Welcome Guest ( Log In | Register )

Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Spyware, virus, trojan, fake security or privacy alerts? Read the malware cleaning guide.
      
2 Pages V   1 2 >  
 Closed TopicStart new topic
Vista anti-virus [RESOLVED]
RobinC
post Aug 11 2008, 01:13 PM
Post #1


Member
**
Posts: 15
OS: XP
Please help!

Am seriously frustrated after trying so many things with this invasive and destructive virus.

I have downloaded an run DSS with the following results:

Deckard's System Scanner v20071014.68
Run by Robin Coleman on 2008-08-11 19:10:03
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-08-11 19:10:53
Platform: Windows XP Service Pack 3 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\SYSTEM32\services.exe
C:\WINDOWS\SYSTEM32\lsass.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\SYSTEM32\LEXBCES.EXE
C:\WINDOWS\SYSTEM32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\fxssvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\SYSTEM32\hkcmd.exe
C:\WINDOWS\SYSTEM32\DSentry.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mindjet\MindManager 6\MmReminderService.exe
C:\WINDOWS\SYSTEM32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\WINDOWS\V0250Mon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\SYSTEM32\LEXPPS.EXE
C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
C:\WINDOWS\SYSTEM32\ctfmon.exe
C:\WINDOWS\SYSTEM32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
E:\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Tesco internet access
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O2 - BHO: QXK Olive - {AF78793A-C6D3-4282-B395-CBA1D0599AB6} - C:\WINDOWS\wnlmdakqanr.dll
O3 - Toolbar: bgrqfetx - {968232F5-0910-483D-B059-4C6AB5C785DC} - C:\WINDOWS\bgrqfetx.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [VirusScan] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe
O4 - HKLM\..\Run: [UIUCU] C:\DOCUME~1\ROBINC~1\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP -S
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [V0250Mon.exe] C:\WINDOWS\V0250Mon.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [\Win2AC.exe] C:\Windows\system32\Win2AC.exe
O4 - HKLM\..\Run: [\Win2AD.exe] C:\Windows\system32\Win2AD.exe
O4 - HKLM\..\Run: [\Win2AE.exe] C:\Windows\system32\Win2AE.exe
O4 - HKLM\..\Run: [\Win2AF.exe] C:\Windows\system32\Win2AF.exe
O4 - HKLM\..\Run: [\Win2B0.exe] C:\Windows\system32\Win2B0.exe
O4 - HKLM\..\Run: [Antivirus] C:\Program Files\VAV\vav.exe
O4 - HKLM\..\Run: [Cleanup] C:\DOCUME~1\ROBINC~1\LOCALS~1\Temp\20088917254_mcappins.exe /v=3 /cleanup
O4 - HKLM\..\Run: [msci] C:\DOCUME~1\ROBINC~1\LOCALS~1\Temp\20088917251_mcinfo.exe /insfin
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [pdfSaver3] "C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [\Win2AC.exe] C:\Windows\system32\Win2AC.exe
O4 - HKCU\..\Run: [\Win2AD.exe] C:\Windows\system32\Win2AD.exe
O4 - HKCU\..\Run: [\Win2AE.exe] C:\Windows\system32\Win2AE.exe
O4 - HKCU\..\Run: [\Win2AF.exe] C:\Windows\system32\Win2AF.exe
O4 - HKCU\..\Run: [\Win2B0.exe] C:\Windows\system32\Win2B0.exe
O4 - HKCU\..\Run: [Antivirus] C:\Program Files\VAV\vav.exe
O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\ARO.exe -rem
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://memberservices.tesco.net (HKCU)
O15 - Trusted Zone: https://register.tesco.net (HKCU)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\SYSTEM32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O24 - Desktop Component 0: - http://www.broadjam.com/search/images/hifimp3.gif

