files\Intel\DMIX;C:\Program Files\Symantec\pcAnywhere;C:\Program Files\WinSCP3;C:\Program Files\SecureCRT;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0404
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"WV_GATEWAY_CFG"=C:\oracle\product\9.2.0\Apache\modplsql\cfg\wdbsvr.app
"JSERV"=C:\oracle\product\9.2.0/Apache/Jserv/conf
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\

-----------------EOF-----------------

7
Tech Clinic / Need help - removing Spyware Protect 2009 - Win XP Pro SP2
« on: February 23, 2009, 08:05:47 PM »
I was not able to paste all the contents here so I've uploaded the log files...

Can you please review the uploaded files...

Thanks.

Logfile of random's system information tool 1.05 (written by random/random)
Run by Vipul C. Patel at 2009-02-23 19:48:42
Microsoft Windows XP Professional Service Pack 3
System drive C: has 55 GB (37%) free of 149 GB
Total RAM: 1022 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:49:09 PM, on 2/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SecCopy\SecCopy.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\TextPad 4\TextPad.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Vipul C. Patel\Desktop\RSIT.exe
C:\Documents and Settings\Vipul C. Patel\Desktop\Vipul C. Patel.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: 172.16.0.17 oracle2.lifedata.ldl oracle2
O1 - Hosts: 172.16.0.20 oracle1.lifedata.ldl oracle1
O1 - Hosts: 172.16.0.23 rman.lifedata.ldl rman
O1 - Hosts: 172.16.0.13 oracle3.lifedata.ldl oracle3
O1 - Hosts: 24.126.168.138 fynda.getmyip.com gloryto3.domain linux1.domain newman.domain
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon_6600D\Easy-WebPrint\Toolband.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [PDUiP6600DMon] C:\Program Files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Second Copy 2000] "C:\Program Files\SecCopy\SecCopy.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: DSW IPSec Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon_6600D\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon_6600D\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon_6600D\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon_6600D\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00191E4B-49C2-48E2-A548-8F702D75622A} - http://linux1.domain:7779/imtapp/res/jar/cnsload.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1173584011437
O16 - DPF: {CAFECAFE-0013-0001-0028-ABCDEFABCDEF} (JInitiator 1.3.1.28) - http://oracle2.lifedata.ldl:8010/jinitiator/oajinit.exe
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...514/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1C94D276-D18B-4E37-B99C-DABDC16D715E}: NameServer = 68.87.68.162,68.87.74.162
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OracleOra920_DB_homeAgent - Oracle Corporation - C:\oracle\product\9.2.0\bin\agntsrvc.exe
O23 - Service: OracleOra920_DB_homeClientCache - Unknown owner - C:\oracle\product\9.2.0\BIN\ONRSD.EXE
O23 - Service: OracleOra920_DB_homeHTTPServer - Unknown owner - C:\oracle\product\9.2.0\Apache\Apache\apache.exe
O23 - Service: OracleOra920_DB_homeManagementServer - Unknown owner - C:\oracle\product\9.2.0\bin\OMSNTsrv.exe
O23 - Service: OracleOra920_DB_homePagingServer - Unknown owner - C:\oracle\product\9.2.0/bin/pagntsrv.exe
O23 - Service: OracleOra920_DB_homeSNMPPeerEncapsulator - Unknown owner - C:\oracle\product\9.2.0\BIN\ENCSVC.EXE
O23 - Service: OracleOra920_DB_homeSNMPPeerMasterAgent - Unknown owner - C:\oracle\product\9.2.0\BIN\AGNTSVC.EXE
O23 - Service: OracleOra920_DB_homeTNSListener - Unknown owner - C:\oracle\product\9.2.0\BIN\TNSLSNR.exe
O23 - Service: OracleServiceSAI - Oracle Corporation - c:\oracle\product\9.2.0\bin\ORACLE.EXE
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

--
End of file - 15677 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]
McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\mskapbho.dll [2009-01-09 246800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2006-01-06 181752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-12-06 118842]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2009-01-09 58688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar4.dll [2007-01-19 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-24 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-11-14 150032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-02-18 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-02-18 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BA52B914-B692-46c4-B683-905236F6F655}
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar4.dll [2007-01-19 2403392]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon_6600D\Easy-WebPrint\Toolband.dll [2004-08-26 405504]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-11-14 150032]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2005-03-22 339968]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-03-09 86016]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-03-09 7561216]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-09-11 86960]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2005-04-25 139264]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2006-09-11 218032]
"RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2007-04-23 228088]
"RealTray"=C:\Program Files\Real\RealPlayer\RealPlay.exe [2005-07-26 26112]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2005-07-26 98304]
"PinnacleDriverCheck"=C:\WINDOWS\system32\PSDrvCheck.exe [2004-03-10 406016]
"PDUiP6600DMon"=C:\Program Files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe [2005-05-25 69632]
"mmtask"=C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe [2006-01-17 53248]
"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2005-02-23 53248]
"DMXLauncher"=C:\Program Files\Dell\Media Experience\DMXLauncher.exe [2005-01-27 86016]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-12-06 127035]
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2005-12-10 133016]
"CloneCDTray"=C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2005-05-19 57344]
"AnyDVD"=C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe [2006-08-15 454144]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-01-08 645328]
"McENUI"=C:\PROGRA~1\McAfee\MHN\McENUI.exe [2009-01-09 1176808]
"McAfee Backup"=C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe [2009-01-09 5134864]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-02-18 148888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Second Copy 2000"=C:\Program Files\SecCopy\SecCopy.exe [2001-09-17 1134080]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-05-27 68856]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
APC UPS Status.lnk - C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
DSW IPSec Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

