I am trying to run DSS and it keeps hangin up "Not Responding" while cleaning my temp files. Any suggestions..??

And here is my Kapersky scan. 5 threats 9 infected files.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, July 11, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, July 11, 2008 11:39:59
Records in database: 941656
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - Critical Areas:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\shaevans\Start Menu\Programs\Startup
C:\Program Files
C:\WINDOWS

Scan statistics:
Files scanned: 34742
Threat name: 5
Infected objects: 9
Suspicious objects: 0
Duration of the scan: 00:31:36


File name / Threat name / Threats count
C:\Program Files\VAV\vav.exe/C:\Program Files\VAV\vav.exe Infected: not-a-virus:FraudTool.Win32.UltimateAntivirus.q 1
C:\Program Files\SpyShredder\SpyShredder.exe/C:\Program Files\SpyShredder\SpyShredder.exe Infected: not-a-virus:FraudTool.Win32.DrAntispy.cr 1
C:\Program Files\PCHealthCenter\2.exe Infected: Trojan.Win32.Agent.twv 1
C:\Program Files\PCHealthCenter\5.exe Infected: not-a-virus:FraudTool.Win32.UltimateAntivirus.q 1
C:\Program Files\SpyShredder\SpyShredder.exe Infected: not-a-virus:FraudTool.Win32.DrAntispy.cr 1
C:\Program Files\SpyShredder\SpyShredder2.dll Infected: not-a-virus:AdWare.Win32.SearchAssistant.k 1
C:\Program Files\SpyShredder\SpyShredder3.dll Infected: not-a-virus:AdWare.Win32.SearchAssistant.l 1
C:\Program Files\VAV\vav.exe Infected: not-a-virus:FraudTool.Win32.UltimateAntivirus.q 1
C:\WINDOWS\Sys43.exe Infected: Trojan.Win32.Agent.twv 1

The selected area was scanned.

Hello Shawn_Evans

Welcome to G2Go.
=====================
Please go to Start > Run> then copy\paste this in "%userprofile%\desktop\dss.exe" /config then hit ok.
Uncheck Temp File cleanup and System Restore.
Then Hit ok or scan.

Post those logs please.

HijackThis cannot install. Getting error. Firewall Issue?? If so, will DSS log suffice??

If you hit Cancel it will run a cloned version of Hijackthis also you should just allow it throught the firewall.

Deckard's System Scanner v20071014.68
Run by shaevans on 2008-07-11 10:52:26
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 5 Restore Point(s) --
65: 2008-07-11 12:11:40 UTC - RP65 - Deckard's System Scanner Restore Point
64: 2008-07-10 15:09:12 UTC - RP64 - System Checkpoint
63: 2008-07-09 14:17:15 UTC - RP63 - System Checkpoint
62: 2008-07-08 13:58:30 UTC - RP62 - System Checkpoint
61: 2008-07-07 13:43:39 UTC - RP61 - System Checkpoint


-- First Restore Point --
1: 2008-04-21 13:39:14 UTC - RP1 - System Checkpoint


Backed up registry hives.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-11 10:55:57
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ActivIdentity\ActivClient\accoca.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\DWRCS.EXE
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Intel\AMT\Lms.exe
C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe
C:\WINDOWS\system32\IfxPsdSv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Intel\AMT\Uns.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\WINDOWS\Temp\RK1013.EXE
C:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Intel\AMT\atchk.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
C:\kix\UTLite33.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\VAV\vav.exe
C:\Program Files\SpyShredder\SpyShredder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\shaevans\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.fcinternal.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://nfuse.czncorp.com/Citrix/MetaFrame/auth/login.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [IFXSPMGT] c:\WINDOWS\system32\ifxspmgt.exe /NotifyLogon
O4 - HKLM\..\Run: [accrdsub] "c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\Pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [Antivirus] C:\Program Files\VAV\vav.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Antivirus] C:\Program Files\VAV\vav.exe
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [SpyShredder] C:\Program Files\SpyShredder\SpyShredder.exe
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: AutoCAD LT Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res:///3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/pub/shock...director/sw.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1198010915734
O16 - DPF: {82B56B47-90DC-4F58-9A7D-D27BA46D3C0F} (MyPhotoAlbum Easy Upload Tool Combo Control) - http://schleppy1975.myphotoalbum.com/ImageUploader4.cab
O16 - DPF: {B4A78D29-52B1-4A7B-BAC0-1471BEDF9836} () - http://xscanner.shredder-scan.com/setup/webinst.cab
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O16 - DPF: {DC11F230-5717-4C25-BAD7-37B879C19655} (MyPhotoAlbum Easy Upload Tool Combo Control) - http://schleppy1975.myphotoalbum.com/ImageUploader4.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD LT 2002\AcPreview.ocx
O17 - HKLM\Software\..\Telephony: DomainName = corp.pvt
O17 - HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: Domain = corp.pvt
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: Domain = corp.pvt
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - AppInit_DLLs: APSHook.dll
O20 - Winlogon Notify: ackpbsc - C:\WINDOWS\system32\ackpbsc.dll
O20 - Winlogon Notify: acunlock - C:\Program Files\ActivIdentity\ActivClient\acunlock.dll
O20 - Winlogon Notify: DeviceNP - C:\WINDOWS\system32\DeviceNP.dll
O20 - Winlogon Notify: OneCard - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - C:\Program Files\ActivIdentity\ActivClient\accoca.exe
O23 - Service: Intel® Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CCA Agent Stub (CCAAgentStub) - Unknown owner - C:\WINDOWS\system32\CCAAgentStub.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\cwbrxd.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\system32\DWRCS.EXE
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\WINDOWS\system32\flcdlock.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Intel® Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\Lms.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe
O23 - Service: Personal Secure Drive service (PersonalSecureDriveService) - Infineon Technologies AG - C:\WINDOWS\system32\IfxPsdSv.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
O23 - Service: Intel® Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\AMT\Uns.exe