--
End of file - 12309 bytes

-- Files created between 2008-07-11 and 2008-08-11 -----------------------------

2008-08-11 18:38:24 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-08-11 18:38:24 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-08-11 18:38:24 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-08-11 18:38:24 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-08-11 18:38:24 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-08-11 18:38:24 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-08-11 18:38:24 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-08-11 18:38:24 82432 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-08-10 20:11:17 0 d-------- C:\Documents and Settings\Russell Coleman\Application Data\Macromedia
2008-08-10 19:17:34 0 d-------- C:\Documents and Settings\Russell Coleman\Application Data\Symantec
2008-08-10 19:17:26 0 d-------- C:\Documents and Settings\Russell Coleman\Application Data\Real
2008-08-10 19:17:26 0 d-------- C:\Documents and Settings\Russell Coleman\Application Data\Creative
2008-08-10 19:16:47 0 d--h----- C:\Documents and Settings\Russell Coleman\Templates
2008-08-10 19:16:47 0 dr------- C:\Documents and Settings\Russell Coleman\Start Menu
2008-08-10 19:16:47 0 dr-h----- C:\Documents and Settings\Russell Coleman\SendTo
2008-08-10 19:16:47 0 dr-h----- C:\Documents and Settings\Russell Coleman\Recent
2008-08-10 19:16:47 0 d--h----- C:\Documents and Settings\Russell Coleman\PrintHood
2008-08-10 19:16:47 1310720 --ah----- C:\Documents and Settings\Russell Coleman\NTUSER.DAT
2008-08-10 19:16:47 0 d--h----- C:\Documents and Settings\Russell Coleman\NetHood
2008-08-10 19:16:47 0 dr------- C:\Documents and Settings\Russell Coleman\My Documents
2008-08-10 19:16:47 0 d--h----- C:\Documents and Settings\Russell Coleman\Local Settings
2008-08-10 19:16:47 0 dr------- C:\Documents and Settings\Russell Coleman\Favorites
2008-08-10 19:16:47 0 d-------- C:\Documents and Settings\Russell Coleman\Desktop
2008-08-10 19:16:47 0 d--hs---- C:\Documents and Settings\Russell Coleman\Cookies
2008-08-10 19:16:47 0 dr-h----- C:\Documents and Settings\Russell Coleman\Application Data
2008-08-10 19:16:47 0 d-------- C:\Documents and Settings\Russell Coleman\Application Data\Sun
2008-08-10 19:16:47 0 d-------- C:\Documents and Settings\Russell Coleman\Application Data\Sonic
2008-08-10 19:16:47 0 d---s---- C:\Documents and Settings\Russell Coleman\Application Data\Microsoft
2008-08-10 19:16:47 0 d-------- C:\Documents and Settings\Russell Coleman\Application Data\Jasc Software Inc
2008-08-10 19:16:47 0 d-------- C:\Documents and Settings\Russell Coleman\Application Data\Identities
2008-08-10 14:53:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-09 17:19:03 0 d-------- C:\Documents and Settings\Robin Coleman\Application Data\Symantec
2008-08-09 17:13:58 0 d-------- C:\Program Files\Windows Sidebar
2008-08-09 17:13:23 0 d-------- C:\Program Files\Norton 360
2008-08-09 17:09:44 0 d-------- C:\Program Files\Symantec
2008-08-09 17:09:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-08-09 17:06:01 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-08-08 21:54:42 0 d-------- C:\Program Files\VirusRemover2008
2008-08-08 21:35:40 0 d-------- C:\WINDOWS\Prefetch
2008-08-08 18:28:19 0 d-------- C:\Documents and Settings\Robin Coleman\Application Data\Sammsoft
2008-08-08 18:27:45 0 d-------- C:\Program Files\Advanced Registry Optimizer
2008-08-08 12:07:01 0 d-------- C:\Documents and Settings\Robin Coleman\Application Data\TmpRecentIcons
2008-08-08 12:06:27 339968 --a------ C:\WINDOWS\wnlmdakqanr.dll
2008-08-08 12:06:26 233472 --a------ C:\WINDOWS\xokvrpwg.dll
2008-08-08 12:06:26 200704 --a------ C:\WINDOWS\tfnslopk.dll
2008-08-08 12:06:26 86016 --a------ C:\WINDOWS\lnvegaow.exe
2008-08-08 12:06:26 139264 --a------ C:\WINDOWS\eqbn.exe
2008-08-08 12:06:26 192512 --a------ C:\WINDOWS\bgrqfetx.dll
2008-08-08 12:06:18 0 d-------- C:\Program Files\PCHealthCenter
2008-08-08 09:29:06 0 d-------- C:\Program Files\DivX
2008-07-30 12:54:48 0 d-------- C:\WINDOWS\system32\scripting
2008-07-30 12:54:46 0 d-------- C:\WINDOWS\l2schemas
2008-07-30 12:54:44 0 d-------- C:\WINDOWS\system32\en
2008-07-30 11:38:10 0 d-------- C:\Program Files\Common Files\Scanner
2008-07-30 11:26:22 0 d-------- C:\Documents and Settings\Robin Coleman\Application Data\Yahoo!
2008-07-30 11:26:21 0 d-------- C:\Program Files\Yahoo!
2008-07-26 20:33:58 0 d-------- C:\Program Files\iPod
2008-07-26 20:32:39 0 d-------- C:\Program Files\Bonjour
2008-07-25 14:51:22 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-18 14:09:54 0 d-------- C:\Program Files\Mindscape