C:\Documents and Settings\Vipul C. Patel\Start Menu\Programs\Startup
Desktop Manager.lnk - C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PCANotify]
C:\WINDOWS\system32\PCANotify.dll [2004-11-01 8704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{569DAC0F-2791-46ab-8EFC-A54B77C04C20}"=C:\Program Files\DVD Ghost\ExecuteHooker.dll [2004-07-27 90112]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDrives"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\oracle\product\9.2.0\Apache\Apache\Apache.exe"="C:\oracle\product\9.2.0\Apache\Apache\Apache.exe:*:Enabled:Apache"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Trillian\trillian.exe"="C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Disabled:Windows� NetMeeting�"
"C:\WINDOWS\system32\fxsclnt.exe"="C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft  Fax Console"
"C:\Program Files\Roxio\Media Manager 9\MediaManager9.exe"="C:\Program Files\Roxio\Media Manager 9\MediaManager9.exe:*:Disabled:MediaManager9 Module"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-02-23 19:48:42 ----D---- C:\rsit
2009-02-22 20:59:06 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-02-22 20:58:31 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-02-20 22:40:26 ----D---- C:\WINDOWS\Prefetch
2009-02-20 20:12:08 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-02-20 20:12:00 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-02-20 20:11:51 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-02-20 20:11:40 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-02-20 20:11:26 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-02-20 20:11:17 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-02-20 20:11:07 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-02-20 20:10:58 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-02-20 20:10:48 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2009-02-20 20:10:39 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-02-20 20:10:30 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-02-20 20:10:21 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-02-20 20:10:11 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-02-20 20:09:58 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-02-20 20:09:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2009-02-20 20:09:41 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-02-20 20:09:32 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-02-20 20:09:19 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-02-20 20:09:09 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-02-20 20:09:00 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2009-02-20 20:02:26 ----D---- C:\WINDOWS\system32\scripting
2009-02-20 20:02:26 ----D---- C:\WINDOWS\l2schemas
2009-02-20 20:02:25 ----D---- C:\WINDOWS\system32\en
2009-02-20 20:02:25 ----D---- C:\WINDOWS\system32\bits
2009-02-20 19:59:08 ----D---- C:\WINDOWS\ServicePackFiles
2009-02-20 19:50:31 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-02-20 19:08:16 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2009-02-20 19:08:06 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2009-02-20 19:07:51 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2009-02-20 19:04:30 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-02-20 19:04:14 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2009-02-20 19:03:00 ----HDC---- C:\WINDOWS\$NtUninstallKB954211_0$
2009-02-20 19:02:40 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_0$
2009-02-20 19:02:20 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-02-20 19:02:11 ----HDC---- C:\WINDOWS\$NtUninstallKB957097_0$
2009-02-20 19:02:00 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-02-20 19:01:50 ----HDC---- C:\WINDOWS\$NtUninstallKB958687_0$
2009-02-20 19:01:34 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2009-02-20 19:01:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2009-02-20 19:01:10 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
2009-02-20 19:00:57 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$
2009-02-20 18:59:59 ----HDC---- C:\WINDOWS\$NtUninstallKB954600_0$
2009-02-20 18:59:47 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2009-02-20 18:59:30 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$
2009-02-20 18:59:01 ----HDC---- C:\WINDOWS\$NtUninstallKB956802_0$
2009-02-20 18:58:23 ----SHD---- C:\Config.Msi
2009-02-18 23:01:13 ----N---- C:\WINDOWS\system32\wmphoto.dll
2009-02-18 23:01:09 ----N---- C:\WINDOWS\system32\wlanapi.dll
2009-02-18 23:01:07 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2009-02-18 23:01:07 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2009-02-18 23:00:54 ----N---- C:\WINDOWS\system32\tspkg.dll
2009-02-18 23:00:54 ----N---- C:\WINDOWS\system32\tsgqec.dll
2009-02-18 23:00:42 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2009-02-18 23:00:40 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2009-02-18 23:00:38 ----N---- C:\WINDOWS\system32\slserv.exe
2009-02-18 23:00:37 ----N---- C:\WINDOWS\system32\slrundll.exe
2009-02-18 23:00:37 ----N---- C:\WINDOWS\system32\slgen.dll
2009-02-18 23:00:37 ----N---- C:\WINDOWS\system32\slextspk.dll
2009-02-18 23:00:37 ----N---- C:\WINDOWS\system32\slcoinst.dll
2009-02-18 23:00:37 ----N---- C:\WINDOWS\slrundll.exe
2009-02-18 23:00:34 ----N---- C:\WINDOWS\system32\setupn.exe
2009-02-18 23:00:29 ----N---- C:\WINDOWS\system32\s3gnb.dll
2009-02-18 23:00:27 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2009-02-18 23:00:24 ----N---- C:\WINDOWS\system32\rasqec.dll
2009-02-18 23:00:23 ----N---- C:\WINDOWS\system32\qutil.dll
2009-02-18 23:00:22 ----N---- C:\WINDOWS\system32\qcliprov.dll
2009-02-18 23:00:21 ----N---- C:\WINDOWS\system32\qagentrt.dll
2009-02-18 23:00:21 ----N---- C:\WINDOWS\system32\qagent.dll
2009-02-18 23:00:19 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2009-02-18 23:00:15 ----N---- C:\WINDOWS\system32\onex.dll
2009-02-18 23:00:02 ----N---- C:\WINDOWS\system32\napstat.exe
2009-02-18 23:00:02 ----N---- C:\WINDOWS\system32\napmontr.dll
2009-02-18 23:00:02 ----N---- C:\WINDOWS\system32\napipsec.dll
2009-02-18 23:00:01 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2009-02-18 23:00:00 ----N---- C:\WINDOWS\system32\msxml6r.dll
2009-02-18 23:00:00 ----A---- C:\WINDOWS\system32\msxml6.dll
2009-02-18 22:59:57 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2009-02-18 22:59:57 ----N---- C:\WINDOWS\system32\mssha.dll
2009-02-18 22:59:37 ----N---- C:\WINDOWS\system32\mmcperf.exe
2009-02-18 22:59:37 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2009-02-18 22:59:37 ----N---- C:\WINDOWS\system32\mmcex.dll
2009-02-18 22:59:36 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2009-02-18 22:59:20 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2009-02-18 22:59:19 ----N---- C:\WINDOWS\system32\kmsvc.dll
2009-02-18 22:59:18 ----N---- C:\WINDOWS\system32\kbdpash.dll
2009-02-18 22:59:18 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2009-02-18 22:59:18 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2009-02-18 22:59:17 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2009-02-18 22:59:02 ----N---- C:\WINDOWS\system32\smtpapi.dll
2009-02-18 22:59:01 ----N---- C:\WINDOWS\system32\rwnh.dll
2009-02-18 22:58:56 ----N---- C:\WINDOWS\system32\comsdupd.exe
2009-02-18 22:58:48 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2009-02-18 22:58:38 ----N---- C:\WINDOWS\system32\faxpatch.exe
2009-02-18 22:58:38 ----A---- C:\WINDOWS\002899_.tmp
2009-02-18 22:58:35 ----N---- C:\WINDOWS\system32\eapsvc.dll
2009-02-18 22:58:35 ----N---- C:\WINDOWS\system32\eapqec.dll
2009-02-18 22:58:35 ----N---- C:\WINDOWS\system32\eappprxy.dll
2009-02-18 22:58:35 ----N---- C:\WINDOWS\system32\eapphost.dll
2009-02-18 22:58:35 ----N---- C:\WINDOWS\system32\eappgnui.dll
2009-02-18 22:58:35 ----N---- C:\WINDOWS\system32\eappcfg.dll
2009-02-18 22:58:35 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2009-02-18 22:58:34 ----N---- C:\WINDOWS\system32\eapolqec.dll
2009-02-18 22:58:30 ----N---- C:\WINDOWS\system32\dot3ui.dll
2009-02-18 22:58:30 ----N---- C:\WINDOWS\system32\dot3svc.dll
2009-02-18 22:58:30 ----N---- C:\WINDOWS\system32\dot3msm.dll
2009-02-18 22:58:30 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2009-02-18 22:58:30 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2009-02-18 22:58:30 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2009-02-18 22:58:30 ----N---- C:\WINDOWS\system32\dot3api.dll
2009-02-18 22:58:28 ----N---- C:\WINDOWS\system32\dimsroam.dll
2009-02-18 22:58:28 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2009-02-18 22:58:27 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2009-02-18 22:58:25 ----N---- C:\WINDOWS\system32\credssp.dll
2009-02-18 22:58:21 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2009-02-18 22:58:21 ----N---- C:\WINDOWS\system32\azroles.dll
2009-02-18 22:58:20 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2009-02-18 22:58:20 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2009-02-18 22:58:19 ----N---- C:\WINDOWS\system32\ati3duag.dll
2009-02-18 22:58:19 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2009-02-18 22:58:19 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2009-02-18 22:58:19 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2009-02-18 22:58:19 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2009-02-18 22:58:14 ----N---- C:\WINDOWS\system32\aaclient.dll
2009-02-18 22:15:27 ----A---- C:\WINDOWS\system32\javaws.exe
2009-02-18 22:15:27 ----A---- C:\WINDOWS\system32\javaw.exe
2009-02-18 22:15:27 ----A---- C:\WINDOWS\system32\java.exe
2009-02-18 22:15:27 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-02-18 22:14:42 ----D---- C:\Program Files\Java
2009-02-18 22:13:12 ----D---- C:\Documents and Settings\Vipul C. Patel\Application Data\Sun
2009-02-18 21:06:24 ----D---- C:\Program Files\Citrix
2009-02-18 20:27:46 ----D---- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2009-02-18 20:24:29 ----D---- C:\Program Files\McAfee.com
2009-02-18 20:24:29 ----D---- C:\Program Files\Common Files\McAfee
2009-02-18 20:24:17 ----D---- C:\Program Files\McAfee
2009-02-18 20:21:42 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2009-02-16 19:06:43 ----SHD---- C:\RECYCLER
2009-02-09 19:40:31 ----D---- C:\WINDOWS\temp
2009-02-09 19:40:21 ----A---- C:\ComboFix.txt
2009-02-09 19:29:39 ----D---- C:\ComboFix
2009-02-07 18:04:46 ----A---- C:\WINDOWS\gmer.ini
2009-02-07 18:04:45 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2009-02-07 18:04:45 ----A---- C:\WINDOWS\gmer.exe
2009-02-07 18:04:45 ----A---- C:\WINDOWS\gmer.dll
2009-02-05 22:06:58 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-02-05 22:03:57 ----D---- C:\Program Files\NOS
2009-02-05 22:03:57 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-02-05 20:37:50 ----A---- C:\Boot.bak
2009-02-05 20:37:37 ----RASHD---- C:\cmdcons
2009-02-05 20:35:58 ----A---- C:\WINDOWS\zip.exe
2009-02-05 20:35:58 ----A---- C:\WINDOWS\VFIND.exe
2009-02-05 20:35:58 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-02-05 20:35:58 ----A---- C:\WINDOWS\SWSC.exe
2009-02-05 20:35:58 ----A---- C:\WINDOWS\SWREG.exe
2009-02-05 20:35:58 ----A---- C:\WINDOWS\sed.exe
2009-02-05 20:35:58 ----A---- C:\WINDOWS\NIRCMD.exe
2009-02-05 20:35:58 ----A---- C:\WINDOWS\grep.exe
2009-02-05 20:35:58 ----A---- C:\WINDOWS\fdsv.exe
2009-02-05 20:35:54 ----D---- C:\WINDOWS\ERDNT
2009-02-05 20:35:54 ----AD---- C:\Qoobox
2009-02-05 08:37:32 ----D---- C:\Documents and Settings\Vipul C. Patel\Application Data\Malwarebytes
2009-02-05 08:37:27 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-02-03 07:36:27 ----D---- C:\WINDOWS\Minidump
2009-02-02 21:21:21 ----D---- C:\WINDOWS\McAfee.com

