Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!
   
3 Pages V   1 2 3 >  
 Closed TopicStart new topic
HELP PLZ! PLZ! [RESOLVED]
sumguy
post Dec 26 2007, 01:47 AM
Post #1


Member
**
Posts: 54
From: California
OS: windows xp
Hello geeks2go! My friends computer is so SLOW. Not only that, on normal mode, everything is messed up, i mean the computer can't even read the flash drive! This all started when he got a virus, did a scan with SuperAntiSpyware, and rebooted. After reboot, the windows never loaded, and a screen came, saying that windows failed to load, then gave the option of "Last Known Good Configuration" and so he chose it. After that, the desktop background only showed! No icons, no taskbar. Many wierd tasks too. Such as wtfctrl? or something. HERES THE HIJACK THIS LOG!! HELP = GREATLY APPRECIATED.

PS: dont thnk there is internet.

THIS HIJACK THIS LOGFILE WAS DONE IN SAFE MODE BECAUSE NORMAL MODE WON't WORK!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:33:48 PM, on 12/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar6.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [nvchost] C:\WINDOWS\winlogon.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [avast!] C:\DOCUME~1\Nes\Desktop\avast\install\ashDisp.exe
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe" -startup
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Documents and Settings\Nes\Desktop\avast\install\aswUpdSv.exe (file missing)
O23 - Service: avast! Antivirus - Unknown owner - C:\Documents and Settings\Nes\Desktop\avast\install\ashServ.exe (file missing)
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Documents and Settings\Nes\Desktop\avast\install\ashMaiSv.exe (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Documents and Settings\Nes\Desktop\avast\install\ashWebSv.exe (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe
O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: Netscape Update Service (NCUpdateSvc) - Netscape Communications Corporation - C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7221 bytes

----------------------

Also, at the startup, a shutdown box comes up. Countdown = 60 s...i simply did a shutdown -a in cmd to turn it off. The message says Initiate :NT authority/System. and in the description it says services.exe was unexpectedly terminated.

This post has been edited by sumguy: Dec 26 2007, 01:59 AM
Go to the top of the page
 
+Quote Post
Rorschach112
post Dec 26 2007, 05:52 AM
Post #2


GeekU Teacher
Group Icon
Posts: 34,385
From: Dublin
OS: XP
Hello

Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.


Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum.




Do the following from Normal Mode

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
Go to the top of the page
 
+Quote Post
sumguy
post Dec 26 2007, 05:25 PM
Post #3


Member
**
Posts: 54
From: California
OS: windows xp
SDFix: Version 1.119

Run by Nes on Wed 12/26/2007 at 02:45 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Service xpdx - Deleted after Reboot

Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\SYSTEM32\CMMGR32.EXE - Deleted
C:\202196~1 - Deleted
C:\Documents and Settings\Nes\Local Settings\Temp\cd371.tmp.exe - Deleted
C:\DOCUME~1\Nes\LOCALS~1\Temp\abc123.pid - Deleted
C:\DOCUME~1\Nes\LOCALS~1\Temp\installer.exe - Deleted
C:\DOCUME~1\Nes\LOCALS~1\Temp\removalfile.bat - Deleted
C:\WINDOWS\Casino.ico - Deleted
C:\WINDOWS\Free Online Dating.ico - Deleted
C:\WINDOWS\lsass.exe - Deleted
C:\WINDOWS\Spyware Remover.ico - Deleted
C:\WINDOWS\system32\xpdx.sys - Deleted



Folder C:\Program Files\Helper - Removed

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1333.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-26 14:57:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1139646943\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1139646943\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1139646943\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1139646943\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\WinAntiVirus Pro 2006\\Updater.exe"="C:\\Program Files\\WinAntiVirus Pro 2006\\Updater.exe:*:Enabled:updater.exe"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\DOCUME~1\\Nes\\LOCALS~1\\Temp\\win27B.exe"="C:\\DOCUME~1\\Nes\\LOCALS~1\\Temp\\win27B.exe:*:Enabled:win27B"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Program Files\\Lexmark 2500 Series\\app4r.exe"="C:\\Program Files\\Lexmark 2500 Series\\App4R.exe:*:Enabled:Lexmark Imaging Studio"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Mon 13 Nov 2006 1,430,357 A.SH. --- "C:\WINDOWS\inf\dcmavg.tmp"
Thu 9 Nov 2006 1,375,465 A.SH. --- "C:\WINDOWS\inf\dcmavg.bak1"
Wed 15 Nov 2006 1,448,297 A.SH. --- "C:\WINDOWS\inf\dcmavg.bak2"
Sat 23 Dec 2006 1,062,675 A.SH. --- "C:\WINDOWS\system32\aybeg.tmp"
Mon 27 Nov 2006 705,680 A.SH. --- "C:\WINDOWS\system32\aybeg.bak1"
Mon 25 Dec 2006 1,057,968 A.SH. --- "C:\WINDOWS\system32\aybeg.bak2"
Sat 24 Feb 2007 56 ..SHR --- "C:\WINDOWS\system32\E5B0B4FFA8.sys"
Sat 24 Feb 2007 3,350 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Wed 12 Jul 2006 1,038,378 A.SH. --- "C:\WINDOWS\system32\opqss.tmp"
Mon 13 Nov 2006 319,456 A..H. --- "C:\Program Files\Common Files\Motorola Shared\MotPCSDrivers\difxapi.dll"
Fri 5 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\573b8bee2d25ffedabde94732ae6dbae\BITD.tmp"
Sat 19 May 2007 8 A..H. --- "C:\Documents and Settings\Margie\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
Sat 19 May 2007 8 A..H. --- "C:\Documents and Settings\Margie\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
Sat 19 May 2007 8 A..H. --- "C:\Documents and Settings\Margie\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp"
Sat 26 May 2007 8 A..H. --- "C:\Documents and Settings\Margie\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp"

Finished!
-----------------------------------MAIN
Deckard's System Scanner v20071014.68
Run by Nes on 2007-12-26 15:06:58
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
89: 2007-12-26 23:07:11 UTC - RP574 - Deckard's System Scanner Restore Point
88: 2007-12-26 02:37:46 UTC - RP573 - System Checkpoint
87: 2007-12-25 00:28:56 UTC - RP572 - Removed ABBYY FineReader 6.0 Sprint
86: 2007-12-22 02:58:33 UTC - RP571 - Restore Operation
85: 2007-12-21 01:08:42 UTC - RP570 - System Checkpoint


-- First Restore Point --
1: 2007-12-19 20:33:57 UTC - RP486 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 503 MiB (512 MiB recommended).


-- HijackThis (run as Nes.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:08:35 PM, on 12/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\lxddcoms.exe
C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft IntelliType Pro\type32 .exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched .exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
C:\WINDOWS\system32\igfxpers .exe
C:\WINDOWS\system32\dla\tfswctrl .exe
C:\WINDOWS\system32\hkcmd .exe
C:\Program Files\Lexmark 2500 Series\lxddmon .exe
C:\Program Files\Lexmark 2500 Series\lxddamon .exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware .exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon .exe
C:\Program Files\AIM6\aim6 .exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Documents and Settings\Nes\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Nes.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: (no name) - {1AFCD1D7-C06B-48DB-874D-FB5F99BDB60F} - C:\WINDOWS\system32\mllmm.dll
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\PROGRA~1\NETSCA~1\NETSCA~1\pbhelper.dll
O2 - BHO: (no name) - {5B17AFFD-3491-4318-B941-0E867D8B94D2} - C:\WINDOWS\inf\gvamcd.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar6.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar6.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [avast!] C:\DOCUME~1\Nes\Desktop\avast\install\ashDisp.exe
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe" -startup
O4 - HKCU\..\Run: [trust readme] C:\DOCUME~1\Nes\APPLIC~1\Gluefunk\Audio Internet Save.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: gebya - C:\WINDOWS\system32\gebya.dll (file missing)
O20 - Winlogon Notify: gvamcd - C:\WINDOWS\inf\gvamcd.dll (file missing)
O20 - Winlogon Notify: wineij32 - wineij32.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Documents and Settings\Nes\Desktop\avast\install\aswUpdSv.exe (file missing)
O23 - Service: avast! Antivirus - Unknown owner - C:\Documents and Settings\Nes\Desktop\avast\install\ashServ.exe (file missing)
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Documents and Settings\Nes\Desktop\avast\install\ashMaiSv.exe (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Documents and Settings\Nes\Desktop\avast\install\ashWebSv.exe (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe
O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: Netscape Update Service (NCUpdateSvc) - Netscape Communications Corporation - C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9991 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R1 tmtdi (Trend Micro TDI Driver) - c:\windows\system32\drivers\tmtdi.sys <Not Verified; Trend Micro Inc.; Trend Micro Network Security Component 1.0>
R2 tm_cfw (Common Firewall Driver) - c:\windows\system32\drivers\tm_cfw.sys <Not Verified; Trend Micro Inc.; Trend Network Security Component 1.0>
R3 catchme - c:\docume~1\Nes\locals~1\temp\catchme.sys (file missing)
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
S3 usbsermpt (Motorola USB Modem Driver for MPT) - c:\windows\system32\drivers\usbsermpt.sys <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 NCUpdateSvc (Netscape Update Service) - c:\program files\netscape internet service\ncupdatesvc.exe <Not Verified; Netscape Communications Corporation; Netscape Update Service>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S2 aswUpdSv (avast! iAVS4 Control Service) - "c:\documents and settings\nes\desktop\avast\install\aswupdsv.exe" (file missing)
S2 avast! Antivirus - "c:\documents and settings\nes\desktop\avast\install\ashserv.exe" (file missing)
S3 avast! Mail Scanner - "c:\documents and settings\nes\desktop\avast\install\ashmaisv.exe" /service (file missing)
S3 avast! Web Scanner - "c:\documents and settings\nes\desktop\avast\install\ashwebsv.exe" /service (file missing)
S4 PcCtlCom (Trend Micro Central Control Component) - c:\progra~1\trendm~1\intern~1\pcctlcom.exe <Not Verified; Trend Micro Incorporated.; Trend Micro Internet Security>
S4 Tmntsrv (Trend Micro Real-time Service) - c:\progra~1\trendm~1\intern~1\tmntsrv.exe <Not Verified; Trend Micro Incorporated.; Trend Micro Internet Security>
S4 TmPfw (Trend Micro Personal Firewall) - c:\progra~1\trendm~1\intern~1\tmpfw.exe <Not Verified; Trend Micro Inc.; Trend Network Security Component 1.0>
S4 tmproxy (Trend Micro Proxy Service) - c:\progra~1\trendm~1\intern~1\tmproxy.exe <Not Verified; Trend Micro Inc.; Trend Micro Network Security Components 1.0>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-12-26 15:00:00 260 --ah----- C:\WINDOWS\Tasks\A5BE54899191CF91.job


-- Files created between 2007-11-26 and 2007-12-26 -----------------------------

2007-12-26 14:43:01 0 d-------- C:\WINDOWS\ERUNT
2007-12-25 23:35:02 0 d-------- C:\Program Files\CCleaner
2007-12-25 17:45:39 0 d-------- C:\Documents and Settings\Nes\Application Data\Lexmark Productivity Studio
2007-12-19 18:26:49 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real
2007-12-19 18:25:14 0 d-------- C:\Documents and Settings\Administrator\Application Data\Leadertech
2007-12-19 18:15:39 0 d-------- C:\Documents and Settings\Herschel\Application Data\SUPERAntiSpyware.com
2007-12-19 18:13:24 0 d-------- C:\Documents and Settings\Herschel\Application Data\Mozilla
2007-12-19 18:10:54 0 d-------- C:\Documents and Settings\Herschel\Application Data\FaxCtr
2007-12-19 18:10:35 0 d-------- C:\Documents and Settings\Herschel\Application Data\Real
2007-12-19 18:10:21 0 d-------- C:\WINDOWS\LastGood
2007-12-19 17:00:01 331776 -----n--- C:\WINDOWS\system32\mllmm.dll
2007-12-19 16:51:04 0 d--hs---- C:\WINDOWS\CSC
2007-12-19 13:51:36 57856 --a------ C:\fjrnkqwn.exe
2007-12-19 13:51:14 1283174 --a------ C:\Install
2007-12-19 13:51:02 0 d-------- C:\WINDOWS\system32\njprckha
2007-12-19 13:51:02 15360 --a------ C:\WINDOWS\system32\drvkegr.dll
2007-12-19 13:51:01 0 d-------- C:\Program Files\SecCenter
2007-12-19 13:50:52 0 d-------- C:\Program Files\Gcxwkfaq
2007-12-19 13:50:36 0 d-------- C:\Program Files\parehuvg
2007-12-19 12:33:55 335360 --a------ C:\WINDOWS\system32\mllmm.exe
2007-12-19 12:33:44 11620 --ahs---- C:\WINDOWS\system32\mmllm.ini2
2007-12-03 21:20:23 0 d-------- C:\Program Files\Buddy Icon Maker
2007-12-03 21:20:17 0 d-------- C:\Program Files\Colorizer
2007-12-03 21:20:13 0 d-------- C:\Program Files\AvPropPlugin
2007-12-03 21:19:07 0 d-------- C:\Program Files\AIM Music Link


-- Find3M Report ---------------------------------------------------------------

2007-12-26 14:56:31 0 d-------- C:\Program Files\Lexmark Fax Solutions
2007-12-26 14:56:30 0 d-------- C:\Program Files\Lexmark 2500 Series
2007-12-26 14:56:27 414208 --a------ C:\WINDOWS\system32\hkcmd.exe <Not Verified; Intel Corporation; Intel® Common User Interface>
2007-12-26 14:56:26 430592 --a------ C:\WINDOWS\system32\igfxtray.exe <Not Verified; Intel Corporation; Intel® Common User Interface>
2007-12-26 14:56:26 451072 --a------ C:\WINDOWS\system32\igfxpers.exe <Not Verified; Intel Corporation; Intel® Common User Interface>
2007-12-26 14:56:22 0 d-------- C:\Program Files\Microsoft IntelliType Pro
2007-12-26 14:56:20 0 d-------- C:\Program Files\Messenger
2007-12-26 14:56:20 0 d-------- C:\Program Files\AIM6
2007-12-26 14:56:19 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-12-26 14:39:32 0 d-------- C:\Program Files\Microsoft IntelliPoint
2007-12-25 23:33:27 0 d-------- C:\Program Files\Trend Micro
2007-12-25 23:32:14 0 d-------- C:\Program Files\DellSupport
2007-12-21 18:46:15 0 d-------- C:\Program Files\QuickTime
2007-12-19 13:51:32 0 d-------- C:\Program Files\mobile PhoneTools
2007-12-13 20:26:40 0 d-------- C:\Program Files\Copysafe
2007-12-03 21:20:20 0 d-------- C:\Program Files\WildTangent
2007-12-03 21:18:21 0 d-------- C:\Program Files\Plaxo
2007-11-24 12:15:55 0 d-------- C:\Program Files\Lx_cats
2007-11-02 19:29:27 0 d-------- C:\Program Files\Viewpoint
2007-11-02 19:29:23 0 d-a------ C:\Program Files\Common Files
2007-11-02 19:29:23 0 d-------- C:\Program Files\Common Files\Viewpoint
2007-11-01 18:28:57 0 d-------- C:\Program Files\MSN Messenger
2007-10-28 12:48:16 0 d-------- C:\Documents and Settings\Nes\Application Data\Winamp


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1AFCD1D7-C06B-48DB-874D-FB5F99BDB60F}]
12/19/2007 05:00 PM 331776 --------- C:\WINDOWS\system32\mllmm.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5B17AFFD-3491-4318-B941-0E867D8B94D2}]
C:\WINDOWS\inf\gvamcd.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WatchDog"="C:\Program Files\mobile PhoneTools\WatchDog.exe" []
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [12/26/2007 02:56 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" [12/26/2007 02:56 PM]
"SigmatelSysTrayApp"="stsystra.exe" [03/22/2005 10:20 PM C:\WINDOWS\stsystra.exe]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" [12/26/2007 02:56 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [12/26/2007 02:56 PM]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" []
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [12/26/2007 02:56 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [12/26/2007 02:56 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [12/26/2007 02:56 PM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [12/26/2007 02:56 PM]
"avast!"="C:\DOCUME~1\Nes\Desktop\avast\install\ashDisp.exe" []
"lxddmon.exe"="C:\Program Files\Lexmark 2500 Series\lxddmon.exe" [12/26/2007 02:56 PM]
"lxddamon"="C:\Program Files\Lexmark 2500 Series\lxddamon.exe" [12/26/2007 02:56 PM]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [12/26/2007 02:56 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [12/26/2007 02:56 PM]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe" [12/26/2007 03:04 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"trust readme"="C:\DOCUME~1\Nes\APPLIC~1\Gluefunk\Audio Internet Save.exe" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [12/26/2007 02:56 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [12/26/2007 02:56 PM]
"OE_OEM"="C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [12/26/2007 02:56 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [12/26/2007 02:56 PM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [12/26/2007 02:56 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 03:00 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Norton SystemWorks"="C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [1/17/2006 3:56:58 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [11/11/2004 9:59:36 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 04/29/2007 10:36 AM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebya]
C:\WINDOWS\system32\gebya.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gvamcd]
C:\WINDOWS\inf\gvamcd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wineij32]
wineij32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\mllmm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avp]
C:\WINDOWS\avp .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDrive]
rundll32.exe C:\WINDOWS\system32\drvkeg.dll,startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\Dell Support\DSAgnt.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dilozmfa]
regsvr32 /u "C:\Documents and Settings\All Users\Application Data\dilozmfa.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1139646943\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe" -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
C:\WINDOWS\system32\mllmm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lsass]
C:\WINDOWS\lsass .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Outerinfo]
"C:\Program Files\Outerinfo\Outerinfo.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask .exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SC2]
C:\Program Files\SecCenter\scprot4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\smgr]
mgrs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ufancxsz]
rundll32.exe "C:\Program Files\parehuvg\lsbmxqhu.dll",Init