--
End of file - 14369 bytes

-- File Associations -----------------------------------------------------------

.scr - AutoCADLTScriptFile - shell\open\command - "C:\WINDOWS\system32\notepad.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S3 NCHSSVAD (SoundTap Recorder) - c:\windows\system32\drivers\nchssvad.sys <Not Verified; NCH Swift Sound; NCH Swift Sound Virtual Audio Device>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 DWMRCS (DameWare Mini Remote Control) - c:\windows\system32\dwrcs.exe -service <Not Verified; DameWare Development LLC; DameWare Development DWRCS>
R2 RegSrvc (Intel® PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel® PROSet/Wireless Registry Service>

S2 CCAAgentStub (CCA Agent Stub) - "c:\windows\system32\ccaagentstub.exe" (file missing)
S3 Cwbrxd (iSeries Access for Windows Remote Command) - c:\windows\cwbrxd.exe <Not Verified; IBM Corporation; IBM® iSeries ™ Access for Windows>
S3 FLCDLOCK (HP ProtectTools Device Locking / Auditing) - c:\windows\system32\flcdlock.exe <Not Verified; Hewlett-Packard Ltd; Device Access Manager>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA


-- Process Modules -------------------------------------------------------------

C:\WINDOWS\system32\winlogon.exe (pid 1408)
2007-02-26 05:49:00 70144 -ra------ C:\WINDOWS\system32\APSHook.dll <Not Verified; Bioscrypt Inc.; Bioscrypt VeriSoft Single Sign On>
2007-05-03 19:51:16 112640 --a------ C:\WINDOWS\system32\ackpbsc.dll <Not Verified; ActivIdentity; ActivClient Services>
2007-05-03 19:51:16 118784 --a------ C:\WINDOWS\system32\aclog.dll <Not Verified; ActivIdentity; Library - Logging>
2007-05-03 19:52:08 655360 --a------ C:\WINDOWS\system32\aclibeay.dll <Not Verified; ActivIdentity; The OpenSSL Toolkit>
2007-05-03 19:51:42 100864 --a------ C:\WINDOWS\system32\acevtsub.dll <Not Verified; ActivIdentity; ActivClient Services>
2007-05-03 19:51:28 325120 --a------ C:\WINDOWS\system32\asphat32.dll <Not Verified; ActivIdentity; Smart Card Middleware>
2007-05-03 19:51:16 29696 --a------ C:\WINDOWS\system32\acerrmes.dll <Not Verified; ActivIdentity; Smart Card Middleware>
2007-05-03 19:51:30 87040 --a------ C:\WINDOWS\system32\aspcom.dll <Not Verified; ActivIdentity; Smart Card Middleware>
2007-12-19 12:23:31 64512 --a------ C:\Program Files\ActivIdentity\ActivClient\Resources\Merged\acerrmrc.dll <Not Verified; ActivIdentity; Smart Card Middleware>
2007-12-19 12:23:31 53760 --a------ C:\Program Files\ActivIdentity\ActivClient\Resources\Merged\asphatrc.dll <Not Verified; ActivIdentity; Smart Card Middleware>
2007-03-14 07:03:00 74752 -ra------ C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll <Not Verified; Bioscrypt Inc.; Bioscrypt VeriSoft Single Sign On>
2007-06-15 03:47:00 586240 -ra------ C:\Program Files\Hewlett-Packard\IAM\Bin\ItMsg.dll <Not Verified; Bioscrypt Inc.; Bioscrypt VeriSoft Single Sign On>
2007-05-03 19:51:12 281088 --a------ C:\Program Files\ActivIdentity\ActivClient\acunlock.dll <Not Verified; ActivIdentity; ActivClient>
2007-05-03 19:49:30 224768 --a------ C:\WINDOWS\system32\aipingui.dll <Not Verified; ActivIdentity; ActivClient>
2007-12-19 12:23:36 254464 --a------ C:\Program Files\ActivIdentity\ActivClient\Resources\Merged\aipinguirc.dll <Not Verified; ActivIdentity; ActivClient>
2007-05-03 19:51:50 206848 --a------ C:\Program Files\ActivIdentity\ActivClient\Resources\acCobAPIrc.dll <Not Verified; ActivIdentity; Smart Card Middleware>
2007-12-19 12:23:37 56832 --a------ C:\Program Files\ActivIdentity\ActivClient\Resources\Merged\acunlockrc.dll <Not Verified; ActivIdentity; ActivClient>
2007-04-30 09:19:04 49152 --a------ C:\WINDOWS\system32\DeviceNP.dll <Not Verified; Hewlett-Packard Limited; HP ProtectTools Device Management>
2007-10-08 15:11:52 208896 --a------ C:\WINDOWS\system32\NetProvCredMan.dll <Not Verified; Intel Corporation; NetProvCredMan Dynamic Link Library>