-- Find3M Report ---------------------------------------------------------------

2008-08-11 18:26:51 0 d-------- C:\Documents and Settings\Robin Coleman\Application Data\Skype
2008-08-10 19:07:10 0 d-------- C:\Documents and Settings\Robin Coleman\Application Data\Apple Computer
2008-08-10 14:43:19 0 d-------- C:\Documents and Settings\Robin Coleman\Application Data\Real
2008-08-09 17:14:51 0 d-------- C:\Program Files\Common Files
2008-08-07 08:55:42 0 d-------- C:\Program Files\Java
2008-07-30 13:11:42 0 d-------- C:\Program Files\MSN Messenger
2008-07-30 13:06:19 0 d-------- C:\Program Files\Messenger
2008-07-30 12:54:43 0 d-------- C:\Program Files\Movie Maker
2008-07-30 12:47:44 0 d-------- C:\Program Files\Windows NT
2008-07-29 08:40:49 0 d-------- C:\Documents and Settings\Robin Coleman\Application Data\LimeWire
2008-07-28 22:39:03 0 d-------- C:\Program Files\Google
2008-07-28 21:42:46 0 d-------- C:\Program Files\QuickTime
2008-07-26 20:34:25 0 d-------- C:\Program Files\iTunes
2008-07-18 14:13:34 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-04 18:38:27 0 d-------- C:\Program Files\Common Files\eSellerate
2008-07-04 18:21:44 0 d-------- C:\Program Files\iPod To Computer Transfer
2008-07-04 13:41:22 179 --a------ C:\handle.dat
2008-06-25 16:32:46 0 d-------- C:\Program Files\Apple Software Update


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF78793A-C6D3-4282-B395-CBA1D0599AB6}]
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce
CTFMON.EXE REG_SZ C:\WINDOWS\System32\CTFMON.EXE
DESKTOP.INI [03/09/2002 09:00:00]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [15/12/2005 13:00:54]
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer
HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer

Written by Bobbi Flekman 2006 ©
GeneralFlags REG_DWORD 1 (0x1)
RestoredStateInfo REG_BINARY dcff35010948e9778832e877ffffffffde60e777d0752300
RestoredStateInfo REG_BINARY 180000006a02000023000000a40000009a00000001000000

REGEDIT4
"ChangePasswordUseKerberos"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\GPExtensions]
"ProcessGroupPolicy"="ProcessGroupPolicy"
00
"MaxNoGPOListChangesInterval"=dword:000003c0
00
"RequiresSuccessfulRegistry"=dword:00000001
"NoGPOListChanges"=dword:00000001
"RequiresSuccessfulRegistry"=dword:00000001
74,61,6c,6c,65,72,2c,41,70,70,6c,69,63,61,74,69,6f,6e,29,00,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\Notify]
"Logoff"="ChainWlxLogoffEvent"
"Logoff"="CryptnetWlxLogoffEvent"
"Asynchronous"=dword:00000001
"Unlock"="WlDimsUnlock"
"Unlock"="WinlogonUnlockEvent"
"Asynchronous"=dword:00000001
"Logoff"="SchedEventLogOff"
"DllName"=hex(2):73,63,6c,67,6e,74,66,79,2e,64,6c,6c,00
"Asynchronous"=dword:00000001
"Disconnect"="TSEventDisconnect"
"Event"=dword:00000000
23,14,00,00,00,39,56,74,73,87,28,30,b8,65,c0,5f,76,ce,6d,bb,c5,06,a2,9b,76
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\SpecialAccounts]
"ASPNET"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\Credentials]
!d;s/.*t//;s/
[hkey.*/n
Asynchronous REG_DWORD 0 (0x0)
!d;s/.*t//;s/
[hkey.*/n
Asynchronous REG_DWORD 0 (0x0)
!d;s/.*t//;s/
[hkey.*/n
DLLName REG_SZ cscdll.dll
!d;s/.*t//;s/
[hkey.*/n
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy
!d;s/.*t//;s/
[hkey.*/n
!d;s/.*t//;s/
[hkey.*/n
DLLName REG_SZ wlnotify.dll
!d;s/.*t//;s/
[hkey.*/n
Asynchronous REG_DWORD 0 (0x0)
!d;s/.*t//;s/
[hkey.*/n
Logoff REG_SZ WLEventLogoff
!d;s/.*t//;s/
[hkey.*/n
DLLName REG_SZ WlNotify.dll
!d;s/.*t//;s/
[hkey.*/n
Asynchronous REG_DWORD 0 (0x0)
!d;s/.*t//;s/
[hkey.*/n
Logon REG_SZ WLEventLogon
!d;s/.*t//;s/
[hkey.*/n
DLLName REG_SZ wlnotify.dll