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]
"C:\Program Files\Save\Save.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"tmproxy"=2 (0x2)
"TmPfw"=2 (0x2)
"Tmntsrv"=2 (0x2)
"Symantec Core LC"=2 (0x2)
"Speed Disk service"=2 (0x2)
"SPBBCSvc"=2 (0x2)
"SNDSrvc"=2 (0x2)
"SBService"=2 (0x2)
"SAVScan"=3 (0x3)
"PcCtlCom"=2 (0x2)
"NProtectService"=2 (0x2)
"NPFMntor"=2 (0x2)
"NetSvc"=3 (0x3)
"navapsvc"=2 (0x2)
"ISSVC"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccProxy"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"AOL ACS"=2 (0x2)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe




-- End of Deckard's System Scanner: finished at 2007-12-26 15:09:19 ------------


PS: Computer is running considerably faster, yet haven't done a full system shutdown. Waiting for your call. Thank You for your help this far =)
Go to the top of the page
 
+Quote Post
sumguy
post Dec 26 2007, 05:26 PM
Post #4


Member
**
Posts: 54
From: California
OS: windows xp
TOO MUCH IN THE LAST POST, SO HERES EXTRA.TXT from DSS

-----------------------------------EXTRA
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.00GHz
CPU 1: Intel® Pentium® 4 CPU 3.00GHz
Percentage of Memory in Use: 68%
Physical Memory (total/avail): 502.07 MiB / 156.86 MiB
Pagefile Memory (total/avail): 1227.25 MiB / 941.63 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1921.48 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 69.82 GiB total, 35.97 GiB free.
D: is CDROM (No Media)
E: is Removable (FAT)

\\.\PHYSICALDRIVE0 - HDS728080PLA380 - 74.5 GiB - 3 partitions
\PARTITION0 - Unknown - 31.35 MiB
\PARTITION1 (bootable) - Installable File System - 69.82 GiB - C:
\PARTITION2 - Unknown - 4.64 GiB

\\.\PHYSICALDRIVE1 - MicroAdv QuickiDrive128M USB Device - 117.66 MiB - 1 partition
\PARTITION0 (bootable) - MS-DOS V4 Huge - 124.73 MiB - E:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: Trend Micro PC-cillin Internet Security (Firewall) v12 (Trend Micro, Inc.)
AV: avast! antivirus 4.7.1001 [VPS 000746-2] v4.7.1001 (ALWIL Software)
AV: Trend Micro PC-cillin Internet Security v12.7.1017 (Trend Micro, Inc.)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Program Files\\Lexmark 2500 Series\\app4r.exe"="C:\\Program Files\\Lexmark 2500 Series\\App4R.exe:*:Enabled:Lexmark Imaging Studio"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1139646943\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1139646943\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1139646943\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1139646943\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\WinAntiVirus Pro 2006\\Updater.exe"="C:\\Program Files\\WinAntiVirus Pro 2006\\Updater.exe:*:Enabled:updater.exe"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\DOCUME~1\\Nes\\LOCALS~1\\Temp\\win27B.exe"="C:\\DOCUME~1\\Nes\\LOCALS~1\\Temp\\win27B.exe:*:Enabled:win27B"
"C:\\Program Files\\Lexmark 2500 Series\\lxddmon .exe"="C:\\Program Files\\Lexmark 2500 Series\\lxddmon .exe:*:Enabled: "


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Nes\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=NAREN
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Nes
LOGONSERVER=\\NAREN
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0403
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Nes\LOCALS~1\Temp
TMP=C:\DOCUME~1\Nes\LOCALS~1\Temp
USERDOMAIN=NAREN
USERNAME=Nes
USERPROFILE=C:\Documents and Settings\Nes
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Margie (admin)
Nes (admin)
Herschel (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Documents and Settings\Nes\Desktop\ConverterUninstall.exe /CONVERTER
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
--> MsiExec.exe /I{95D9B4D8-B091-4fab-80EA-313EB4B82FD6}
--> MsiExec.exe /I{EB997E90-5EB0-4eb5-90D0-90B1D2F0CA03}
--> MsiExec.exe /I{F543B12A-13F5-487E-9314-F7D25E1BBE3E}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
123 DVD Converter --> "C:\Documents and Settings\Nes\My Documents\My Music\123 DVD Converter\unins000.exe"
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AIM Facebook Plugin 0.0.8 --> C:\Documents and Settings\Nes\My Documents\Facebook Plugin\aim_facebook_uninstall.exe
AIM Fight List 1.0.0.1 --> C:\DOCUME~1\Nes\MYDOCU~1\AIMFIG~1\UNWISE.EXE C:\DOCUME~1\Nes\MYDOCU~1\AIMFIG~1\INSTALL.LOG
AIM MusicLink 2.0.0.4 --> C:\PROGRA~1\AIMMUS~1\UNWISE.EXE C:\PROGRA~1\AIMMUS~1\INSTALL.LOG
AOLIcon --> MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
Avanquest update --> C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe -runfromtemp -l0x0009 -removeonly
avast! Antivirus --> rundll32 C:\DOCUME~1\Nes\Desktop\avast\install\Setup\setiface.dll,RunSetup
AvPropPlugin 1.0.0.1 --> C:\PROGRA~1\AVPROP~1\UNWISE.EXE C:\PROGRA~1\AVPROP~1\INSTALL.LOG
Buddy Icon Maker 1.0.0.1 --> C:\PROGRA~1\BUDDYI~1\UNWISE.EXE C:\PROGRA~1\BUDDYI~1\INSTALL.LOG
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CiD Help --> C:\DOCUME~1\Nes\APPLIC~1\Gluefunk\Audio Internet Save.exe -uninstall
Colorizer 1.0.0.1 --> C:\PROGRA~1\COLORI~1\UNWISE.EXE C:\PROGRA~1\COLORI~1\INSTALL.LOG
Conexant D850 56K V.9x DFVc Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
CopySafe Plugin --> C:\PROGRA~1\Copysafe\UNWISE.EXE C:\PROGRA~1\Copysafe\INSTALL.LOG
Cucusoft DVD to iPod + iPod Video Converter Suite 6.2.5.16 --> "C:\Documents and Settings\Nes\My Documents\My Music\ipod-converter\unins000.exe"
Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Content Portal --> MsiExec.exe /I{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
DivX Codec --> C:\Documents and Settings\Nes\Desktop\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Documents and Settings\Nes\Desktop\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Documents and Settings\Nes\Desktop\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Ripper 4 --> C:\Documents and Settings\Nes\Desktop\DVD Ripper 4\Uninstall.exe
EarthLink setup files --> MsiExec.exe /X{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}
EducateU --> MsiExec.exe /I{A683A2C0-821C-486F-858C-FA634DB5E864}
ESPNMotion --> C:\PROGRA~1\ESPNMO~1\UNWISE.EXE /u C:\PROGRA~1\ESPNMO~1\INSTALL.LOG
GameSpy Arcade --> C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
GemMaster Mystic --> "C:\Program Files\GemMaster\uninstallgemmaster.exe"
Get High Speed Internet! --> MsiExec.exe /I{7A3F0566-5E05-4919-9C98-456F6B5CF831}
Google AFE --> regsvr32 /u /s "c:\Program Files\GoogleAFE\GoogleAE.dll"
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar6.dll"
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Intel® Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2776 PCI\VEN_8086&DEV_2772
Intel® PRO Network Connections Drivers --> Prounstl.exe
Intel® PROSet for Wired Connections --> MsiExec.exe /I{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}
J2SE Runtime Environment 5.0 Update 8 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
K-Lite Codec Pack 2.27 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
Lexmark 2500 Series --> C:\Program Files\Lexmark 2500 Series\Install\x86\Uninst.exe
Lexmark Fax Solutions --> C:\Program Files\Lexmark Fax Solutions\Install\x86\Uninst.exe /R:faxunst
Lexmark Toolbar --> regsvr32.exe /s /u "C:\Program Files\Lexmark Toolbar\toolband.dll"
LimeWire 4.12.11 --> "C:\Documents and Settings\Nes\My Documents\LimeWire\uninstall.exe"
Macromedia Flash Player --> MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}
MC Web --> C:\WINDOWS\unvise32.exe C:\uninstal.log
Microsoft Digital Image Standard 2006 --> "C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=PREM VERSION=11
Microsoft Halo Trial --> "C:\Program Files\Microsoft Games\Halo Trial\UNINSTAL.EXE" /runtemp /addremove
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office XP Media Content --> MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Professional --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0050048383C9}
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
MixMeister CD-R Drivers --> MsiExec.exe /I{4367BF53-8748-4122-8516-85E4375925AF}
MixMeister Studio Demo 7.0.5 --> "C:\Documents and Settings\Nes\Desktop\MixMeister Studio\unins000.exe"
mobile PhoneTools --> MsiExec.exe /X{F4756F45-E373-45E0-A023-F3DD4A04AA90}
mobile PhoneTools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F18E8A0F-BE99-4305-96A5-6C0FD9D7D999}\setup.exe" -l0x9
MobTime Cell Phone Manager V3.6.4 --> "C:\Documents and Settings\Nes\My Documents\My Music\MobTime Cell Phone Manager\unins000.exe"
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Motorola Driver Installation --> MsiExec.exe /I{3324A5DC-C7F6-430A-ACC8-F251CD8F4FC7}
Motorola Phone Tools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe" -l0x9 -removeonly
Movie Converter V2 (remove only) --> C:\Documents and Settings\Nes\Desktop\Movie Converter V2\uninst.exe -c
Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP3 Converter Simple --> C:\DOCUME~1\Nes\MYDOCU~1\MP3CON~1\UNWISE.EXE C:\DOCUME~1\Nes\MYDOCU~1\MP3CON~1\INSTALL.LOG
MP3 Cutter Joiner 1.17 --> "C:\Program Files\SuperAudiotool\MP3 Cutter Joiner\unins000.exe"
MPEG Encoder 3 --> C:\Documents and Settings\Nes\My Documents\MPEG Encoder 3\Uninstall.exe
Nero - Burning Rom (Web installer) --> C:\WINDOWS\UNNERO.exe /UNINSTALL
Nero ShowTime CE --> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
Netscape Internet Service --> C:\Program Files\Netscape Internet Service\install.exe -r {FFC3B772-C00A-42da-90A6-A87F4AFD73D9}
Netscape Web Accelerator --> C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\accinst.exe -r {FFC3B772-C00A-42da-90A6-A87F4AFD73E0}
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
NetZeroInstallers --> MsiExec.exe /X{352310C3-E46B-42D3-8F32-54721FDD72D9}
Otto --> "C:\Program Files\EnglishOtto\uninstallotto.exe"
PowerDVD 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickBooks Simple Start Special Edition --> msiexec.exe /I {F543B12A-13F5-487E-9314-F7D25E1BBE3E} UNIQUE_NAME="atomlimited" QBFULLNAME="QuickBooks Simple Start Special Edition" ADDREMOVE=1
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Sierra Account Wizard --> C:\DOCUME~1\Nes\MYDOCU~1\ACCOUN~1\UNWISE.EXE C:\DOCUME~1\Nes\MYDOCU~1\ACCOUN~1\INSTALL.LOG
SmartSoft Video Converter --> "C:\Documents and Settings\Nes\My Documents\SmartSoftVideoConverterPro\unins000.exe"
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic Encoders --> MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sonic RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Steam --> C:\DOCUME~1\Nes\MYDOCU~1\UNWISE.EXE C:\DOCUME~1\Nes\MYDOCU~1\INSTALL.LOG
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Trend Micro PC-cillin Internet Security 12 --> MsiExec.exe /X{7698EDA5-A90F-4205-99CB-8FF6F9048ED9}
Update Rollup 2 for Windows XP Media Center Edition 2005 --> C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
Usb to Serial Driver 1.12.25 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F46E168-E0F4-45EA-81F5-80488334B609}\Setup.exe" -l0x9
Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Viewpoint Toolbar --> C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\Uninstaller.exe /u /k /url "http://www.viewpoint.com/pub/uninstallcompleted.html"
Virtual DJ - Atomix Productions --> C:\DOCUME~1\Nes\MYDOCU~1\VIRTUA~1\UNWISE.EXE C:\DOCUME~1\Nes\MYDOCU~1\VIRTUA~1\INSTALL.LOG
WebCyberCoach 3.2 Dell --> "C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"
Winamp --> "C:\Documents and Settings\Nes\My Documents\Winamp\UninstWA.exe"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows XP Media Center Edition 2005 KB908246 --> "C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB908250 -->
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WordPerfect Office 12 --> MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}
XviD 1.1 final uninstall --> "C:\Program Files\XviD\unins000.exe"
Yahoo! Photos Easy Upload Tool 1v7 --> C:\WINDOWS\system32\regsvr32 /u /s "C:\WINDOWS\cache\YDropper.dll"
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
YASA DVD to MPEG Converter v3.6 (build 042) --> C:\DOCUME~1\Nes\MYDOCU~1\MYMUSI~1\YASADV~1\UNWISE.EXE C:\DOCUME~1\Nes\MYDOCU~1\MYMUSI~1\YASADV~1\INSTALL.LOG


-- Application Event Log -------------------------------------------------------

Event Record #/Type20754 / Error
Event Submitted/Written: 12/25/2007 11:53:58 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application services.exe, version 5.1.2600.2180, faulting module services.exe, version 5.1.2600.2180, fault address 0x00008e40.
Processing media-specific event for [services.exe!ws!]

Event Record #/Type20751 / Error
Event Submitted/Written: 12/25/2007 05:35:07 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application services.exe, version 5.1.2600.2180, faulting module services.exe, version 5.1.2600.2180, fault address 0x00008e40.
Processing media-specific event for [services.exe!ws!]

Event Record #/Type20747 / Error
Event Submitted/Written: 12/24/2007 04:25:22 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application services.exe, version 5.1.2600.2180, faulting module services.exe, version 5.1.2600.2180, fault address 0x00008e40.
Processing media-specific event for [services.exe!ws!]

Event Record #/Type20744 / Error
Event Submitted/Written: 12/21/2007 07:02:37 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application services.exe, version 5.1.2600.2180, faulting module services.exe, version 5.1.2600.2180, fault address 0x00008e40.
Processing media-specific event for [services.exe!ws!]

Event Record #/Type20741 / Error
Event Submitted/Written: 12/21/2007 06:56:46 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application services.exe, version 5.1.2600.2180, faulting module services.exe, version 5.1.2600.2180, fault address 0x00008e40.
Processing media-specific event for [services.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type109285 / Error
Event Submitted/Written: 12/26/2007 03:06:54 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service PcCtlCom with arguments "-Service"
in order to run the server:
{5F9DCAF1-2A98-4135-AEFF-8C76B1D7C52C}

Event Record #/Type109284 / Error
Event Submitted/Written: 12/26/2007 03:06:53 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service PcCtlCom with arguments "-Service"
in order to run the server:
{5F9DCAF1-2A98-4135-AEFF-8C76B1D7C52C}

Event Record #/Type109283 / Error
Event Submitted/Written: 12/26/2007 03:06:52 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service PcCtlCom with arguments "-Service"
in order to run the server:
{5F9DCAF1-2A98-4135-AEFF-8C76B1D7C52C}

Event Record #/Type109282 / Error
Event Submitted/Written: 12/26/2007 03:06:51 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service PcCtlCom with arguments "-Service"
in order to run the server:
{5F9DCAF1-2A98-4135-AEFF-8C76B1D7C52C}

Event Record #/Type109281 / Error
Event Submitted/Written: 12/26/2007 03:06:50 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service PcCtlCom with arguments "-Service"
in order to run the server:
{5F9DCAF1-2A98-4135-AEFF-8C76B1D7C52C}



-- End of Deckard's System Scanner: finished at 2007-12-26 15:09:19 ------------
Go to the top of the page
 
+Quote Post
Rorschach112
post Dec 26 2007, 05:46 PM
Post #5


GeekU Teacher
Group Icon
Posts: 34,385
From: Dublin
OS: XP
Bit more to do smile.gif

You have two anti-virus programs, Avast and Trend Micro, this can cause a lot of problems so please go to start > control Panel > Add or Remove Programs > Remove Avast or Trend Micro Internet Security


1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O2 - BHO: (no name) - {1AFCD1D7-C06B-48DB-874D-FB5F99BDB60F} - C:\WINDOWS\system32\mllmm.dll
O2 - BHO: (no name) - {5B17AFFD-3491-4318-B941-0E867D8B94D2} - C:\WINDOWS\inf\gvamcd.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O20 - Winlogon Notify: gebya - C:\WINDOWS\system32\gebya.dll (file missing)
O20 - Winlogon Notify: gvamcd - C:\WINDOWS\inf\gvamcd.dll (file missing)
O20 - Winlogon Notify: wineij32 - wineij32.dll (file missing)

2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.



Please download OTMoveIt by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\Program Files\WinAntiVirus Pro 2006
    C:\DOCUME~1\\Nes\LOCALS~1\Temp\win27B.exe
    C:\WINDOWS\system32\aybeg.tmp
    C:\WINDOWS\system32\aybeg.bak1
    C:\WINDOWS\system32\aybeg.bak2
    C:\WINDOWS\inf\dcmavg.tmp
    C:\WINDOWS\inf\dcmavg.bak1
    C:\WINDOWS\inf\dcmavg.bak2
    C:\WINDOWS\system32\opqss.tmp
    C:\WINDOWS\system32\mllmm.dll
    C:\fjrnkqwn.exe
    C:\Install
    C:\WINDOWS\system32\njprckha
    C:\WINDOWS\system32\drvkegr.dll
    C:\Program Files\SecCenter
    C:\Program Files\Gcxwkfaq
    C:\Program Files\parehuvg
    C:\WINDOWS\system32\mllmm.exe
    C:\WINDOWS\system32\mmllm.ini2
    C:\DOCUME~1\Nes\APPLIC~1\Gluefunk\Audio Internet Save.exe
    C:\WINDOWS\avp .exe
    C:\WINDOWS\system32\drvkeg.dll
    C:\Documents and Settings\All Users\Application Data\dilozmfa.dll
    C:\WINDOWS\lsass .exe
    C:\Program Files\Outerinfo
    C:\Program Files\SecCenter
    C:\WINDOWS\system32\mgrs.exe
    C:\Program Files\parehuvg
    C:\Program Files\Save

  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Close OTMoveIt

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please "Copy" the results from the "Results" window (to the right) and then "Paste" them into your next reply on the forum.