C:\WINDOWS\system32\svchost.exe (pid 1684)
2007-02-26 05:49:00 70144 -ra------ C:\WINDOWS\system32\APSHook.dll <Not Verified; Bioscrypt Inc.; Bioscrypt VeriSoft Single Sign On>
2007-03-14 07:03:00 74752 -ra------ C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll <Not Verified; Bioscrypt Inc.; Bioscrypt VeriSoft Single Sign On>
2007-06-15 03:47:00 586240 -ra------ C:\Program Files\Hewlett-Packard\IAM\Bin\ItMsg.dll <Not Verified; Bioscrypt Inc.; Bioscrypt VeriSoft Single Sign On>
2006-06-22 07:14:00 131584 -ra------ C:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll <Not Verified; Cognizance Corporation; Cognizance Identity Manager>
2007-06-08 11:33:42 485888 -ra------ C:\Program Files\Hewlett-Packard\IAM\Bin\ItDAC.dll <Not Verified; Bioscrypt Inc.; Bioscrypt VeriSoft Single Sign On>
2007-03-02 05:20:00 157184 -ra------ C:\Program Files\Hewlett-Packard\IAM\Bin\ItReports.dll <Not Verified; Bioscrypt Inc.; Bioscrypt VeriSoft Single Sign On>
2007-07-20 20:00:20 512512 -ra------ C:\Program Files\Hewlett-Packard\IAM\Bin\AuthWiz.dll <Not Verified; Bioscrypt Inc.; Bioscrypt VeriSoft Single Sign On>
2007-03-29 05:31:00 263680 -ra------ C:\Program Files\Hewlett-Packard\IAM\Bin\ItAuth.dll <Not Verified; Bioscrypt Inc.; Bioscrypt VeriSoft Single Sign On>
2007-01-09 04:18:00 168960 -ra------ C:\Program Files\Hewlett-Packard\IAM\Bin\HPBrand.dll <Not Verified; Hewlett-Packard Company; Cognizance Identity Manager>
2007-07-20 19:38:54 224256 -ra------ C:\Program Files\Hewlett-Packard\IAM\Bin\TpmAuth.dll <Not Verified; Bioscrypt Inc.; Bioscrypt VeriSoft Single Sign On>
2007-03-22 10:23:00 142848 -ra------ C:\Program Files\Hewlett-Packard\IAM\Bin\ItVCServer.dll <Not Verified; Bioscrypt Inc.; Bioscrypt VeriSoft Single Sign On>
2007-03-07 04:40:00 290816 -ra------ C:\Program Files\Hewlett-Packard\IAM\Bin\ItVCard.dll <Not Verified; Bioscrypt Inc.; Bioscrypt VeriSoft Single Sign On>
2007-02-20 01:45:00 172032 -ra------ C:\Program Files\Hewlett-Packard\IAM\Bin\NetAdmin.dll <Not Verified; Cognizance Corporation; Cognizance Identity Manager>
2007-05-28 04:19:00 94208 -ra------ C:\Program Files\Hewlett-Packard\IAM\Bin\BioAuthSrv.dll <Not Verified; Bioscrypt Inc.; Bioscrypt VeriSoft Single Sign On>

C:\WINDOWS\system32\svchost.exe (pid 1712)
2007-02-26 05:49:00 70144 -ra------ C:\WINDOWS\system32\APSHook.dll <Not Verified; Bioscrypt Inc.; Bioscrypt VeriSoft Single Sign On>

C:\WINDOWS\system32\svchost.exe (pid 2008)
2007-02-26 05:49:00 70144 -ra------ C:\WINDOWS\system32\APSHook.dll <Not Verified; Bioscrypt Inc.; Bioscrypt VeriSoft Single Sign On>

C:\WINDOWS\system32\svchost.exe (pid 192)
2007-02-26 05:49:00 70144 -ra------ C:\WINDOWS\system32\APSHook.dll <Not Verified; Bioscrypt Inc.; Bioscrypt VeriSoft Single Sign On>

