Welcome Guest ( Log In | Join )

Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Spyware, virus, trojan, fake security or privacy alerts? Read the malware cleaning guide. Want to reply to a topic, start a new one, or remove the advertising? Join today (always free).
 
 Closed TopicStart new topic
I can't get rid of vundo [RESOLVED], VirtumundoBeGone, VundoFix, Norton, and SUPERAntiSpyware have not remo
sake135
post Dec 18 2007, 08:12 AM
Post #1


New Member
*
Posts: 7
OS: windows xp
Norton has removed a couple of times but it comes back a couple of hours later.
Thanks.



Hijack this Log:
Logfile of HijackThis v1.99.1
Scan saved at 4:27:42 PM, on 12/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton SystemWorks Premier\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\SPOOL\DRIVERS\W32X86\3\DLBAPSWX.EXE
C:\WINDOWS\system32\SPOOL\DRIVERS\W32X86\3\DLBAJSWX.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mike\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: {057f5175-f010-d2fa-cca4-bcf80fd138f4} - {4f831df0-8fcb-4acc-af2d-010f5715f750} - C:\WINDOWS\system32\sesfyxtv.dll
O2 - BHO: (no name) - {571407F3-51AF-419F-AC27-A2D452FE7B4b} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {CBB40206-A3B6-4DBB-97D7-A6F6A64E66A1} - (no file)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QD FastAndSafe] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe -tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NSRKey] C:\PROGRA~1\NORTON~1\NSR\Agent\NSRTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MimBoot] C:\Program Files\Musicmatch\Musicmatch Jukebox\mimboot.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ColorVisionStartup.lnk = C:\Program Files\ColorVision\Utility\ColorVisionStartup.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Premier\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Premier\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: *.musicmatch.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks Premier\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
Go to the top of the page
 
+Quote Post
Rorschach112
post Dec 18 2007, 09:11 AM
Post #2


GeekU Teacher
Group Icon
Posts: 20,009
From: Dublin
OS: XP
Hello

Delete your version of VundoFix.exe and do the following

Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.



Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  • Under Additional Scans on the bottom right, check the boxes for Reg - Disabled MS Config Items.
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here in an attachment. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in the attached report.

Make sure you attach the report in your reply.
Go to the top of the page
 
+Quote Post
sake135
post Dec 18 2007, 10:00 AM
Post #3


New Member
*
Posts: 7
OS: windows xp
Vundofix found a file. It removed it and restarted.

Here's the wimpfind3u log:

WinPFind3 logfile created on: 12/18/2007 10:50:48 AM
WinPFind3U by OldTimer - Version 1.0.44 Folder = C:\Documents and Settings\Mike\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)