Note : If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :
C:\_OTMoveIt\MovedFiles\********_******.log
(where "********_******" is the "date_time")

Click "Exit" to close OTMoveIt.




Reboot and post a new DSS log
Go to the top of the page
 
+Quote Post
sumguy
post Dec 26 2007, 07:50 PM
Post #6


Member
**
Posts: 54
From: California
OS: windows xp
Well, for the hijack this:

O2 - BHO: (no name) - {1AFCD1D7-C06B-48DB-874D-FB5F99BDB60F} - C:\WINDOWS\system32\mllmm.dll - WASNT THERE
O2 - BHO: (no name) - {5B17AFFD-3491-4318-B941-0E867D8B94D2} - C:\WINDOWS\inf\gvamcd.dll (file missing) - NOT THERE
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) - NOT THERE
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file) - FIXED
O20 - Winlogon Notify: gebya - C:\WINDOWS\system32\gebya.dll (file missing) - NOT THERE
O20 - Winlogon Notify: gvamcd - C:\WINDOWS\inf\gvamcd.dll (file missing) - NOT THERE
O20 - Winlogon Notify: wineij32 - wineij32.dll (file missing) - NOT THERE

smile.gif

MOVEIT LOG :

File/Folder C:\Program Files\WinAntiVirus Pro 2006 not found.
File/Folder C:\DOCUME~1\\Nes\LOCALS~1\Temp\win27B.exe not found.
C:\WINDOWS\system32\aybeg.tmp moved successfully.
C:\WINDOWS\system32\aybeg.bak1 moved successfully.
C:\WINDOWS\system32\aybeg.bak2 moved successfully.
C:\WINDOWS\inf\dcmavg.tmp moved successfully.
C:\WINDOWS\inf\dcmavg.bak1 moved successfully.
C:\WINDOWS\inf\dcmavg.bak2 moved successfully.
C:\WINDOWS\system32\opqss.tmp moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\mllmm.dll
C:\WINDOWS\system32\mllmm.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\mllmm.dll scheduled to be moved on reboot.
C:\fjrnkqwn.exe moved successfully.
C:\Install moved successfully.
C:\WINDOWS\system32\njprckha moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\drvkegr.dll
C:\WINDOWS\system32\drvkegr.dll NOT unregistered.
C:\WINDOWS\system32\drvkegr.dll moved successfully.
C:\Program Files\SecCenter moved successfully.
C:\Program Files\Gcxwkfaq moved successfully.
C:\Program Files\parehuvg moved successfully.
C:\WINDOWS\system32\mllmm.exe moved successfully.
C:\WINDOWS\system32\mmllm.ini2 moved successfully.
File/Folder C:\DOCUME~1\Nes\APPLIC~1\Gluefunk\Audio Internet Save.exe not found.
File/Folder C:\WINDOWS\avp .exe not found.
File/Folder C:\WINDOWS\system32\drvkeg.dll not found.
File/Folder C:\Documents and Settings\All Users\Application Data\dilozmfa.dll not found.
File/Folder C:\WINDOWS\lsass .exe not found.
File/Folder C:\Program Files\Outerinfo not found.
File/Folder C:\Program Files\SecCenter not found.
File/Folder C:\WINDOWS\system32\mgrs.exe not found.
File/Folder C:\Program Files\parehuvg not found.
File/Folder C:\Program Files\Save not found.

Created on 12/26/2007 17:30:42

Then the new DSS log IS IN A NEW POST smile.gif
Go to the top of the page
 
+Quote Post
sumguy
post Dec 26 2007, 07:52 PM
Post #7


Member
**
Posts: 54
From: California
OS: windows xp
Deckard's System Scanner v20071014.68
Run by Nes on 2007-12-26 17:38:26
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 503 MiB (512 MiB recommended).


-- HijackThis (run as Nes.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:38:32 PM, on 12/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Microsoft IntelliType Pro\type32 .exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched .exe
C:\WINDOWS\system32\hkcmd .exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
C:\WINDOWS\system32\dla\tfswctrl .exe
C:\Program Files\Lexmark 2500 Series\lxddamon .exe
C:\Program Files\Lexmark 2500 Series\lxddmon .exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware .exe
C:\Program Files\AIM6\aim6 .exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon .exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Nes\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Nes.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\PROGRA~1\NETSCA~1\NETSCA~1\pbhelper.dll
O2 - BHO: (no name) - {5B17AFFD-3491-4318-B941-0E867D8B94D2} - C:\WINDOWS\inf\gvamcd.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar6.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: (no name) - {EF86E00F-C968-4B8E-9EE6-FD52B84C3B76} - C:\WINDOWS\system32\mllmm.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar6.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [avast!] C:\DOCUME~1\Nes\Desktop\avast\install\ashDisp.exe
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe" -startup
O4 - HKCU\..\Run: [trust readme] C:\DOCUME~1\Nes\APPLIC~1\Gluefunk\Audio Internet Save.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: gebya - C:\WINDOWS\system32\gebya.dll (file missing)
O20 - Winlogon Notify: gvamcd - C:\WINDOWS\inf\gvamcd.dll (file missing)
O20 - Winlogon Notify: wineij32 - wineij32.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Documents and Settings\Nes\Desktop\avast\install\aswUpdSv.exe (file missing)
O23 - Service: avast! Antivirus - Unknown owner - C:\Documents and Settings\Nes\Desktop\avast\install\ashServ.exe (file missing)
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Documents and Settings\Nes\Desktop\avast\install\ashMaiSv.exe (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Documents and Settings\Nes\Desktop\avast\install\ashWebSv.exe (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe
O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: Netscape Update Service (NCUpdateSvc) - Netscape Communications Corporation - C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9958 bytes

-- Files created between 2007-11-26 and 2007-12-26 -----------------------------

2007-12-26 17:34:13 335360 --a------ C:\WINDOWS\system32\mllmm.exe
2007-12-26 17:33:59 13327 --ahs---- C:\WINDOWS\system32\mmllm.ini2
2007-12-26 14:43:01 0 d-------- C:\WINDOWS\ERUNT
2007-12-25 23:35:02 0 d-------- C:\Program Files\CCleaner
2007-12-25 17:45:39 0 d-------- C:\Documents and Settings\Nes\Application Data\Lexmark Productivity Studio
2007-12-19 18:26:49 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real
2007-12-19 18:25:14 0 d-------- C:\Documents and Settings\Administrator\Application Data\Leadertech
2007-12-19 18:15:39 0 d-------- C:\Documents and Settings\Herschel\Application Data\SUPERAntiSpyware.com
2007-12-19 18:13:24 0 d-------- C:\Documents and Settings\Herschel\Application Data\Mozilla
2007-12-19 18:10:54 0 d-------- C:\Documents and Settings\Herschel\Application Data\FaxCtr
2007-12-19 18:10:35 0 d-------- C:\Documents and Settings\Herschel\Application Data\Real
2007-12-19 17:00:01 331776 -----n--- C:\WINDOWS\system32\mllmm.dll
2007-12-19 16:51:04 0 d--hs---- C:\WINDOWS\CSC
2007-12-03 21:20:23 0 d-------- C:\Program Files\Buddy Icon Maker
2007-12-03 21:20:17 0 d-------- C:\Program Files\Colorizer
2007-12-03 21:20:13 0 d-------- C:\Program Files\AvPropPlugin
2007-12-03 21:19:07 0 d-------- C:\Program Files\AIM Music Link


-- Find3M Report ---------------------------------------------------------------

2007-12-26 17:34:12 0 d-------- C:\Program Files\Lexmark Fax Solutions
2007-12-26 17:34:11 0 d-------- C:\Program Files\Lexmark 2500 Series
2007-12-26 17:34:08 430592 --a------ C:\WINDOWS\system32\igfxtray.exe <Not Verified; Intel Corporation; Intel® Common User Interface>
2007-12-26 17:34:08 451072 --a------ C:\WINDOWS\system32\igfxpers.exe <Not Verified; Intel Corporation; Intel® Common User Interface>
2007-12-26 17:34:04 0 d-------- C:\Program Files\Microsoft IntelliType Pro
2007-12-26 17:34:03 0 d-------- C:\Program Files\AIM6
2007-12-26 17:34:01 0 d-------- C:\Program Files\Messenger
2007-12-26 17:33:59 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-12-26 14:56:27 414208 --a------ C:\WINDOWS\system32\hkcmd.exe <Not Verified; Intel Corporation; Intel® Common User Interface>
2007-12-26 14:39:32 0 d-------- C:\Program Files\Microsoft IntelliPoint
2007-12-25 23:33:27 0 d-------- C:\Program Files\Trend Micro
2007-12-25 23:32:14 0 d-------- C:\Program Files\DellSupport
2007-12-21 18:46:15 0 d-------- C:\Program Files\QuickTime
2007-12-19 13:51:32 0 d-------- C:\Program Files\mobile PhoneTools
2007-12-13 20:26:40 0 d-------- C:\Program Files\Copysafe
2007-12-03 21:20:20 0 d-------- C:\Program Files\WildTangent
2007-12-03 21:18:21 0 d-------- C:\Program Files\Plaxo
2007-11-24 12:15:55 0 d-------- C:\Program Files\Lx_cats
2007-11-02 19:29:27 0 d-------- C:\Program Files\Viewpoint
2007-11-02 19:29:23 0 d-a------ C:\Program Files\Common Files
2007-11-02 19:29:23 0 d-------- C:\Program Files\Common Files\Viewpoint
2007-11-01 18:28:57 0 d-------- C:\Program Files\MSN Messenger
2007-10-28 12:48:16 0 d-------- C:\Documents and Settings\Nes\Application Data\Winamp


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5B17AFFD-3491-4318-B941-0E867D8B94D2}]
C:\WINDOWS\inf\gvamcd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EF86E00F-C968-4B8E-9EE6-FD52B84C3B76}]
12/19/2007 05:00 PM 331776 --------- C:\WINDOWS\system32\mllmm.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WatchDog"="C:\Program Files\mobile PhoneTools\WatchDog.exe" []
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [12/26/2007 02:56 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" [12/26/2007 05:34 PM]
"SigmatelSysTrayApp"="stsystra.exe" [03/22/2005 10:20 PM C:\WINDOWS\stsystra.exe]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" [12/26/2007 05:34 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [12/26/2007 02:56 PM]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" []
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [12/26/2007 05:34 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [12/26/2007 05:34 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [12/26/2007 02:56 PM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [12/26/2007 05:34 PM]
"avast!"="C:\DOCUME~1\Nes\Desktop\avast\install\ashDisp.exe" []
"lxddmon.exe"="C:\Program Files\Lexmark 2500 Series\lxddmon.exe" [12/26/2007 05:34 PM]
"lxddamon"="C:\Program Files\Lexmark 2500 Series\lxddamon.exe" [12/26/2007 05:34 PM]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [12/26/2007 05:34 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [12/26/2007 05:34 PM]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe" [12/26/2007 05:34 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"trust readme"="C:\DOCUME~1\Nes\APPLIC~1\Gluefunk\Audio Internet Save.exe" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [12/26/2007 05:33 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [12/26/2007 05:33 PM]
"OE_OEM"="C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [12/26/2007 05:34 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [12/26/2007 05:34 PM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [12/26/2007 05:34 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 03:00 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Norton SystemWorks"="C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [1/17/2006 3:56:58 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [11/11/2004 9:59:36 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 04/29/2007 10:36 AM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebya]
C:\WINDOWS\system32\gebya.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gvamcd]
C:\WINDOWS\inf\gvamcd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wineij32]
wineij32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\mllmm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avp]
C:\WINDOWS\avp .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDrive]
rundll32.exe C:\WINDOWS\system32\drvkeg.dll,startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\Dell Support\DSAgnt.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dilozmfa]
regsvr32 /u "C:\Documents and Settings\All Users\Application Data\dilozmfa.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1139646943\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe" -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
C:\WINDOWS\system32\mllmm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lsass]
C:\WINDOWS\lsass .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Outerinfo]
"C:\Program Files\Outerinfo\Outerinfo.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask .exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SC2]
C:\Program Files\SecCenter\scprot4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\smgr]
mgrs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ufancxsz]
rundll32.exe "C:\Program Files\parehuvg\lsbmxqhu.dll",Init

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]
"C:\Program Files\Save\Save.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"tmproxy"=2 (0x2)
"TmPfw"=2 (0x2)
"Tmntsrv"=2 (0x2)
"Symantec Core LC"=2 (0x2)
"Speed Disk service"=2 (0x2)
"SPBBCSvc"=2 (0x2)
"SNDSrvc"=2 (0x2)
"SBService"=2 (0x2)
"SAVScan"=3 (0x3)
"PcCtlCom"=2 (0x2)
"NProtectService"=2 (0x2)
"NPFMntor"=2 (0x2)
"NetSvc"=3 (0x3)
"navapsvc"=2 (0x2)
"ISSVC"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccProxy"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"AOL ACS"=2 (0x2)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe




-- End of Deckard's System Scanner: finished at 2007-12-26 17:39:01 ------------

This post has been edited by sumguy: Dec 26 2007, 07:54 PM
Go to the top of the page
 
+Quote Post
Rorschach112
post Dec 27 2007, 04:49 AM
Post #8


GeekU Teacher
Group Icon
Posts: 34,385
From: Dublin
OS: XP
Do this

Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  • Under Additional Scans on the bottom right, check the boxes for Reg - Disabled MS Config Items.
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Use the Add Reply button and Copy/Paste the information back here in an attachment. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in the attached report.

Make sure you attach the report in your reply.
Go to the top of the page
 
+Quote Post
sumguy
post Dec 27 2007, 12:58 PM
Post #9


Member
**
Posts: 54
From: California
OS: windows xp
I did the no word rap , i hope it worked, and thanks so far...just one question...the computer is running fine right now, but i haven't done a full system shutdown yet, should i go ahead and do it? WAITING ON YOUR CALL, smile.gif


WinPFind3 logfile created on: 12/27/2007 10:39:52 AM
WinPFind3U by OldTimer - Version 1.0.44 Folder = C:\Documents and Settings\Nes\Desktop\WINpFIND\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.13)

502.07 Mb Total Physical Memory | 246.68 Mb Available Physical Memory | 49.13% Memory free
1.20 Gb Paging File | 0.83 Gb Available in Paging File | 68.91% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.82 Gb Total Space | 35.95 Gb Free Space | 51.49% Space Free
D: Drive not present or media not loaded
Drive E: | 124.47 Mb Total Space | 91.00 Mb Free Space | 73.11% Space Free
F: Drive not present or media not loaded