C:\WINDOWS\system32\svchost.exe (pid 548)
2007-02-26 05:49:00 70144 -ra------ C:\WINDOWS\system32\APSHook.dll <Not Verified; Bioscrypt Inc.; Bioscrypt VeriSoft Single Sign On>

C:\WINDOWS\explorer.exe (pid 3020)
2007-02-26 05:49:00 70144 -ra------ C:\WINDOWS\system32\APSHook.dll <Not Verified; Bioscrypt Inc.; Bioscrypt VeriSoft Single Sign On>
2007-10-08 15:11:52 208896 --a------ C:\WINDOWS\system32\NetProvCredMan.dll <Not Verified; Intel Corporation; NetProvCredMan Dynamic Link Library>
2007-02-06 15:40:54 65536 --a------ C:\WINDOWS\system32\BTNCopy.dll <Not Verified; Broadcom Corporation.; Bluetooth Software>
2007-02-06 16:19:44 77824 --a------ C:\WINDOWS\system32\BtMmHook.dll <Not Verified; Broadcom Corporation.; Bluetooth Software>
2007-02-06 16:16:06 53248 --a------ C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
2007-01-23 21:13:08 200704 --a------ C:\WINDOWS\system32\PSDShExt.dll <Not Verified; Infineon Technologies AG; Infineon TPM Software>
2007-01-23 20:22:18 2453504 --a------ C:\WINDOWS\system32\IFXSPArc.dll <Not Verified; Infineon Technologies AG; Infineon TPM Software>
2007-01-23 21:16:14 229376 --a------ C:\Program Files\Hewlett-Packard\Embedded Security Software\PsdRsUS.dll <Not Verified; Infineon Technologies AG; Infineon TPM Software>


-- Scheduled Tasks -------------------------------------------------------------

2008-06-13 07:32:31 414 --a------ C:\WINDOWS\Tasks\Norton Security Scan.job


-- Files created between 2008-06-11 and 2008-07-11 -----------------------------

2008-07-11 08:11:06 0 d-------- V:\Deckard
2008-07-10 15:23:53 0 d-------- C:\Program Files\SpyShredder
2008-07-10 15:23:16 28672 --a------ C:\WINDOWS\xpupdate.exe
2008-07-10 14:28:48 23040 --a------ C:\WINDOWS\Sys45.exe
2008-07-10 14:28:48 23040 --a------ C:\WINDOWS\Sys44.exe
2008-07-10 14:28:48 23552 --a------ C:\WINDOWS\Sys43.exe
2008-07-10 14:28:48 0 d-------- C:\Program Files\VAV
2008-07-10 14:28:47 24064 --a------ C:\WINDOWS\Sys42.exe
2008-07-10 14:28:46 0 d-------- C:\Program Files\PCHealthCenter
2008-07-08 08:23:38 0 d-------- C:\Documents and Settings\SMSCliSvcAcct&\Application Data\InstallShield
2008-07-08 08:23:38 0 d-------- C:\Documents and Settings\SMSCliSvcAcct&\Application Data\Infineon
2008-07-08 08:23:38 0 d-------- C:\Documents and Settings\SMSCliSvcAcct&\Application Data\Identities
2008-07-08 08:23:38 0 d-------- C:\Documents and Settings\SMSCliSvcAcct&\Application Data\hpqLog
2008-07-08 08:23:38 0 d-------- C:\Documents and Settings\SMSCliSvcAcct&\Application Data\CiscoCAA
2008-07-08 08:23:38 0 d-------- C:\Documents and Settings\SMSCliSvcAcct&\Application Data\AdobeUM
2008-07-08 08:23:38 0 d-------- C:\Documents and Settings\SMSCliSvcAcct&\Application Data\Adobe
2008-07-08 08:23:37 0 dr-h----- C:\Documents and Settings\SMSCliSvcAcct&\Recent
2008-07-08 08:23:37 0 d--h----- C:\Documents and Settings\SMSCliSvcAcct&\PrintHood
2008-07-08 08:23:37 0 d--h----- C:\Documents and Settings\SMSCliSvcAcct&\NetHood
2008-07-08 08:23:37 0 dr------- C:\Documents and Settings\SMSCliSvcAcct&\My Documents
2008-07-08 08:23:37 0 d--h----- C:\Documents and Settings\SMSCliSvcAcct&\Local Settings
2008-07-08 08:23:37 0 dr------- C:\Documents and Settings\SMSCliSvcAcct&\Favorites
2008-07-08 08:23:37 0 d-------- C:\Documents and Settings\SMSCliSvcAcct&\Desktop
2008-07-08 08:23:37 0 d---s---- C:\Documents and Settings\SMSCliSvcAcct&\Cookies
2008-07-08 08:23:37 0 d-------- C:\Documents and Settings\SMSCliSvcAcct&\Bluetooth Software
2008-07-08 08:23:37 0 dr-h----- C:\Documents and Settings\SMSCliSvcAcct&\Application Data
2008-07-08 08:23:37 0 d-------- C:\Documents and Settings\SMSCliSvcAcct&\Application Data\Sun
2008-07-08 08:23:37 0 d-------- C:\Documents and Settings\SMSCliSvcAcct&\Application Data\OfficeUpdate12
2008-07-08 08:23:37 0 d---s---- C:\Documents and Settings\SMSCliSvcAcct&\Application Data\Microsoft
2008-07-08 08:23:37 0 d-------- C:\Documents and Settings\SMSCliSvcAcct&\Application Data\Microsoft Web Folders
2008-07-08 08:23:37 0 d-------- C:\Documents and Settings\SMSCliSvcAcct&\Application Data\Macromedia
2008-07-08 08:23:37 0 d-------- C:\Documents and Settings\SMSCliSvcAcct&\Application Data\InterVideo
2008-07-08 08:23:37 0 d-------- C:\Documents and Settings\SMSCliSvcAcct&\Application Data\Intel
2008-07-08 08:23:36 0 d---s---- C:\Documents and Settings\SMSCliSvcAcct&\UserData
2008-07-08 08:23:36 0 d--h----- C:\Documents and Settings\SMSCliSvcAcct&\Templates
2008-07-08 08:23:36 0 dr------- C:\Documents and Settings\SMSCliSvcAcct&\Start Menu
2008-07-08 08:23:36 0 dr-h----- C:\Documents and Settings\SMSCliSvcAcct&\SendTo
2008-07-08 08:23:36 1572864 --ah----- C:\Documents and Settings\SMSCliSvcAcct&\NTUSER.DAT
2008-07-07 16:01:26 0 d-------- C:\WINDOWS\system32\NtmsData
2008-07-07 14:41:33 0 d-------- C:\Documents and Settings\shaevans\.housecall6.6
2008-07-07 07:27:18 0 dr-h----- C:\Documents and Settings\shaevans\Recent
2008-06-19 10:15:36 94208 --a------ C:\WINDOWS\system32\pskill.exe <Not Verified; Sysinternals - www.sysinternals.com; Systems Internals pkill>
2008-06-19 10:15:36 94720 --a------ C:\WINDOWS\system32\MsiZap.exe <Not Verified; Microsoft Corporation; Windows Installer - Unicode>
2008-06-19 10:15:36 43 --a------ C:\WINDOWS\system32\2.bat
2008-06-13 07:32:27 0 d-------- C:\Program Files\Norton Security Scan
2008-06-13 07:31:29 0 d-------- C:\WINDOWS\system32\Adobe
2008-06-12 15:47:42 0 d-------- C:\Documents and Settings\shaevans\Application Data\Snapfish