2.00 Gb Total Physical Memory | 1.76 Gb Available Physical Memory | 87.85% Memory free
2.48 Gb Paging File | 2.04 Gb Available in Paging File | 82.54% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.72 Gb Total Space | 19.41 Gb Free Space | 17.37% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: NAJAH
Current User Name: Mike
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> Symantec Corporation [Ver = 3.2.0.68 | Size = 554352 bytes | Modified Date = 9/12/2007 6:27:26 PM | Attr = ]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 9/6/2007 12:28:18 PM | Attr = ]
appsvc32.exe -> %CommonProgramFiles%\Symantec Shared\AppCore\AppSvc32.exe -> Symantec Corporation [Ver = 1.0.00.101 | Size = 46736 bytes | Modified Date = 9/2/2006 12:33:40 AM | Attr = ]
avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/28/2007 10:52:00 AM | Attr = ]
ccapp.exe -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 115816 bytes | Modified Date = 1/9/2007 2:59:52 PM | Attr = ]
ccsvchst.exe -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 1/9/2007 2:59:32 PM | Attr = ]
ccsvchst.exe -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 1/9/2007 2:59:32 PM | Attr = ]
ctsvccda.exe -> %System32%\CTsvcCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/13/1999 2:01:00 AM | Attr = ]
diagent.exe -> %ProgramFiles%\Creative\SBLive\Diagnostics\diagent.exe -> Creative Technology Ltd [Ver = 1, 1, 4, 0 | Size = 135264 bytes | Modified Date = 4/3/2002 2:01:00 AM | Attr = ]
dlbabmgr.exe -> %ProgramFiles%\Dell AIO Printer A940\dlbabmgr.exe -> Dell Computer Corporation [Ver = 0.1.1.1 | Size = 86102 bytes | Modified Date = 2/17/2003 6:00:36 PM | Attr = ]
dlbabmon.exe -> %ProgramFiles%\Dell AIO Printer A940\dlbabmon.exe -> Dell Computer Corporation [Ver = 0.1.1.1 | Size = 73806 bytes | Modified Date = 2/17/2003 6:00:36 PM | Attr = ]
dlg.exe -> %ProgramFiles%\Digital Line Detect\DLG.exe -> BVRP Software [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 6/20/2003 4:43:00 AM | Attr = ]
dsentry.exe -> %System32%\DSentry.exe -> Dell - Advanced Desktop Engineering [Ver = 1, 0, 5, 0 | Size = 28672 bytes | Modified Date = 8/13/2003 11:27:40 AM | Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 6/28/2007 10:51:58 AM | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 504104 bytes | Modified Date = 11/2/2007 6:36:32 PM | Attr = ]
itouch.exe -> %ProgramFiles%\Logitech\iTouch\iTouch.exe -> Logitech Inc. [Ver = 2.22.289 | Size = 892928 bytes | Modified Date = 3/18/2004 8:33:26 AM | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 267048 bytes | Modified Date = 11/2/2007 6:36:42 PM | Attr = ]
lexbces.exe -> %System32%\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 8.14 | Size = 303104 bytes | Modified Date = 2/17/2003 6:00:44 PM | Attr = ]
lexpps.exe -> %System32%\LEXPPS.EXE -> Lexmark International, Inc. [Ver = 8.14 | Size = 174592 bytes | Modified Date = 2/17/2003 6:00:44 PM | Attr = ]
nopdb.exe -> %ProgramFiles%\Norton SystemWorks Premier\Norton Utilities\Speed Disk\NOPDB.exe -> Symantec Corporation [Ver = 7.00.0.24 | Size = 176193 bytes | Modified Date = 11/3/2005 9:44:58 PM | Attr = ]
nprotect.exe -> %ProgramFiles%\Norton SystemWorks Premier\Norton Utilities\NPROTECT.EXE -> Symantec Corporation [Ver = 19.0.1.8 | Size = 95832 bytes | Modified Date = 11/3/2005 10:08:02 PM | Attr = ]
nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.4501 | Size = 73728 bytes | Modified Date = 10/30/2003 9:06:02 AM | Attr = ]
pcmservice.exe -> %ProgramFiles%\Dell\Media Experience\PCMService.exe -> CyberLink Corp. [Ver = 1.0.0826 | Size = 204800 bytes | Modified Date = 8/26/2003 8:47:34 PM | Attr = ]
reader_sl.exe -> %ProgramFiles%\Adobe\Reader 8.0\Reader\Reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 10/10/2007 7:51:56 PM | Attr = ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3760 | Size = 185896 bytes | Modified Date = 2/5/2007 9:18:18 AM | Attr = ]
sgtray.exe -> %CommonProgramFiles%\Sonic\Update Manager\sgtray.exe -> Sonic Solutions [Ver = 1.01.11a | Size = 155648 bytes | Modified Date = 2/13/2003 2:01:00 AM | Attr = ]
superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 6, 0, 1000 | Size = 1310720 bytes | Modified Date = 2/27/2007 11:39:26 AM | Attr = ]
symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> [Ver = | Size = 1252232 bytes | Modified Date = 11/2/2007 10:21:56 PM | Attr = ]
tfswctrl.exe -> %System32%\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.05b | Size = 114741 bytes | Modified Date = 8/6/2003 2:04:00 AM | Attr = ]
wdbtnmgr.exe -> %System32%\WDBtnMgr.exe -> Western Digital Technologies, Inc. [Ver = 2, 0, 4, 0 | Size = 339968 bytes | Modified Date = 10/7/2006 7:01:24 AM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.44.0 | Size = 371200 bytes | Modified Date = 11/21/2007 9:19:46 AM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 3/13/2006 1:37:56 PM | Attr = ]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 9/6/2007 12:28:18 PM | Attr = ]
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> Symantec Corporation [Ver = 3.2.0.68 | Size = 554352 bytes | Modified Date = 9/12/2007 6:27:26 PM | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 6/28/2007 10:51:58 AM | Attr = ]
(ccEvtMgr) Symantec Event Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 1/9/2007 2:59:32 PM | Attr = ]
(ccSetMgr) Symantec Settings Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 1/9/2007 2:59:32 PM | Attr = ]
(CLTNetCnService) Symantec Lic NetConnect service [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 1/9/2007 2:59:32 PM | Attr = ]
(comHost) COM Host [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\VAScanner\comHost.exe -> Symantec Corporation [Ver = 1.2.0.28 | Size = 49248 bytes | Modified Date = 1/12/2007 12:40:58 PM | Attr = ]
(Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %System32%\CTsvcCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/13/1999 2:01:00 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 2:56:48 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 504104 bytes | Modified Date = 11/2/2007 6:36:32 PM | Attr = ]
(ISPwdSvc) Symantec IS Password Validation [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Norton Internet Security\isPwdSvc.exe -> Symantec Corporation [Ver = 10.2.0.50 | Size = 80504 bytes | Modified Date = 1/13/2007 4:11:06 PM | Attr = ]
(LexBceS) LexBce Server [Win32_Own | Auto | Running] -> %System32%\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 8.14 | Size = 303104 bytes | Modified Date = 2/17/2003 6:00:44 PM | Attr = ]
(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_2.EXE -> Symantec Corporation [Ver = 3.2.0.68 | Size = 2999664 bytes | Modified Date = 9/12/2007 6:27:26 PM | Attr = ]
(LiveUpdate Notice Ex) LiveUpdate Notice Service Ex [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 1/9/2007 2:59:32 PM | Attr = ]
(LiveUpdate Notice Service) LiveUpdate Notice Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -> Symantec Corporation [Ver = 1.4.5.73 | Size = 583048 bytes | Modified Date = 11/28/2007 7:51:12 PM | Attr = ]
(NetSvc) Intel NCS NetService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Intel\NCS\Sync\NetSvc.exe -> Intel® Corporation [Ver = 1.2.26.0 | Size = 143360 bytes | Modified Date = 3/3/2003 2:33:40 PM | Attr = ]
(NProtectService) Norton Unerase Protection [Win32_Own | Auto | Running] -> %ProgramFiles%\Norton SystemWorks Premier\Norton Utilities\NPROTECT.EXE -> Symantec Corporation [Ver = 19.0.1.8 | Size = 95832 bytes | Modified Date = 11/3/2005 10:08:02 PM | Attr = ]
(NVSvc) NVIDIA Driver Helper Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.4501 | Size = 73728 bytes | Modified Date = 10/30/2003 9:06:02 AM | Attr = ]
(Speed Disk service) Speed Disk service [Win32_Own | Auto | Running] -> %ProgramFiles%\Norton SystemWorks Premier\Norton Utilities\Speed Disk\NOPDB.exe -> Symantec Corporation [Ver = 7.00.0.24 | Size = 176193 bytes | Modified Date = 11/3/2005 9:44:58 PM | Attr = ]
(Symantec Core LC) Symantec Core LC [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> [Ver = | Size = 1252232 bytes | Modified Date = 11/2/2007 10:21:56 PM | Attr = ]
(SymAppCore) Symantec AppCore Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\AppCore\AppSvc32.exe -> Symantec Corporation [Ver = 1.0.00.101 | Size = 46736 bytes | Modified Date = 9/2/2006 12:33:40 AM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
!AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/28/2007 10:52:00 AM | Attr = ]
Adobe Photo Downloader -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.2.0.77764 | Size = 63712 bytes | Modified Date = 3/9/2007 10:09:58 AM | Attr = ]
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\Reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 10/10/2007 7:51:56 PM | Attr = ]
ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 115816 bytes | Modified Date = 1/9/2007 2:59:52 PM | Attr = ]
Dell AIO Printer A940 -> %ProgramFiles%\Dell AIO Printer A940\dlbabmgr.exe -> Dell Computer Corporation [Ver = 0.1.1.1 | Size = 86102 bytes | Modified Date = 2/17/2003 6:00:36 PM | Attr = ]
diagent -> %ProgramFiles%\Creative\SBLive\Diagnostics\diagent.exe -> Creative Technology Ltd [Ver = 1, 1, 4, 0 | Size = 135264 bytes | Modified Date = 4/3/2002 2:01:00 AM | Attr = ]
dla -> %System32%\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.05b | Size = 114741 bytes | Modified Date = 8/6/2003 2:04:00 AM | Attr = ]
DVDSentry -> %System32%\DSentry.exe -> Dell - Advanced Desktop Engineering [Ver = 1, 0, 5, 0 | Size = 28672 bytes | Modified Date = 8/13/2003 11:27:40 AM | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 267048 bytes | Modified Date = 11/2/2007 6:36:42 PM | Attr = ]
MimBoot -> %ProgramFiles%\Musicmatch\Musicmatch Jukebox\mimboot.exe -> File not found
NeroFilterCheck -> %System32%\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 7/9/2001 9:50:42 AM | Attr = ]
NSRKey -> %SystemDrive%\PROGRA~1\NORTON~1\NSR\Agent\NSRTray.exe -> File not found
NvCplDaemon -> %System32%\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.4501 | Size = 4800512 bytes | Modified Date = 10/30/2003 9:06:00 AM | Attr = ]
Optimum Online -> %ProgramFiles%\Optimum Online\Netsurf.exe -> Netsurfer, Inc. [Ver = 6.03.12.0 | Size = 802816 bytes | Modified Date = 1/11/2005 7:41:22 PM | Attr = ]
osCheck -> %ProgramFiles%\Norton Internet Security\osCheck.exe -> Symantec Corporation [Ver = 10.2.0.50 | Size = 771704 bytes | Modified Date = 1/13/2007 4:11:10 PM | Attr = ]
PCMService -> %ProgramFiles%\Dell\Media Experience\PCMService.exe -> CyberLink Corp. [Ver = 1.0.0826 | Size = 204800 bytes | Modified Date = 8/26/2003 8:47:34 PM | Attr = ]
QD FastAndSafe -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.3 | Size = 286720 bytes | Modified Date = 10/19/2007 8:16:26 PM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.3 | Size = 286720 bytes | Modified Date = 10/19/2007 8:16:26 PM | Attr = ]
StorageGuard -> %CommonProgramFiles%\Sonic\Update Manager\sgtray.exe -> Sonic Solutions [Ver = 1.01.11a | Size = 155648 bytes | Modified Date = 2/13/2003 2:01:00 AM | Attr = ]
Symantec PIF AlertEng -> %CommonProgramFiles%\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -> Symantec Corporation [Ver = 1.4.5.73 | Size = 583048 bytes | Modified Date = 11/28/2007 7:51:12 PM | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3760 | Size = 185896 bytes | Modified Date = 2/5/2007 9:18:18 AM | Attr = ]
UpdReg -> %SystemRoot%\Updreg.EXE -> Creative Technology Ltd. [Ver = 1.0.2 | Size = 90112 bytes | Modified Date = 5/11/2000 2:00:00 AM | Attr = ]
WD Button Manager -> %System32%\WDBtnMgr.exe -> Western Digital Technologies, Inc. [Ver = 2, 0, 4, 0 | Size = 339968 bytes | Modified Date = 10/7/2006 7:01:24 AM | Attr = ]