Computer Name: NAREN
Current User Name: Nes
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
aim6 .exe -> %ProgramFiles%\AIM6\aim6 .exe -> AOL LLC [Ver = 1.4.9.1 | Size = 50528 bytes | Modified Date = 12/26/2007 5:34:40 PM | Attr = ]
aolsoftware.exe -> %ProgramFiles%\AIM6\aolsoftware.exe -> AOL LLC [Ver = 15.5.1.2 | Size = 42032 bytes | Modified Date = 5/25/2007 9:16:08 AM | Attr = ]
dlg.exe -> %ProgramFiles%\Digital Line Detect\DLG.exe -> BVRP Software [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 10/29/2003 12:06:00 AM | Attr = R ]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.11: 2007112718 | Size = 7650416 bytes | Modified Date = 11/28/2007 11:11:52 AM | Attr = ]
googletoolbarnotifier .exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 12/26/2007 5:34:26 PM | Attr = ]
hkcmd .exe -> %System32%\hkcmd .exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 77824 bytes | Modified Date = 12/26/2007 5:34:12 PM | Attr = ]
issch .exe -> %CommonProgramFiles%\InstallShield\UpdateService\issch .exe -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 81920 bytes | Modified Date = 12/26/2007 5:34:10 PM | Attr = ]
jucheck.exe -> %ProgramFiles%\Java\jre1.5.0_08\bin\jucheck.exe -> Sun Microsystems, Inc. [Ver = 5.0.80.3 | Size = 241775 bytes | Modified Date = 7/26/2006 3:03:14 AM | Attr = ]
jusched .exe -> %ProgramFiles%\Java\jre1.5.0_08\bin\jusched .exe -> Sun Microsystems, Inc. [Ver = 5.0.80.3 | Size = 49263 bytes | Modified Date = 12/26/2007 5:34:08 PM | Attr = ]
lxddamon .exe -> %ProgramFiles%\Lexmark 2500 Series\lxddamon .exe -> Lexmark [Ver = 1.0.2620.13812 | Size = 20480 bytes | Modified Date = 12/26/2007 5:34:18 PM | Attr = ]
lxddcoms.exe -> %System32%\lxddcoms.exe -> [Ver = 1.62.48.0 | Size = 537520 bytes | Modified Date = 4/25/2007 9:21:22 PM | Attr = ]
lxddmon .exe -> %ProgramFiles%\Lexmark 2500 Series\lxddmon .exe -> [Ver = 0.1.25.0 | Size = 291760 bytes | Modified Date = 12/26/2007 5:34:16 PM | Attr = ]
ncupdatesvc.exe -> %ProgramFiles%\Netscape Internet Service\ncupdatesvc.exe -> Netscape Communications Corporation [Ver = 2, 0, 0, 2 | Size = 139264 bytes | Modified Date = 2/10/2005 4:54:38 PM | Attr = ]
stsystra.exe -> %SystemRoot%\stsystra.exe -> SigmaTel, Inc. [Ver = 1.0.4450.0 nd83 cp1 | Size = 339968 bytes | Modified Date = 3/22/2005 10:20:44 PM | Attr = ]
superantispyware .exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware .exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 12/26/2007 5:34:32 PM | Attr = ]
tfswctrl .exe -> %System32%\dla\tfswctrl .exe -> Sonic Solutions [Ver = 1.04.08a | Size = 127035 bytes | Modified Date = 12/26/2007 5:34:14 PM | Attr = ]
tmas_oemon .exe -> %ProgramFiles%\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon .exe -> Trend Micro Inc. [Ver = 3.5.0.1113 | Size = 20553 bytes | Modified Date = 12/26/2007 5:34:34 PM | Attr = ]
viewmgr.exe -> %ProgramFiles%\Viewpoint\Viewpoint Manager\ViewMgr.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 112336 bytes | Modified Date = 1/4/2007 1:38:20 PM | Attr = ]
viewpointservice.exe -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 1:38:10 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WINpFIND\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.44.0 | Size = 371200 bytes | Modified Date = 11/21/2007 9:19:46 AM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Stopped] -> %UserDesktop%\avast\install\aswUpdSv.exe -> File not found
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Stopped] -> %UserDesktop%\avast\install\ashServ.exe -> File not found
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Stopped] -> %UserDesktop%\avast\install\ashMaiSv.exe -> File not found
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Stopped] -> %UserDesktop%\avast\install\ashWebSv.exe -> File not found
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/10/2004 3:00:00 AM | Attr = ]
(DSBrokerService) DSBrokerService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\DellSupport\brkrsvc.exe -> [Ver = 1, 0, 0, 8 | Size = 76848 bytes | Modified Date = 3/7/2007 2:47:46 PM | Attr = ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 2/13/2007 11:46:38 PM | Attr = ]
(lxddCATSCustConnectService) lxddCATSCustConnectService [Win32_Own | Auto | Stopped] -> %System32%\spool\drivers\w32x86\3\lxddserv.exe -> Lexmark International, Inc. [Ver = 1.42.0.22 | Size = 99248 bytes | Modified Date = 4/25/2007 9:21:42 PM | Attr = ]
(lxdd_device) lxdd_device [Win32_Own | Auto | Running] -> %System32%\lxddcoms.exe -> [Ver = 1.62.48.0 | Size = 537520 bytes | Modified Date = 4/25/2007 9:21:22 PM | Attr = ]
(NCUpdateSvc) Netscape Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Netscape Internet Service\ncupdatesvc.exe -> Netscape Communications Corporation [Ver = 2, 0, 0, 2 | Size = 139264 bytes | Modified Date = 2/10/2005 4:54:38 PM | Attr = ]
(NetSvc) Intel NCS NetService [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Intel\PROSetWired\NCS\Sync\NetSvc.exe -> Intel® Corporation [Ver = 2.2.7.0 | Size = 147456 bytes | Modified Date = 11/19/2004 9:26:40 AM | Attr = ]
(PcCtlCom) Trend Micro Central Control Component [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Trend Micro\Internet Security 12\PcCtlCom.exe -> Trend Micro Incorporated. [Ver = 12.70.0.1017 | Size = 880723 bytes | Modified Date = 8/30/2005 2:30:28 PM | Attr = ]
(Tmntsrv) Trend Micro Real-time Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Trend Micro\Internet Security 12\Tmntsrv.exe -> Trend Micro Incorporated. [Ver = 12.70.0.1017 | Size = 290889 bytes | Modified Date = 8/30/2005 2:30:32 PM | Attr = ]
(TmPfw) Trend Micro Personal Firewall [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Trend Micro\Internet Security 12\TmPfw.exe -> Trend Micro Inc. [Ver = 2.0.0.1135 | Size = 585792 bytes | Modified Date = 8/30/2005 2:30:34 PM | Attr = ]
(tmproxy) Trend Micro Proxy Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Trend Micro\Internet Security 12\tmproxy.exe -> Trend Micro Inc. [Ver = 1.0.0.1135 | Size = 262215 bytes | Modified Date = 8/30/2005 2:30:34 PM | Attr = ]
(Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 1:38:10 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\Reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 376320 bytes | Modified Date = 12/26/2007 6:06:16 PM | Attr = ]
avast! -> %SystemDrive%\DOCUME~1\Nes\Desktop\avast\install\ashDisp.exe -> File not found
dla -> %System32%\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 488960 bytes | Modified Date = 12/26/2007 6:06:16 PM | Attr = ]
FaxCenterServer -> %ProgramFiles%\Lexmark Fax Solutions\fm3032.exe -> [Ver = 0.1.35.8 | Size = 648704 bytes | Modified Date = 12/26/2007 6:06:16 PM | Attr = ]
igfxhkcmd -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 414208 bytes | Modified Date = 12/26/2007 6:06:14 PM | Attr = ]
igfxpers -> %System32%\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 451072 bytes | Modified Date = 12/26/2007 6:06:14 PM | Attr = ]
igfxtray -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 430592 bytes | Modified Date = 12/26/2007 6:06:14 PM | Attr = ]
IntelliPoint -> %ProgramFiles%\Microsoft IntelliPoint\point32.exe -> File not found
ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\isuspm .exe -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 611840 bytes | Modified Date = 12/26/2007 6:06:16 PM | Attr = ]
ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 419840 bytes | Modified Date = 12/26/2007 6:06:14 PM | Attr = ]
lxddamon -> %ProgramFiles%\Lexmark 2500 Series\lxddamon.exe -> Lexmark [Ver = 1.0.2620.13812 | Size = 360448 bytes | Modified Date = 12/26/2007 6:06:16 PM | Attr = ]
lxddmon.exe -> %ProgramFiles%\Lexmark 2500 Series\lxddmon.exe -> [Ver = 0.1.25.0 | Size = 631296 bytes | Modified Date = 12/26/2007 6:06:16 PM | Attr = ]
pccguide.exe -> %ProgramFiles%\Trend Micro\Internet Security 12\pccguide.exe -> Trend Micro Incorporated. [Ver = 12.70.0.1017 | Size = 1192960 bytes | Modified Date = 12/26/2007 6:06:14 PM | Attr = ]
SigmatelSysTrayApp -> %SystemRoot%\stsystra.exe -> SigmaTel, Inc. [Ver = 1.0.4450.0 nd83 cp1 | Size = 339968 bytes | Modified Date = 3/22/2005 10:20:44 PM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.5.0_08\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.80.3 | Size = 385536 bytes | Modified Date = 12/26/2007 6:06:14 PM | Attr = ]
WatchDog -> %ProgramFiles%\mobile PhoneTools\WatchDog.exe -> File not found
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Aim6 -> %ProgramFiles%\AIM6\aim6.exe -> AOL LLC [Ver = 1.4.9.1 | Size = 411136 bytes | Modified Date = 12/26/2007 6:06:14 PM | Attr = ]
OE_OEM -> %ProgramFiles%\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe -> Trend Micro Inc. [Ver = 3.5.0.1113 | Size = 358400 bytes | Modified Date = 12/26/2007 6:06:14 PM | Attr = ]
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1767936 bytes | Modified Date = 12/26/2007 6:06:14 PM | Attr = ]
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 432128 bytes | Modified Date = 12/26/2007 6:06:12 PM | Attr = ]
trust readme -> %SystemDrive%\DOCUME~1\Nes\APPLIC~1\Gluefunk\Audio Internet Save.exe -> File not found
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersStartup%\Digital Line Detect.lnk -> %ProgramFiles%\Digital Line Detect\DLG.exe -> BVRP Software [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 10/29/2003 12:06:00 AM | Attr = R ]
%AllUsersStartup%\QuickBooks Update Agent.lnk -> %CommonProgramFiles%\Intuit\QuickBooks\QBUpdate\qbupdate.exe -> Intuit, Inc. [Ver = 15.0 R2 | Size = 806912 bytes | Modified Date = 11/11/2004 9:59:36 AM | Attr = ]
< AppInit_DLLs [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktopNetwork3.dll -> [Ver = | Size = 110592 bytes | Modified Date = 1/17/2006 4:08:10 PM | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKLM] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 12:55:48 PM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.DLL -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 4/29/2007 10:36:36 AM | Attr = ]
gebya -> %System32%\gebya.dll -> File not found
gvamcd -> %SystemRoot%\inf\gvamcd.dll -> File not found
igfxcui -> %System32%\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4410 | Size = 135168 bytes | Modified Date = 10/14/2005 6:45:38 PM | Attr = ]
wineij32 -> wineij32.dll -> File not found
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallVisualStyle -> C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallTheme -> C:\WINDOWS\Resources\Themes\Royale.theme ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
< HOSTS File > (686 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost -> ->
< Internet Explorer Settings > -> ->
HKLM: Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKLM: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: SearchAssistant -> http://www.google.com/ie ->
HKCU: Default_Page_URL -> http://www.google.com/ig/dell?hl=en ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Bar -> http://www.google.com/ie ->
HKCU: Search Page -> http://www.google.com ->
HKCU: Start Page -> http://www.google.com/ ->
HKCU: SearchAssistant -> http://www.google.com/ie ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
msn.com [ - ] -> ->
< Trusted Sites > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
locator.cdn_imageservr.com [http] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2005, 11, 4, 1 | Size = 399352 bytes | Modified Date = 1/5/2006 11:30:40 AM | Attr = ]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 10:08:42 PM | Attr = ]
{1017A80C-6F09-4548-A84D-EDD6AC9525F0} [HKLM] -> %ProgramFiles%\Lexmark Toolbar\toolband.dll [Lexmark Toolbar] -> [Ver = | Size = 184320 bytes | Modified Date = 8/9/2006 6:37:44 AM | Attr = R ]
{4115122B-85FF-4DD3-9515-F075BEDE5EB5} [HKLM] -> %ProgramFiles%\Netscape Internet Service\Netscape Web Accelerator\pbhelper.dll [PBlockHelper Class] -> [Ver = 3.2.12 | Size = 219136 bytes | Modified Date = 11/8/2004 1:41:44 PM | Attr = ]
{5B17AFFD-3491-4318-B941-0E867D8B94D2} [HKLM] -> %SystemRoot%\inf\gvamcd.dll [Reg Data - Value does not exist] -> File not found
{5CA3D70E-1895-11CF-8E15-001234567890} [HKLM] -> %System32%\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 1.04.08a | Size = 118842 bytes | Modified Date = 12/5/2004 11:05:00 PM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_08\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.80.3 | Size = 434279 bytes | Modified Date = 7/26/2006 3:17:56 AM | Attr = ]
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{A7327C09-B521-4EDB-8509-7D2660C9EC98} [HKLM] -> %ProgramFiles%\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll [Viewpoint Toolbar BHO] -> Viewpoint Corporation [Ver = 3, 8, 0, 60 | Size = 38584 bytes | Modified Date = 5/23/2007 7:26:04 AM | Attr = ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\googletoolbar6.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 0, 301, 7164 | Size = 325048 bytes | Modified Date = 7/26/2007 5:04:04 PM | Attr = ]
{CA6319C0-31B7-401E-A518-A07C3DB8F777} [HKLM] -> %ProgramFiles%\GoogleAFE\GoogleAE.dll [CBrowserHelperObject Object] -> Google [Ver = 1.0.0.1 | Size = 90112 bytes | Modified Date = 12/8/2005 12:00:34 PM | Attr = ]
{EF86E00F-C968-4B8E-9EE6-FD52B84C3B76} [HKLM] -> %System32%\mllmm.dll [Reg Data - Value does not exist] -> [Ver = | Size = 331776 bytes | Modified Date = 12/19/2007 5:00:04 PM | Attr = ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{1017A80C-6F09-4548-A84D-EDD6AC9525F0} [HKLM] -> %ProgramFiles%\Lexmark Toolbar\toolband.dll [Lexmark Toolbar] -> [Ver = | Size = 184320 bytes | Modified Date = 8/9/2006 6:37:44 AM | Attr = R ]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar6.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 11, 4, 1 | Size = 399352 bytes | Modified Date = 1/5/2006 11:30:40 AM | Attr = ]
{F8AD5AA5-D966-4667-9DAF-2561D68B2012} [HKLM] -> %CommonProgramFiles%\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll [Viewpoint Toolbar] -> Viewpoint Corporation [Ver = 3, 8, 0, 60 | Size = 333472 bytes | Modified Date = 5/23/2007 7:25:50 AM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar6.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ]
WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} [HKLM] -> %ProgramFiles%\Lexmark Toolbar\toolband.dll [Lexmark Toolbar] -> [Ver = | Size = 184320 bytes | Modified Date = 8/9/2006 6:37:44 AM | Attr = R ]
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar6.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ]
WebBrowser\\{74CC49F7-EB32-4A08-B204-948962A6E3DB} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 11, 4, 1 | Size = 399352 bytes | Modified Date = 1/5/2006 11:30:40 AM | Attr = ]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> Reg Data - Key not found [MenuText: Sun Java Console] -> File not found
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -> Reg Data - Value does not exist [ButtonText: Real.com] -> File not found
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> -> File not found
< Internet Explorer Plugins [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension\ ->
.mpg -> %ProgramFiles%\Internet Explorer\PLUGINS\npqtplugin3.dll [QuickTime Plug-in 6.5] -> Apple Computer, Inc. [Ver = 6.5 | Size = 106496 bytes | Modified Date = 1/17/2006 4:00:04 PM | Attr = ]
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{3607E157-327E-4039-9346-F7B37EDC8FE8} -> (Intel® PRO/100 VE Network Connection) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{15B782AF-55D8-11D1-B477-006097098764} -> Macromedia Authorware Web Player Control - CodeBase = http://fpdownload.macromedia.com/get/shock...are/awswaxd.cab ->
{233C1507-6A77-46A4-9443-F871F945D258} -> Shockwave ActiveX Control - CodeBase = http://fpdownload.macromedia.com/pub/shock...director/sw.cab ->
{67DABFBF-D0AB-41FA-9C46-CC0F21721616} -> DivXBrowserPlugin Object - CodeBase = http://go.divx.com/plugin/DivXBrowserPlugin.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_08 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -> - CodeBase = http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab ->


[Registry - Additional Scans - Non-Microsoft Only]
< Disabled MSConfig Services [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services ->
AOL ACS -> ->
ccEvtMgr -> ->
ccProxy -> ->
ccPwdSvc -> ->
ccSetMgr -> ->
ISSVC -> ->
navapsvc -> ->
NetSvc -> ->
NPFMntor -> ->
NProtectService -> ->
PcCtlCom -> ->
SAVScan -> ->
SBService -> ->
SNDSrvc -> ->
SPBBCSvc -> ->
Speed Disk service -> ->
Symantec Core LC -> ->
Tmntsrv -> ->
TmPfw -> ->
tmproxy -> ->
< Disabled MSConfig Registry Items [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ ->
avp -> %SystemRoot%\avp .exe -> File not found
CTDrive -> %System32%\drvkeg.DLL -> File not found
DellSupport -> %ProgramFiles%\Dell Support\DSAgnt.exe -> File not found
dilozmfa -> regsvr32 /u "%AllUsersAppData%\dilozmfa.dll -> File not found
DVDLauncher -> %ProgramFiles%\CyberLink\PowerDVD\DVDLauncher.exe -> CyberLink Corp. [Ver = 3.00.0000 | Size = 53248 bytes | Modified Date = 2/23/2005 2:19:56 PM | Attr = ]
Google Desktop Search -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> [Ver = | Size = 168448 bytes | Modified Date = 1/17/2006 4:08:10 PM | Attr = ]
HostManager -> %CommonProgramFiles%\AOL\1139646943\ee\AOLSoftware.exe -> America Online, Inc. [Ver = 1.5.3.1 | Size = 50760 bytes | Modified Date = 5/9/2006 4:24:16 PM | Attr = ]
ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\isuspm .exe -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 611840 bytes | Modified Date = 12/26/2007 2:56:34 PM | Attr = ]
Load -> %System32%\mllmm.exe -> [Ver = | Size = 335360 bytes | Modified Date = 12/26/2007 6:06:16 PM | Attr = ]
lsass -> %SystemRoot%\lsass .exe -> File not found
Outerinfo -> %ProgramFiles%\Outerinfo\Outerinfo.exe -> File not found
QuickTime Task -> %ProgramFiles%\QuickTime\qttask .exe -> Apple Computer, Inc. [Ver = 6.5 | Size = 443904 bytes | Modified Date = 12/21/2007 6:46:16 PM | Attr = ]
SC2 -> %ProgramFiles%\SecCenter\scprot4.exe -> File not found
smgr -> mgrs.exe -> File not found
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3725 | Size = 522240 bytes | Modified Date = 12/20/2007 11:41:08 AM | Attr = ]
ufancxsz -> Files\parehuvg\lsbmxqhu.DLL -> File not found
WhenUSave -> %ProgramFiles%\Save\Save.exe -> File not found