======List of files/folders modified in the last 1 months======

2009-02-22 22:08:32 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-22 21:26:32 ----D---- C:\WINDOWS\system32
2009-02-22 21:26:28 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-02-22 21:25:56 ----D---- C:\WINDOWS
2009-02-22 21:21:36 ----A---- C:\WINDOWS\ModemLog_Standard Modem.txt
2009-02-22 21:21:31 ----A---- C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
2009-02-22 21:20:41 ----RD---- C:\Program Files
2009-02-22 21:19:32 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-22 20:59:12 ----HD---- C:\WINDOWS\inf
2009-02-22 20:59:10 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-02-22 20:58:56 ----A---- C:\WINDOWS\imsins.BAK
2009-02-22 19:15:47 ----HD---- C:\WINDOWS\$hf_mig$
2009-02-22 19:13:31 ----A---- C:\WINDOWS\OEWABLog.txt
2009-02-22 19:12:26 ----A---- C:\WINDOWS\setuplog.txt
2009-02-20 22:48:29 ----A---- C:\WINDOWS\win.ini
2009-02-20 22:39:19 ----D---- C:\WINDOWS\system32\Setup
2009-02-20 22:39:19 ----D---- C:\WINDOWS\AppPatch
2009-02-20 22:39:18 ----RSD---- C:\WINDOWS\Fonts
2009-02-20 22:39:18 ----D---- C:\WINDOWS\system32\wbem
2009-02-20 22:39:13 ----D---- C:\WINDOWS\system32\drivers
2009-02-20 22:38:18 ----D---- C:\WINDOWS\security
2009-02-20 20:12:10 ----D---- C:\WINDOWS\system32\CatRoot
2009-02-20 20:09:11 ----D---- C:\Program Files\Messenger
2009-02-20 20:02:54 ----D---- C:\WINDOWS\WinSxS
2009-02-20 20:02:40 ----D---- C:\WINDOWS\system32\inetsrv
2009-02-20 20:02:40 ----D---- C:\WINDOWS\network diagnostic
2009-02-20 20:02:40 ----D---- C:\WINDOWS\ime
2009-02-20 20:02:39 ----D---- C:\WINDOWS\Help
2009-02-20 20:02:27 ----D---- C:\WINDOWS\system32\usmt
2009-02-20 20:02:27 ----D---- C:\WINDOWS\system32\en-US
2009-02-20 20:02:25 ----SHD---- C:\WINDOWS\Installer
2009-02-20 20:02:25 ----D---- C:\WINDOWS\PeerNet
2009-02-20 20:02:25 ----D---- C:\Program Files\Movie Maker
2009-02-20 19:58:55 ----D---- C:\WINDOWS\system32\Restore
2009-02-20 19:58:55 ----D---- C:\WINDOWS\system32\npp
2009-02-20 19:58:55 ----D---- C:\WINDOWS\mui
2009-02-20 19:58:53 ----D---- C:\WINDOWS\msagent
2009-02-20 19:58:51 ----D---- C:\WINDOWS\srchasst
2009-02-20 19:58:49 ----D---- C:\Program Files\NetMeeting
2009-02-20 19:58:47 ----D---- C:\WINDOWS\system32\Com
2009-02-20 19:58:44 ----D---- C:\Program Files\Windows Media Player
2009-02-20 19:58:43 ----D---- C:\Program Files\Windows NT
2009-02-20 19:58:43 ----D---- C:\Program Files\Outlook Express
2009-02-20 19:58:40 ----D---- C:\Program Files\Common Files\System
2009-02-20 19:58:21 ----D---- C:\WINDOWS\system32\oobe
2009-02-20 19:58:17 ----D---- C:\WINDOWS\system
2009-02-20 19:50:27 ----D---- C:\WINDOWS\ehome
2009-02-20 19:00:40 ----D---- C:\Program Files\Internet Explorer
2009-02-18 22:36:13 ----D---- C:\WINDOWS\Debug
2009-02-18 22:00:08 ----HD---- C:\Program Files\InstallShield Installation Information
2009-02-18 22:00:08 ----D---- C:\Program Files\Oracle
2009-02-18 21:16:32 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-02-18 20:24:43 ----SD---- C:\WINDOWS\Tasks
2009-02-18 20:24:29 ----D---- C:\Program Files\Common Files
2009-02-18 20:19:05 ----A---- C:\WINDOWS\system.ini
2009-02-16 19:11:05 ----D---- C:\Program Files\TurboTax
2009-02-11 20:56:18 ----A---- C:\WINDOWS\system32\MRT.exe
2009-02-09 06:49:03 ----SHD---- C:\System Volume Information
2009-02-09 06:02:12 ----D---- C:\Documents and Settings
2009-02-08 13:35:06 ----D---- C:\Program Files\eMule
2009-02-05 22:07:10 ----D---- C:\Program Files\Adobe
2009-02-05 22:06:49 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-02-05 22:00:53 ----RASH---- C:\boot. ini
2009-02-05 22:00:52 ----D---- C:\WINDOWS\pss
2009-02-03 07:38:16 ----A---- C:\WINDOWS\ntbtlog.txt
2009-02-03 07:36:29 ----SHD---- C:\WINDOWS\CSC

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AW_HOST;AW_HOST; C:\WINDOWS\system32\drivers\aw_host5.sys [2003-10-23 16984]
R1 awecho;awecho; C:\WINDOWS\system32\drivers\awechomd.sys [2004-03-05 8368]
R1 awlegacy;awlegacy; C:\WINDOWS\System32\Drivers\awlegacy.sys [2003-11-17 11165]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-01-09 213640]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2008-10-23 120136]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2002-11-08 17217]
R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2005-07-26 8552]
R2 CVPNDRVA;DSW IPsec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-11-23 40480]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2005-04-21 10624]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-12-06 25883]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-12-06 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-12-06 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-12-06 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-12-06 86586]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-12-06 15227]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-12-06 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-12-06 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-12-06 100603]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2005-07-11 19200]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ASAPIW2k;ASAPIW2K; C:\WINDOWS\system32\drivers\ASAPIW2k.sys [2004-03-10 11264]
R3 BENDER;Pinnacle DV/AV Capture; C:\WINDOWS\system32\drivers\bender.sys [2003-09-25 180480]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2003-07-24 139604]
R3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2006-04-14 223128]
R3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-10-14 155648]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2005-05-03 27392]
R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2005-04-12 4608]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-01-28 171008]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-01-09 79304]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-01-09 35272]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-01-09 40552]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-03-09 3650368]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
R3 STHDA;High Definition Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-03-31 180096]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S1 dsload;dsload; C:\WINDOWS\System32\drivers\dsload.sys [2005-10-21 10848]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2005-02-08 5185]
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2009-02-07 85969]
S3 HidBatt;HID UPS Battery Driver; C:\WINDOWS\system32\DRIVERS\HidBatt.sys [2008-04-13 20352]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-01-09 34216]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NAL;Nal Service ; \??\C:\WINDOWS\system32\Drivers\iqvw32.sys []
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 RimUsb;BlackBerry Device; C:\WINDOWS\System32\Drivers\RimUsb.sys [2006-11-07 22272]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 APC UPS Service;APC UPS Service; C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe [2004-07-21 176241]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2005-04-07 1421336]
R2 IAANTMon;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe [2005-04-25 86142]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-02-18 152984]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-12-05 206096]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-01-08 797864]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-01-09 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-01-09 359952]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-01-09 144704]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-01-09 884360]
R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2009-01-09 26640]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-03-09 143436]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-01-09 606736]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 MCVSRte;McAfee.com VirusScan Online Realtime Engine; c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe /Embedding []
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-04-22 359160]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2007-04-23 310008]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2007-04-23 166648]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 awhost32;pcAnywhere Host Service; C:\Program Files\Symantec\pcAnywhere\awhost32.exe [2004-11-01 106496]
S3 getPlus® Helper;getPlus® Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-12-01 33752]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-27 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 MBackMonitor;MBackMonitor; C:\Program Files\McAfee\MBK\MBackMonitor.exe [2009-01-09 68112]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-01-09 365072]
S3 OracleOra920_DB_homeAgent;OracleOra920_DB_homeAgent; C:\oracle\product\9.2.0\bin\agntsrvc.exe [2002-04-26 28944]
S3 OracleOra920_DB_homeClientCache;OracleOra920_DB_homeClientCache; C:\oracle\product\9.2.0\BIN\ONRSD.EXE [2002-04-26 242328]
S3 OracleOra920_DB_homeHTTPServer;OracleOra920_DB_homeHTTPServer; C:\oracle\product\9.2.0\Apache\Apache\apache.exe [2002-04-18 4096]
S3 OracleOra920_DB_homeManagementServer;OracleOra920_DB_homeManagementServer; C:\oracle\product\9.2.0\bin\OMSNTsrv.exe [2002-08-20 53248]
S3 OracleOra920_DB_homePagingServer;OracleOra920_DB_homePagingServer; C:\oracle\product\9.2.0/bin/pagntsrv.exe [2002-08-20 49152]
S3 OracleOra920_DB_homeSNMPPeerEncapsulator;OracleOra920_DB_homeSNMPPeerEncapsulato
r; C:\oracle\product\9.2.0\BIN\ENCSVC.EXE [2002-02-13 187392]
S3 OracleOra920_DB_homeSNMPPeerMasterAgent;OracleOra920_DB_homeSNMPPeerMasterAgent; C:\oracle\product\9.2.0\BIN\AGNTSVC.EXE [2002-02-13 254464]
S3 OracleOra920_DB_homeTNSListener;OracleOra920_DB_homeTNSListener; C:\oracle\product\9.2.0\BIN\TNSLSNR  []
S3 OracleServiceSAI;OracleServiceSAI; c:\oracle\product\9.2.0\bin\ORACLE.EXE [2002-05-14 29475088]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-04-22 88824]
S3 RoxMe

8
Tech Clinic / Need help - removing Spyware Protect 2009 - Win XP Pro SP2
« on: February 22, 2009, 10:07:05 PM »
Hi-

Since my last update changes done on this PC:

1- De-installed Malwarebytes, previous version of McAfee; and few other unnecessary tools.
2- Installed a brand new version of McAfee Internet Security package
3- Updated Windows XP to SP3 and all updated with latest pacthes. I was way behind this...had not installed any patches since a long time.

But since this; my Windows startup takes about 5-7min and IE 7 browsing performance has been very bad. I'd then noticed that I'd Spybot - Search and Destroy installed and I'd heard that McAfee had in-compabilities with any of the other Malware/anti-virus software. So I've now de-installed Spybot; but the IE 7 performance is still very very bad.

I still have IE7 > Tools > Spybot - Search & Destroy configuration remaining; even it appears to be a clean de-install. I don't know how to remove that. I'm not sure what is causing the slowness. I've also disabled McAfee Internet Security packages' Site Advisor; as it appears to be checking websites on the fly.