-- Find3M Report ---------------------------------------------------------------

2008-07-10 21:46:52 0 d-------- C:\Program Files\Trillian
2008-07-09 13:54:33 0 d-------- C:\Documents and Settings\shaevans\Application Data\U3
2008-07-02 07:55:51 0 d-------- C:\Program Files\Java
2008-06-20 13:12:49 0 d-------- C:\Program Files\ADTRAN DSL Assistant
2008-06-13 10:47:56 0 d-------- C:\Documents and Settings\shaevans\Application Data\Amazon
2008-06-09 17:03:27 45964 -----n--- V:\warwickpricing
2008-06-09 16:04:32 0 d-------- C:\Program Files\Common Files
2008-06-01 19:49:35 0 d-------- C:\Program Files\NCH Swift Sound
2008-06-01 19:48:45 0 d-------- C:\Program Files\NCH Software
2008-06-01 19:48:14 0 d-------- C:\Documents and Settings\shaevans\Application Data\NCH Swift Sound
2008-05-13 15:02:06 0 d-------- C:\Documents and Settings\shaevans\Application Data\Autodesk
2008-05-13 14:41:10 0 d-------- C:\Program Files\Common Files\L&H
2008-05-13 14:40:39 0 d-------- C:\Program Files\Microsoft.NET
2008-05-13 14:35:05 0 d-------- C:\Program Files\Common Files\Autodesk Shared
2008-05-13 14:35:04 0 d-------- C:\Program Files\AutoCAD LT 2002
2008-05-13 14:25:57 0 d-------- C:\Program Files\AutoCAD LT 2006
2008-05-13 14:25:41 0 d-------- C:\Program Files\AnswerWorks 4.0
2008-05-13 14:20:26 0 d-------- C:\Program Files\Autodesk
2008-05-12 09:17:54 0 d--h----- C:\Program Files\Zero G Registry
2008-05-12 09:16:54 0 d-------- C:\Program Files\Actelis Networks
2008-05-09 14:18:38 23408 --a------ C:\Documents and Settings\shaevans\Application Data\Comma Separated Values (Windows).ADR
2008-05-06 16:16:48 9405 --a------ C:\Documents and Settings\shaevans\Application Data\Comma Separated Values (Windows).EML


