Vista anti-virus [RESOLVED]

Welcome Guest ( Log In | Join )

Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Want to ask a question, reply to a topic, or remove all advertising? It's easy, fast and free. Join today!
Spyware, virus, trojan, fake security or privacy alerts? Please start with our malware cleaning guide.

> Geeks to Go! » Security » Malware Removal - HijackThis� Logs Go Here

2 Pages

1 2 >

Vista anti-virus [RESOLVED]

Options

RobinC View Member Profile	Aug 11 2008, 01:13 PM Post #1
Member Posts: 15 OS: XP	Please help! Am seriously frustrated after trying so many things with this invasive and destructive virus. I have downloaded an run DSS with the following results: Deckard's System Scanner v20071014.68 Run by Robin Coleman on 2008-08-11 19:10:03 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2008-08-11 19:10:53 Platform: Windows XP Service Pack 3 (5.01.2600) MSIE: Internet Explorer (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\SYSTEM32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\SYSTEM32\services.exe C:\WINDOWS\SYSTEM32\lsass.exe C:\WINDOWS\SYSTEM32\svchost.exe C:\WINDOWS\SYSTEM32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\SYSTEM32\LEXBCES.EXE C:\WINDOWS\SYSTEM32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Digidesign\Drivers\MMERefresh.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\SYSTEM32\svchost.exe C:\WINDOWS\SYSTEM32\svchost.exe C:\WINDOWS\SYSTEM32\fxssvc.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe C:\WINDOWS\explorer.exe C:\WINDOWS\SYSTEM32\hkcmd.exe C:\WINDOWS\SYSTEM32\DSentry.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Mindjet\MindManager 6\MmReminderService.exe C:\WINDOWS\SYSTEM32\rundll32.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\WINDOWS\V0250Mon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\SYSTEM32\LEXPPS.EXE C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe C:\WINDOWS\SYSTEM32\ctfmon.exe C:\WINDOWS\SYSTEM32\wuauclt.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe E:\dss.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/uk/enu/gen/default.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Tesco internet access R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll O2 - BHO: QXK Olive - {AF78793A-C6D3-4282-B395-CBA1D0599AB6} - C:\WINDOWS\wnlmdakqanr.dll O3 - Toolbar: bgrqfetx - {968232F5-0910-483D-B059-4C6AB5C785DC} - C:\WINDOWS\bgrqfetx.dll O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [VirusScan] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe O4 - HKLM\..\Run: [UIUCU] C:\DOCUME~1\ROBINC~1\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP -S O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [V0250Mon.exe] C:\WINDOWS\V0250Mon.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [\Win2AC.exe] C:\Windows\system32\Win2AC.exe O4 - HKLM\..\Run: [\Win2AD.exe] C:\Windows\system32\Win2AD.exe O4 - HKLM\..\Run: [\Win2AE.exe] C:\Windows\system32\Win2AE.exe O4 - HKLM\..\Run: [\Win2AF.exe] C:\Windows\system32\Win2AF.exe O4 - HKLM\..\Run: [\Win2B0.exe] C:\Windows\system32\Win2B0.exe O4 - HKLM\..\Run: [Antivirus] C:\Program Files\VAV\vav.exe O4 - HKLM\..\Run: [Cleanup] C:\DOCUME~1\ROBINC~1\LOCALS~1\Temp\20088917254_mcappins.exe /v=3 /cleanup O4 - HKLM\..\Run: [msci] C:\DOCUME~1\ROBINC~1\LOCALS~1\Temp\20088917251_mcinfo.exe /insfin O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [pdfSaver3] "C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [\Win2AC.exe] C:\Windows\system32\Win2AC.exe O4 - HKCU\..\Run: [\Win2AD.exe] C:\Windows\system32\Win2AD.exe O4 - HKCU\..\Run: [\Win2AE.exe] C:\Windows\system32\Win2AE.exe O4 - HKCU\..\Run: [\Win2AF.exe] C:\Windows\system32\Win2AF.exe O4 - HKCU\..