I'm uploading HJT log with this update.

Can you please help; please advice...

Thanks in advance.

#####################################
HTJ log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:54:22 PM, on 2/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SecCopy\SecCopy.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Vipul C. Patel\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: 172.16.0.17 oracle2.lifedata.ldl oracle2
O1 - Hosts: 172.16.0.20 oracle1.lifedata.ldl oracle1
O1 - Hosts: 172.16.0.23 rman.lifedata.ldl rman
O1 - Hosts: 172.16.0.13 oracle3.lifedata.ldl oracle3
O1 - Hosts: 24.126.168.138 fynda.getmyip.com gloryto3.domain linux1.domain newman.domain
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon_6600D\Easy-WebPrint\Toolband.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [PDUiP6600DMon] C:\Program Files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Second Copy 2000] "C:\Program Files\SecCopy\SecCopy.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: DSW IPSec Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon_6600D\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon_6600D\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon_6600D\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon_6600D\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00191E4B-49C2-48E2-A548-8F702D75622A} - http://linux1.domain:7779/imtapp/res/jar/cnsload.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1173584011437
O16 - DPF: {CAFECAFE-0013-0001-0028-ABCDEFABCDEF} (JInitiator 1.3.1.28) - http://oracle2.lifedata.ldl:8010/jinitiator/oajinit.exe
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...514/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1C94D276-D18B-4E37-B99C-DABDC16D715E}: NameServer = 68.87.68.162,68.87.74.162
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OracleOra920_DB_homeAgent - Oracle Corporation - C:\oracle\product\9.2.0\bin\agntsrvc.exe
O23 - Service: OracleOra920_DB_homeClientCache - Unknown owner - C:\oracle\product\9.2.0\BIN\ONRSD.EXE
O23 - Service: OracleOra920_DB_homeHTTPServer - Unknown owner - C:\oracle\product\9.2.0\Apache\Apache\apache.exe
O23 - Service: OracleOra920_DB_homeManagementServer - Unknown owner - C:\oracle\product\9.2.0\bin\OMSNTsrv.exe
O23 - Service: OracleOra920_DB_homePagingServer - Unknown owner - C:\oracle\product\9.2.0/bin/pagntsrv.exe
O23 - Service: OracleOra920_DB_homeSNMPPeerEncapsulator - Unknown owner - C:\oracle\product\9.2.0\BIN\ENCSVC.EXE
O23 - Service: OracleOra920_DB_homeSNMPPeerMasterAgent - Unknown owner - C:\oracle\product\9.2.0\BIN\AGNTSVC.EXE
O23 - Service: OracleOra920_DB_homeTNSListener - Unknown owner - C:\oracle\product\9.2.0\BIN\TNSLSNR.exe
O23 - Service: OracleServiceSAI - Oracle Corporation - c:\oracle\product\9.2.0\bin\ORACLE.EXE
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

--
End of file - 15541 bytes

######################################

9
Tech Clinic / Need help - removing Spyware Protect 2009 - Win XP Pro SP2
« on: February 18, 2009, 09:35:58 AM »
Questolo-

Yes, I do need a hand...Sorry, I was not able to keep up with the thread was away travelling...

I'll post the new HJT log as soon as I can..

Thanks.

10
Tech Clinic / Need help - removing Spyware Protect 2009 - Win XP Pro SP2
« on: February 02, 2009, 10:19:13 PM »
Additional Info:

I went back to registry to check whether those 2 removed entries re-appeared after re-boot and the following one re-appeared. I've again deleted it.

HKEY_CURRENT_USER\Software\AvSca

Thanks.

11
Tech Clinic / Need help - removing Spyware Protect 2009 - Win XP Pro SP2
« on: February 02, 2009, 09:36:07 PM »
Hi-

Few days ago I'd trouble logging into my Dell XP Pro as the McAfee service will hang the startup due to its AV expiration. So with help of msconfig -> Diagnostic setup mode; I disabled all McAfee startup services to be able to use the machine. I disable about 3 services; so the system was fine and backup. However, this presented threat and now it has acquired "Spyware Protect 2009".

Initially; it would have a PIPE "|" bar in the system tray that would complain about acquiring a virus. On clicking the PIPE; it would bring a GUI asking to install spyware protect 2009; that's when I realized this might be a virus/malware. I'm also uploading Hijackthis2.2 log at the end of the thread.

Thanks very much for your help.

With few attempts; I've removed the following 2 entries from registry; however my browser still complains about the following:

############################################################

HKEY_CURRENT_USER\Software\AvScan
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "sysguardn"

############################################################

It will load the desired page for few seconds and then re-direct the page to this URL:   http://browser-security.microsoft.com/block.php?r=17.3

IE7 will complain the following:

Internet Explorer Warning - visiting this web site may harm your computer!
       
Most likely causes:
The website contains exploits that can launch a malicious code on your computer
Suspicious network activity detected
There might be an active spyware running on your computer
     
What you can try:
   
     
Purchase Spyware Protect 2009 for secure Internet surfing (Recommended).  
   
     
Check your computer for viruses and malware.
   
     
More information <=== this will have a drop down; which I have not attempted to click
#############################################################

Hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:12:08 PM, on 2/2/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SecCopy\SecCopy.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Vipul C. Patel\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: 172.16.0.17 oracle2.lifedata.ldl oracle2
O1 - Hosts: 172.16.0.20 oracle1.lifedata.ldl oracle1
O1 - Hosts: 172.16.0.23 rman.lifedata.ldl rman
O1 - Hosts: 172.16.0.13 oracle3.lifedata.ldl oracle3
O1 - Hosts: 24.126.168.138 fynda.getmyip.com gloryto3.domain linux1.domain newman.domain
O1 - Hosts: 91.207.117.244 browser-security.microsoft.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: BHO - {C9C42510-9B21-41c1-9DCD-8382A2D07C61} - C:\WINDOWS\system32\iehelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon_6600D\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [PDUiP6600DMon] C:\Program Files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Second Copy 2000] "C:\Program Files\SecCopy\SecCopy.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: DSW IPSec Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon_6600D\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon_6600D\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon_6600D\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon_6600D\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00191E4B-49C2-48E2-A548-8F702D75622A} - http://linux1.domain:7779/imtapp/res/jar/cnsload.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/33.06/uploader2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1173584011437
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab
O16 - DPF: {CAFECAFE-0013-0001-0018-ABCDEFABCDEF} (JInitiator 1.3.1.18) - http://oracle1.lifedata.ldl:8000/jinitiator/oajinit.exe
O16 - DPF: {CAFECAFE-0013-0001-0021-ABCDEFABCDEF} (JInitiator 1.3.1.21) -
O16 - DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} (JInitiator 1.3.1.22) - http://atloradisp01.iss.net:7778/jinitiator/jinit.exe
O16 - DPF: {CAFECAFE-0013-0001-0028-ABCDEFABCDEF} (JInitiator 1.3.1.28) - http://oracle2.lifedata.ldl:8010/jinitiator/oajinit.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{1C94D276-D18B-4E37-B99C-DABDC16D715E}: NameServer = 68.87.68.162,68.87.74.162
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 10796 bytes

###########################################################

12
Tech Clinic / Laptop - Win 2k very slow...Questolo can you please check?
« on: May 23, 2008, 06:05:58 PM »
I've followed your instructions and have run ATF-Cleaner....Following is the HIJACK log after this cleanup..Please review...

Also, could you recommend any free firewall software for this computer?

Thanks...

----------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:08:43 PM, on 5/23/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\ibmpmsvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Linksys\Wireless Network PC Card\NICServ.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\wuauclt.exe
C:\WINNT\system32\tp4mon.exe
C:\WINNT\System32\ibmpmsvc.exe
C:\WINNT\system32\Promon.exe
C:\WINNT\system32\RunDll32.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\TP98.EXE
C:\PROGRA~1\ThinkPad\UTILIT~1\tphkmgr.exe
C:\WINNT\system32\PRPCUI.exe
C:\Program files\ThinkPad\Utilities\tponscr.exe
C:\WINNT\system32\WDBtnMgr.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\CFGSAFE\AUTOCHK.EXE
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 172.16.0.17 oracle2.lifedata.ldl oracle2
O1 - Hosts: 172.16.0.20 oracle1.lifedata.ldl oracle1
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (file missing)
O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IBMPMSVC] %SystemRoot%\System32\ibmpmsvc.exe -helper
O4 - HKLM\..\Run: [XircWinModem4] ltcm000c.exe 9
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwcprops.cpl,CrystalControlWnd
O4 - HKLM\..\Run: [TP98UTIL] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98.EXE /s
O4 - HKLM\..\Run: [TpHotkey] C:\PROGRA~1\ThinkPad\UTILIT~1\tphkmgr.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: AUTOCHK.LNK = C:\CFGSAFE\AUTOCHK.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Pool 2 - http://origin.games.yahoo.net/games/clients/y/poti_x.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1210438122753
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBM PM Service (IBMPMSVC) - IBM Corp. - C:\WINNT\System32\ibmpmsvc.exe
O23 - Service: NICSer_WPC11 - Unknown owner - C:\Program Files\Linksys\Wireless Network PC Card\NICServ.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe

--
End of file - 6238 bytes
--------------------------------------------------------------

13
Tech Clinic / Laptop - Win 2k very slow...Questolo can you please check?
« on: May 09, 2008, 08:22:41 AM »
Can you please help? It appears that something has really gone wrong...Internet explorer and overall computer operations has gone extremely slow...Thanks..