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [09/15/2007 03:29 AM]
"atchk"="C:\Program Files\Intel\AMT\atchk.exe" [05/01/2007 05:52 PM]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [03/01/2007 02:18 PM]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [10/08/2007 03:18 PM]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [10/08/2007 03:13 PM]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [07/13/2006 09:12 AM]
"PTHOSTTR"="c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.exe" [01/09/2007 04:52 PM]
"CognizanceTS"="c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [12/22/2003 07:12 PM]
"IFXSPMGT"="c:\WINDOWS\system32\ifxspmgt.exe" [02/15/2007 02:00 PM]
"@"="" []
"accrdsub"="c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe" [05/03/2007 07:51 PM]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [01/05/2007 06:36 PM]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [01/02/2007 04:46 PM]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [05/18/2007 10:50 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [05/18/2007 10:50 PM]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [05/18/2007 10:50 PM]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [11/06/2007 05:34 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"Client Access Service"="C:\Program Files\IBM\Client Access\cwbsvstr.exe" [05/07/2002 06:20 AM]
"Client Access Help Update"="C:\Program Files\IBM\Client Access\cwbinhlp.exe" [05/07/2002 06:20 AM]
"Client Access Check Version"="C:\Program Files\IBM\Client Access\cwbckver.exe" [05/07/2002 06:20 AM]
"Client Access Express Welcome"="C:\Program Files\IBM\Client Access\cwbwlwiz.exe" [05/07/2002 06:20 AM]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [12/17/2002 01:28 PM]
"OfficeScanNT Monitor"="C:\Program Files\Trend Micro\OfficeScan Client\Pccntmon.exe" [12/11/2007 07:31 PM]
"Antivirus"="C:\Program Files\VAV\vav.exe" [07/10/2008 01:33 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 05:45 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [04/30/2008 08:16 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:56 AM]
"Antivirus"="C:\Program Files\VAV\vav.exe" [07/10/2008 01:33 AM]
"Windows update loader"="C:\Windows\xpupdate.exe" [07/10/2008 03:23 PM]
"SpyShredder"="C:\Program Files\SpyShredder\SpyShredder.exe" [07/10/2008 03:23 PM]

C:\Documents and Settings\shaevans\Start Menu\Programs\Startup\
Trillian.lnk - C:\Program Files\Trillian\trillian.exe [5/19/2008]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AutoCAD LT Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [3/5/2005 9:18:22 AM]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2/6/2007 4:14:00 PM]
Clean Access Agent.lnk - C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe [9/7/2007 12:13:06 AM]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [4/30/2008 8:16:50 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1/21/2000 4:15:54 AM]
Printkey2000.lnk - C:\Program Files\PrintKey2000\Printkey2000.exe [4/22/2008 10:52:10 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"Wallpaper"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceStartMenuLogOff"=1 (0x1)
"NoWelcomeScreen"=1 (0x1)
"ForceActiveDesktopOn"=1 (0x1)
"NoActiveDesktop"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
c:\WINDOWS\system32\ackpbsc.dll 05/03/2007 07:51 PM 112640 c:\WINDOWS\system32\ackpbsc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
c:\Program Files\ActivIdentity\ActivClient\acunlock.dll 05/03/2007 07:51 PM 281088 c:\Program Files\ActivIdentity\ActivClient\acunlock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
DeviceNP.dll 04/30/2007 09:19 AM 49152 C:\WINDOWS\system32\DeviceNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll 03/14/2007 07:03 AM 74752 c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=APSHook.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli ASWLNPkg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
Cognizance ASBroker ASChannel


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57bd5546-adaa-11dc-bbbe-b02c9a8bec2e}]
AutoRun\command- E:\setup.exe




-- End of Deckard's System Scanner: finished at 2008-07-11 10:58:29 ------------


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 Duo CPU T7700 @ 2.40GHz
CPU 1: Intel® Core™2 Duo CPU T7700 @ 2.40GHz
Percentage of Memory in Use: 42%
Physical Memory (total/avail): 2039.23 MiB / 1172.77 MiB
Pagefile Memory (total/avail): 3931.61 MiB / 3200.78 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1886.88 MiB

C: is Fixed (NTFS) - 74.53 GiB total, 52.28 GiB free.
D: is CDROM (No Media)
K: is Network (NTFS)
M: is Network (NTFS)
N: is Network (NTFS)
S: is Network (NTFS)
T: is Network (NTFS)
U: is Network (NTFS)
V: is Network (NTFS)