[Files/Folders - Created Within 30 days]
Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 12/26/2007 3:06:47 PM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 526536704 bytes | Created Date = 1/1/1601 8:00:00 AM | Attr = HS]
SDFix -> %SystemDrive%\SDFix -> [Folder | Created Date = 12/26/2007 2:42:21 PM | Attr = ]
_OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Created Date = 12/26/2007 5:30:40 PM | Attr = ]
$NtUninstallKB937894$ -> %SystemRoot%\$NtUninstallKB937894$ -> [Folder | Created Date = 12/11/2007 11:02:04 PM | Attr = H ]
$NtUninstallKB941568$ -> %SystemRoot%\$NtUninstallKB941568$ -> [Folder | Created Date = 12/11/2007 11:00:50 PM | Attr = H ]
$NtUninstallKB941569$ -> %SystemRoot%\$NtUninstallKB941569$ -> [Folder | Created Date = 12/11/2007 11:01:50 PM | Attr = H ]
$NtUninstallKB942763$ -> %SystemRoot%\$NtUninstallKB942763$ -> [Folder | Created Date = 12/11/2007 11:01:59 PM | Attr = H ]
$NtUninstallKB944653$ -> %SystemRoot%\$NtUninstallKB944653$ -> [Folder | Created Date = 12/11/2007 11:00:40 PM | Attr = H ]
CSC -> %SystemRoot%\CSC -> [Folder | Created Date = 12/19/2007 4:51:04 PM | Attr = HS]
ERDNT -> %SystemRoot%\ERDNT -> [Folder | Created Date = 12/26/2007 3:07:11 PM | Attr = ]
ERUNT -> %SystemRoot%\ERUNT -> [Folder | Created Date = 12/26/2007 2:43:01 PM | Attr = ]
hkcmd .exe -> %System32%\hkcmd .exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 77824 bytes | Created Date = 12/19/2007 3:43:53 PM | Attr = ]
igfxpers .exe -> %System32%\igfxpers .exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 114688 bytes | Created Date = 12/19/2007 3:43:53 PM | Attr = ]
igfxtray .exe -> %System32%\igfxtray .exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 94208 bytes | Created Date = 12/19/2007 3:43:48 PM | Attr = ]
mllmm.dll -> %System32%\mllmm.dll -> [Ver = | Size = 331776 bytes | Created Date = 12/19/2007 5:00:01 PM | Attr = ]
mllmm.exe -> %System32%\mllmm.exe -> [Ver = | Size = 335360 bytes | Created Date = 12/26/2007 5:34:13 PM | Attr = ]
mmllm.ini -> %System32%\mmllm.ini -> [Ver = | Size = 6909 bytes | Created Date = 12/19/2007 12:33:44 PM | Attr = HS]
mmllm.ini2 -> %System32%\mmllm.ini2 -> [Ver = | Size = 6893 bytes | Created Date = 12/26/2007 5:33:59 PM | Attr = HS]
RCX46.tmp -> %System32%\RCX46.tmp -> [Ver = | Size = 335360 bytes | Created Date = 12/20/2007 11:41:20 AM | Attr = ]
RCX47.tmp -> %System32%\RCX47.tmp -> [Ver = | Size = 335360 bytes | Created Date = 12/21/2007 5:47:32 PM | Attr = ]
RCX48.tmp -> %System32%\RCX48.tmp -> [Ver = | Size = 335360 bytes | Created Date = 12/21/2007 6:41:13 PM | Attr = ]
RCX4A.tmp -> %System32%\RCX4A.tmp -> [Ver = | Size = 335360 bytes | Created Date = 12/21/2007 6:46:24 PM | Attr = ]
RCX4B.tmp -> %System32%\RCX4B.tmp -> [Ver = | Size = 335360 bytes | Created Date = 12/21/2007 6:56:02 PM | Attr = ]
RCX50.tmp -> %System32%\RCX50.tmp -> [Ver = | Size = 335360 bytes | Created Date = 12/19/2007 3:43:54 PM | Attr = ]
RCX59.tmp -> %System32%\RCX59.tmp -> [Ver = | Size = 335360 bytes | Created Date = 12/24/2007 4:24:50 PM | Attr = ]
RCX70.tmp -> %System32%\RCX70.tmp -> [Ver = | Size = 335360 bytes | Created Date = 12/25/2007 11:51:24 PM | Attr = ]

[Files/Folders - Modified Within 30 days]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 209 bytes | Modified Date = 12/21/2007 6:52:38 PM | Attr = RHS]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 12/24/2007 4:29:26 PM | Attr = ]
Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 12/26/2007 3:06:48 PM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 526536704 bytes | Modified Date = 12/26/2007 5:33:28 PM | Attr = HS]
IPH.PH -> %SystemDrive%\IPH.PH -> [Ver = | Size = 1576 bytes | Modified Date = 12/3/2007 9:19:00 PM | Attr = H ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 12/26/2007 5:30:44 PM | Attr = ]
SDFix -> %SystemDrive%\SDFix -> [Folder | Modified Date = 12/26/2007 3:03:20 PM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 12/26/2007 5:36:42 PM | Attr = ]
_OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Modified Date = 12/26/2007 5:30:42 PM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 12/11/2007 5:41:22 PM | Attr = H ]
$NtUninstallKB937894$ -> %SystemRoot%\$NtUninstallKB937894$ -> [Folder | Modified Date = 12/11/2007 11:02:08 PM | Attr = H ]
$NtUninstallKB941568$ -> %SystemRoot%\$NtUninstallKB941568$ -> [Folder | Modified Date = 12/11/2007 11:00:52 PM | Attr = H ]
$NtUninstallKB941569$ -> %SystemRoot%\$NtUninstallKB941569$ -> [Folder | Modified Date = 12/11/2007 11:01:52 PM | Attr = H ]
$NtUninstallKB942763$ -> %SystemRoot%\$NtUninstallKB942763$ -> [Folder | Modified Date = 12/11/2007 11:02:00 PM | Attr = H ]
$NtUninstallKB944653$ -> %SystemRoot%\$NtUninstallKB944653$ -> [Folder | Modified Date = 12/11/2007 11:00:42 PM | Attr = H ]
a6w.ini -> %SystemRoot%\a6w.ini -> [Ver = | Size = 35 bytes | Modified Date = 12/13/2007 6:32:40 PM | Attr = ]
A6W_DATA -> %SystemRoot%\A6W_DATA -> [Folder | Modified Date = 12/13/2007 6:32:42 PM | Attr = ]
assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 12/3/2007 10:42:26 PM | Attr = R S]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 12/26/2007 5:33:30 PM | Attr = S]
CSC -> %SystemRoot%\CSC -> [Folder | Modified Date = 12/19/2007 4:51:06 PM | Attr = HS]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 12/26/2007 3:08:28 PM | Attr = S]
ERDNT -> %SystemRoot%\ERDNT -> [Folder | Modified Date = 12/26/2007 3:07:12 PM | Attr = ]
ERUNT -> %SystemRoot%\ERUNT -> [Folder | Modified Date = 12/26/2007 2:43:16 PM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1393 bytes | Modified Date = 12/11/2007 11:02:04 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 12/26/2007 5:30:42 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 12/24/2007 4:29:26 PM | Attr = HS]
Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Modified Date = 12/3/2007 10:42:26 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 12/27/2007 10:38:28 AM | Attr = ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 12/26/2007 5:36:50 PM | Attr = ]
Run32S60.mch -> %SystemRoot%\Run32S60.mch -> [Ver = | Size = 75805 bytes | Modified Date = 12/13/2007 6:52:26 PM | Attr = ]
srchasst -> %SystemRoot%\srchasst -> [Folder | Modified Date = 12/25/2007 10:28:26 PM | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 12/21/2007 6:52:38 PM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 12/26/2007 6:06:20 PM | Attr = ]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 12/26/2007 5:35:16 PM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 604 bytes | Modified Date = 12/21/2007 6:52:38 PM | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 12/3/2007 8:39:12 PM | Attr = ]
A5BE54899191CF91.job -> %SystemRoot%\tasks\A5BE54899191CF91.job -> [Ver = | Size = 260 bytes | Modified Date = 12/27/2007 10:00:00 AM | Attr = H ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 12/26/2007 5:33:46 PM | Attr = H ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 12/26/2007 5:34:06 PM | Attr = ]
dla -> %System32%\dla -> [Folder | Modified Date = 12/26/2007 6:06:16 PM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 12/26/2007 6:06:24 PM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 12/11/2007 11:02:08 PM | Attr = ]
hkcmd .exe -> %System32%\hkcmd .exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 77824 bytes | Modified Date = 12/26/2007 5:34:12 PM | Attr = ]
hkcmd.exe -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 414208 bytes | Modified Date = 12/26/2007 6:06:14 PM | Attr = ]
igfxpers .exe -> %System32%\igfxpers .exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 114688 bytes | Modified Date = 12/26/2007 3:03:46 PM | Attr = ]
igfxpers.exe -> %System32%\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 451072 bytes | Modified Date = 12/26/2007 6:06:14 PM | Attr = ]
igfxtray .exe -> %System32%\igfxtray .exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 94208 bytes | Modified Date = 12/26/2007 5:34:12 PM | Attr = ]
igfxtray.exe -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 430592 bytes | Modified Date = 12/26/2007 6:06:14 PM | Attr = ]
Macromed -> %System32%\Macromed -> [Folder | Modified Date = 12/17/2007 6:59:58 PM | Attr = ]
mllmm.dll -> %System32%\mllmm.dll -> [Ver = | Size = 331776 bytes | Modified Date = 12/19/2007 5:00:04 PM | Attr = ]
mllmm.exe -> %System32%\mllmm.exe -> [Ver = | Size = 335360 bytes | Modified Date = 12/26/2007 6:06:16 PM | Attr = ]
mmllm.ini -> %System32%\mmllm.ini -> [Ver = | Size = 6909 bytes | Modified Date = 12/27/2007 10:39:12 AM | Attr = HS]
mmllm.ini2 -> %System32%\mmllm.ini2 -> [Ver = | Size = 6893 bytes | Modified Date = 12/27/2007 10:38:42 AM | Attr = HS]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 63016 bytes | Modified Date = 12/26/2007 3:00:42 PM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 402406 bytes | Modified Date = 12/26/2007 3:00:42 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 473400 bytes | Modified Date = 12/26/2007 3:00:42 PM | Attr = ]
RCX46.tmp -> %System32%\RCX46.tmp -> [Ver = | Size = 335360 bytes | Modified Date = 12/20/2007 11:41:22 AM | Attr = ]
RCX47.tmp -> %System32%\RCX47.tmp -> [Ver = | Size = 335360 bytes | Modified Date = 12/21/2007 5:47:34 PM | Attr = ]
RCX48.tmp -> %System32%\RCX48.tmp -> [Ver = | Size = 335360 bytes | Modified Date = 12/21/2007 6:41:14 PM | Attr = ]
RCX4A.tmp -> %System32%\RCX4A.tmp -> [Ver = | Size = 335360 bytes | Modified Date = 12/21/2007 6:46:26 PM | Attr = ]
RCX4B.tmp -> %System32%\RCX4B.tmp -> [Ver = | Size = 335360 bytes | Modified Date = 12/21/2007 6:56:04 PM | Attr = ]
RCX50.tmp -> %System32%\RCX50.tmp -> [Ver = | Size = 335360 bytes | Modified Date = 12/19/2007 3:43:56 PM | Attr = ]
RCX59.tmp -> %System32%\RCX59.tmp -> [Ver = | Size = 335360 bytes | Modified Date = 12/24/2007 4:24:52 PM | Attr = ]
RCX70.tmp -> %System32%\RCX70.tmp -> [Ver = | Size = 335360 bytes | Modified Date = 12/25/2007 11:51:26 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 12/24/2007 4:23:12 PM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 12/26/2007 2:47:16 PM | Attr = ]

[File String Scan - Non-Microsoft Only]
UPX! , UPX0 , -> %System32%\aswBoot.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 745600 bytes | Modified Date = 4/30/2007 7:46:10 AM | Attr = ]
aspack , -> %System32%\avcodec-51.dll -> [Ver = | Size = 1839104 bytes | Modified Date = 8/23/2006 9:08:28 PM | Attr = ]
aspack , -> %System32%\avformat-50.dll -> [Ver = | Size = 217088 bytes | Modified Date = 8/23/2006 9:08:30 PM | Attr = ]
aspack , -> %System32%\avutil-49.dll -> [Ver = | Size = 16896 bytes | Modified Date = 8/23/2006 9:08:26 PM | Attr = ]
UPX! , UPX0 , -> %System32%\cpuinf32.dll -> [Ver = | Size = 9216 bytes | Modified Date = 9/17/2001 1:20:02 PM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/10/2004 3:00:00 AM | Attr = ]
PEC2 , PECompact2 , -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.5.0.53 | Size = 639066 bytes | Modified Date = 3/26/2007 11:49:00 PM | Attr = ]
Thawte Consulting , -> %System32%\lxddcfg.exe -> [Ver = 1.62.48.0 | Size = 394160 bytes | Modified Date = 4/25/2007 9:21:20 PM | Attr = ]
Thawte Consulting , -> %System32%\lxddcoms.exe -> [Ver = 1.62.48.0 | Size = 537520 bytes | Modified Date = 4/25/2007 9:21:22 PM | Attr = ]
Thawte Consulting , -> %System32%\lxddih.exe -> [Ver = 1.62.48.0 | Size = 385968 bytes | Modified Date = 4/25/2007 9:21:26 PM | Attr = ]
UPX! , UPX0 , -> %System32%\MACDec.dll -> Matthew T. Ashland [Ver = 3.99 | Size = 75264 bytes | Modified Date = 5/15/2004 4:10:42 PM | Attr = ]
UPX! , UPX0 , -> %System32%\MonkeySource.ax -> [Ver = | Size = 177152 bytes | Modified Date = 6/19/2004 6:28:44 PM | Attr = ]
Thawte Consulting , -> %System32%\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.9.2533 | Size = 181736 bytes | Modified Date = 10/11/2006 2:43:50 PM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/10/2004 3:00:00 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\ydhvhfdl.exe:Zone.Identifier ->
UPX! , aspack , -> %System32%\drivers\VsapiNT.sys -> Trend Micro Inc. [Ver = 8.000-1001 | Size = 1022432 bytes | Modified Date = 11/9/2005 8:07:30 PM | Attr = ]

< End of report >

This post has been edited by sumguy: Dec 27 2007, 01:00 PM
Go to the top of the page
 
+Quote Post
Rorschach112
post Dec 27 2007, 01:54 PM
Post #10


GeekU Teacher
Group Icon
Posts: 34,385
From: Dublin
OS: XP
Bit left to do

You can restart your PC when you need to


Start WinPFind3U. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

QUOTE
[Kill Explorer]
[Unregister Dlls]
[Win32 Services - Non-Microsoft Only]
YY -> (aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Stopped] -> %UserDesktop%\avast\install\aswUpdSv.exe
YY -> (avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Stopped] -> %UserDesktop%\avast\install\ashServ.exe
YY -> (avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Stopped] -> %UserDesktop%\avast\install\ashMaiSv.exe
YY -> (avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Stopped] -> %UserDesktop%\avast\install\ashWebSv.exe
[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> avast! -> %SystemDrive%\DOCUME~1\Nes\Desktop\avast\install\ashDisp.exe
YN -> IntelliPoint -> %ProgramFiles%\Microsoft IntelliPoint\point32.exe
YN -> WatchDog -> %ProgramFiles%\mobile PhoneTools\WatchDog.exe
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> trust readme -> %SystemDrive%\DOCUME~1\Nes\APPLIC~1\Gluefunk\Audio Internet Save.exe
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YN -> gebya -> %System32%\gebya.dll
YN -> gvamcd -> %SystemRoot%\inf\gvamcd.dll
YN -> wineij32 -> wineij32.dll
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {5B17AFFD-3491-4318-B941-0E867D8B94D2} [HKLM] -> %SystemRoot%\inf\gvamcd.dll [Reg Data - Value does not exist]
YN -> {7E853D72-626A-48EC-A868-BA8D5E23E045} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YY -> {EF86E00F-C968-4B8E-9EE6-FD52B84C3B76} [HKLM] -> %System32%\mllmm.dll [Reg Data - Value does not exist]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\{74CC49F7-EB32-4A08-B204-948962A6E3DB} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> Reg Data - Key not found [MenuText: Sun Java Console]
YN -> {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -> Reg Data - Value does not exist [ButtonText: Real.com]
YN -> {e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001]
[Registry - Additional Scans - Non-Microsoft Only]
< Disabled MSConfig Registry Items [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\
YN -> avp -> %SystemRoot%\avp .exe
YN -> CTDrive -> %System32%\drvkeg.DLL
YN -> DellSupport -> %ProgramFiles%\Dell Support\DSAgnt.exe
YN -> dilozmfa -> regsvr32 /u "%AllUsersAppData%\dilozmfa.dll
YY -> Load -> %System32%\mllmm.exe
YN -> lsass -> %SystemRoot%\lsass .exe
YN -> Outerinfo -> %ProgramFiles%\Outerinfo\Outerinfo.exe
YN -> SC2 -> %ProgramFiles%\SecCenter\scprot4.exe
YN -> smgr -> mgrs.exe
YN -> ufancxsz -> Files\parehuvg\lsbmxqhu.DLL
YN -> WhenUSave -> %ProgramFiles%\Save\Save.exe
[Files/Folders - Created Within 30 days]
NY -> mllmm.dll -> %System32%\mllmm.dll
NY -> mllmm.exe -> %System32%\mllmm.exe
NY -> mmllm.ini -> %System32%\mmllm.ini
NY -> mmllm.ini2 -> %System32%\mmllm.ini2
NY -> RCX46.tmp -> %System32%\RCX46.tmp
NY -> RCX47.tmp -> %System32%\RCX47.tmp
NY -> RCX48.tmp -> %System32%\RCX48.tmp
NY -> RCX4A.tmp -> %System32%\RCX4A.tmp
NY -> RCX4B.tmp -> %System32%\RCX4B.tmp
NY -> RCX50.tmp -> %System32%\RCX50.tmp
NY -> RCX59.tmp -> %System32%\RCX59.tmp
NY -> RCX70.tmp -> %System32%\RCX70.tmp
[Files/Folders - Modified Within 30 days]
NY -> A5BE54899191CF91.job -> %SystemRoot%\tasks\A5BE54899191CF91.job
NY -> mllmm.dll -> %System32%\mllmm.dll
NY -> mllmm.exe -> %System32%\mllmm.exe
NY -> mmllm.ini -> %System32%\mmllm.ini
NY -> mmllm.ini2 -> %System32%\mmllm.ini2
NY -> RCX46.tmp -> %System32%\RCX46.tmp
NY -> RCX47.tmp -> %System32%\RCX47.tmp
NY -> RCX48.tmp -> %System32%\RCX48.tmp
NY -> RCX4A.tmp -> %System32%\RCX4A.tmp
NY -> RCX4B.tmp -> %System32%\RCX4B.tmp
NY -> RCX50.tmp -> %System32%\RCX50.tmp
NY -> RCX59.tmp -> %System32%\RCX59.tmp
NY -> RCX70.tmp -> %System32%\RCX70.tmp
[File String Scan - Non-Microsoft Only]
NY -> UPX! , UPX0 , -> %System32%\aswBoot.exe
NY -> @Alternate Data Stream - 26 bytes -> %System32%\ydhvhfdl.exe:Zone.Identifier
[Empty Temp Folders]
[Start Explorer]
[Reboot]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new WinPFind3u scan(attach the WinPFind3 scan report).

I will review the information when it comes back in.