14
Tech Clinic / Laptop - Win 2k very slow...Questolo can you please check?
« on: May 07, 2008, 07:24:46 PM »
Something has really gone wrong..I do not see any improvements...in fact IE has worsened...IE takes almost 5 minutes to bring its home page...

Also, I still see Need2FindBar installed...Is there a way to clean up unnecessary things..

Would you recommend any freeware firewall for this system?

Thanks.

15
Tech Clinic / Laptop - Win 2k very slow...Questolo can you please check?
« on: May 07, 2008, 06:31:27 AM »
Here is the log you requested...

Just a note; I was not able to successfully perform the steps that you'd asked previously...namely de-installing Need2FindBar, sucessfully run OTMoveIt2 and its Cleanup...

------------   Log   ------------------------
ComboFix 08-05-01.3 - meenavips 05/07/2008  7:27:00.1 - [color=\"red\"]FAT32[/color]x86
Microsoft Windows 2000 Professional  5.0.2195.3.1252.1.1033.18.184 [GMT -4:00]
Running from: C:\Documents and Settings\meenavips\Desktop\ComboFix.exe

[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Common Files\uninstall information
C:\WINNT\smdat32m.sys
C:\WINNT\system32\Cache
C:\WINNT\system32\MabryObj.dll
C:\WINNT\Web\default.htt
E:\Autorun.inf

.
(((((((((((((((((((((((((   Files Created from 2008-04-07 to 2008-05-07  )))))))))))))))))))))))))))))))
.

2008-05-07 07:27 . 05/07/08 07:27a   16,384   --a----t-   C:\WINNT\system32\Perflib_Perfdata_348.dat
2008-05-07 06:25 . 05/07/08 06:25a   16,384   --a------   C:\WINNT\system32\Perflib_Perfdata_558.dat
2008-05-06 20:10 . 05/06/08 08:10p   <DIR>   d--------   C:\Program Files\Trend Micro
2008-05-06 19:52 . 05/06/08 07:52p   <DIR>   d--------   C:\Documents and Settings\Administrator\Application Data\AVG7
2008-04-30 09:09 . 04/30/08 09:09a   16,384   --a------   C:\WINNT\system32\Perflib_Perfdata_1c0.dat
2008-04-17 00:02 . 04/17/08 12:02a   <DIR>   d--------   C:\Deckard
2008-04-09 10:25 . 04/09/08 10:26a   16,384   --a------   C:\WINNT\system32\Perflib_Perfdata_548.dat

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2000-03-02 15:20   271   ---h--w   C:\Program Files\desktop.ini
2000-03-02 15:20   21,952   ---h--w   C:\Program Files\folder.htt
1999-12-07 08:00   32,528   ------w   C:\WINNT\inf\wbfirdma.sys
.

------- Sigcheck -------

12/07/99 04:00a  7952  9e64ad53cfd9da2d22e8a924f8c6e62c   C:\WINNT\system32\svchost.exe
12/06/99 08:00p  7952  9e64ad53cfd9da2d22e8a924f8c6e62c   C:\WINNT\system32\dllcache\svchost.exe

08/29/02 07:14a  585728  8579e8474130334dfa93d4df3f0d3fa1   C:\WINNT\system32\wininet.dll
08/29/02 07:14a  585728  8579e8474130334dfa93d4df3f0d3fa1   C:\WINNT\system32\dllcache\wininet.dll
05/04/01 02:05p  467728  c82725c2de2391f4dfd417ae51316302   C:\WINNT\$NtServicePackUninstall$\wininet.dll
07/22/02 02:05p  461584  b23633b7fb67ac5c1b1eb7211c38788f   C:\WINNT\ServicePackFiles\i386\wininet.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [11/30/06 09:49p 4662776]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/16/07 09:47a 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrackPointSrv"="tp4mon.exe" [11/30/99 11:40p 86288 C:\WINNT\system32\tp4mon.exe]
"Synchronization Manager"="mobsync.exe" [12/07/99 04:00a 111376 C:\WINNT\system32\mobsync.exe]
"IBMPMSVC"="C:\WINNT\System32\ibmpmsvc.exe" [03/22/00 01:11a 45056]
"XircWinModem4"="ltcm000c.exe" []
"Promon.exe"="Promon.exe" [10/12/99 09:06a 29184 C:\WINNT\system32\promon.exe]
"SoundFusion"="cwcprops.cpl" [02/04/00 05:30p 45280 C:\WINNT\system32\cwcprops.cpl]
"TP98UTIL"="C:\PROGRA~1\ThinkPad\UTILIT~1\TP98.exe" [03/30/00 10:35a 182272]
"TpHotkey"="C:\PROGRA~1\ThinkPad\UTILIT~1\tphkmgr.exe" [03/22/00 12:32p 28672]
"PRPCMonitor"="PRPCUI.exe" [01/06/00 08:00a 32768 C:\WINNT\system32\prpcui.exe]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [12/18/04 12:20a 278528]
"WD Button Manager"="WDBtnMgr.exe" [06/06/05 09:01p 331776 C:\WINNT\system32\WDBtnMgr.exe]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [04/17/08 05:08p 579584]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/14/05 02:37p 98304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [10/22/07 05:40p 219136]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [02/25/08 09:23p 443968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [12/07/99 04:00a 186640]

C:\Documents and Settings\meenavips\Start Menu\Programs\Startup\
HotSync Manager.lnk - C:\Program Files\palmOne\HOTSYNC.EXE [2004-06-18 09:36:18 299008]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AUTOCHK.LNK - C:\CFGSAFE\AUTOCHK.EXE [1980-01-01 10784]
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2005-01-14 13:27:59 82026]
DSW IPSec Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe [2005-05-16 21:25:41 1421328]
Instant Wireless Configuration Utility.lnk - C:\Program Files\Linksys\Wireless Network PC Card\WPC11Cfg.exe [2005-05-30 22:30:50 4514816]
APC UPS Status.lnk - C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe [2005-12-15 18:38:47 221295]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
PCANotify.dll 11/01/04 11:50a 8704 C:\WINNT\system32\PCANotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= mmdrv.dll

R1 Avg7RsNT;AVG7 Resident Driver NT;C:\WINNT\System32\Drivers\avg7rsnt.sys [02/23/07 01:42p]
R1 TPPWR;TPPWR;C:\WINNT\System32\drivers\Tppwr.sys [12/20/99 11:35a]
R2 NICSer_WPC11;NICSer_WPC11;C:\Program Files\Linksys\Wireless Network PC Card\NICServ.exe [05/08/03 04:05p]
R2 PRPC;PRPC;C:\WINNT\System32\drivers\PRPC.sys [01/06/00 08:00a]
R2 V7;V7;C:\WINNT\system32\Drivers\V7.SYS [03/08/99 11:31a]
R3 hpoid407;IEEE-1284.4 Driver hpoid407;C:\WINNT\System32\DRIVERS\hpoid407.sys [06/28/01 09:12p]
R3 hpoius07;USB to IEEE-1284.4 Translation Driver hpoius07;C:\WINNT\System32\DRIVERS\hpoius07.sys [06/28/01 09:12p]
R3 WDCFX_AT;USB Storage Adapter FX_AT (WDC);C:\WINNT\System32\DRIVERS\WDCFX_AT.SYS [08/02/04 02:50p]
S3 cwcspud3;Crystal SoundFusion(tm) SPuD3 Driver;C:\WINNT\System32\drivers\cwcspud3.sys [11/11/99 03:13p]
S3 neo20xx;neo20xx;C:\WINNT\System32\DRIVERS\neo20xx.sys [10/18/99 02:39p]
S3 WPC11;Instant Wireless Network PC Card V3.0 Driver;C:\WINNT\System32\DRIVERS\LSWLNDS.sys [05/16/02 04:42p]

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-07 07:28:59
Windows 5.0.2195 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 05/07/2008  7:29:28
ComboFix-quarantined-files.txt  2008-05-07 11:29:26

Pre-Run: 6,732,259,328 bytes free
Post-Run: 6,733,537,280 bytes free

105
------------------------------------------------------------------------

16
Tech Clinic / Laptop - Win 2k very slow...Questolo can you please check?
« on: May 06, 2008, 07:21:23 PM »
I've now uploaded all the required files from the output...Please advice as necessary...Thanks...[color="#0000FF"][/color]

17
Tech Clinic / Laptop - Win 2k very slow...Questolo can you please check?
« on: May 06, 2008, 07:15:56 PM »
[quote name=\'sohnir\' post=\'428074\' date=\'May 6 2008, 10:26 AM\']OK, I'll follow the rest of the instructions...I just cannot de-install Need2Find Bar from "Add/Remove Programs". I'm receiving errors that I listed in my earlier post...I'll delete/rename folder from "Program Files" folder and remove the registry entries for Need2Find Bar.

I'll also upload the log from OTMoveit and Hijackthis 2.0.2 shortly....[/quote]

[color=\"#0000FF\"]OK...here are the results...

1) I was unable to un-install Need2FindBar from "Add/Remove Programs"...Should I just remove the folder from Program Files and remove its registry entry?
2) I don't think moving the files in OTMoveIt2 worked it either...but you can look at its log file..I'll uploading its log file
3) I had hit the CleanUp button and will be uploading the list of files for the same...I've not cleaned up the files as I wanted to confirm with you first...let me know if it were safer to remove these list of files..
4) I'm also uploading the Hijackthis 2.0.2 log file....