\\.\PHYSICALDRIVE0 - Hitachi HTS722080K9SA00 - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.53 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: Trend Micro OfficeScan Antivirus v8.0 (TrendAntiVirus)
AV: Trend Micro OfficeScan Antivirus v8.0 (TrendAntiVirus)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Office\\Office\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office\\OUTLOOK.EXE:*:Enabled:OUTLOOK.EXE"
"C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Enabled:conf.exe"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\SMSADMIN\\bin\\i386\\statview.exe"="C:\\SMSADMIN\\bin\\i386\\statview.exe:*:Enabled:SMS 2.0 Utility - Status Message Viewer"
"C:\\SMSADMIN\\bin\\i386\\SETUP.EXE"="C:\\SMSADMIN\\bin\\i386\\SETUP.EXE:*:Enabled:SMS Setup"
"C:\\WINDOWS\\system32\\wbem\\unsecapp.exe"="C:\\WINDOWS\\system32\\wbem\\unsecapp.exe:*:Enabled:unsecapp.exe"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\WINDOWS\\system32\\mmc.exe"="C:\\WINDOWS\\system32\\mmc.exe:*:Enabled:Microsoft Management Console"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\WINDOWS\\system32\\VoissAssistant.exe"="C:\\WINDOWS\\system32\\VoissAssistant.exe:*:Enabled:VoissAssistant"
"C:\\Program Files\\Microsoft Office\\OFFICE11\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\OFFICE11\\OUTLOOK.EXE:*:Enabled:OUTLOOK.EXE"
"C:\\Program Files\\NET6\\net6vpn.exe"="C:\\Program Files\\NET6\\net6vpn.exe:*:Enabled:Citrix Secure Access Agent"
"C:\\Program Files\\Java\\j2re1.4.2_03\\bin\\javaw.exe"="C:\\Program Files\\Java\\j2re1.4.2_03\\bin\\javaw.exe:*:Enabled:javaw"
"C:\\Program Files\\Viryanet\\MicroServer\\VCM.exe"="C:\\Program Files\\Viryanet\\MicroServer\\VCM.exe:*:Enabled:VCM"
"C:\\WINDOWS\\explorer.exe"="C:\\WINDOWS\\explorer.exe:*:Disabled:Windows Explorer"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\SmartFTP\\SmartFTP.exe"="C:\\Program Files\\SmartFTP\\SmartFTP.exe:*:Enabled:SmartFTP"
"C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Enabled:conf.exe"
"C:\\Program Files\\Microsoft Office\\Office\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office\\OUTLOOK.EXE:*:Enabled:OUTLOOK.EXE"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Documents and Settings\\mwj974\\Local Settings\\Temporary Internet Files\\Content.IE5\\0L6VGXAV\\CitrixSAClient[1].exe"="C:\\Documents and Settings\\mwj974\\Local Settings\\Temporary Internet Files\\Content.IE5\\0L6VGXAV\\CitrixSAClient[1].exe:*:Enabled:Citrix Secure Access Agent"
"C:\\Program Files\\NET6\\net6vpn.exe"="C:\\Program Files\\NET6\\net6vpn.exe:*:Enabled:Citrix Secure Access Agent"
"C:\\WINDOWS\\system32\\wbem\\unsecapp.exe"="C:\\WINDOWS\\system32\\wbem\\unsecapp.exe:*:Enabled:WMI"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\shaevans\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=NYMTJSLXP041364
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=V:
HOMEPATH=\
HOMESHARE=\\nymt00s2kfp01\ShaEvans$
LOGONSERVER=\\PAWB00S03DC01
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Program Files\Hewlett-Packard\IAM\bin;c:\Program Files\ActivIdentity\ActivClient\;C:\PROGRA~1\IBM\CLIENT~1;C:\PROGRA~1\IBM\CLIENT~1\Shared;C:\PROGRA~1\IBM\CLIENT~1\Emulator;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\Common Files\Autodesk Shared\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 11, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0b
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SMS_LOCAL_DIR=C:\WINDOWS
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\shaevans\LOCALS~1\Temp
TMP=C:\DOCUME~1\shaevans\LOCALS~1\Temp
USERDNSDOMAIN=CORP.PVT
USERDOMAIN=CORP
USERNAME=shaevans
USERPROFILE=C:\Documents and Settings\shaevans
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