Written by Bobbi Flekman 2006 ©
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
ApplicationGoo REG_BINARY 140200001002000000020000900434000000560053005f00560045005200530049004f004e005f00
49004e0046004f0000000000bd04effe00000100000007000b000000000007000b0000003f0000000
20000000400010001000000000000000000000000000000440000000100560061007200460069006c
00650049006e0066006f00000000002400040000005400720061006e0073006c006100740069006f0
06e00000000000904e404f0030000010053007400720069006e006700460069006c00650049006e00
66006f000000cc03000001003000340030003900300034004500340000004a001900010043006f006
d006d0065006e007400730000004300720079007300740061006c002000530051004c002000440065
007300690067006e0065007200200037002e0030000000000088003400010043006f006d007000610
06e0079004e0061006d006500000000005300650061006700610074006500200053006f0066007400
7700610072006500200049006e0066006f0072006d006100740069006f006e0020004d0061006e006
100670065006d0065006e0074002000470072006f00750070002c00200049006e0063002e000000ae
00450001004c006500670061006c0043006f007000790072006900670068007400000043006f00700
07900720069006700680074002000280063002900200031003900390031002d003100390039001000
000000000000
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
DisableHeapLookAside REG_SZ 1
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
ApplicationGoo REG_BINARY 5409000054020000000200008c0334000000560053005f00560045005200530049004f004e005f00
49004e0046004f0000000000bd04effe000001000200a8112e0400000200a8112e0400003f0000002
00000000400000001000000000000000000000000000000ec020000010053007400720069006e0067
00460069006c00650049006e0066006f000000c802000001003000300030003000300034006200300
0000038001000010043006f006d006d0065006e007400730000004f007200690067006e0061006c00
2000560065007200730069006f006e00000042001100010043006f006d00700061006e0079004e006
1006d006500000000005300410050002000410047002c002000570061006c006c0064006f00720066
00000000005a0019000100460069006c0065004400650073006300720069007000740069006f006e0
0000000005300410050002000460072006f006e00740065006e006400200066006f00720020005700
69006e0064006f0077007300000000003c000e000100460069006c006500560065007200730069006
f006e000000000034003500320030002e0032002e0030002e00310030003700300000003200090001
0049006e007400650072006e0061006c004e0061006d0065000000460045005700460052004f004e0
05400000000007a002b0001004c006500670061006c0043006f007000790072006900670068000200
000000000000010000004c0000003cfd0600040000000000000065050000020000000300000000000
100530065007200760069006300650020005000610063006b00200033000000230054020000000200
008c0334000000560053005f00560045005200530049004f004e005f0049004e0046004f000000000
0bd04effe0000010003009e112604000003009e11260400003f000000200000000400000001000000
000000000000000000000000ec020000010053007400720069006e006700460069006c00650049006
e0066006f000000c8020000010030003000300030003000340062003000000038001000010043006f
006d006d0065006e007400730000004f007200690067006e0061006c0020005600650072007300690
06f006e00000042001100010043006f006d00700061006e0079004e0061006d006500000000005300
410050002000410047002c002000570061006c006c0064006f0072006600000000005a00190001004
60069006c0065004400650073006300720069007000740069006f006e000000000053004100500020
00460072006f006e00740065006e006400200066006f0072002000570069006e0064006f007700730
0000000003c000e000100460069006c006500560065007200730069006f006e000000000034003500
310030002e0033002e0030002e003100300036003200000032000900010049006e007400650072006
e0061006c004e0061006d0065000000460045005700460052004f004e005400000000007a002b0001
004c006500670061006c0043006f007000790072006900670068000200000000000000010000004c0
000003cfd060004000000000000006505000002000000030000000000010053006500720076006900
6300650020005000610063006b0020003300000023005402000000020000200334000000560053005
f00560045005200530049004f004e005f0049004e0046004f0000000000bd04effe00000100000004
00f003000000000400f00300003f00000000000000040001000100000000000000000000000000000
07e020000010053007400720069006e006700460069006c00650049006e0066006f0000005a020000
01003000340030003900300034004500340000002e000700010043006f006d00700061006e0079004
e0061006d00650000000000530041005000200041004700000000005a0019000100460069006c0065
004400650073006300720069007000740069006f006e00000000005300410050002000460072006f0
06e00740065006e006400200066006f0072002000570069006e0064006f0077007300000000003600
0b000100460069006c006500560065007200730069006f006e000000000034002e0030002e0030002
e003100300030003800000000002c000600010049006e007400650072006e0061006c004e0061006d
0065000000460052004f004e00540000005e001d0001004c006500670061006c0043006f007000790