\Run: [\Win2B0.exe] C:\Windows\system32\Win2B0.exe O4 - HKCU\..\Run: [Antivirus] C:\Program Files\VAV\vav.exe O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\ARO.exe -rem O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: https://memberservices.tesco.net (HKCU) O15 - Trusted Zone: https://register.tesco.net (HKCU) O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\SYSTEM32\LEXBCES.EXE O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\HPZipm12.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O24 - Desktop Component 0: - http://www.broadjam.com/search/images/hifimp3.gif -- End of file - 12309 bytes -- Files created between 2008-07-11 and 2008-08-11 ----------------------------- 2008-08-11 18:38:24 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-08-11 18:38:24 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; > 2008-08-11 18:38:24 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix> 2008-08-11 18:38:24 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS> 2008-08-11 18:38:24 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility> 2008-08-11 18:38:24 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix> 2008-08-11 18:38:24 51200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-08-11 18:38:24 82432 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix> 2008-08-10 20:11:17 0 d-------- C:\Documents and Settings\Russell Coleman\Application Data\Macromedia 2008-08-10 19:17:34 0 d-------- C:\Documents and Settings\Russell Coleman\Application Data\Symantec 2008-08-10 19:17:26 0 d-------- C:\Documents and Settings\Russell Coleman\Application Data\Real 2008-08-10 19:17:26 0 d-------- C:\Documents and Settings\Russell Coleman\Application Data\Creative 2008-08-10 19:16:47 0 d--h----- C:\Documents and Settings\Russell Coleman\Templates 2008-08-10 19:16:47 0 dr------- C:\Documents and Settings\Russell Coleman\Start Menu 2008-08-10 19:16:47 0 dr-h----- C:\Documents and Settings\Russell Coleman\SendTo 2008-08-10 19:16:47 0 dr-h----- C:\Documents and Settings\Russell Coleman\Recent 2008-08-10 19:16:47 0 d--h----- C:\Documents and Settings\Russell Coleman\PrintHood 2008-08-10 19:16:47 1310720 --ah----- C:\Documents and Settings\Russell Coleman\NTUSER.DAT 2008-08-10 19:16:47 0 d--h----- C:\Documents and Settings\Russell Coleman\NetHood 2008-08-10 19:16:47 0 dr------- C:\Documents and Settings\Russell Coleman\My Documents 2008-08-10 19:16:47 0 d--h----- C:\Documents and Settings\Russell Coleman\Local Settings 2008-08-10 19:16:47 0 dr------- C:\Documents and Settings\Russell Coleman\Favorites 2008-08-10 19:16:47 0 d-------- C:\Documents and Settings\Russell Coleman\Desktop 2008-08-10 19:16:47 0 d--hs---- C:\Documents and Settings\Russell Coleman\Cookies 2008-08-10 19:16:47 0 dr-h----- C:\Documents and Settings\Russell Coleman\Application Data 2008-08-10 19:16:47 0 d-------- C:\Documents and Settings\Russell Coleman\Application Data\Sun 2008-08-10 19:16:47 0 d-------- C:\Documents and Settings\Russell Coleman\Application Data\Sonic 2008-08-10 19:16:47 0 d---s---- C:\Documents and Settings\Russell Coleman\Application Data\Microsoft 2008-08-10 19:16:47 0 d-------- C:\Documents and Settings\Russell Coleman\Application Data\Jasc Software Inc 2008-08-10 19:16:47 0 d-------- C:\Documents and Settings\Russell Coleman\Application Data\Identities 2008-08-10 14:53:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-08-09 17:19:03 0 d-------- C:\Documents and Settings\Robin Coleman\Application Data\Symantec 2008-08-09 17:13:58 0 d-------- C:\Program Files\Windows Sidebar 2008-08-09 17:13:23 0 d-------- C:\Program Files\Norton 360 2008-08-09 17:09:44 0 d-------- C:\Program Files\Symantec 2008-08-09 17:09:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec 2008-08-09 17:06:01 