zBrowser Launcher -> %ProgramFiles%\Logitech\iTouch\iTouch.exe -> Logitech Inc. [Ver = 2.22.289 | Size = 892928 bytes | Modified Date = 3/18/2004 8:33:26 AM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
MoneyAgent -> %ProgramFiles%\Microsoft Money\System\mnyexpr.exe -> File not found
Sonic RecordNow! -> -> File not found
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 6, 0, 1000 | Size = 1310720 bytes | Modified Date = 2/27/2007 11:39:26 AM | Attr = ]
updateMgr -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe -> File not found
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersStartup%\ColorVisionStartup.lnk -> %ProgramFiles%\ColorVision\Utility\ColorVisionStartup.exe -> ColorVision Inc. [Ver = 1, 0, 4, 1 | Size = 385024 bytes | Modified Date = 1/31/2006 4:48:52 PM | Attr = ]
%AllUsersStartup%\Digital Line Detect.lnk -> %ProgramFiles%\Digital Line Detect\DLG.exe -> BVRP Software [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 6/20/2003 4:43:00 AM | Attr = ]
%AllUsersStartup%\WD Backup Monitor.lnk -> %ProgramFiles%\My Book\WD Backup\uBBMonitor.exe -> ArcSoft, Inc. [Ver = 1.0.0.2 | Size = 98304 bytes | Modified Date = 1/22/2006 5:30:16 PM | Attr = ]
< User Startup > -> C:\Documents and Settings\Mike\Start Menu\Programs\Startup ->
%UserStartup%\Adobe Gamma.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 11/4/1999 2:06:48 PM | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 6/28/2007 10:51:58 AM | Attr = ]
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKLM] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 12:55:48 PM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1030 | Size = 282624 bytes | Modified Date = 2/27/2007 11:39:26 AM | Attr = ]
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> _
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost -> ->
< Internet Explorer Settings > -> ->
HKLM: Default_Page_URL -> http://www.yahoo.com ->
HKLM: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Start Page -> http://www.yahoo.com ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Start Page -> http://www.yahoo.com/ ->
HKCU: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [Yahoo! Toolbar] -> File not found
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
msn.com [ - ] -> ->
< Trusted Sites > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
musicmatch.com [*] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 10:08:42 PM | Attr = ]
{1E8A6170-7264-4D0F-BEAE-D42A53123C75} [HKLM] -> %CommonProgramFiles%\Symantec Shared\coShared\Browser\1.5\NppBHO.dll [Reg Data - Value does not exist] -> Symantec Corporation [Ver = 2007.1.5.29 | Size = 96936 bytes | Modified Date = 1/11/2007 4:04:50 PM | Attr = R ]
{4f831df0-8fcb-4acc-af2d-010f5715f750} [HKLM] -> %System32%\sesfyxtv.dll [Reg Data - Value does not exist] -> File not found
{571407F3-51AF-419F-AC27-A2D452FE7B4b} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{5CA3D70E-1895-11CF-8E15-001234567890} [HKLM] -> %System32%\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 1.04.05b | Size = 106548 bytes | Modified Date = 8/6/2003 2:04:00 AM | Attr = ]
{CBB40206-A3B6-4DBB-97D7-A6F6A64E66A1} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{90222687-F593-4738-B738-FBEE9C7B26DF} [HKLM] -> %CommonProgramFiles%\Symantec Shared\coShared\Browser\1.5\UIBHO.dll [Show Norton Toolbar] -> Symantec Corporation [Ver = 2007.1.5.29 | Size = 607888 bytes | Modified Date = 1/11/2007 4:05:00 PM | Attr = R ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [Yahoo! Toolbar] -> File not found
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> Reg Data - Key not found [MenuText: Sun Java Console] -> File not found
{5E638779-1818-4754-A595-EF1C63B87A56} -> %ProgramFiles%\Norton SystemWorks Premier\Norton Cleanup\WCQuick.lnk [ButtonText: Express Cleanup] -> [Ver = | Size = 775 bytes | Modified Date = 5/4/2007 9:07:30 AM | Attr = ]
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -> Reg Data - Value does not exist [ButtonText: Real.com] -> File not found
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> -> File not found
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{B6268662-7FB6-4A9A-95D9-652F26AE8427} -> () ->
{B86CF75D-FA9B-4840-A99B-6758360AFB6F} -> (Intel® PRO/100 VE Network Connection) ->
{ECCB5D04-5FA0-4990-8685-3CEE5F5DCB72} -> (1394 Net Adapter) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{02BCC737-B171-4746-94C9-0D8A0B2C0089} -> Microsoft Office Template and Media Control - CodeBase = http://office.microsoft.com/templates/ieawsdc.cab ->
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -> QuickTime Object - CodeBase = http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab ->
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://fpdownload.macromedia.com/get/shock...director/sw.cab ->
{17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase = http://download.microsoft.com/download/5/b...heckControl.cab ->
{406B5949-7190-4245-91A9-30A17DE16AD0} -> Snapfish Activia - CodeBase = http://www.costcophotocenter.com/CostcoActivia.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.4.2 - CodeBase = http://java.sun.com/products/plugin/autodl...indows-i586.cab ->
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -> ActiveScan Installer Class - CodeBase = http://acs.pandasoftware.com/activescan/as5free/asinst.cab ->
{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} -> Java Plug-in 1.4.2 - CodeBase = http://java.sun.com/products/plugin/autodl...indows-i586.cab ->
{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -> get_atlcom Class - CodeBase = http://www.adobe.com/products/acrobat/nos/gp.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://download.macromedia.com/pub/shockwa...ash/swflash.cab ->