Then try run DSS again
Go to the top of the page
 
+Quote Post
sumguy
post Dec 27 2007, 03:21 PM
Post #11


Member
**
Posts: 54
From: California
OS: windows xp
KK, thanks again, here is what you requested smile.gif

Explorer killed successfully
[Win32 Services - Non-Microsoft Only]
Service aswUpdSv stopped successfully.
Service aswUpdSv deleted successfully.
File C:\Documents and Settings\Nes\Desktop\avast\install\aswUpdSv.exe not found.
Service avast! Antivirus stopped successfully.
Service avast! Antivirus deleted successfully.
File C:\Documents and Settings\Nes\Desktop\avast\install\ashServ.exe not found.
Service avast! Mail Scanner stopped successfully.
Service avast! Mail Scanner deleted successfully.
File C:\Documents and Settings\Nes\Desktop\avast\install\ashMaiSv.exe not found.
Service avast! Web Scanner stopped successfully.
Service avast! Web Scanner deleted successfully.
File C:\Documents and Settings\Nes\Desktop\avast\install\ashWebSv.exe not found.
[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\avast! deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\IntelliPoint deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\WatchDog deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\trust readme deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gebya deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gvamcd deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wineij32 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5B17AFFD-3491-4318-B941-0E867D8B94D2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5B17AFFD-3491-4318-B941-0E867D8B94D2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF86E00F-C968-4B8E-9EE6-FD52B84C3B76} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF86E00F-C968-4B8E-9EE6-FD52B84C3B76} deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\mllmm.dll
C:\WINDOWS\SYSTEM32\mllmm.dll NOT unregistered.
File move failed. C:\WINDOWS\SYSTEM32\mllmm.dll scheduled to be moved on reboot.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{74CC49F7-EB32-4A08-B204-948962A6E3DB} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} deleted successfully.
[Registry - Additional Scans - Non-Microsoft Only]
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\avp deleted successfully.
File not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CTDrive deleted successfully.
File not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DellSupport deleted successfully.
File not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dilozmfa deleted successfully.
File not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Load deleted successfully.
File not found.
C:\WINDOWS\SYSTEM32\mllmm.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\lsass deleted successfully.
File not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Outerinfo deleted successfully.
File not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SC2 deleted successfully.
File not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\smgr deleted successfully.
File not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ufancxsz deleted successfully.
File not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WhenUSave deleted successfully.
File not found.
[Files/Folders - Created Within 30 days]
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\mllmm.dll
C:\WINDOWS\SYSTEM32\mllmm.dll NOT unregistered.
File move failed. C:\WINDOWS\SYSTEM32\mllmm.dll scheduled to be moved on reboot.
File C:\WINDOWS\SYSTEM32\mllmm.exe not found!
C:\WINDOWS\SYSTEM32\mmllm.ini moved successfully.
C:\WINDOWS\SYSTEM32\mmllm.ini2 moved successfully.
C:\WINDOWS\SYSTEM32\RCX46.tmp moved successfully.
C:\WINDOWS\SYSTEM32\RCX47.tmp moved successfully.
C:\WINDOWS\SYSTEM32\RCX48.tmp moved successfully.
C:\WINDOWS\SYSTEM32\RCX4A.tmp moved successfully.
C:\WINDOWS\SYSTEM32\RCX4B.tmp moved successfully.
C:\WINDOWS\SYSTEM32\RCX50.tmp moved successfully.
C:\WINDOWS\SYSTEM32\RCX59.tmp moved successfully.
C:\WINDOWS\SYSTEM32\RCX70.tmp moved successfully.
[Files/Folders - Modified Within 30 days]
C:\WINDOWS\tasks\A5BE54899191CF91.job moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\mllmm.dll
C:\WINDOWS\SYSTEM32\mllmm.dll NOT unregistered.
File move failed. C:\WINDOWS\SYSTEM32\mllmm.dll scheduled to be moved on reboot.
File C:\WINDOWS\SYSTEM32\mllmm.exe not found!
File C:\WINDOWS\SYSTEM32\mmllm.ini not found!
File C:\WINDOWS\SYSTEM32\mmllm.ini2 not found!
File C:\WINDOWS\SYSTEM32\RCX46.tmp not found!
File C:\WINDOWS\SYSTEM32\RCX47.tmp not found!
File C:\WINDOWS\SYSTEM32\RCX48.tmp not found!
File C:\WINDOWS\SYSTEM32\RCX4A.tmp not found!
File C:\WINDOWS\SYSTEM32\RCX4B.tmp not found!
File C:\WINDOWS\SYSTEM32\RCX50.tmp not found!
File C:\WINDOWS\SYSTEM32\RCX59.tmp not found!
File C:\WINDOWS\SYSTEM32\RCX70.tmp not found!
[File String Scan - Non-Microsoft Only]
C:\WINDOWS\SYSTEM32\aswBoot.exe moved successfully.
ADS C:\WINDOWS\SYSTEM32\ydhvhfdl.exe:Zone.Identifier deleted successfully.
[Empty Temp Folders]
C:\DOCUME~1\Nes\LOCALS~1\Temp\ -> emptied.
C:\Documents and Settings\Nes\Local Settings\Temporary Internet Files\Content.IE5\ -> emptied
RecycleBin -> emptied.
Explorer started successfully
< End of log >
Created on 12/27/2007 13:00:22

WinPFind3 logfile created on: 12/27/2007 1:05:50 PM
WinPFind3U by OldTimer - Version 1.0.44 Folder = C:\Documents and Settings\Nes\Desktop\WINpFIND\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.13)

502.07 Mb Total Physical Memory | 135.09 Mb Available Physical Memory | 26.91% Memory free
1.20 Gb Paging File | 0.76 Gb Available in Paging File | 63.05% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.82 Gb Total Space | 35.95 Gb Free Space | 51.48% Space Free
D: Drive not present or media not loaded
Drive E: | 124.47 Mb Total Space | 90.95 Mb Free Space | 73.07% Space Free
F: Drive not present or media not loaded

Computer Name: NAREN
Current User Name: Nes
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
aim6 .exe -> %ProgramFiles%\AIM6\aim6 .exe -> AOL LLC [Ver = 1.4.9.1 | Size = 50528 bytes | Modified Date = 12/26/2007 5:34:40 PM | Attr = ]
aolsoftware.exe -> %ProgramFiles%\AIM6\aolsoftware.exe -> AOL LLC [Ver = 15.5.1.2 | Size = 42032 bytes | Modified Date = 5/25/2007 9:16:08 AM | Attr = ]
dlg.exe -> %ProgramFiles%\Digital Line Detect\DLG.exe -> BVRP Software [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 10/29/2003 12:06:00 AM | Attr = R ]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.11: 2007112718 | Size = 7650416 bytes | Modified Date = 11/28/2007 11:11:52 AM | Attr = ]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.11: 2007112718 | Size = 7650416 bytes | Modified Date = 11/28/2007 11:11:52 AM | Attr = ]
googletoolbarnotifier .exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 12/26/2007 5:34:26 PM | Attr = ]
hkcmd .exe -> %System32%\hkcmd .exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 77824 bytes | Modified Date = 12/26/2007 5:34:12 PM | Attr = ]
issch .exe -> %CommonProgramFiles%\InstallShield\UpdateService\issch .exe -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 81920 bytes | Modified Date = 12/26/2007 5:34:10 PM | Attr = ]
jucheck.exe -> %ProgramFiles%\Java\jre1.5.0_08\bin\jucheck.exe -> Sun Microsystems, Inc. [Ver = 5.0.80.3 | Size = 241775 bytes | Modified Date = 7/26/2006 3:03:14 AM | Attr = ]
jusched .exe -> %ProgramFiles%\Java\jre1.5.0_08\bin\jusched .exe -> Sun Microsystems, Inc. [Ver = 5.0.80.3 | Size = 49263 bytes | Modified Date = 12/26/2007 5:34:08 PM | Attr = ]
kbmuxuuk.exe -> %System32%\kbmuxuuk.exe -> [Ver = 1, 0, 0, 1 | Size = 74304 bytes | Modified Date = 12/27/2007 1:01:02 PM | Attr = ]
lxddamon .exe -> %ProgramFiles%\Lexmark 2500 Series\lxddamon .exe -> Lexmark [Ver = 1.0.2620.13812 | Size = 20480 bytes | Modified Date = 12/26/2007 5:34:18 PM | Attr = ]
lxddcoms.exe -> %System32%\lxddcoms.exe -> [Ver = 1.62.48.0 | Size = 537520 bytes | Modified Date = 4/25/2007 9:21:22 PM | Attr = ]
lxddmon .exe -> %ProgramFiles%\Lexmark 2500 Series\lxddmon .exe -> [Ver = 0.1.25.0 | Size = 291760 bytes | Modified Date = 12/26/2007 5:34:16 PM | Attr = ]
ncupdatesvc.exe -> %ProgramFiles%\Netscape Internet Service\ncupdatesvc.exe -> Netscape Communications Corporation [Ver = 2, 0, 0, 2 | Size = 139264 bytes | Modified Date = 2/10/2005 4:54:38 PM | Attr = ]
stsystra.exe -> %SystemRoot%\stsystra.exe -> SigmaTel, Inc. [Ver = 1.0.4450.0 nd83 cp1 | Size = 339968 bytes | Modified Date = 3/22/2005 10:20:44 PM | Attr = ]
superantispyware .exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware .exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 12/26/2007 5:34:32 PM | Attr = ]
tfswctrl .exe -> %System32%\dla\tfswctrl .exe -> Sonic Solutions [Ver = 1.04.08a | Size = 127035 bytes | Modified Date = 12/26/2007 5:34:14 PM | Attr = ]
tmas_oemon .exe -> %ProgramFiles%\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon .exe -> Trend Micro Inc. [Ver = 3.5.0.1113 | Size = 20553 bytes | Modified Date = 12/26/2007 5:34:34 PM | Attr = ]
viewmgr.exe -> %ProgramFiles%\Viewpoint\Viewpoint Manager\ViewMgr.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 112336 bytes | Modified Date = 1/4/2007 1:38:20 PM | Attr = ]
viewpointservice.exe -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 1:38:10 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WINpFIND\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.44.0 | Size = 371200 bytes | Modified Date = 11/21/2007 9:19:46 AM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/10/2004 3:00:00 AM | Attr = ]
(DSBrokerService) DSBrokerService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\DellSupport\brkrsvc.exe -> [Ver = 1, 0, 0, 8 | Size = 76848 bytes | Modified Date = 3/7/2007 2:47:46 PM | Attr = ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 2/13/2007 11:46:38 PM | Attr = ]
(lxddCATSCustConnectService) lxddCATSCustConnectService [Win32_Own | Auto | Stopped] -> %System32%\spool\drivers\w32x86\3\lxddserv.exe -> Lexmark International, Inc. [Ver = 1.42.0.22 | Size = 99248 bytes | Modified Date = 4/25/2007 9:21:42 PM | Attr = ]
(lxdd_device) lxdd_device [Win32_Own | Auto | Running] -> %System32%\lxddcoms.exe -> [Ver = 1.62.48.0 | Size = 537520 bytes | Modified Date = 4/25/2007 9:21:22 PM | Attr = ]
(NCUpdateSvc) Netscape Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Netscape Internet Service\ncupdatesvc.exe -> Netscape Communications Corporation [Ver = 2, 0, 0, 2 | Size = 139264 bytes | Modified Date = 2/10/2005 4:54:38 PM | Attr = ]
(NetSvc) Intel NCS NetService [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Intel\PROSetWired\NCS\Sync\NetSvc.exe -> Intel® Corporation [Ver = 2.2.7.0 | Size = 147456 bytes | Modified Date = 11/19/2004 9:26:40 AM | Attr = ]
(PcCtlCom) Trend Micro Central Control Component [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Trend Micro\Internet Security 12\PcCtlCom.exe -> Trend Micro Incorporated. [Ver = 12.70.0.1017 | Size = 880723 bytes | Modified Date = 8/30/2005 2:30:28 PM | Attr = ]
(Tmntsrv) Trend Micro Real-time Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Trend Micro\Internet Security 12\Tmntsrv.exe -> Trend Micro Incorporated. [Ver = 12.70.0.1017 | Size = 290889 bytes | Modified Date = 8/30/2005 2:30:32 PM | Attr = ]
(TmPfw) Trend Micro Personal Firewall [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Trend Micro\Internet Security 12\TmPfw.exe -> Trend Micro Inc. [Ver = 2.0.0.1135 | Size = 585792 bytes | Modified Date = 8/30/2005 2:30:34 PM | Attr = ]
(tmproxy) Trend Micro Proxy Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Trend Micro\Internet Security 12\tmproxy.exe -> Trend Micro Inc. [Ver = 1.0.0.1135 | Size = 262215 bytes | Modified Date = 8/30/2005 2:30:34 PM | Attr = ]
(Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 1:38:10 PM | Attr = ]
(DomainService) DomainService [Win32_Own | Auto | Running] -> %System32%\kbmuxuuk.exe -> [Ver = 1, 0, 0, 1 | Size = 74304 bytes | Modified Date = 12/27/2007 1:01:02 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
7884c05e -> %System32%\cqucnoeu.dll [rundll32.exe "C:\WINDOWS\system32\cqucnoeu.dll",b] -> [Ver = | Size = 90176 bytes | Modified Date = 12/27/2007 1:03:32 PM | Attr = ]
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\Reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 376320 bytes | Modified Date = 12/27/2007 1:00:50 PM | Attr = ]
dla -> %System32%\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 488960 bytes | Modified Date = 12/27/2007 1:00:44 PM | Attr = ]
FaxCenterServer -> %ProgramFiles%\Lexmark Fax Solutions\fm3032.exe -> [Ver = 0.1.35.8 | Size = 648704 bytes | Modified Date = 12/27/2007 1:00:48 PM | Attr = ]
igfxhkcmd -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 414208 bytes | Modified Date = 12/27/2007 1:00:42 PM | Attr = ]
igfxpers -> %System32%\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 451072 bytes | Modified Date = 12/27/2007 1:00:42 PM | Attr = ]
igfxtray -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 430592 bytes | Modified Date = 12/27/2007 1:00:40 PM | Attr = ]
ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\isuspm .exe -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 611840 bytes | Modified Date = 12/27/2007 1:00:50 PM | Attr = ]
ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 419840 bytes | Modified Date = 12/27/2007 1:00:40 PM | Attr = ]
lxddamon -> %ProgramFiles%\Lexmark 2500 Series\lxddamon.exe -> Lexmark [Ver = 1.0.2620.13812 | Size = 360448 bytes | Modified Date = 12/27/2007 1:00:48 PM | Attr = ]
lxddmon.exe -> %ProgramFiles%\Lexmark 2500 Series\lxddmon.exe -> [Ver = 0.1.25.0 | Size = 631296 bytes | Modified Date = 12/27/2007 1:00:46 PM | Attr = ]
pccguide.exe -> %ProgramFiles%\Trend Micro\Internet Security 12\pccguide.exe -> Trend Micro Incorporated. [Ver = 12.70.0.1017 | Size = 1192960 bytes | Modified Date = 12/27/2007 1:00:38 PM | Attr = ]
SigmatelSysTrayApp -> %SystemRoot%\stsystra.exe -> SigmaTel, Inc. [Ver = 1.0.4450.0 nd83 cp1 | Size = 339968 bytes | Modified Date = 3/22/2005 10:20:44 PM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.5.0_08\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.80.3 | Size = 385536 bytes | Modified Date = 12/27/2007 1:00:36 PM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Aim6 -> %ProgramFiles%\AIM6\aim6.exe -> AOL LLC [Ver = 1.4.9.1 | Size = 411136 bytes | Modified Date = 12/27/2007 1:00:32 PM | Attr = ]
OE_OEM -> %ProgramFiles%\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe -> Trend Micro Inc. [Ver = 3.5.0.1113 | Size = 358400 bytes | Modified Date = 12/27/2007 1:00:28 PM | Attr = ]
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1767936 bytes | Modified Date = 12/27/2007 1:00:28 PM | Attr = ]
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 432128 bytes | Modified Date = 12/27/2007 1:00:28 PM | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersStartup%\Digital Line Detect.lnk -> %ProgramFiles%\Digital Line Detect\DLG.exe -> BVRP Software [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 10/29/2003 12:06:00 AM | Attr = R ]
%AllUsersStartup%\QuickBooks Update Agent.lnk -> %CommonProgramFiles%\Intuit\QuickBooks\QBUpdate\qbupdate.exe -> Intuit, Inc. [Ver = 15.0 R2 | Size = 806912 bytes | Modified Date = 11/11/2004 9:59:36 AM | Attr = ]
< AppInit_DLLs [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktopNetwork3.dll -> [Ver = | Size = 110592 bytes | Modified Date = 1/17/2006 4:08:10 PM | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKLM] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 12:55:48 PM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.DLL -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 4/29/2007 10:36:36 AM | Attr = ]
igfxcui -> %System32%\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4410 | Size = 135168 bytes | Modified Date = 10/14/2005 6:45:38 PM | Attr = ]
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallVisualStyle -> C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallTheme -> C:\WINDOWS\Resources\Themes\Royale.theme ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
< HOSTS File > (686 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost -> ->
< Internet Explorer Settings > -> ->
HKLM: Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKLM: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: SearchAssistant -> http://www.google.com/ie ->
HKCU: Default_Page_URL -> http://www.google.com/ig/dell?hl=en ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Bar -> http://www.google.com/ie ->
HKCU: Search Page -> http://www.google.com ->
HKCU: Start Page -> http://www.google.com/ ->
HKCU: SearchAssistant -> http://www.google.com/ie ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
msn.com [ - ] -> ->
< Trusted Sites > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
locator.cdn_imageservr.com [http] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2005, 11, 4, 1 | Size = 399352 bytes | Modified Date = 1/5/2006 11:30:40 AM | Attr = ]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 10:08:42 PM | Attr = ]
{1017A80C-6F09-4548-A84D-EDD6AC9525F0} [HKLM] -> %ProgramFiles%\Lexmark Toolbar\toolband.dll [Lexmark Toolbar] -> [Ver = | Size = 184320 bytes | Modified Date = 8/9/2006 6:37:44 AM | Attr = R ]
{4115122B-85FF-4DD3-9515-F075BEDE5EB5} [HKLM] -> %ProgramFiles%\Netscape Internet Service\Netscape Web Accelerator\pbhelper.dll [PBlockHelper Class] -> [Ver = 3.2.12 | Size = 219136 bytes | Modified Date = 11/8/2004 1:41:44 PM | Attr = ]
{5CA3D70E-1895-11CF-8E15-001234567890} [HKLM] -> %System32%\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 1.04.08a | Size = 118842 bytes | Modified Date = 12/5/2004 11:05:00 PM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_08\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.80.3 | Size = 434279 bytes | Modified Date = 7/26/2006 3:17:56 AM | Attr = ]
{A7327C09-B521-4EDB-8509-7D2660C9EC98} [HKLM] -> %ProgramFiles%\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll [Viewpoint Toolbar BHO] -> Viewpoint Corporation [Ver = 3, 8, 0, 60 | Size = 38584 bytes | Modified Date = 5/23/2007 7:26:04 AM | Attr = ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\googletoolbar6.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 0, 301, 7164 | Size = 325048 bytes | Modified Date = 7/26/2007 5:04:04 PM | Attr = ]
{CA6319C0-31B7-401E-A518-A07C3DB8F777} [HKLM] -> %ProgramFiles%\GoogleAFE\GoogleAE.dll [CBrowserHelperObject Object] -> Google [Ver = 1.0.0.1 | Size = 90112 bytes | Modified Date = 12/8/2005 12:00:34 PM | Attr = ]
{EF86E00F-C968-4B8E-9EE6-FD52B84C3B76} [HKLM] -> %System32%\mllmm.dll [Reg Data - Value does not exist] -> [Ver = | Size = 331776 bytes | Modified Date = 12/19/2007 5:00:04 PM | Attr = ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{1017A80C-6F09-4548-A84D-EDD6AC9525F0} [HKLM] -> %ProgramFiles%\Lexmark Toolbar\toolband.dll [Lexmark Toolbar] -> [Ver = | Size = 184320 bytes | Modified Date = 8/9/2006 6:37:44 AM | Attr = R ]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar6.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 11, 4, 1 | Size = 399352 bytes | Modified Date = 1/5/2006 11:30:40 AM | Attr = ]
{F8AD5AA5-D966-4667-9DAF-2561D68B2012} [HKLM] -> %CommonProgramFiles%\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll [Viewpoint Toolbar] -> Viewpoint Corporation [Ver = 3, 8, 0, 60 | Size = 333472 bytes | Modified Date = 5/23/2007 7:25:50 AM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar6.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ]
WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} [HKLM] -> %ProgramFiles%\Lexmark Toolbar\toolband.dll [Lexmark Toolbar] -> [Ver = | Size = 184320 bytes | Modified Date = 8/9/2006 6:37:44 AM | Attr = R ]
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar6.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ]
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 11, 4, 1 | Size = 399352 bytes | Modified Date = 1/5/2006 11:30:40 AM | Attr = ]
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> -> File not found
< Internet Explorer Plugins [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension\ ->
.mpg -> %ProgramFiles%\Internet Explorer\PLUGINS\npqtplugin3.dll [QuickTime Plug-in 6.5] -> Apple Computer, Inc. [Ver = 6.5 | Size = 106496 bytes | Modified Date = 1/17/2006 4:00:04 PM | Attr = ]
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{3607E157-327E-4039-9346-F7B37EDC8FE8} -> (Intel® PRO/100 VE Network Connection) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{15B782AF-55D8-11D1-B477-006097098764} -> Macromedia Authorware Web Player Control - CodeBase = http://fpdownload.macromedia.com/get/shock...are/awswaxd.cab ->
{233C1507-6A77-46A4-9443-F871F945D258} -> Shockwave ActiveX Control - CodeBase = http://fpdownload.macromedia.com/pub/shock...director/sw.cab ->
{67DABFBF-D0AB-41FA-9C46-CC0F21721616} -> DivXBrowserPlugin Object - CodeBase = http://go.divx.com/plugin/DivXBrowserPlugin.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_08 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -> - CodeBase = http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab ->