0 d-------- C:\Program Files\Common Files\Symantec Shared 2008-08-08 21:54:42 0 d-------- C:\Program Files\VirusRemover2008 2008-08-08 21:35:40 0 d-------- C:\WINDOWS\Prefetch 2008-08-08 18:28:19 0 d-------- C:\Documents and Settings\Robin Coleman\Application Data\Sammsoft 2008-08-08 18:27:45 0 d-------- C:\Program Files\Advanced Registry Optimizer 2008-08-08 12:07:01 0 d-------- C:\Documents and Settings\Robin Coleman\Application Data\TmpRecentIcons 2008-08-08 12:06:27 339968 --a------ C:\WINDOWS\wnlmdakqanr.dll 2008-08-08 12:06:26 233472 --a------ C:\WINDOWS\xokvrpwg.dll 2008-08-08 12:06:26 200704 --a------ C:\WINDOWS\tfnslopk.dll 2008-08-08 12:06:26 86016 --a------ C:\WINDOWS\lnvegaow.exe 2008-08-08 12:06:26 139264 --a------ C:\WINDOWS\eqbn.exe 2008-08-08 12:06:26 192512 --a------ C:\WINDOWS\bgrqfetx.dll 2008-08-08 12:06:18 0 d-------- C:\Program Files\PCHealthCenter 2008-08-08 09:29:06 0 d-------- C:\Program Files\DivX 2008-07-30 12:54:48 0 d-------- C:\WINDOWS\system32\scripting 2008-07-30 12:54:46 0 d-------- C:\WINDOWS\l2schemas 2008-07-30 12:54:44 0 d-------- C:\WINDOWS\system32\en 2008-07-30 11:38:10 0 d-------- C:\Program Files\Common Files\Scanner 2008-07-30 11:26:22 0 d-------- C:\Documents and Settings\Robin Coleman\Application Data\Yahoo! 2008-07-30 11:26:21 0 d-------- C:\Program Files\Yahoo! 2008-07-26 20:33:58 0 d-------- C:\Program Files\iPod 2008-07-26 20:32:39 0 d-------- C:\Program Files\Bonjour 2008-07-25 14:51:22 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-07-18 14:09:54 0 d-------- C:\Program Files\Mindscape -- Find3M Report --------------------------------------------------------------- 2008-08-11 18:26:51 0 d-------- C:\Documents and Settings\Robin Coleman\Application Data\Skype 2008-08-10 19:07:10 0 d-------- C:\Documents and Settings\Robin Coleman\Application Data\Apple Computer 2008-08-10 14:43:19 0 d-------- C:\Documents and Settings\Robin Coleman\Application Data\Real 2008-08-09 17:14:51 0 d-------- C:\Program Files\Common Files 2008-08-07 08:55:42 0 d-------- C:\Program Files\Java 2008-07-30 13:11:42 0 d-------- C:\Program Files\MSN Messenger 2008-07-30 13:06:19 0 d-------- C:\Program Files\Messenger 2008-07-30 12:54:43 0 d-------- C:\Program Files\Movie Maker 2008-07-30 12:47:44 0 d-------- C:\Program Files\Windows NT 2008-07-29 08:40:49 0 d-------- C:\Documents and Settings\Robin Coleman\Application Data\LimeWire 2008-07-28 22:39:03 0 d-------- C:\Program Files\Google 2008-07-28 21:42:46 0 d-------- C:\Program Files\QuickTime 2008-07-26 20:34:25 0 d-------- C:\Program Files\iTunes 2008-07-18 14:13:34 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-07-04 18:38:27 0 d-------- C:\Program Files\Common Files\eSellerate 2008-07-04 18:21:44 0 d-------- C:\Program Files\iPod To Computer Transfer 2008-07-04 13:41:22 179 --a------ C:\handle.dat 2008-06-25 16:32:46 0 d-------- C:\Program Files\Apple Software Update -- Registry Dump --------------------------------------------------------------- Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF78793A-C6D3-4282-B395-CBA1D0599AB6}] HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce CTFMON.EXE REG_SZ C:\WINDOWS\System32\CTFMON.EXE DESKTOP.INI [03/09/2002 09:00:00] HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [15/12/2005 13:00:54] HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer Written by Bobbi Flekman 2006 © GeneralFlags REG_DWORD 1 (0x1) RestoredStateInfo REG_BINARY dcff35010948e9778832e877ffffffffde60e777d0752300 RestoredStateInfo REG_BINARY 180000006a02000023000000a40000009a00000001000000 REGEDIT4 "ChangePasswordUseKerberos"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\GPExtensions] "ProcessGroupPolicy"="ProcessGroupPolicy" 00 "MaxNoGPOListChangesInterval"=dword:000003c0 00 "RequiresSuccessfulRegistry"=dword:00000001 "NoGPOListChanges"=dword:00000001 "RequiresSuccessfulRegistry"=dword:00000001 74,61,6c,6c,65,72,2c,41,70,70,6c,69,63,61,74,69,6f,6e,29,00,00 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\Notify] "Logoff"="ChainWlxLogoffEvent" "Logoff"="CryptnetWlxLogoffEvent" "Asynchronous"=dword:00000001 "Unlock"="WlDimsUnlock" "Unlock"="WinlogonUnlockEvent" "Asynchronous"=dword:00000001 "Logoff"="SchedEventLogOff" "DllName"=hex(2):73,63,6c,67,6e,74,66,79,2e,64,6c,6c,00 "Asynchronous"=dword:00000001 "Disconnect"="TSEventDisconnect" "Event"=dword:00000000 23,14,00,00,00,39,56,74,73,87,28,30,b8,65,c0,5f,76,ce,6d,bb,c5,06,a2,9b,76 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\SpecialAccounts] "ASPNET"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\Credentials] !d;s/.t//;s/ [hkey./n Asynchronous REG_DWORD 0 (0x0) !d;s/.t//;s/ [hkey./n Asynchronous REG_DWORD 0 (0x0) !d;s/.t//;s/ [hkey./n DLLName REG_SZ cscdll.dll !d;s/.t//;s/ [hkey./n HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy !d;s/.t//;s/ [hkey./n !d;s/.t//;s/ [hkey./n DLLName REG_SZ wlnotify.dll !d;s/.t//;s/ [hkey./n Asynchronous REG_DWORD 0 (0x0) !d;s/.t//;s/ [hkey./n Logoff REG_SZ WLEventLogoff !d;s/.t//;s/ [hkey./n DLLName REG_SZ WlNotify.dll !d;s/.t//;s/ [hkey./n Asynchronous REG_DWORD 0 (0x0) !d;s/.t//;s/ [hkey./n Logon REG_SZ WLEventLogon !d;s/.t//;s/ [hkey./n DLLName REG_SZ wlnotify.dll Written by Bobbi Flekman 2006 © HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options CheckAppHelp REG_DWORD 1 (0x1) CheckAppHelp REG_DWORD 1 (0x1) CheckAppHelp REG_DWORD 1 (0x1) CheckAppHelp REG_DWORD 1 (0x1) ApplicationGoo REG_BINARY 140200001002000000020000900434000000560053005f00560045005200530049004f004e005f00 49004e0046004f0000000000bd04effe00000100000007000b000000000007000b0000003f0000000 20000000400010001000000000000000000000000000000440000000100560061007200460069006c 00650049006e0066006f00000000002400040000005400720061006e0073006c006100740069006f0 06e00000000000904e404f0030000010053007400720069006e006700460069006c00650049006e00 66006f000000cc03000001003000340030003900300034004500340000004a001900010043006f006 d006d0065006e007400730000004300720079007300740061006c002000530051004c002000440065 007300690067006e0065007200200037002e0030000000000088003400010043006f006d007000610 06e0079004e0061006d006500000000005300650061006700610074006500200053006f0066007400 7700610072006500200049006e0066006f0072006d006100740069006f006e0020004d0061006e006 100670065006d0065006e0074002000470072006f00750070002c00200049006e0063002e000000ae 00450001004c006500670061006c0043006f007000790072006900670068007400000043006f00700 07900720069006700680074002000280063002900200031003900390031002d003100390039001000 000000000000 CheckAppHelp REG_DWORD 1 (0x1) CheckAppHelp REG_DWORD 1 (0x1) CheckAppHelp REG_DWORD 1 (0x1) CheckAppHelp REG_DWORD 1 (0x1) DisableHeapLookAside REG_SZ 1 CheckAppHelp REG_DWORD 1 (0x1) CheckAppHelp REG_DWORD 1 (0x1) ApplicationGoo REG_BINARY 5409000054020000000200008c0334000000560053005f00560045005200530049004f004e005f00 49004e0046004f0000000000bd04effe000001000200a8112e0400000200a8112e0400003f0000002 00000000400000001000000000000000000000000000000ec020000010053007400720069006e0067 00460069006c00650049006e0066006f000000c802000001003000300030003000300034006200300 0000038001000010043006f006d006d0065006e007400730000004f007200690067006e0061006c00 2000560065007200730069006f006e00000042001100010043006f006d00700061006e0079004e006 1006d006500000000005300410050002000410047002c002000570061006c006c0064006f00720066 00000000005a0019000100460069006c0065004400650073006300720069007000740069006f006e0 0000000005300410050002000460072006f006e00740065006e006400200066006f00720020005700 