[Registry - Additional Scans - Non-Microsoft Only]

[Files/Folders - Created Within 30 days]
16EA.tmp -> %SystemDrive%\16EA.tmp -> [Ver = | Size = 267457024 bytes | Created Date = 12/16/2007 4:15:39 PM | Attr = ]
BC2.tmp -> %SystemDrive%\BC2.tmp -> [Ver = | Size = 267457024 bytes | Created Date = 12/16/2007 3:14:27 PM | Attr = ]
Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 12/16/2007 12:55:48 PM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = -1880027136 bytes | Created Date = 1/1/1601 5:00:00 AM | Attr = HS]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 12/13/2007 11:30:09 AM | Attr = ]
$NtUninstallKB941568$ -> %SystemRoot%\$NtUninstallKB941568$ -> [Folder | Created Date = 12/12/2007 10:07:27 AM | Attr = H ]
$NtUninstallKB941569$ -> %SystemRoot%\$NtUninstallKB941569$ -> [Folder | Created Date = 12/12/2007 10:09:27 AM | Attr = H ]
$NtUninstallKB942763$ -> %SystemRoot%\$NtUninstallKB942763$ -> [Folder | Created Date = 12/12/2007 10:09:40 AM | Attr = H ]
$NtUninstallKB944653$ -> %SystemRoot%\$NtUninstallKB944653$ -> [Folder | Created Date = 12/12/2007 10:07:13 AM | Attr = H ]
ERDNT -> %SystemRoot%\ERDNT -> [Folder | Created Date = 12/16/2007 12:57:04 PM | Attr = ]
ActiveScan -> %System32%\ActiveScan -> [Folder | Created Date = 12/16/2007 2:29:49 PM | Attr = ]
asuninst.exe -> %System32%\asuninst.exe -> Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Created Date = 12/16/2007 2:30:31 PM | Attr = ]
daSgo02 -> %System32%\daSgo02 -> [Folder | Created Date = 12/6/2007 11:09:15 AM | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Created Date = 12/16/2007 2:29:52 PM | Attr = ]
jmllm.ini2 -> %System32%\jmllm.ini2 -> [Ver = | Size = 430269 bytes | Created Date = 12/6/2007 11:14:43 AM | Attr = HS]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Created Date = 12/16/2007 2:29:52 PM | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Created Date = 12/16/2007 2:29:52 PM | Attr = ]
ZPORT4AS.dll -> %System32%\ZPORT4AS.dll -> [Ver = | Size = 11776 bytes | Created Date = 12/16/2007 2:30:31 PM | Attr = ]
srtsp.cat -> %System32%\drivers\srtsp.cat -> [Ver = | Size = 10545 bytes | Created Date = 11/30/2007 11:57:42 PM | Attr = ]
srtsp.inf -> %System32%\drivers\srtsp.inf -> [Ver = | Size = 1415 bytes | Created Date = 11/30/2007 11:57:42 PM | Attr = ]
srtsp.sys -> %System32%\drivers\srtsp.sys -> Symantec Corporation [Ver = 10.2.2.5 | Size = 279088 bytes | Created Date = 11/30/2007 11:57:12 PM | Attr = ]
srtspl.cat -> %System32%\drivers\srtspl.cat -> [Ver = | Size = 10549 bytes | Created Date = 11/30/2007 11:57:42 PM | Attr = ]
srtspl.inf -> %System32%\drivers\srtspl.inf -> [Ver = | Size = 1430 bytes | Created Date = 11/30/2007 11:57:42 PM | Attr = ]
srtspl.sys -> %System32%\drivers\srtspl.sys -> Symantec Corporation [Ver = 10.2.2.5 | Size = 317616 bytes | Created Date = 11/30/2007 11:57:12 PM | Attr = ]
srtspx.cat -> %System32%\drivers\srtspx.cat -> [Ver = | Size = 10549 bytes | Created Date = 11/30/2007 11:57:42 PM | Attr = ]
srtspx.inf -> %System32%\drivers\srtspx.inf -> [Ver = | Size = 1421 bytes | Created Date = 11/30/2007 11:57:42 PM | Attr = ]
srtspx.sys -> %System32%\drivers\srtspx.sys -> Symantec Corporation [Ver = 10.2.2.5 | Size = 43696 bytes | Created Date = 11/30/2007 11:57:12 PM | Attr = ]