IE has been extremely slow now and it takes a long time to come up...Please advice as soon as you can...
Thanks.[/color]

18
Tech Clinic / Laptop - Win 2k very slow...Questolo can you please check?
« on: May 06, 2008, 09:26:23 AM »
[quote name=\'guestolo\' post=\'428056\' date=\'May 5 2008, 10:57 PM\']Are you going to post the log from OTMoveit
and the log from Hijackthis 2.0.2???

If you get stuck at a spot, just carry on with the rest of the instructions please[/quote]

OK, I'll follow the rest of the instructions...I just cannot de-install Need2Find Bar from "Add/Remove Programs". I'm receiving errors that I listed in my earlier post...I'll delete/rename folder from "Program Files" folder and remove the registry entries for Need2Find Bar.

I'll also upload the log from OTMoveit and Hijackthis 2.0.2 shortly....

19
Tech Clinic / Laptop - Win 2k very slow...Questolo can you please check?
« on: May 05, 2008, 11:53:00 AM »
[quote name=\'guestolo\' post=\'426757\' date=\'Apr 17 2008, 11:00 PM\']Can you do the following

You have some older spyware/malware scanner protection software installed

For now, can you enter Add and Remove Programs
Remove the following

Need2Find Bar

Also, from add/remove programs, remove your older HijackThis 1.99.1

Then remove the outdated version of Spybot and Ewido from add/remove programs
First remove ewido anti-malware, then remove
Spybot - Search & Destroy 1.3


Reboot the computer

Back in Windows
Please download the [color=\"red\"]OTMoveIt2 by OldTimer[/color][/url].
  • Save it to your desktop.
  • Right-Click on OTMoveit2.exe on desktop and select Run As Administrator
  • Copy the file paths below to the clipboard in BLUE by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    ==============================================================================
    [color=\"#0000FF\"]C:\WINNT\System32\bmocnoq.exe
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\4d325e44-9433-4e21-b96b-74dd37668bdc[/color]

    ==============================================================================
  • Return to OTMoveIt2, right click in the "Paste List Of Files/Folders to Move" window (under the [color=\"yellow\"]yellow[/color] bar) and choose Paste.

  • Click the red [color=\"red\"]Moveit![/color] button.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

OTMoveIt would of created a log at this location
C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log
I'll need to see it later

You still have CLEANUP! installed
Can you use it to clear Temp files, etc...

After you have done the above

Can you do the following
Download Hijackthis Installer from [color=\"#FF0000\"]HERE[/color]
For an alternate download location, you can try HERE
SAVE it to your desktop
Double click on HJTInstall.exe to run it
Choose Install

Hijackthis v2.0.2 will open

Under Main Menu, Select
Do a system scan and save a Log file
A log will open in Notepad
Copy and Paste the Whole log back here to the forum----It is all important!

Let me also see the log from OTMoveIt2.exe we ran earlier[/quote]

Hi-
I'll follow your step by step instructions...

Trying to remove the  "Need2FindBar" I get the following error...
RUNDLL- Error Loading C:\PROGRA~\NEED1F~1\bar\1.bin\Nd2fnBar.dll".
The specified module could not be found...
However, I did see the following files in that folder..

 Directory of C:\Program Files\Need2Find\bar\1.bin

10/12/2005  07:17p      <DIR>          .
10/12/2005  07:17p      <DIR>          ..
10/12/2005  07:17p               4,793 N2FFXTBR.JAR
10/12/2005  07:17p               4,928 N2NTSTBR.JAR
10/12/2005  07:17p              45,056 N2PLUGIN.DLL
10/12/2005  07:17p              24,576 NPND2FN.DLL
10/12/2005  07:17p                 167 PARTNER.DAT
               5 File(s)         79,520 bytes
               2 Dir(s)   6,405,586,944 bytes free

Thanks.

20
Tech Clinic / Laptop - Win 2k very slow...Questolo can you please check?
« on: April 16, 2008, 10:52:28 PM »
[quote name=\'guestolo\' post=\'425886\' date=\'Apr 4 2008, 10:15 PM\']Download [color=\"#008000\"]Deckard's System Scanner (dss.exe)[/color] to your desktop.
Close all applications and windows.
Double-click on dss.exe to run it and follow the prompts.
When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.

Post back just the Whole contents of Main.txt and Extra.txt[/quote]



Hi Questolo-
Here are the contents of both filesfrom dss.exe as requested...
Was the HIJACK log that I uploaded not useful?
Thanks

#### Main.txt #####
     Deckard's System Scanner v20071014.68
Run by meenavips on 2008-04-17 00:02:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as meenavips.exe) -------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-17 00:03:57
Platform: Windows 2000 Service Pack 3 (5.00.2195)
MSIE: Internet Explorer (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\system32\SMSS.EXE
C:\WINNT\system32\WINLOGON.EXE
C:\WINNT\system32\SERVICES.EXE
C:\WINNT\system32\LSASS.EXE
C:\WINNT\system32\ibmpmsvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Linksys\Wireless Network PC Card\NICServ.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\Program Files\Dantz\Retrospect\wdsvc.exe
C:\WINNT\system32\mstask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\wbem\WinMgmt.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\tp4mon.exe
C:\WINNT\system32\ibmpmsvc.exe
C:\WINNT\system32\promon.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\ThinkPad\Utilities\TP98.EXE
C:\Program Files\ThinkPad\Utilities\TPHKMGR.EXE
C:\WINNT\system32\prpcui.exe
C:\Program Files\ThinkPad\Utilities\TPONSCR.EXE
C:\WINNT\system32\WDBtnMgr.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\CFGSAFE\AUTOCHK.EXE
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Linksys\Wireless Network PC Card\WPC11CFG.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
E:\MyDoc-06062005\Tools+Software\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 172.16.0.17 oracle2.lifedata.ldl oracle2
O1 - Hosts: 172.16.0.20 oracle1.lifedata.ldl oracle1
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar4.dll
O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IBMPMSVC] %SystemRoot%\System32\ibmpmsvc.exe -helper
O4 - HKLM\..\Run: [XircWinModem4] ltcm000c.exe 9
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwcprops.cpl,CrystalControlWnd
O4 - HKLM\..\Run: [TP98UTIL] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98.EXE /s
O4 - HKLM\..\Run: [TpHotkey] C:\PROGRA~1\ThinkPad\UTILIT~1\tphkmgr.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: HotSync Manager.lnk = ?
O4 - Startup: Microsoft Office Outlook.lnk = ?
O4 - Global Startup: AUTOCHK.LNK = C:\CFGSAFE\AUTOCHK.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: DSW IPSec Client.lnk = ?
O4 - Global Startup: Instant Wireless Configuration Utility.lnk = C:\Program Files\Linksys\Wireless Network PC Card\WPC11Cfg.exe
O4 - Global Startup: APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {32505657-9980-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/0/A...01F/wmvadvd.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1173584509918
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553518000} () - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/flash...ent/swflash.cab
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINNT\system32\webcheck.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\system32\browseui.dll
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\system32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBM PM Service (IBMPMSVC) - IBM Corp. - C:\WINNT\system32\ibmpmsvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICSer_WPC11 - Unknown owner - C:\Program Files\Linksys\Wireless Network PC Card\NICServ.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\wdsvc.exe


--
End of file - 9926 bytes

-- HijackThis Fixed Entries (E:\MYDOC-~1\TOOLS_~1\backups\) --------------------

backup-20051014-192216-237 O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
backup-20051014-195555-488 O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL
backup-20060531-235839-592 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.meloco.com/index.php?i=sm
backup-20060531-235842-776 O2 - BHO: (no name) - {23FB5ADD-DA37-4a40-9FC0-B0E2384CDE92} - (no file)
backup-20060531-235842-555 O4 - HKLM\..\Run: [pop06ap] C:\WINNT\pop06ap2.exe
backup-20060531-235842-951 O15 - Trusted Zone: *.media-motor.net
backup-20060531-235842-853 O15 - Trusted Zone: *.mmohsix.com
backup-20060531-235842-120 O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
backup-20060531-235843-840 O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - ms-its:mhtml:file://c:\nesunem.mht!http://adgate.info/zscript/mma.chm::/joysavsht.cab
backup-20060531-235843-164 O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nucleus.com/FIX/WinATS.cab
backup-20060531-235843-220 O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - ms-its:mhtml:file://c:\nesunec.mht!http://adgate.info/zscript/mca.chm::/speedtest2.dll
backup-20060531-235843-492 O18 - Filter: text/html - (no CLSID) - (no file)
backup-20060601-195249-692 O4 - HKLM\..\Run: [pop06ap] C:\WINNT\pop06ap2.exe
backup-20060601-195250-166 O15 - Trusted Zone: *.media-motor.net
backup-20060601-195250-945 O15 - Trusted Zone: *.mmohsix.com

-- File Associations -----------------------------------------------------------

[color=\"red\"].txt - txtfile - DefaultIcon - C:\Program Files\JGsoft\EditPadLite\EditPad.exe,0[/color]
[color=\"red\"].txt - txtfile - shell\open\command - notepad.exe %1[/color]