69006e0064006f0077007300000000003c000e000100460069006c006500560065007200730069006 f006e000000000034003500320030002e0032002e0030002e00310030003700300000003200090001 0049006e007400650072006e0061006c004e0061006d0065000000460045005700460052004f004e0 05400000000007a002b0001004c006500670061006c0043006f007000790072006900670068000200 000000000000010000004c0000003cfd0600040000000000000065050000020000000300000000000 100530065007200760069006300650020005000610063006b00200033000000230054020000000200 008c0334000000560053005f00560045005200530049004f004e005f0049004e0046004f000000000 0bd04effe0000010003009e112604000003009e11260400003f000000200000000400000001000000 000000000000000000000000ec020000010053007400720069006e006700460069006c00650049006 e0066006f000000c8020000010030003000300030003000340062003000000038001000010043006f 006d006d0065006e007400730000004f007200690067006e0061006c0020005600650072007300690 06f006e00000042001100010043006f006d00700061006e0079004e0061006d006500000000005300 410050002000410047002c002000570061006c006c0064006f0072006600000000005a00190001004 60069006c0065004400650073006300720069007000740069006f006e000000000053004100500020 00460072006f006e00740065006e006400200066006f0072002000570069006e0064006f007700730 0000000003c000e000100460069006c006500560065007200730069006f006e000000000034003500 310030002e0033002e0030002e003100300036003200000032000900010049006e007400650072006 e0061006c004e0061006d0065000000460045005700460052004f004e005400000000007a002b0001 004c006500670061006c0043006f007000790072006900670068000200000000000000010000004c0 000003cfd060004000000000000006505000002000000030000000000010053006500720076006900 6300650020005000610063006b0020003300000023005402000000020000200334000000560053005 f00560045005200530049004f004e005f0049004e0046004f0000000000bd04effe00000100000004 00f003000000000400f00300003f00000000000000040001000100000000000000000000000000000 07e020000010053007400720069006e006700460069006c00650049006e0066006f0000005a020000 01003000340030003900300034004500340000002e000700010043006f006d00700061006e0079004 e0061006d00650000000000530041005000200041004700000000005a0019000100460069006c0065 004400650073006300720069007000740069006f006e00000000005300410050002000460072006f0 06e00740065006e006400200066006f0072002000570069006e0064006f0077007300000000003600 0b000100460069006c006500560065007200730069006f006e000000000034002e0030002e0030002 e003100300030003800000000002c000600010049006e007400650072006e0061006c004e0061006d 0065000000460052004f004e00540000005e001d0001004c006500670061006c0043006f007000790 072006900670068007400000043006f0070007900720069006700680074002000a900200031003900 390033002d0031003900390037002000530041005000200041004700000000002800000001004c006 500670061006c0054007200610064000200000000000000010000004c0000003cfd06000400000000 000000650500000200000003000000000001005300650072007600690063006500200050006100630 06b0020003300000023005402000000020000180334000000560053005f0056004500520053004900 4f004e005f0049004e0046004f0000000000bd04effe0000010000000400dd03000000000400dd030 0003f0000000000000004000100010000000000000000000000000000007802000001005300740072 0069006e006700460069006c00650049006e0066006f0000005402000001003000340030003900300 034004500340000002e000700010043006f006d00700061006e0079004e0061006d00650000000000 530041005000200041004700000000005a0019000100460069006c006500440065007300630072006 9007000740069006f006e00000000005300410050002000460072006f006e00740065006e00640020 0066006f0072002000570069006e0064006f00770073000000000034000a000100460069006c00650 0560065007200730069006f006e000000000034002e0030002e0030002e0039003800390000002c00 0600010049006e007400650072006e0061006c004e0061006d0065000000460052004f004e0054000 