072006900670068007400000043006f0070007900720069006700680074002000a900200031003900
390033002d0031003900390037002000530041005000200041004700000000002800000001004c006
500670061006c0054007200610064000200000000000000010000004c0000003cfd06000400000000
000000650500000200000003000000000001005300650072007600690063006500200050006100630
06b0020003300000023005402000000020000180334000000560053005f0056004500520053004900
4f004e005f0049004e0046004f0000000000bd04effe0000010000000400dd03000000000400dd030
0003f0000000000000004000100010000000000000000000000000000007802000001005300740072
0069006e006700460069006c00650049006e0066006f0000005402000001003000340030003900300
034004500340000002e000700010043006f006d00700061006e0079004e0061006d00650000000000
530041005000200041004700000000005a0019000100460069006c006500440065007300630072006
9007000740069006f006e00000000005300410050002000460072006f006e00740065006e00640020
0066006f0072002000570069006e0064006f00770073000000000034000a000100460069006c00650
0560065007200730069006f006e000000000034002e0030002e0030002e0039003800390000002c00
0600010049006e007400650072006e0061006c004e0061006d0065000000460052004f004e0054000
0005e001d0001004c006500670061006c0043006f007000790072006900670068007400000043006f
0070007900720069006700680074002000a900200031003900390033002d003100390039003700200
0530041005000200041004700000000002800000001004c006500670061006c005400720061006400
65006d000200000000000000010000004c0000003cfd0600040000000000000065050000020000000
300000000000100530065007200760069006300650020005000610063006b002000330000002300
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
ApplicationGoo REG_BINARY 5802000054020000000200006c0734000000560053005f00560045005200530049004f004e005f00
49004e0046004f0000000000bd04effe00000100050005000700a807050005000700a8073f0000000
00000000400040001000000000000000000000000000000cc060000010053007400720069006e0067
00460069006c00650049006e0066006f0000005403000001003000340030003900300034004200300
0000018000000010043006f006d006d0065006e007400730000004c001600010043006f006d007000
61006e0079004e0061006d006500000000004d006900630072006f0073006f0066007400200043006
f00720070006f0072006100740069006f006e000000680020000100460069006c0065004400650073
006300720069007000740069006f006e00000000004d006900630072006f0073006f0066007400200
0450078006300680061006e0067006500200053006500720076006500720020005300650074007500
7000000036000b000100460069006c006500560065007200730069006f006e000000000035002e003
5002e0031003900360030002e003700000000002c000600010049006e007400650072006e0061006c
004e0061006d00650000005300650074007500700000009c003c0001004c006500670061006c00430
06f007000790072006900670068007400000043006f00700079007200690067006800740020000200
000000000000010000004c0000003cfd0600050000000000000065050000020000000300000002000
000530065007200760069006300650020005000610063006b002000340000002300
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
ApplicationGoo REG_BINARY 580200005402000000020000440234000000560053005f00560045005200530049004f004e005f00
49004e0046004f0000000000bd04effe00000100010001000c000000010001000c000000000000000
00000000400000001000000000000000000000000000000440000000000560061007200460069006c
00650049006e0066006f00000000002400040000005400720061006e0073006c006100740069006f0
06e00000000000904b004a4010000010053007400720069006e006700460069006c00650049006e00
66006f00000080010000010030003400300039003000340042003000000040002000010043006f006
d00700061006e0079004e0061006d00650000000000440065004c006f0072006d00650020004d0061
007000700069006e0067000000440022000100500072006f0064007500630074004e0061006d00650
0000000005200650067002000280044004c0069006200620079005c006d0073006600290000000000
340014000100460069006c006500560065007200730069006f006e000000000031002e00300031002
e0030003000310032000000380014000100500072006f006400750063007400560065007200730069
006f006e00000031002e00300031002e003000300031003200000034001200010049006e007400650
072006e0061006c004e0061006d00650000004d004e00470052004500470033003200000000000200
000000000000010000004c0000003cfd0600040000000000000065050000020000000300000000000
100530065007200760069006300650020005000610063006b002000330000002300
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
GlobalFlag REG_SZ 0x00200000
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
GlobalFlag REG_SZ 0x00200000
DisableHeapLookAside REG_SZ 1
DisableHeapLookAside REG_SZ 1
ApplicationGoo REG_BINARY 140200001002000000020000b40234000000560053005f00560045005200530049004f004e005f00
49004e0046004f0000000000bd04effe00000100350007000000000035000700000000003f0000000
0000000040000000100000000000000000000000000000012020000010053007400720069006e0067