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 Gernuwa - c:\winnt\system32\drivers\gernuwa.sys <Not Verified; Symantec Corporation; pcAnywhere>
R1 AW_HOST - c:\winnt\system32\drivers\aw_host5.sys <Not Verified; Symantec Corporation; pcAnywhere>
R1 awecho - c:\winnt\system32\drivers\awechomd.sys <Not Verified; Symantec Corporation; pcAnywhere>
R1 awlegacy - c:\winnt\system32\drivers\awlegacy.sys <Not Verified; Symantec Corporation; pcAnywhere>
R1 Smapint - c:\winnt\system32\drivers\smapint.sys <Not Verified; Microsoft Corporation; Microsoft® Windows NT(tm) Operating System>
R1 TDSMAPI - c:\winnt\system32\drivers\tdsmapi.sys
R1 TPHKDRV - c:\winnt\system32\drivers\tphkdrv.sys <Not Verified; IBM Corporation; ThinkPad OnScreenDisplay>
R1 TPPWR - c:\winnt\system32\drivers\tppwr.sys <Not Verified; IBM Corp.; IBM ThinkPad Utility>
R2 PMEM - c:\winnt\system32\drivers\pmemnt.sys <Not Verified; Microsoft Corporation; Microsoft® Windows NT(tm) Operating System>
R2 PRPC - c:\winnt\system32\drivers\prpc.sys <Not Verified; Intel Corp.; Intel® SpeedStep(tm) technology applet>
R2 V7 - c:\winnt\system32\drivers\v7.sys
R3 cwcspud (Crystal SoundFusion(tm) Driver) - c:\winnt\system32\drivers\cwcspud.sys <Not Verified; Crystal Semiconductor Corporation; Crystal WDM PCI Driver>
R3 cwcwdm (Crystal SoundFusion(tm) WDM Driver) - c:\winnt\system32\drivers\cwcwdm.sys <Not Verified; Crystal Semiconductor Corporation; Crystal WDM PCI Driver>
R3 hpoid407 (IEEE-1284.4 Driver hpoid407) - c:\winnt\system32\drivers\hpoid407.sys <Not Verified; HP; HP Dot4 Windows 2000>
R3 hpoius07 (USB to IEEE-1284.4 Translation Driver hpoius07) - c:\winnt\system32\drivers\hpoius07.sys <Not Verified; HP; HP Dot4Usb Windows 2000>
R3 IBMPMDRV - c:\winnt\system32\drivers\ibmpmdrv.sys <Not Verified; IBM Corp.; IBM ThinkPad Utility>
R3 ltck000c (Xircom MPCI+ Modem 56 WinGlobal Driver) - c:\winnt\system32\drivers\ltck000c.sys <Not Verified; Xircom, Inc.; Xircom MPCI+ Modem 56 WinGlobal>
R3 NSCIRDA (NSC Infrared Device Driver) - c:\winnt\system32\drivers\nscirda.sys <Not Verified; National Semiconductor Corporation; NSC Fast Infrared Driver.>
R3 PCANDIS5 (PCANDIS5 Protocol Driver) - c:\winnt\system32\pcandis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
R3 S3SavageMX - c:\winnt\system32\drivers\s3savmxm.sys <Not Verified; S3 Incorporated; S3 Savage/MX, Savage/IX Miniport Driver>
R3 TwoTrack (IBM PS/2 TrackPoint Filter Driver) - c:\winnt\system32\drivers\twotrack.sys <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
R3 WDCFX_AT (USB Storage Adapter FX_AT (WDC)) - c:\winnt\system32\drivers\wdcfx_at.sys <Not Verified; Cypress Semiconductor; Cypress USB Mass Storage Adapter>

S3 cwcspud3 (Crystal SoundFusion(tm) SPuD3 Driver) - c:\winnt\system32\drivers\cwcspud3.sys <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
S3 ltmodem5 (LT Modem Driver) - c:\winnt\system32\drivers\ltmdmnt.sys <Not Verified; LT; LT V.90 Data+Fax+Voice Modem Version 5.41G6>
S3 neo20xx - c:\winnt\system32\drivers\neo20xx.sys <Not Verified; NeoMagic Corporation; Microsoft® Windows ® 2000 Operating System>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 IBMPMSVC (IBM PM Service) - c:\winnt\system32\ibmpmsvc.exe <Not Verified; IBM Corp.; IBM ThinkPad Utility>
R2 Irmon (Infrared Monitor) - c:\winnt\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
R2 NICSer_WPC11 - c:\program files\linksys\wireless network pc card\nicserv.exe
R2 RetroLauncher (Retrospect Launcher) - c:\program files\dantz\retrospect\retrorun.exe <Not Verified; Dantz Development Corporation; Retrospect>
R2 RetroWDSvc (Retrospect WD Service) - c:\progra~1\dantz\retros~1\wdsvc.exe <Not Verified; Dantz Development Corporation; Retrospect>

S3 awhost32 (pcAnywhere Host Service) - c:\program files\symantec\pcanywhere\awhost32.exe <Not Verified; Symantec Corporation; pcAnywhere>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA


-- Files created between 2008-03-17 and 2008-04-17 -----------------------------

2008-04-16 08:39:18     16384 --a-----t C:\WINNT\System32\Perflib_Perfdata_3f4.dat
2008-04-09 10:25:59     16384 --a------ C:\WINNT\System32\Perflib_Perfdata_548.dat
2008-03-18 17:07:07         0 d-------- C:\Documents and Settings\Default User\Application Data\Google


-- Find3M Report ---------------------------------------------------------------

2008-02-02 10:29:34     16384 --a------ C:\WINNT\System32\Perflib_Perfdata_504.dat
2008-01-17 15:40:18      1416 --a------ C:\WINNT\System32\d3d8caps.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrackPointSrv"="tp4mon.exe" [11/30/99 11:40p C:\WINNT\system32\tp4mon.exe]
"Synchronization Manager"="mobsync.exe" [12/07/99 04:00a C:\WINNT\system32\mobsync.exe]
"IBMPMSVC"="C:\WINNT\System32\ibmpmsvc.exe" [03/22/00 01:11a]
"XircWinModem4"="ltcm000c.exe" []
"Promon.exe"="Promon.exe" [10/12/99 09:06a C:\WINNT\system32\promon.exe]
"SoundFusion"="cwcprops.cpl" [02/04/00 05:30p C:\WINNT\system32\cwcprops.cpl]
"TP98UTIL"="C:\PROGRA~1\ThinkPad\UTILIT~1\TP98.exe" [03/30/00 10:35a]
"TpHotkey"="C:\PROGRA~1\ThinkPad\UTILIT~1\tphkmgr.exe" [03/22/00 12:32p]
"PRPCMonitor"="PRPCUI.exe" [01/06/00 08:00a C:\WINNT\system32\prpcui.exe]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [12/18/04 12:20a]
"WD Button Manager"="WDBtnMgr.exe" [06/06/05 09:01p C:\WINNT\system32\WDBtnMgr.exe]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [12/20/07 05:10p]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/14/05 02:37p]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [11/30/06 09:49p]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/16/07 09:47a]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Documents and Settings\meenavips\Start Menu\Programs\Startup\
HotSync Manager.lnk - C:\Program Files\palmOne\HOTSYNC.EXE [6/18/2004 9:36:18 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
PCANotify.dll 11/01/04 11:50a 8704 C:\WINNT\system32\PCANotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\4d325e44-9433-4e21-b96b-74dd37668bdc]
C:\WINNT\System32\bmocnoq.exe



-- Hosts -----------------------------------------------------------------------

172.16.0.17 oracle2.lifedata.ldl oracle2
172.16.0.20 oracle1.lifedata.ldl oracle1


-- End of Deckard's System Scanner: finished at 2008-04-17 00:04:57 ------------

################################

#### extra.txt #####
     Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows 2000 Professional (build 2195) SP 3.0
Architecture: X86; Language: English

CPU 0: Intel Pentium III processor
Percentage of Memory in Use: 58%
Physical Memory (total/avail): 383.48 MiB / 157.77 MiB
Pagefile Memory (total/avail): 921.6 MiB / 705.52 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1950.73 MiB

C: is Fixed (FAT32) - 11.23 GiB total, 6.04 GiB free.
D: is CDROM (No Media)
E: is Fixed (FAT32) - 74.5 GiB total, 57.05 GiB free.

\\.\PHYSICALDRIVE0 - HITACHI_DK23AA-12B - 11.24 GiB - 1 partition
  \PARTITION0 (bootable) - Unknown - 11.24 GiB - C:

\\.\PHYSICALDRIVE1 - WD 800BB External USB Disk - 74.53 GiB - 1 partition
  \PARTITION0 - Unknown - 74.52 GiB - E:



-- Security Center -------------------------------------------------------------

AUOptions is not configured.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\meenavips\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=SOHNIR
ComSpec=C:\WINNT\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\
LOGONSERVER=\\SOHNIR
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Os2LibPath=C:\WINNT\system32\os2\dll;
Path=C:\WINNT\system32;C:\WINNT;C:\WINNT\System32\Wbem;C:\PROGRAM FILES\THINKPAD\UTILITIES;C:\Program Files\Symantec\pcAnywhere\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0806
ProgramFiles=C:\Program Files
PROMPT=$P$G
SystemDrive=C:
SystemRoot=C:\WINNT
TEMP=C:\DOCUME~1\MEENAV~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\MEENAV~1\LOCALS~1\Temp
USERDOMAIN=SOHNIR
USERNAME=meenavips
USERPROFILE=C:\Documents and Settings\meenavips
windir=C:\WINNT