0005e001d0001004c006500670061006c0043006f007000790072006900670068007400000043006f 0070007900720069006700680074002000a900200031003900390033002d003100390039003700200 0530041005000200041004700000000002800000001004c006500670061006c005400720061006400 65006d000200000000000000010000004c0000003cfd0600040000000000000065050000020000000 300000000000100530065007200760069006300650020005000610063006b002000330000002300 CheckAppHelp REG_DWORD 1 (0x1) CheckAppHelp REG_DWORD 1 (0x1) CheckAppHelp REG_DWORD 1 (0x1) CheckAppHelp REG_DWORD 1 (0x1) ApplicationGoo REG_BINARY 5802000054020000000200006c0734000000560053005f00560045005200530049004f004e005f00 49004e0046004f0000000000bd04effe00000100050005000700a807050005000700a8073f0000000 00000000400040001000000000000000000000000000000cc060000010053007400720069006e0067 00460069006c00650049006e0066006f0000005403000001003000340030003900300034004200300 0000018000000010043006f006d006d0065006e007400730000004c001600010043006f006d007000 61006e0079004e0061006d006500000000004d006900630072006f0073006f0066007400200043006 f00720070006f0072006100740069006f006e000000680020000100460069006c0065004400650073 006300720069007000740069006f006e00000000004d006900630072006f0073006f0066007400200 0450078006300680061006e0067006500200053006500720076006500720020005300650074007500 7000000036000b000100460069006c006500560065007200730069006f006e000000000035002e003 5002e0031003900360030002e003700000000002c000600010049006e007400650072006e0061006c 004e0061006d00650000005300650074007500700000009c003c0001004c006500670061006c00430 06f007000790072006900670068007400000043006f00700079007200690067006800740020000200 000000000000010000004c0000003cfd0600050000000000000065050000020000000300000002000 000530065007200760069006300650020005000610063006b002000340000002300 CheckAppHelp REG_DWORD 1 (0x1) CheckAppHelp REG_DWORD 1 (0x1) CheckAppHelp REG_DWORD 1 (0x1) CheckAppHelp REG_DWORD 1 (0x1) CheckAppHelp REG_DWORD 1 (0x1) CheckAppHelp REG_DWORD 1 (0x1) ApplicationGoo REG_BINARY 580200005402000000020000440234000000560053005f00560045005200530049004f004e005f00 49004e0046004f0000000000bd04effe00000100010001000c000000010001000c000000000000000 00000000400000001000000000000000000000000000000440000000000560061007200460069006c 00650049006e0066006f00000000002400040000005400720061006e0073006c006100740069006f0 06e00000000000904b004a4010000010053007400720069006e006700460069006c00650049006e00 66006f00000080010000010030003400300039003000340042003000000040002000010043006f006 d00700061006e0079004e0061006d00650000000000440065004c006f0072006d00650020004d0061 007000700069006e0067000000440022000100500072006f0064007500630074004e0061006d00650 0000000005200650067002000280044004c0069006200620079005c006d0073006600290000000000 340014000100460069006c006500560065007200730069006f006e000000000031002e00300031002 e0030003000310032000000380014000100500072006f006400750063007400560065007200730069 006f006e00000031002e00300031002e003000300031003200000034001200010049006e007400650 072006e0061006c004e0061006d00650000004d004e00470052004500470033003200000000000200 000000000000010000004c0000003cfd0600040000000000000065050000020000000300000000000 100530065007200760069006300650020005000610063006b002000330000002300 CheckAppHelp REG_DWORD 1 (0x1) CheckAppHelp REG_DWORD 1 (0x1) CheckAppHelp REG_DWORD 1 (0x1) CheckAppHelp REG_DWORD 1 (0x1) CheckAppHelp REG_DWORD 1 (0x1) CheckAppHelp REG_DWORD 1 (0x1) CheckAppHelp REG_DWORD 1 (0x1) CheckAppHelp REG_DWORD 1 (0x1) CheckAppHelp REG_DWORD 1 (0x1) CheckAppHelp REG_DWORD 1 (0x1) GlobalFlag REG_SZ 0x00200000 CheckAppHelp REG_DWORD 1 (0x1) CheckAppHelp REG_DWORD 1 (0x1) GlobalFlag REG_SZ 0x00200000 DisableHeapLookAside REG_SZ 1 DisableHeapLookAside REG_SZ 1 ApplicationGoo REG_BINARY 