00460069006c00650049006e0066006f000000ee01000001003000340030003900300034006200300
0000042001100010043006f006d00700061006e0079004e0061006d00650000000000500065006f00
70006c00650053006f00660074002c00200049006e0063002e0000000000280000000100460069006
c0065004400650073006300720069007000740069006f006e00000000002a0005000100460069006c
006500560065007200730069006f006e000000000037002e0035003300000000009c003c0001004c0
06500670061006c0043006f007000790072006900670068007400000043006f007000790072006900
6700680074002000a900200031003900380038002d0031003900390038002000500065006f0070006
c00650053006f00660074002c00200049006e0063002e002000200041006c006c0020005200690067
0068007400730020005200650073006500720076006500640000003c000a0001004f0072006900670
069006e0061006c00460069006c0065006e0061006d00650000007000730064006d0074002e001000
000000000000
DisableHeapLookAside REG_SZ 1
DisableHeapLookAside REG_SZ 1
CheckAppHelp REG_DWORD 1 (0x1)
ApplicationGoo REG_BINARY 000700005402000000020000840734000000560053005f00560045005200530049004f004e005f00
49004e0046004f0000000000bd04effe00000100050005000700a807050005000700a8073f0000000
00000000400040001000000000000000000000000000000e4060000010053007400720069006e0067
00460069006c00650049006e0066006f0000006003000001003000340030003900300034004200300
0000018000000010043006f006d006d0065006e007400730000004c001600010043006f006d007000
61006e0079004e0061006d006500000000004d006900630072006f0073006f0066007400200043006
f00720070006f0072006100740069006f006e000000680020000100460069006c0065004400650073
006300720069007000740069006f006e00000000004d006900630072006f0073006f0066007400200
0450078006300680061006e0067006500200053006500720076006500720020005300650074007500
7000000036000b000100460069006c006500560065007200730069006f006e000000000035002e003
5002e0031003900360030002e003700000000002c000600010049006e007400650072006e0061006c
004e0061006d00650000005300650074007500700000009e003d0001004c006500670061006c00430
06f007000790072006900670068007400000043006f00700079007200690067006800740020000200
000000000000010000004c0000003cfd0600050000000000000065050000020000000000000000000
000530065007200760069006300650020005000610063006b00200033000000240054020000000200
00a40834000000560053005f00560045005200530049004f004e005f0049004e0046004f000000000
0bd04effe00000100050005000700a807050005000700a8073f000000000000000400040001000000
00000000000000000000000004080000010053007400720069006e006700460069006c00650049006
e0066006f000000f0030000010030003400300039003000340042003000000018000000010043006f
006d006d0065006e007400730000004c001600010043006f006d00700061006e0079004e0061006d0
06500000000004d006900630072006f0073006f0066007400200043006f00720070006f0072006100
740069006f006e000000680020000100460069006c006500440065007300630072006900700074006
9006f006e00000000004d006900630072006f0073006f00660074002000450078006300680061006e
00670065002000530065007200760065007200200053006500740075007000000036000b000100460
069006c006500560065007200730069006f006e000000000035002e0035002e003100390036003000
2e003700000000002c000600010049006e007400650072006e0061006c004e0061006d00650000005
30065007400750070000000a600410001004c006500670061006c0043006f00700079007200690067
0068007400000043006f00700079007200690067006800740020000200000000000000010000004c0
000003cfd060005000000000000006505000002000000000000000000000053006500720076006900
6300650020005000610063006b0020003300000024005402000000020000180434000000560053005
f00560045005200530049004f004e005f0049004e0046004f0000000000bd04effe00000100050005
000700a807050005000700a8073f00000000000000040004000100000000000000000000000000000
078030000010053007400720069006e006700460069006c00650049006e0066006f00000054030000
010030003400300039003000340042003000000018000000010043006f006d006d0065006e0074007
30000004c001600010043006f006d00700061006e0079004e0061006d006500000000004d00690063
0072006f0073006f0066007400200043006f00720070006f0072006100740069006f006e000000680
020000100460069006c0065004400650073006300720069007000740069006f006e00000000004d00
6900630072006f0073006f00660074002000450078006300680061006e00670065002000530065007
200760065007200200053006500740075007000000036000b000100460069006c0065005600650072
00730069006f006e000000000035002e0035002e0031003900360030002e003700000000002c00060
0010049006e007400650072006e0061006c004e0061006d0065000000530065007400750070000000
9a003b0001004c006500670061006c0043006f007000790072006900670068007400000043006f007
00079007200690067006800740020000200000000000000010000004c0000003cfd06000500000000
000000650500000200000000000000000000005300650072007600690063006500200050006100630
06b002000330000002400
ApplicationGoo REG_BINARY 140200001002000000020000040334000000560053005f00560045005200530049004f004e005f00