[Registry - Additional Scans - Non-Microsoft Only]
< Disabled MSConfig Services [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services ->
AOL ACS -> ->
ccEvtMgr -> ->
ccProxy -> ->
ccPwdSvc -> ->
ccSetMgr -> ->
ISSVC -> ->
navapsvc -> ->
NetSvc -> ->
NPFMntor -> ->
NProtectService -> ->
PcCtlCom -> ->
SAVScan -> ->
SBService -> ->
SNDSrvc -> ->
SPBBCSvc -> ->
Speed Disk service -> ->
Symantec Core LC -> ->
Tmntsrv -> ->
TmPfw -> ->
tmproxy -> ->
< Disabled MSConfig Registry Items [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ ->
DVDLauncher -> %ProgramFiles%\CyberLink\PowerDVD\DVDLauncher.exe -> CyberLink Corp. [Ver = 3.00.0000 | Size = 53248 bytes | Modified Date = 2/23/2005 2:19:56 PM | Attr = ]
Google Desktop Search -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> [Ver = | Size = 168448 bytes | Modified Date = 1/17/2006 4:08:10 PM | Attr = ]
HostManager -> %CommonProgramFiles%\AOL\1139646943\ee\AOLSoftware.exe -> America Online, Inc. [Ver = 1.5.3.1 | Size = 50760 bytes | Modified Date = 5/9/2006 4:24:16 PM | Attr = ]
ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\isuspm .exe -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 611840 bytes | Modified Date = 12/26/2007 2:56:34 PM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask .exe -> Apple Computer, Inc. [Ver = 6.5 | Size = 443904 bytes | Modified Date = 12/21/2007 6:46:16 PM | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3725 | Size = 522240 bytes | Modified Date = 12/20/2007 11:41:08 AM | Attr = ]


[Files/Folders - Created Within 30 days]
Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 12/26/2007 3:06:47 PM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 526536704 bytes | Created Date = 1/1/1601 8:00:00 AM | Attr = HS]
SDFix -> %SystemDrive%\SDFix -> [Folder | Created Date = 12/26/2007 2:42:21 PM | Attr = ]
_OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Created Date = 12/26/2007 5:30:40 PM | Attr = ]
$NtUninstallKB937894$ -> %SystemRoot%\$NtUninstallKB937894$ -> [Folder | Created Date = 12/11/2007 11:02:04 PM | Attr = H ]
$NtUninstallKB941568$ -> %SystemRoot%\$NtUninstallKB941568$ -> [Folder | Created Date = 12/11/2007 11:00:50 PM | Attr = H ]
$NtUninstallKB941569$ -> %SystemRoot%\$NtUninstallKB941569$ -> [Folder | Created Date = 12/11/2007 11:01:50 PM | Attr = H ]
$NtUninstallKB942763$ -> %SystemRoot%\$NtUninstallKB942763$ -> [Folder | Created Date = 12/11/2007 11:01:59 PM | Attr = H ]
$NtUninstallKB944653$ -> %SystemRoot%\$NtUninstallKB944653$ -> [Folder | Created Date = 12/11/2007 11:00:40 PM | Attr = H ]
CSC -> %SystemRoot%\CSC -> [Folder | Created Date = 12/19/2007 4:51:04 PM | Attr = HS]
ERDNT -> %SystemRoot%\ERDNT -> [Folder | Created Date = 12/26/2007 3:07:11 PM | Attr = ]
ERUNT -> %SystemRoot%\ERUNT -> [Folder | Created Date = 12/26/2007 2:43:01 PM | Attr = ]
cqucnoeu.dll -> %System32%\cqucnoeu.dll -> [Ver = | Size = 90176 bytes | Created Date = 12/27/2007 1:03:29 PM | Attr = ]
hkcmd .exe -> %System32%\hkcmd .exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 77824 bytes | Created Date = 12/19/2007 3:43:53 PM | Attr = ]
igfxpers .exe -> %System32%\igfxpers .exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 114688 bytes | Created Date = 12/19/2007 3:43:53 PM | Attr = ]
igfxtray .exe -> %System32%\igfxtray .exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 94208 bytes | Created Date = 12/19/2007 3:43:48 PM | Attr = ]
kbmuxuuk.exe -> %System32%\kbmuxuuk.exe -> [Ver = 1, 0, 0, 1 | Size = 74304 bytes | Created Date = 12/27/2007 1:00:59 PM | Attr = ]
mllmm.dll -> %System32%\mllmm.dll -> [Ver = | Size = 331776 bytes | Created Date = 12/19/2007 5:00:01 PM | Attr = ]
mllmm.exe -> %System32%\mllmm.exe -> [Ver = | Size = 335360 bytes | Created Date = 12/27/2007 1:00:49 PM | Attr = ]
mmllm.ini -> %System32%\mmllm.ini -> [Ver = | Size = 73906 bytes | Created Date = 12/19/2007 12:33:44 PM | Attr = HS]
mmllm.ini2 -> %System32%\mmllm.ini2 -> [Ver = | Size = 70978 bytes | Created Date = 12/26/2007 5:33:59 PM | Attr = HS]
ueoncuqc.ini -> %System32%\ueoncuqc.ini -> [Ver = | Size = 1031139 bytes | Created Date = 12/27/2007 1:03:43 PM | Attr = HS]

[Files/Folders - Modified Within 30 days]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 209 bytes | Modified Date = 12/21/2007 6:52:38 PM | Attr = RHS]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 12/24/2007 4:29:26 PM | Attr = ]
Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 12/26/2007 3:06:48 PM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 526536704 bytes | Modified Date = 12/26/2007 5:33:28 PM | Attr = HS]
IPH.PH -> %SystemDrive%\IPH.PH -> [Ver = | Size = 1576 bytes | Modified Date = 12/3/2007 9:19:00 PM | Attr = H ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 12/26/2007 5:30:44 PM | Attr = ]
SDFix -> %SystemDrive%\SDFix -> [Folder | Modified Date = 12/26/2007 3:03:20 PM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 12/26/2007 5:36:42 PM | Attr = ]
_OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Modified Date = 12/26/2007 5:30:42 PM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 12/11/2007 5:41:22 PM | Attr = H ]
$NtUninstallKB937894$ -> %SystemRoot%\$NtUninstallKB937894$ -> [Folder | Modified Date = 12/11/2007 11:02:08 PM | Attr = H ]
$NtUninstallKB941568$ -> %SystemRoot%\$NtUninstallKB941568$ -> [Folder | Modified Date = 12/11/2007 11:00:52 PM | Attr = H ]
$NtUninstallKB941569$ -> %SystemRoot%\$NtUninstallKB941569$ -> [Folder | Modified Date = 12/11/2007 11:01:52 PM | Attr = H ]
$NtUninstallKB942763$ -> %SystemRoot%\$NtUninstallKB942763$ -> [Folder | Modified Date = 12/11/2007 11:02:00 PM | Attr = H ]
$NtUninstallKB944653$ -> %SystemRoot%\$NtUninstallKB944653$ -> [Folder | Modified Date = 12/11/2007 11:00:42 PM | Attr = H ]
a6w.ini -> %SystemRoot%\a6w.ini -> [Ver = | Size = 35 bytes | Modified Date = 12/13/2007 6:32:40 PM | Attr = ]
A6W_DATA -> %SystemRoot%\A6W_DATA -> [Folder | Modified Date = 12/13/2007 6:32:42 PM | Attr = ]
assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 12/3/2007 10:42:26 PM | Attr = R S]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 12/26/2007 5:33:30 PM | Attr = S]
CSC -> %SystemRoot%\CSC -> [Folder | Modified Date = 12/19/2007 4:51:06 PM | Attr = HS]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 12/26/2007 3:08:28 PM | Attr = S]
ERDNT -> %SystemRoot%\ERDNT -> [Folder | Modified Date = 12/26/2007 3:07:12 PM | Attr = ]
ERUNT -> %SystemRoot%\ERUNT -> [Folder | Modified Date = 12/26/2007 2:43:16 PM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1393 bytes | Modified Date = 12/11/2007 11:02:04 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 12/26/2007 5:30:42 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 12/24/2007 4:29:26 PM | Attr = HS]
Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Modified Date = 12/3/2007 10:42:26 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 12/27/2007 1:04:48 PM | Attr = ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 12/26/2007 5:36:50 PM | Attr = ]
Run32S60.mch -> %SystemRoot%\Run32S60.mch -> [Ver = | Size = 75805 bytes | Modified Date = 12/13/2007 6:52:26 PM | Attr = ]
srchasst -> %SystemRoot%\srchasst -> [Folder | Modified Date = 12/25/2007 10:28:26 PM | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 12/21/2007 6:52:38 PM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 12/27/2007 1:03:48 PM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 12/27/2007 1:00:18 PM | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 12/27/2007 1:02:40 PM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 604 bytes | Modified Date = 12/21/2007 6:52:38 PM | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 12/3/2007 8:39:12 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 12/26/2007 5:33:46 PM | Attr = H ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 12/26/2007 5:34:06 PM | Attr = ]
cqucnoeu.dll -> %System32%\cqucnoeu.dll -> [Ver = | Size = 90176 bytes | Modified Date = 12/27/2007 1:03:32 PM | Attr = ]
dla -> %System32%\dla -> [Folder | Modified Date = 12/27/2007 1:00:44 PM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 12/27/2007 1:01:04 PM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 12/11/2007 11:02:08 PM | Attr = ]
hkcmd .exe -> %System32%\hkcmd .exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 77824 bytes | Modified Date = 12/26/2007 5:34:12 PM | Attr = ]
hkcmd.exe -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 414208 bytes | Modified Date = 12/27/2007 1:00:42 PM | Attr = ]
igfxpers .exe -> %System32%\igfxpers .exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 114688 bytes | Modified Date = 12/26/2007 3:03:46 PM | Attr = ]
igfxpers.exe -> %System32%\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 451072 bytes | Modified Date = 12/27/2007 1:00:42 PM | Attr = ]
igfxtray .exe -> %System32%\igfxtray .exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 94208 bytes | Modified Date = 12/26/2007 5:34:12 PM | Attr = ]
igfxtray.exe -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 430592 bytes | Modified Date = 12/27/2007 1:00:40 PM | Attr = ]
kbmuxuuk.exe -> %System32%\kbmuxuuk.exe -> [Ver = 1, 0, 0, 1 | Size = 74304 bytes | Modified Date = 12/27/2007 1:01:02 PM | Attr = ]
Macromed -> %System32%\Macromed -> [Folder | Modified Date = 12/17/2007 6:59:58 PM | Attr = ]
mllmm.dll -> %System32%\mllmm.dll -> [Ver = | Size = 331776 bytes | Modified Date = 12/19/2007 5:00:04 PM | Attr = ]
mllmm.exe -> %System32%\mllmm.exe -> [Ver = | Size = 335360 bytes | Modified Date = 12/27/2007 1:00:52 PM | Attr = ]
mmllm.ini -> %System32%\mmllm.ini -> [Ver = | Size = 73906 bytes | Modified Date = 12/27/2007 1:05:50 PM | Attr = HS]
mmllm.ini2 -> %System32%\mmllm.ini2 -> [Ver = | Size = 70978 bytes | Modified Date = 12/27/2007 1:03:36 PM | Attr = HS]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 63016 bytes | Modified Date = 12/26/2007 3:00:42 PM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 402406 bytes | Modified Date = 12/26/2007 3:00:42 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 473400 bytes | Modified Date = 12/26/2007 3:00:42 PM | Attr = ]
ueoncuqc.ini -> %System32%\ueoncuqc.ini -> [Ver = | Size = 1031139 bytes | Modified Date = 12/27/2007 1:03:48 PM | Attr = HS]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 12/24/2007 4:23:12 PM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 12/26/2007 2:47:16 PM | Attr = ]

[File String Scan - Non-Microsoft Only]
aspack , -> %System32%\avcodec-51.dll -> [Ver = | Size = 1839104 bytes | Modified Date = 8/23/2006 9:08:28 PM | Attr = ]
aspack , -> %System32%\avformat-50.dll -> [Ver = | Size = 217088 bytes | Modified Date = 8/23/2006 9:08:30 PM | Attr = ]
aspack , -> %System32%\avutil-49.dll -> [Ver = | Size = 16896 bytes | Modified Date = 8/23/2006 9:08:26 PM | Attr = ]
UPX! , UPX0 , -> %System32%\cpuinf32.dll -> [Ver = | Size = 9216 bytes | Modified Date = 9/17/2001 1:20:02 PM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/10/2004 3:00:00 AM | Attr = ]
PEC2 , PECompact2 , -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.5.0.53 | Size = 639066 bytes | Modified Date = 3/26/2007 11:49:00 PM | Attr = ]
Thawte Consulting , -> %System32%\lxddcfg.exe -> [Ver = 1.62.48.0 | Size = 394160 bytes | Modified Date = 4/25/2007 9:21:20 PM | Attr = ]
Thawte Consulting , -> %System32%\lxddcoms.exe -> [Ver = 1.62.48.0 | Size = 537520 bytes | Modified Date = 4/25/2007 9:21:22 PM | Attr = ]
Thawte Consulting , -> %System32%\lxddih.exe -> [Ver = 1.62.48.0 | Size = 385968 bytes | Modified Date = 4/25/2007 9:21:26 PM | Attr = ]
UPX! , UPX0 , -> %System32%\MACDec.dll -> Matthew T. Ashland [Ver = 3.99 | Size = 75264 bytes | Modified Date = 5/15/2004 4:10:42 PM | Attr = ]
UPX! , UPX0 , -> %System32%\MonkeySource.ax -> [Ver = | Size = 177152 bytes | Modified Date = 6/19/2004 6:28:44 PM | Attr = ]
Thawte Consulting , -> %System32%\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.9.2533 | Size = 181736 bytes | Modified Date = 10/11/2006 2:43:50 PM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/10/2004 3:00:00 AM | Attr = ]
UPX! , aspack , -> %System32%\drivers\VsapiNT.sys -> Trend Micro Inc. [Ver = 8.000-1001 | Size = 1022432 bytes | Modified Date = 11/9/2005 8:07:30 PM | Attr = ]

< End of report >


DSS IN NEXT POST smile.gif
Go to the top of the page
 
+Quote Post
sumguy
post Dec 27 2007, 03:24 PM
Post #12


Member
**
Posts: 54
From: California
OS: windows xp
And the DSS log::::

Deckard's System Scanner v20071014.68
Run by Nes on 2007-12-27 13:17:14
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 503 MiB (512 MiB recommended).