frontier (admin)
SMSCliSvcAcct& (admin)
Administrator (admin)
shaevans (admin)
gsc943 (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\InstallShield Installation Information\{69333A04-5134-40A5-A055-9166A7AA1EC8}\setup.exe -runfromtemp -l0x0009 -removeonly
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\AFPViewr\DeIsL1.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL10.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL11.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL12.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL13.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL14.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL2.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL3.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL4.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL5.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL6.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL7.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL8.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL9.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\Emulator\DeIsL1.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\Emulator\DeIsL2.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\Emulator\DeIsL4.isu"
--> MsiExec.exe /I{977FBE6C-AE9A-4429-B249-814F0B3A4CB1}
--> MsiExec.exe /X{87079BC7-1A1E-4520-B5C3-9AF582FA26FD}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ActivClient 6.1 x86 --> MsiExec.exe /I{AC194855-F7AC-4D04-B4C9-07BA46FCB697}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player 11 --> C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
ADTRAN DSL Assistant --> "C:\Program Files\ADTRAN DSL Assistant\UninstallerData\Uninstall DSLAsstistant3.exe"
Amazon MP3 Downloader 1.0.3 --> C:\Program Files\Amazon\MP3 Downloader\Uninstall.exe
AnswerWorks Runtime --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\WexTech\AnswerWorks\Uninst.isu"
AuthenTec Fingerprint Sensor Minimum Install --> MsiExec.exe /I{EB4DF30B-102B-4F0C-927A-D50E037A325D}
AutoCAD LT 2006 - English --> MsiExec.exe /I{5783F2D7-4009-0409-0002-0060B0CE6BBA}
Autodesk Design Review 2009 - SP1 --> C:\Program Files\Autodesk\Autodesk Design Review\Setup\Setup.exe /P {450063AA-643B-417C-8CF5-405BA3F4EF40} /M ADR
Autodesk DWF Viewer --> C:\PROGRA~1\Autodesk\AUTODE~2\Setup.exe /remove
BIOS Configuration for HP ProtectTools --> MsiExec.exe /X{C74D0FA0-1D49-464F-A707-B427EE3385C1}
Broadcom 802.11 Wireless LAN Adapter --> "C:\Program Files\Broadcom\Broadcom 802.11\Driver\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11\Driver"
Cisco Clean Access Agent --> MsiExec.exe /X{41C18715-AFF0-49E9-B940-287A50532D33}
Cisco Systems VPN Client 5.0.01.0600 --> MsiExec.exe /X{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}
Credential Manager for HP ProtectTools --> MsiExec.exe /X{C15F7F16-941E-414B-A676-40190CD621D5}
Device Access Manager for HP ProtectTools --> MsiExec.exe /X{55B52830-024A-443E-AF61-61E1E71AFA1B}
Easy CD Creator 5 Basic --> MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
Embedded Security for HP ProtectTools --> MsiExec.exe /I{20A1D306-CE83-492A-8525-D6DF50B5944A}
FLEXR 7.81 --> C:\WINDOWS\IsUninst.exe -fC:\FLEXR781\Uninst.isu
Google Earth --> MsiExec.exe /I{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP 3D DriveGuard --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{429E92A4-159F-4AEC-85A1-D693E1E4274D}\Setup.exe" -l0x9 UNINSTALL
HP Integrated Module with Bluetooth wireless technology --> MsiExec.exe /X{84814E6B-2581-46EC-926A-823BD1C670F6}
HP ProtectTools Security Manager --> MsiExec.exe /I{2DB165DC-DDB4-403F-B985-19F3EC7D0357}
HP Quick Launch Buttons 6.40 B2 --> C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\Setup.exe -runfromtemp -l0x0009 -removeonly uninst
HP Wireless Assistant --> MsiExec.exe /I{D32067CD-7409-4792-BFA0-1469BCD8F0C8}
IBM iSeries Access for Windows --> "C:\Program Files\IBM\Client Access\cwbinarp.exe"
Intel® Active Management Technology Device Software --> C:\WINDOWS\system32\mesoludlg.exe -uninstall
Intel® Graphics Media Accelerator Driver --> C:\WINDOWS\system32\igxpun.exe -uninstall
Intel® PRO Network Connections Drivers --> Prounstl.exe
Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
J2SE Runtime Environment 5.0 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java Card Security for HP ProtectTools --> MsiExec.exe /I{77130095-2039-424F-A633-4FAF0261258A}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Macromedia Authorware Web Player --> C:\WINDOWS\system32\Macromed\AUTHORWA\UNWISE.EXE C:\WINDOWS\system32\Macromed\AUTHORWA\Install.log
Macromedia Flash Player 8 --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe
mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
MetaASSIST View --> "C:\Program Files\Actelis Networks\MetaASSIST View\Uninstall_MetaASSIST View\Uninstall MetaASSIST View.exe"
MetaFrame Presentation Server Client --> MsiExec.exe /I{E92B7A19-5FD5-4AEE-9FEF-7AD5DD3A675E}
mHelp --> MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft Access 2000 SR-1 --> MsiExec.exe /I{00100409-78E1-11D2-B60F-006097C998E7}
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --

Please download the OTMoveIt2 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  CODE
  C:\Windows\xpupdate.exe
  C:\Program Files\VAV
  C:\Program Files\SpyShredder
  C:\Program Files\PCHealthCenter
  C:\WINDOWS\Sys43.exe
  C:\WINDOWS\Sys45.exe
  C:\WINDOWS\Sys44.exe
  C:\WINDOWS\Sys42.exe
  C:\WINDOWS\system32\2.bat
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Antivirus
  HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Antivirus
  HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Windows update loader
  HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SpyShredder
  HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\\NoWelcomeScreen
  HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\\ForceStartMenuLogOff
  HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\\NoWelcomeScreen
  HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\\ForceActiveDesktopOn
  HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\\NoActiveDesktop
  emptytemp
  
  
• Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light Yellow bar) and choose Paste.
• Click the red Moveit! button.
• OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
==================================
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
====================
Post these logs:
Ot Move it log
MalwareBytes log
New dss log

You would not happen to have a FIREWALL friendly host site would you. I cannot get the Oldtimer software and my wireless connection is.

I will attach it see the file below.

[attachment=21984:OT_Move_it.zip]