49004e0046004f0000000000bd04effe000001001c0008000000000000000800000000003f0000000
0000000040000000100000000000000000000000000000064020000010053007400720069006e0067
00460069006c00650049006e0066006f0000004002000001003000340030003900300034006200300
0000044001200010043006f006d00700061006e0079004e0061006d0065000000000043006f007200
65006c00200043006f00720070006f0072006100740069006f006e0000004e0013000100460069006
c0065004400650073006300720069007000740069006f006e000000000043006f00720065006c0020
00530065007400750070002000570069007a00610072006400000000002c0006000100460069006c0
06500560065007200730069006f006e000000000038002e0030003200380000004600130001004900
6e007400650072006e0061006c004e0061006d006500000043006f00720065006c002000530065007
400750070002000570069007a00610072006400000000006c00240001004c006500670061006c0043
006f007000790072006900670068007400000043006f0070007900720069006700680074002000a90
0200031003900390037002c00200043006f00720065006c00200043006f00720070006f0072000800
000000000000
ApplicationGoo REG_BINARY 140200001002000000020000380334000000560053005f00560045005200530049004f004e005f00
49004e0046004f0000000000bd04effe0000010002000a0001000a0002000a0001000a00000000000
0000000040001000100000000000000000000000000000098020000010053007400720069006e0067
00460069006c00650049006e0066006f0000007402000001003000340030003900300034004500340
000004a001500010043006f006d00700061006e0079004e0061006d00650000000000530079006d00
61006e00740065006300200043006f00720070006f0072006100740069006f006e000000000060001
c000100460069006c0065004400650073006300720069007000740069006f006e0000000000530079
006d0061006e007400650063002000530079006d006500760065006e007400200049006e007300740
061006c006c0065007200000034000a000100460069006c006500560065007200730069006f006e00
00000000310030002e0032002e00310030002e003100000030000800010049006e007400650072006
e0061006c004e0061006d006500000053004500560049004e005300540000007e002d0001004c0065
00670061006c0043006f007000790072006900670068007400000043006f007000790072006900670
06800740020002800430029002000530079006d0061006e00740065006300200043006f0072000100
000000000000
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
DisableHeapLookAside REG_SZ 1
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
CheckAppHelp REG_DWORD 1 (0x1)
DisableHeapLookAside REG_SZ 1
CheckAppHelp REG_DWORD 1 (0x1)
ApplicationGoo REG_BINARY 1402000010020000000200007c0334000000560053005f00560045005200530049004f004e005f00
49004e0046004f0000000000bd04effe00000100000001000900260000000100090026003f0000000
00000000400000001000000000000000000000000000000dc020000010053007400720069006e0067
00460069006c00650049006e0066006f000000b802000001003000340030003900300034006200300
0000066002700010043006f006d006d0065006e0074007300000042007500730069006e0065007300
7300200049006e00740065006c006c006900670065006e006300650020006f006e002000450076006
5007200790020004400650073006b0074006f0070000000000048001400010043006f006d00700061
006e0079004e0061006d0065000000000043006f0067006e006f007300200049006e0063006f00720
070006f0072006100740065006400000060001c000100460069006c00650044006500730063007200
69007000740069006f006e000000000043006f0067006e006f0073002000470065006e00650072006
9006300200049006e007300740061006c006c006100740069006f006e00000038000c000100460069
006c006500560065007200730069006f006e000000000031002c00200030002c002000330038002c0
020003900000030000800010049006e007400650072006e0061006c004e0061006d00650000000100
000000000000
GlobalFlag REG_SZ 0x000010F0
ApplicationGoo REG_BINARY 140200001002000000020000a40234000000560053005f00560045005200530049004f004e005f00
49004e0046004f0000000000bd04effe00000100000001000100000000000100010000003f0000000
0000000010001000100000000000000000000000000000004020000010053007400720069006e0067
00460069006c00650049006e0066006f000000e001000001003000340030003900300034004500340
0000020000000010043006f006d00700061006e0079004e0061006d00650000000000580018000100
460069006c0065004400650073006300720069007000740069006f006e000000000049004e0053005
40041004c004c0020004d004600430020004100700070006c00690063006100740069006f006e0000
00300008000100460069006c006500560065007200730069006f006e000000000031002e0030002e0
0300030003100000030000800010049006e007400650072006e0061006c004e0061006d0065000000
49004e005300540041004c004c0000002400000001004c006500670061006c0043006f00700079007
200690067006800740000002800000001004c006500670061006c00540072006100640065006d0061
0072006b0073000000000040000c0001004f0072006900670069006e0061006c00460069006c00650
06e0061006d006500000049004e005300540041004c004c002e004500580045000000300008000800
000000000000
"Notification Packages scecli