-- HijackThis (run as Nes.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:17:19 PM, on 12/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Microsoft IntelliType Pro\type32 .exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched .exe
C:\WINDOWS\system32\hkcmd .exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
C:\WINDOWS\system32\dla\tfswctrl .exe
C:\Program Files\Lexmark 2500 Series\lxddamon .exe
C:\Program Files\Lexmark 2500 Series\lxddmon .exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware .exe
C:\Program Files\AIM6\aim6 .exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon .exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.5.0_08\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\kbmuxuuk.exe
C:\Documents and Settings\Nes\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Nes.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: {9a691614-53eb-ea1b-5c04-2c032ecb1350} - {0531bce2-30c2-40c5-b1ae-be35416196a9} - C:\WINDOWS\system32\iehgfewj.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\PROGRA~1\NETSCA~1\NETSCA~1\pbhelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar6.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: (no name) - {EF86E00F-C968-4B8E-9EE6-FD52B84C3B76} - C:\WINDOWS\system32\mllmm.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar6.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe" -startup
O4 - HKLM\..\Run: [7884c05e] rundll32.exe "C:\WINDOWS\system32\cqucnoeu.dll",b
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: DomainService - - C:\WINDOWS\system32\kbmuxuuk.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe
O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: Netscape Update Service (NCUpdateSvc) - Netscape Communications Corporation - C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8374 bytes

-- Files created between 2007-11-27 and 2007-12-27 -----------------------------

2007-12-27 13:06:29 81984 --a------ C:\WINDOWS\system32\iehgfewj.dll
2007-12-27 13:03:29 90176 --a------ C:\WINDOWS\system32\cqucnoeu.dll
2007-12-27 13:00:59 74304 --a------ C:\WINDOWS\system32\kbmuxuuk.exe <Not Verified; ; DDC>
2007-12-27 13:00:49 335360 --a------ C:\WINDOWS\system32\mllmm.exe
2007-12-26 17:33:59 74117 --ahs---- C:\WINDOWS\system32\mmllm.ini2
2007-12-26 14:43:01 0 d-------- C:\WINDOWS\ERUNT
2007-12-25 23:35:02 0 d-------- C:\Program Files\CCleaner
2007-12-25 17:45:39 0 d-------- C:\Documents and Settings\Nes\Application Data\Lexmark Productivity Studio
2007-12-19 18:26:49 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real
2007-12-19 18:25:14 0 d-------- C:\Documents and Settings\Administrator\Application Data\Leadertech
2007-12-19 18:15:39 0 d-------- C:\Documents and Settings\Herschel\Application Data\SUPERAntiSpyware.com
2007-12-19 18:13:24 0 d-------- C:\Documents and Settings\Herschel\Application Data\Mozilla
2007-12-19 18:10:54 0 d-------- C:\Documents and Settings\Herschel\Application Data\FaxCtr
2007-12-19 18:10:35 0 d-------- C:\Documents and Settings\Herschel\Application Data\Real
2007-12-19 17:00:01 331776 -----n--- C:\WINDOWS\system32\mllmm.dll
2007-12-19 16:51:04 0 d--hs---- C:\WINDOWS\CSC
2007-12-03 21:20:23 0 d-------- C:\Program Files\Buddy Icon Maker
2007-12-03 21:20:17 0 d-------- C:\Program Files\Colorizer
2007-12-03 21:20:13 0 d-------- C:\Program Files\AvPropPlugin
2007-12-03 21:19:07 0 d-------- C:\Program Files\AIM Music Link


-- Find3M Report ---------------------------------------------------------------

2007-12-27 13:00:47 0 d-------- C:\Program Files\Lexmark Fax Solutions
2007-12-27 13:00:46 0 d-------- C:\Program Files\Lexmark 2500 Series
2007-12-27 13:00:41 414208 --a------ C:\WINDOWS\system32\hkcmd.exe <Not Verified; Intel Corporation; Intel® Common User Interface>
2007-12-27 13:00:40 451072 --a------ C:\WINDOWS\system32\igfxpers.exe <Not Verified; Intel Corporation; Intel® Common User Interface>
2007-12-27 13:00:39 430592 --a------ C:\WINDOWS\system32\igfxtray.exe <Not Verified; Intel Corporation; Intel® Common User Interface>
2007-12-27 13:00:34 0 d-------- C:\Program Files\Microsoft IntelliType Pro
2007-12-27 13:00:31 0 d-------- C:\Program Files\AIM6
2007-12-27 13:00:30 0 d-------- C:\Program Files\Messenger
2007-12-27 13:00:27 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-12-26 14:39:32 0 d-------- C:\Program Files\Microsoft IntelliPoint
2007-12-25 23:33:27 0 d-------- C:\Program Files\Trend Micro
2007-12-25 23:32:14 0 d-------- C:\Program Files\DellSupport
2007-12-21 18:46:15 0 d-------- C:\Program Files\QuickTime
2007-12-19 13:51:32 0 d-------- C:\Program Files\mobile PhoneTools
2007-12-13 20:26:40 0 d-------- C:\Program Files\Copysafe
2007-12-03 21:20:20 0 d-------- C:\Program Files\WildTangent
2007-12-03 21:18:21 0 d-------- C:\Program Files\Plaxo
2007-11-24 12:15:55 0 d-------- C:\Program Files\Lx_cats
2007-11-02 19:29:27 0 d-------- C:\Program Files\Viewpoint
2007-11-02 19:29:23 0 d-a------ C:\Program Files\Common Files
2007-11-02 19:29:23 0 d-------- C:\Program Files\Common Files\Viewpoint
2007-11-01 18:28:57 0 d-------- C:\Program Files\MSN Messenger
2007-10-28 12:48:16 0 d-------- C:\Documents and Settings\Nes\Application Data\Winamp


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0531bce2-30c2-40c5-b1ae-be35416196a9}]
12/27/2007 01:06 PM 81984 --a------ C:\WINDOWS\system32\iehgfewj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EF86E00F-C968-4B8E-9EE6-FD52B84C3B76}]
12/19/2007 05:00 PM 331776 --------- C:\WINDOWS\system32\mllmm.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [12/27/2007 01:00 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" [12/27/2007 01:00 PM]
"SigmatelSysTrayApp"="stsystra.exe" [03/22/2005 10:20 PM C:\WINDOWS\stsystra.exe]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" [12/27/2007 01:00 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [12/27/2007 01:00 PM]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [12/27/2007 01:00 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [12/27/2007 01:00 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [12/27/2007 01:00 PM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [12/27/2007 01:00 PM]
"lxddmon.exe"="C:\Program Files\Lexmark 2500 Series\lxddmon.exe" [12/27/2007 01:00 PM]
"lxddamon"="C:\Program Files\Lexmark 2500 Series\lxddamon.exe" [12/27/2007 01:00 PM]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [12/27/2007 01:00 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [12/27/2007 01:00 PM]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe" [12/27/2007 01:00 PM]
"7884c05e"="C:\WINDOWS\system32\cqucnoeu.dll" [12/27/2007 01:03 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [12/27/2007 01:00 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [12/27/2007 01:00 PM]
"OE_OEM"="C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [12/27/2007 01:00 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [12/27/2007 01:00 PM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [12/27/2007 01:00 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 03:00 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Norton SystemWorks"="C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [1/17/2006 3:56:58 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [11/11/2004 9:59:36 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 04/29/2007 10:36 AM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\mllmm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1139646943\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe" -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask .exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"tmproxy"=2 (0x2)
"TmPfw"=2 (0x2)
"Tmntsrv"=2 (0x2)
"Symantec Core LC"=2 (0x2)
"Speed Disk service"=2 (0x2)
"SPBBCSvc"=2 (0x2)
"SNDSrvc"=2 (0x2)
"SBService"=2 (0x2)
"SAVScan"=3 (0x3)
"PcCtlCom"=2 (0x2)
"NProtectService"=2 (0x2)
"NPFMntor"=2 (0x2)
"NetSvc"=3 (0x3)
"navapsvc"=2 (0x2)
"ISSVC"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccProxy"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"AOL ACS"=2 (0x2)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe

*Newly Created Service* - DOMAINSERVICE



-- End of Deckard's System Scanner: finished at 2007-12-27 13:17:59 ------------
Go to the top of the page
 
+Quote Post
Rorschach112
post Dec 27 2007, 03:42 PM
Post #13


GeekU Teacher
Group Icon
Posts: 34,385
From: Dublin
OS: XP
Hello

Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.


Also post a new DSS log
Go to the top of the page
 
+Quote Post
sumguy
post Dec 27 2007, 03:45 PM
Post #14


Member
**
Posts: 54
From: California
OS: windows xp
I'm going to go grab lunch, then i will proceed to do the VundoFix. Be right Back smile.gif
Go to the top of the page
 
+Quote Post
sumguy
post Dec 27 2007, 04:59 PM
Post #15


Member
**
Posts: 54
From: California
OS: windows xp
VundoFix, couldn't delete one things, as shown in the log.


VundoFix V6.7.7

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.

Scan started at 1:48:04 PM 12/27/2007

Listing files found while scanning....

C:\WINDOWS\system32\cqucnoeu.dll
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\iehgfewj.dll
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\kbmuxuuk.exe
C:\WINDOWS\system32\mllmm.dll
C:\WINDOWS\system32\mllmm.exe
C:\windows\system32\mmllm.ini
C:\WINDOWS\system32\mmllm.ini2
C:\WINDOWS\system32\ueoncuqc.ini

Beginning removal...

Attempting to delete C:\WINDOWS\system32\cqucnoeu.dll
C:\WINDOWS\system32\cqucnoeu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\dla\tfswctrl.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hkcmd.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\iehgfewj.dll
C:\WINDOWS\system32\iehgfewj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxpers.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxtray.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\kbmuxuuk.exe
C:\WINDOWS\system32\kbmuxuuk.exe Could not be deleted.

Attempting to delete C:\WINDOWS\system32\mllmm.dll
C:\WINDOWS\system32\mllmm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mllmm.exe
C:\WINDOWS\system32\mllmm.exe Has been deleted!

Attempting to delete C:\windows\system32\mmllm.ini
C:\windows\system32\mmllm.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\mmllm.ini2
C:\WINDOWS\system32\mmllm.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ueoncuqc.ini
C:\WINDOWS\system32\ueoncuqc.ini Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\kbmuxuuk.exe
C:\WINDOWS\system32\kbmuxuuk.exe Could not be deleted.

Performing Repairs to the registry.
Done!

VundoFix V6.7.7

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.

Scan started at 2:28:32 PM 12/27/2007

Listing files found while scanning....

C:\WINDOWS\system32\kbmuxuuk.exe
-----------------------------------------------------------------------------------------------
DSS-----

Deckard's System Scanner v20071014.68
Run by Nes on 2007-12-27 14:54:21
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 503 MiB (512 MiB recommended).


-- HijackThis (run as Nes.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:54:25 PM, on 12/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lexmark 2500 Series\lxddmon .exe
C:\Program Files\Lexmark 2500 Series\lxddamon .exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched .exe
C:\Program Files\Microsoft IntelliType Pro\type32 .exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon .exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware .exe
C:\Program Files\AIM6\aim6 .exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\kbmuxuuk.exe
C:\Documents and Settings\Nes\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Nes.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F3 - REG:win.ini: load=C:\WINDOWS\system32\mllmm.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: {9a691614-53eb-ea1b-5c04-2c032ecb1350} - {0531bce2-30c2-40c5-b1ae-be35416196a9} - C:\WINDOWS\system32\iehgfewj.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\PROGRA~1\NETSCA~1\NETSCA~1\pbhelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {9D996C93-BEDA-4D12-B127-B621E08F97CC} - C:\WINDOWS\system32\mllmm.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar6.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar6.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe" -startup
O4 - HKLM\..\Run: [7884c05e] rundll32.exe "C:\WINDOWS\system32\cqucnoeu.dll",b
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: DomainService - - C:\WINDOWS\system32\kbmuxuuk.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe
O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: Netscape Update Service (NCUpdateSvc) - Netscape Communications Corporation - C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8321 bytes

-- Files created between 2007-11-27 and 2007-12-27 -----------------------------

2007-12-27 14:51:36 335360 --a------ C:\WINDOWS\system32\mllmm.exe
2007-12-27 14:50:15 6516 --ahs---- C:\WINDOWS\system32\mmllm.ini2
2007-12-27 14:49:55 331776 --a------ C:\WINDOWS\system32\mllmm.dll
2007-12-27 13:48:04 0 d-------- C:\VundoFix Backups
2007-12-27 13:00:59 74304 -----n--- C:\WINDOWS\system32\kbmuxuuk.exe <Not Verified; ; DDC>
2007-12-26 14:43:01 0 d-------- C:\WINDOWS\ERUNT
2007-12-25 23:35:02 0 d-------- C:\Program Files\CCleaner
2007-12-25 17:45:39 0 d-------- C:\Documents and Settings\Nes\Application Data\Lexmark Productivity Studio
2007-12-19 18:26:49 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real
2007-12-19 18:25:14 0 d-------- C:\Documents and Settings\Administrator\Application Data\Leadertech
2007-12-19 18:15:39 0 d-------- C:\Documents and Settings\Herschel\Application Data\SUPERAntiSpyware.com
2007-12-19 18:13:24 0 d-------- C:\Documents and Settings\Herschel\Application Data\Mozilla
2007-12-19 18:10:54 0 d-------- C:\Documents and Settings\Herschel\Application Data\FaxCtr
2007-12-19 18:10:35 0 d-------- C:\Documents and Settings\Herschel\Application Data\Real
2007-12-19 16:51:04 0 d--hs---- C:\WINDOWS\CSC
2007-12-03 21:20:23 0 d-------- C:\Program Files\Buddy Icon Maker
2007-12-03 21:20:17 0 d-------- C:\Program Files\Colorizer
2007-12-03 21:20:13 0 d-------- C:\Program Files\AvPropPlugin
2007-12-03 21:19:07 0 d-------- C:\Program Files\AIM Music Link


-- Find3M Report ---------------------------------------------------------------

2007-12-27 14:51:34 0 d-------- C:\Program Files\Lexmark Fax Solutions
2007-12-27 14:51:29 0 d-------- C:\Program Files\Lexmark 2500 Series
2007-12-27 14:50:48 0 d-------- C:\Program Files\Microsoft IntelliType Pro
2007-12-27 14:50:47 0 d-------- C:\Program Files\AIM6
2007-12-27 14:50:44 0 d-------- C:\Program Files\Messenger
2007-12-27 14:50:30 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-12-26 14:39:32 0 d-------- C:\Program Files\Microsoft IntelliPoint
2007-12-25 23:33:27 0 d-------- C:\Program Files\Trend Micro
2007-12-25 23:32:14 0 d-------- C:\Program Files\DellSupport
2007-12-21 18:46:15 0 d-------- C:\Program Files\QuickTime
2007-12-19 13:51:32 0 d-------- C:\Program Files\mobile PhoneTools
2007-12-13 20:26:40 0 d-------- C:\Program Files\Copysafe
2007-12-03 21:20:20 0 d-------- C:\Program Files\WildTangent
2007-12-03 21:18:21 0 d-------- C:\Program Files\Plaxo
2007-11-24 12:15:55 0 d-------- C:\Program Files\Lx_cats
2007-11-02 19:29:27 0 d-------- C:\Program Files\Viewpoint
2007-11-02 19:29:23 0 d-a------ C:\Program Files\Common Files
2007-11-02 19:29:23 0 d-------- C:\Program Files\Common Files\Viewpoint
2007-11-01 18:28:57 0 d-------- C:\Program Files\MSN Messenger
2007-10-28 12:48:16 0 d-------- C:\Documents and Settings\Nes\Application Data\Winamp


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0531bce2-30c2-40c5-b1ae-be35416196a9}]
C:\WINDOWS\system32\iehgfewj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9D996C93-BEDA-4D12-B127-B621E08F97CC}]
12/27/2007 02:49 PM 331776 --a------ C:\WINDOWS\system32\mllmm.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [12/27/2007 02:50 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" [12/27/2007 02:50 PM]
"SigmatelSysTrayApp"="stsystra.exe" [03/22/2005 10:20 PM C:\WINDOWS\stsystra.exe]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" [12/27/2007 02:51 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [12/27/2007 02:51 PM]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" []
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" []
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" []
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" []
"lxddmon.exe"="C:\Program Files\Lexmark 2500 Series\lxddmon.exe" [12/27/2007 02:51 PM]
"lxddamon"="C:\Program Files\Lexmark 2500 Series\lxddamon.exe" [12/27/2007 02:51 PM]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [12/27/2007 02:51 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [12/27/2007 02:51 PM]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe" [12/27/2007 02:51 PM]
"7884c05e"="C:\WINDOWS\system32\cqucnoeu.dll" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [12/27/2007 01:28 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [12/27/2007 02:50 PM]
"OE_OEM"="C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [12/27/2007 02:50 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [12/27/2007 02:50 PM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [12/27/2007 02:50 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 03:00 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Norton SystemWorks"="C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [1/17/2006 3:56:58 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [11/11/2004 9:59:36 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 04/29/2007 10:36 AM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\mllmm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1139646943\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe" -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask .exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"tmproxy"=2 (0x2)
"TmPfw"=2 (0x2)
"Tmntsrv"=2 (0x2)
"Symantec Core LC"=2 (0x2)
"Speed Disk service"=2 (0x2)
"SPBBCSvc"=2 (0x2)
"SNDSrvc"=2 (0x2)
"SBService"=2 (0x2)
"SAVScan"=3 (0x3)
"PcCtlCom"=2 (0x2)
"NProtectService"=2 (0x2)
"NPFMntor"=2 (0x2)
"NetSvc"=3 (0x3)
"navapsvc"=2 (0x2)
"ISSVC"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccProxy"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"AOL ACS"=2 (0x2)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe




-- End of Deckard's System Scanner: finished at 2007-12-27 14:54:56 ------------
Go to the top of the page
 
+Quote Post
 

3 Pages V   1 2 3 >
Closed TopicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 
RSS Time is now: 8th November 2009 - 01:32 AM

Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks mentioned on this page are the property of their respective owners.

© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy | Advertising
Powered By IP.Board © 2009  IPS, Inc.