-- User Profiles ---------------------------------------------------------------

meenavips (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

 --> MsiExec.exe /X{2642BE09-1F9F-4E18-AAD4-0258B9BCE611}
Ad-Aware SE Personal --> C:\PROGRA~1\LAVASOFT\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\LAVASOFT\AD-AWA~1\INSTALL.LOG
Adobe Acrobat 5.0 --> C:\WINNT\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 9 ActiveX --> C:\WINNT\System32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Shockwave Player --> C:\WINNT\system32\MACROMED\SHOCKW~2\UNWISE.EXE C:\WINNT\system32\MACROMED\SHOCKW~2\Install.log
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
APC PowerChute Personal Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5A0C892E-FD1C-4203-941E-0956AED20A6A}\Setup.exe" -l0x9
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
Canon Camera Support Core Library --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{E83DE21D-AE48-49CC-8DB4-C45598CEB96E} /l1033
Canon Camera TWAIN Driver 6.4 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{7ED43999-945D-4466-9DDF-B0059F1743CB} /l1033
Canon Camera Window for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{B34BE30D-A759-4EC2-B58F-19FE2DEBF651}
Canon MovieEdit Task for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{DE286975-ACF1-45B8-9EF7-34E162B2C817}
Canon PhotoRecord --> MsiExec.exe /X{0878E100-C0BB-41E8-B4C6-C486B61FDA7B}
Canon RAW Image Task for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{68E7E8BD-2233-49BE-81D6-1A1FAF1B5196}
Canon RemoteCapture Task for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{CF2C1A86-5A98-4862-A3AE-9992E3A6427D}
Canon Utilities PhotoStitch 3.1 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}
Canon Utilities ZoomBrowser EX --> MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
CleanUp! --> C:\Program Files\CleanUp!\uninstall.exe
ConfigSafe --> C:\WINNT\ILUNINST.EXE C:\CFGSAFE
DVDExpress --> C:\WINNT\IsUninst.exe -f"C:\Program Files\Mediamatics\DVDExpress\Uninst.isu" -c"C:\Program Files\Mediamatics\DVDExpress\mydll.dll"
ewido anti-malware --> C:\Program Files\ewido anti-malware\Uninstall.exe
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9  -removeonly
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar4.dll"
HijackThis 1.99.1 --> C:\Documents and Settings\meenavips\My Documents\Tools+Software\HijackThis.exe /uninstall
hp instant support --> C:\PROGRA~1\HEWLET~1\AIO\HPIS\Uninstall.exe CeS
hp officejet g series --> C:\WINNT\System32\hpocon09.exe /u 1105813184 /d "hp officejet g series"
Intel SpeedStep technology Applet --> C:\WINNT\IsUninst.exe -f"C:\WINNT\System32\Intel® SpeedStep(tm) technology  Applet.isu"
Intel® PRO Ethernet Adapter and Software --> Prounstl.exe
iTunes --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3CB41017-F5CA-4C56-934C-ED02156251E6}
Jasc Paint Shop Photo Album --> MsiExec.exe /I{B76D4A7F-FF11-4420-947C-C3AD624B9DBA}
JGsoft EditPad Lite 5.4.0 --> C:\WINNT\UnDeploy.exe "C:\Program Files\JGsoft\EditPadLite\Deploy.log"
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 2.5 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Need2Find Bar --> rundll32 C:\PROGRA~1\NEED2F~1\bar\1.bin\Nd2fnBar.dll,O
Palm Desktop and Synchronization Software --> MsiExec.exe /X{13EDFFFE-DCF2-448A-A653-3C4CD60D99B4}
PC-Doctor for Windows NT --> C:\WINNT\UNWISE.EXE C:\PROGRA~1\PC-DOC~1\INSTALL.LOG
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
PocketMirror 3.1.5 (Standard Edition) --> C:\WINNT\IsUninst.exe -f"C:\Program Files\palmOne\Chapura\PocketMirror\DeIsL1.isu" -cC:\PROGRA~1\palmOne\Chapura\POCKET~1\UninstEx.dll
QuickTime --> C:\WINNT\unvise32qt.exe C:\WINNT\System32\QuickTime\Uninstall.log
Retrospect 6.5 --> MsiExec.exe /I{73B69C5C-87D6-471E-B695-0BD736C4B644}
S3 Gamma Utility --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3 Gamma'
S3DuoVue Utility --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Duovue'
Self Test Practice Test Engine --> C:\PROGRA~1\SELFTEST\UNWISE.EXE C:\PROGRA~1\SELFTEST\INSTALL.LOG
Self Test Software: Exam 1Z0-030 --> C:\PROGRA~1\SELFTEST\EXAMFI~1\EXAMID~1\UNWISE.EXE C:\PROGRA~1\SELFTEST\EXAMFI~1\EXAMID~1\INSTALL.LOG
Spybot - Search & Destroy 1.3 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster v3.4 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Symantec pcAnywhere --> MsiExec.exe /I{115E8183-866A-11D3-97DF-0000F8D8F2E9}
ThinkPad Configuration --> C:\WINNT\IsUninst.exe -f"C:\Program files\ThinkPad\Utilities\Uninst.isu" -c"C:\Program files\ThinkPad\Utilities\tpinst32.dll"
ThinkPad Information --> C:\WINNT\ISUNINST.EXE -f"C:\Program Files\Thinkpad\Thinkpad Information\tpi.isu" -c"C:\Program Files\Thinkpad\Thinkpad Information\uninstal.dll"
Uninstall Access ThinkPad only --> C:\WINNT\ISUNINST.EXE -f"C:\Program Files\Thinkpad\Thinkpad Information\Uninst.isu" -c"C:\Program Files\Thinkpad\Thinkpad Information\uninsatp.dll"
USB Storage Adapter FX_AT (WDC) --> WDCUN.exe WDCFX_AT
VNC 4.0 --> "C:\Program Files\RealVNC\VNC4\unins000.exe"
VPN Client --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5624C000-B109-11D4-9DB4-00E0290FCAC5}\setup.exe" -l0x9  VpnUninstall
Western Digital USB Mass Storage Driver Installation --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F9C3BDA6-E360-4D10-A1FA-222DC45E01B5}\setup.exe" -l0x9 NotFirstInstall -removeonly
Windows 2000 Service Pack 3 --> C:\WINNT\$NtServicePackUninstall$\spuninst\spuninst.exe
Windows Media Player system update (9 Series) --> C:\PROGRA~1\WINDOW~2\setup_wm.exe /Uninstall
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Wireless Network PC Card Configuration Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{612E2F17-1BEF-4F15-A4E7-8BE501B561C0}\Setup.exe" -l0x9
Yahoo! extras --> C:\Program Files\Yahoo!\Common\unycust.exe /S
Yahoo! Install Manager --> C:\WINNT\System32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINNT\System32\regsvr32 /u /s C:\PROGRA~1\YAHOO!\COMMON\ymmapi.dll
Yahoo! Messenger --> C:\PROGRA~1\YAHOO!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\YAHOO!\MESSEN~1\INSTALL.LOG
Yahoo! Messenger Explorer Bar --> C:\WINNT\System32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\MESSEN~1\YHEXBM~1.DLL


-- Application Event Log -------------------------------------------------------

Event Record #/Type1452 / Warning
Event Submitted/Written: 04/13/2008 05:54:57 PM / 04/13/2008 05:55:00 PM
Event ID/Source: 61 / WinMgmt
Event Description:
WMI ADAP was unable to process the PerfProc performance library due to a time violation in the collect function

Event Record #/Type1447 / Warning
Event Submitted/Written: 04/09/2008 00:14:09 PM
Event ID/Source: 4100 / EventSystem
Event Description:
The COM+ Event System failed to create an instance of the subscriber {6295DF2D-35EE-11D1-8707-00C04FD93327}.  CoCreateInstanceEx returned HRESULT 80080005.

Event Record #/Type1443 / Warning
Event Submitted/Written: 04/08/2008 06:34:32 AM / 04/08/2008 06:34:33 AM
Event ID/Source: 61 / WinMgmt
Event Description:
WMI ADAP was unable to process the PerfDisk performance library due to a time violation in the open function

Event Record #/Type1440 / Warning
Event Submitted/Written: 04/04/2008 07:35:16 AM
Event ID/Source: 61 / WinMgmt
Event Description:
WMI ADAP was unable to process the PerfDisk performance library due to a time violation in the open function

Event Record #/Type1437 / Warning
Event Submitted/Written: 04/02/2008 07:45:59 AM
Event ID/Source: 61 / WinMgmt
Event Description:
WMI ADAP was unable to process the PerfDisk performance library due to a time violation in the open function



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type13256 / Error
Event Submitted/Written: 04/16/2008 11:59:25 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {FBA44040-BD27-4A09-ACC8-C08B7C723DCD} did not register with DCOM within the required timeout.

Event Record #/Type13255 / Error
Event Submitted/Written: 04/16/2008 11:58:54 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {FBA44040-BD27-4A09-ACC8-C08B7C723DCD} did not register with DCOM within the required timeout.

Event Record #/Type13254 / Error
Event Submitted/Written: 04/16/2008 11:58:24 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {FBA44040-BD27-4A09-ACC8-C08B7C723DCD} did not register with DCOM within the required timeout.

Event Record #/Type13253 / Error
Event Submitted/Written: 04/16/2008 03:26:13 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {FBA44040-BD27-4A09-ACC8-C08B7C723DCD} did not register with DCOM within the required timeout.

Event Record #/Type13252 / Error
Event Submitted/Written: 04/16/2008 03:25:43 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {FBA44040-BD27-4A09-ACC8-C08B7C723DCD} did not register with DCOM within the required timeout.



-- End of Deckard's System Scanner: finished at 2008-04-17 00:04:57 ------------

################################

Pages: [1] 2 3