Written by Bobbi Flekman 2006 ©
Error: Key: software\microsoft\windows\currentversion\group policy\state does not exist!

Written by Bobbi Flekman 2006 ©
SecurityProviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders\SaslProfiles
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders\SCHANNEL
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders\WDigest

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\File system]
@="Driver Group"

[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\RpcSs]
@="Service"

[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\vgasave.sys]
@="Driver"

[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©

Error: Key: software\microsoft\shared tools\msconfig\startupfolder does not exist!


SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©

Error: Key: software\microsoft\shared tools\msconfig\startupreg does not exist!


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\termsvcs












































Written by Bobbi Flekman 2006 ©
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components
7,0,5730,0
*
2,0,0,0
6,0,5730,11
en
2,0,0,0
01000000
C:\WINDOWS\System32\msjava.dll
EN
01000000
01000000
EN
01000000
11,0,5721,5145
1 (0x1)
Adobe Shockwave Director 10.1.4
DirectAnimation
Adobe Shockwave Director 10.1.4
1,1,1,7
*
1,397,2406,1
Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
6,0,2800,1106
1 (0x1)
EN
11,0,5721,5145
0400090000008603
4,71,1113,0
7,0,5730,11
3 (0x3)
5,6,0,8513
C:\Program Files\Messenger\msmsgs.exe
5,00,2918,1900
KB918439
7,0,5730,11
C:\WINDOWS\System32\msieftp.dll
11,0,5721,5145
4,9,9,2

WAB
Q831167
en
en
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}\AuthorizedCDFPrefix
2 (0x2)
EN
1 (0x1)
7,0,5730,11

6,0,5730,11
.NET Framework
4,71,1968,1
2,1,4026,0
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}
KB925486
6,0,5730,11
5,0,00,0
Q832894
KB911567



-- End of Deckard's System Scanner: finished at 2008-08-11 19:12:17 ------------


Ahuge thanks in advance to anyone who can assist.

Regards,
Robin.
Go to the top of the page
 
+Quote Post
RobinC
post Aug 11 2008, 02:35 PM
Post #2


Member
**
Posts: 15
OS: XP
I have also run SMITFRAUDFIX per some other bulletin board entries here:

Option 1 Search returned this log:


SmitFraudFix v2.334

Scan done at 21:22:59.09, 11/08/2008
Run from C:\Documents and Settings\Robin Coleman\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\V0250Mon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\lexpps.exe
C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Robin Coleman\Desktop\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Robin Coleman


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Robin Coleman\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ROBINC~1\FAVORI~1

C:\DOCUME~1\ROBINC~1\FAVORI~1\Error Cleaner.url FOUND !
C:\DOCUME~1\ROBINC~1\FAVORI~1\Privacy Protector.url FOUND !
C:\DOCUME~1\ROBINC~1\FAVORI~1\Spyware?Malware Protection.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="http://www.broadjam.com/search/images/hifimp3.gif"
"SubscribedURL"="about:home"
"FriendlyName"=""

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!



»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: RTL8139D PCI Fast Ethernet Adapter - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.254

Description: RTL8139D PCI Fast Ethernet Adapter - Packet Scheduler Miniport
DNS Server Search Order: 192.168.0.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{4A04A61E-7DB6-4CD7-92B9-9EE45D22E434}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{82CF646D-F8D0-42D2-BCAC-54ECF326BF5D}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{4A04A61E-7DB6-4CD7-92B9-9EE45D22E434}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{82CF646D-F8D0-42D2-BCAC-54ECF326BF5D}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\..\{4A04A61E-7DB6-4CD7-92B9-9EE45D22E434}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{82CF646D-F8D0-42D2-BCAC-54ECF326BF5D}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

Option 2 Clean returned this log:

SmitFraudFix v2.334

Scan done at 21:26:22.87, 11/08/2008
Run from C:\Documents and Settings\Robin Coleman\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix



»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Ge