[Files/Folders - Modified Within 30 days]
16EA.tmp -> %SystemDrive%\16EA.tmp -> [Ver = | Size = 267457024 bytes | Modified Date = 12/16/2007 4:16:44 PM | Attr = ]
BC2.tmp -> %SystemDrive%\BC2.tmp -> [Ver = | Size = 267457024 bytes | Modified Date = 12/16/2007 3:15:30 PM | Attr = ]
BOOT.INI -> %SystemDrive%\BOOT.INI -> [Ver = | Size = 211 bytes | Modified Date = 12/12/2007 12:05:54 PM | Attr = HS]
Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 12/16/2007 12:55:50 PM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = -1880027136 bytes | Modified Date = 12/18/2007 10:46:18 AM | Attr = HS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 12/16/2007 1:23:58 PM | Attr = ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 12/12/2007 10:11:04 AM | Attr = HS]
TEMP -> %SystemDrive%\TEMP -> [Folder | Modified Date = 12/6/2007 11:09:16 AM | Attr = ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 12/18/2007 10:43:24 AM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 12/17/2007 9:44:04 AM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 12/12/2007 9:46:24 AM | Attr = H ]
$NtUninstallKB941568$ -> %SystemRoot%\$NtUninstallKB941568$ -> [Folder | Modified Date = 12/12/2007 10:07:30 AM | Attr = H ]
$NtUninstallKB941569$ -> %SystemRoot%\$NtUninstallKB941569$ -> [Folder | Modified Date = 12/12/2007 10:09:30 AM | Attr = H ]
$NtUninstallKB942763$ -> %SystemRoot%\$NtUninstallKB942763$ -> [Folder | Modified Date = 12/12/2007 10:09:42 AM | Attr = H ]
$NtUninstallKB944653$ -> %SystemRoot%\$NtUninstallKB944653$ -> [Folder | Modified Date = 12/12/2007 10:07:16 AM | Attr = H ]
ADDINS -> %SystemRoot%\ADDINS -> [Folder | Modified Date = 12/7/2007 8:18:42 PM | Attr = ]
AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 12/16/2007 3:43:58 PM | Attr = ]
BOOTSTAT.DAT -> %SystemRoot%\BOOTSTAT.DAT -> [Ver = | Size = 2048 bytes | Modified Date = 12/18/2007 10:46:36 AM | Attr = S]
Cursors -> %SystemRoot%\Cursors -> [Folder | Modified Date = 12/7/2007 8:13:10 PM | Attr = ]
DELLSTAT.INI -> %SystemRoot%\DELLSTAT.INI -> [Ver = | Size = 679 bytes | Modified Date = 12/17/2007 9:46:42 AM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 12/16/2007 3:41:46 PM | Attr = S]
ERDNT -> %SystemRoot%\ERDNT -> [Folder | Modified Date = 12/16/2007 12:57:06 PM | Attr = ]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 12/12/2007 10:25:48 AM | Attr = R S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 12/16/2007 2:41:32 PM | Attr = ]
ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 12/12/2007 10:07:46 AM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1393 bytes | Modified Date = 12/12/2007 10:09:32 AM | Attr = ]
INF -> %SystemRoot%\INF -> [Folder | Modified Date = 12/16/2007 2:30:48 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 12/16/2007 8:51:00 PM | Attr = HS]
iTouch.ini -> %SystemRoot%\iTouch.ini -> [Ver = | Size = 65 bytes | Modified Date = 12/18/2007 10:47:28 AM | Attr = ]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 12/7/2007 2:11:16 PM | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 116 bytes | Modified Date = 12/7/2007 9:10:50 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 12/18/2007 10:49:28 AM | Attr = ]
pss -> %SystemRoot%\pss -> [Folder | Modified Date = 12/12/2007 10:16:08 AM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 12/18/2007 10:47:32 AM | Attr = H ]
SECURITY -> %SystemRoot%\SECURITY -> [Folder | Modified Date = 12/10/2007 11:20:22 AM | Attr = ]
ShellNew -> %SystemRoot%\ShellNew -> [Folder | Modified Date = 12/12/2007 10:25:50 AM | Attr = ]
SYSTEM.INI -> %SystemRoot%\SYSTEM.INI -> [Ver = | Size = 227 bytes | Modified Date = 12/12/2007 12:05:54 PM | Attr = ]
SYSTEM32 -> %System32% -> [Folder | Modified Date = 12/18/2007 10:44:58 AM | Attr = ]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 12/18/2007 10:47:28 AM | Attr = ]
WIN.INI -> %SystemRoot%\WIN.INI -> [Ver = | Size = 805 bytes | Modified Date = 12/16/2007 2:38:38 PM | Attr = ]
Norton Internet Security - Run Full System Scan - Irina.job -> %SystemRoot%\tasks\Norton Internet Security - Run Full System Scan - Irina.job -> [Ver = | Size = 622 bytes | Modified Date = 12/18/2007 9:00:02 AM | Attr = ]
Norton SystemWorks One Button Checkup.job -> %SystemRoot%\tasks\Norton SystemWorks One Button Checkup.job -> [Ver = | Size = 306 bytes | Modified Date = 12/17/2007 12:00:02 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 12/18/2007 10:46:48 AM | Attr = H ]
Symantec NetDetect.job -> %SystemRoot%\tasks\Symantec NetDetect.job -> [Ver = | Size = 366 bytes | Modified Date = 12/18/2007 10:49:02 AM | Attr = ]
ActiveScan -> %System32%\ActiveScan -> [Folder | Modified Date = 12/16/2007 3:41:44 PM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 12/18/2007 9:06:18 AM | Attr = ]
daSgo02 -> %System32%\daSgo02 -> [Folder | Modified Date = 12/6/2007 11:09:16 AM | Attr = ]
dla -> %System32%\dla -> [Folder | Modified Date = 12/16/2007 3:42:10 PM | Attr = ]
DLLCACHE -> %System32%\DLLCACHE -> [Folder | Modified Date = 12/16/2007 1:32:58 PM | Attr = RHS]
DRIVERS -> %System32%\DRIVERS -> [Folder | Modified Date = 12/16/2007 3:41:34 PM | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 159544 bytes | Modified Date = 12/12/2007 10:29:46 AM | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 12/16/2007 3:40:52 PM | Attr = ]
jmllm.ini2 -> %System32%\jmllm.ini2 -> [Ver = | Size = 430269 bytes | Modified Date = 12/16/2007 1:14:04 PM | Attr = HS]
mapisvc.inf -> %System32%\mapisvc.inf -> [Ver = | Size = 45 bytes | Modified Date = 12/12/2007 10:25:46 AM | Attr = ]
mcrh.tmp -> %System32%\mcrh.tmp -> [Ver = | Size = 143 bytes | Modified Date = 12/10/2007 9:13:10 AM | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Modified Date = 12/16/2007 3:40:52 PM | Attr = ]
PERFC009.DAT -> %System32%\PERFC009.DAT -> [Ver = | Size = 53436 bytes | Modified Date = 12/8/2007 9:52:22 AM | Attr = ]
PERFH009.DAT -> %System32%\PERFH009.DAT -> [Ver = | Size = 381692 bytes | Modified Date = 12/8/2007 9:52:22 AM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 441454 bytes | Modified Date = 12/8/2007 9:52:22 AM | Attr = ]
Restore -> %System32%\Restore -> [Folder | Modified Date = 12/13/2007 9:16:48 AM | Attr = ]
S32EVNT1.DLL -> %System32%\S32EVNT1.DLL -> Symantec Corporation [Ver = 12.5.2.2 | Size = 60800 bytes | Modified Date = 12/5/2007 11:16:40 PM | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 12/16/2007 3:40:52 PM | Attr = ]
WBEM -> %System32%\WBEM -> [Folder | Modified Date = 12/16/2007 3:43:38 PM | Attr = ]
WPA.DBL -> %System32%\WPA.DBL -> [Ver = | Size = 1170 bytes | Modified Date = 12/18/2007 10:47:14 AM | Attr = ]
ETC -> %System32%\drivers\ETC -> [Folder | Modified Date = 12/7/2007 8:13:16 PM | Attr = ]
srtsp.cat -> %System32%\drivers\srtsp.cat -> [Ver = | Size = 10545 bytes | Modified Date = 11/30/2007 11:57:42 PM | Attr = ]
srtsp.inf -> %System32%\drivers\srtsp.inf -> [Ver = | Size = 1415 bytes | Modified Date = 11/30/2007 11:57:42 PM | Attr = ]
srtsp.sys -> %System32%\drivers\srtsp.sys -> Symantec Corporation [Ver = 10.2.2.5 | Size = 279088 bytes | Modified Date = 11/30/2007 11:57:12 PM | Attr = ]
srtspl.cat -> %System32%\drivers\srtspl.cat -> [Ver = | Size = 10549 bytes | Modified Date = 11/30/2007 11:57:42 PM | Attr = ]
srtspl.inf -> %System32%\drivers\srtspl.inf -> [Ver = | Size = 1430 bytes | Modified Date = 11/30/2007 11:57:42 PM | Attr = ]
srtspl.sys -> %System32%\drivers\srtspl.sys -> Symantec Corporation [Ver = 10.2.2.5 | Size = 317616 bytes | Modified Date = 11/30/2007 11:57:12 PM | Attr = ]
srtspx.cat -> %System32%\drivers\srtspx.cat -> [Ver = | Size = 10549 bytes | Modified Date = 11/30/2007 11:57:42 PM | Attr = ]
srtspx.inf -> %System32%\drivers\srtspx.inf -> [Ver = | Size = 1421 bytes | Modified Date = 11/30/2007 11:57:42 PM | Attr = ]
srtspx.sys -> %System32%\drivers\srtspx.sys -> Symantec Corporation [Ver = 10.2.2.5 | Size = 43696 bytes | Modified Date = 11/30/2007 11:57:12 PM | Attr = ]
SYMEVENT.CAT -> %System32%\drivers\SYMEVENT.CAT -> [Ver = | Size = 10740 bytes | Modified Date = 12/5/2007 11:16:40 PM | Attr = ]
SYMEVENT.INF -> %System32%\drivers\SYMEVENT.INF -> [Ver = | Size = 805 bytes | Modified Date = 12/5/2007 11:16:40 PM | Attr = ]
SYMEVENT.SYS -> %System32%\drivers\SYMEVENT.SYS -> Symantec Corporation [Ver = 12.5.2.1 | Size = 123952 bytes | Modified Date = 12/5/2007 11:16:40 PM | Attr = ]

[File String Scan - Non-Microsoft Only]
File scan skipped for file %SystemDrive%\16EA.tmp -> File size too big (267457024 bytes) ->
File scan skipped for file %SystemDrive%\BC2.tmp -> File size too big (267457024 bytes) ->
PEC2 , -> %System32%\DFRG.MSC -> [Ver = | Size = 41397 bytes | Modified Date = 8/29/2002 6:00:00 AM | Attr = ]
Thawte Consulting , -> %System32%\pxinsi64.exe -> Sonic Solutions [Ver = 3.00.33a | Size = 115880 bytes | Modified Date = 8/24/2006 10:47:00 PM | Attr = ]
Thawte Consulting , -> %System32%\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.9.2568 | Size = 185952 bytes | Modified Date = 2/5/2007 9:18:34 AM | Attr = ]
winsync , -> %System32%\WBDBASE.DEU -> [Ver = | Size = 1309184 bytes | Modified Date = 8/29/2002 6:00:00 AM | Attr = ]
Thawte Consulting , -> %System32%\XceedZip.dll -> Xceed Software Inc (450) 442-2626 zip@xceedsoft.com www.xceedsoft.com [Ver = 4.1.19.59 | Size = 282448 bytes | Modified Date = 7/10/2000 11:00:10 AM | Attr = ]
PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/4/2004 12:41:38 AM | Attr = ]

< End of report >

Thanks again

This post has been edited by sake135: Dec 18 2007, 10:01 AM
Go to the top of the page
 
+Quote Post
Rorschach112
post Dec 18 2007, 10:31 AM
Post #4


GeekU Teacher
Group Icon
Posts: 20,009
From: Dublin
OS: XP
Can you please post the VundoFix report


Start WinPFind3U. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

QUOTE
[Kill Explorer]
[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> MimBoot -> %ProgramFiles%\Musicmatch\Musicmatch Jukebox\mimboot.exe
YN -> NSRKey -> %SystemDrive%\PROGRA~1\NORTON~1\NSR\Agent\NSRTray.exe
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> MoneyAgent -> %ProgramFiles%\Microsoft Money\System\mnyexpr.exe
YN -> Sonic RecordNow! ->
YN -> updateMgr -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
< Internet Explorer Settings > ->
YN -> HKCU: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [Yahoo! Toolbar]
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {4f831df0-8fcb-4acc-af2d-010f5715f750} [HKLM] -> %System32%\sesfyxtv.dll [Reg Data - Value does not exist]
YN -> {571407F3-51AF-419F-AC27-A2D452FE7B4b} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> {CBB40206-A3B6-4DBB-97D7-A6F6A64E66A1} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> ShellBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [Yahoo! Toolbar]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> Reg Data - Key not found [MenuText: Sun Java Console]
YN -> {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -> Reg Data - Value does not exist [ButtonText: Real.com]
YN -> {e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001]
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
YN -> E&xport to Microsoft Excel ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
YN -> ipp -> Reg Data - Key not found
YN -> msdaipp -> Reg Data - Key not found
[Files/Folders - Created Within 30 days]
NY -> 16EA.tmp -> %SystemDrive%\16EA.tmp
NY -> BC2.tmp -> %SystemDrive%\BC2.tmp
NY -> jmllm.ini2 -> %System32%\jmllm.ini2
[Files/Folders - Modified Within 30 days]
NY -> 16EA.tmp -> %SystemDrive%\16EA.tmp
NY -> BC2.tmp -> %SystemDrive%\BC2.tmp
NY -> daSgo02 -> %System32%\daSgo02
NY -> jmllm.ini2 -> %System32%\jmllm.ini2
[Empty Temp Folders]
[Start Explorer]
[Reboot]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new WinPFind3u scan(attach the WinPFind3 scan report).

I will review the information when it comes back in.



Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
Go to the top of the page
 
+Quote Post
sake135
post Dec 18 2007, 11:00 AM
Post #5


New Member
*
Posts: 7
OS: windows xp
vundofix did not generate a report.

I pasted the fix into winpfind3u and hit run fix. the program is not responding though.

Dss generated logs:

Deckard's System Scanner v20071014.68
Run by Mike on 2007-12-18 12:21:46
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Mike.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 12:21:53 PM, on 12/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton SystemWorks Premier\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mike\Desktop\dss.exe
C:\DOCUME~1\Mike\Desktop\Mike.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Expl