140200001002000000020000b40234000000560053005f00560045005200530049004f004e005f00 49004e0046004f0000000000bd04effe00000100350007000000000035000700000000003f0000000 0000000040000000100000000000000000000000000000012020000010053007400720069006e0067 00460069006c00650049006e0066006f000000ee01000001003000340030003900300034006200300 0000042001100010043006f006d00700061006e0079004e0061006d00650000000000500065006f00 70006c00650053006f00660074002c00200049006e0063002e0000000000280000000100460069006 c0065004400650073006300720069007000740069006f006e00000000002a0005000100460069006c 006500560065007200730069006f006e000000000037002e0035003300000000009c003c0001004c0 06500670061006c0043006f007000790072006900670068007400000043006f007000790072006900 6700680074002000a900200031003900380038002d0031003900390038002000500065006f0070006 c00650053006f00660074002c00200049006e0063002e002000200041006c006c0020005200690067 0068007400730020005200650073006500720076006500640000003c000a0001004f0072006900670 069006e0061006c00460069006c0065006e0061006d00650000007000730064006d0074002e001000 000000000000 DisableHeapLookAside REG_SZ 1 DisableHeapLookAside REG_SZ 1 CheckAppHelp REG_DWORD 1 (0x1) ApplicationGoo REG_BINARY 000700005402000000020000840734000000560053005f00560045005200530049004f004e005f00 49004e0046004f0000000000bd04effe00000100050005000700a807050005000700a8073f0000000 00000000400040001000000000000000000000000000000e4060000010053007400720069006e0067 00460069006c00650049006e0066006f0000006003000001003000340030003900300034004200300 0000018000000010043006f006d006d0065006e007400730000004c001600010043006f006d007000 61006e0079004e0061006d006500000000004d006900630072006f0073006f0066007400200043006 f00720070006f0072006100740069006f006e000000680020000100460069006c0065004400650073 006300720069007000740069006f006e00000000004d006900630072006f0073006f0066007400200 0450078006300680061006e0067006500200053006500720076006500720020005300650074007500 7000000036000b000100460069006c006500560065007200730069006f006e000000000035002e003 5002e0031003900360030002e003700000000002c000600010049006e007400650072006e0061006c 004e0061006d00650000005300650074007500700000009e003d0001004c006500670061006c00430 06f007000790072006900670068007400000043006f00700079007200690067006800740020000200 000000000000010000004c0000003cfd0600050000000000000065050000020000000000000000000 000530065007200760069006300650020005000610063006b00200033000000240054020000000200 00a40834000000560053005f00560045005200530049004f004e005f0049004e0046004f000000000 0bd04effe00000100050005000700a807050005000700a8073f000000000000000400040001000000 00000000000000000000000004080000010053007400720069006e006700460069006c00650049006 e0066006f000000f0030000010030003400300039003000340042003000000018000000010043006f 006d006d0065006e007400730000004c001600010043006f006d00700061006e0079004e0061006d0 06500000000004d006900630072006f0073006f0066007400200043006f00720070006f0072006100 740069006f006e000000680020000100460069006c006500440065007300630072006900700074006 9006f006e00000000004d006900630072006f0073006f00660074002000450078006300680061006e 00670065002000530065007200760065007200200053006500740075007000000036000b000100460 069006c006500560065007200730069006f006e000000000035002e0035002e003100390036003000 2e003700000000002c000600010049006e007400650072006e0061006c004e0061006d00650000005 30065007400750070000000a600410001004c006500670061006c0043006f00700079007200690067 0068007400000043006f00700079007200690067006800740020000200000000000000010000004c0 000003cfd060005000000000000006505000002000000000000000000000053006500720076006900 6300650020005000610063006b0020003300000024005402000000020000180434000000560053005 f00560045005200530049004f004e005f0049004e0046004f0000000000bd04effe00000100050005 000700a807050005000700a8073f00000000000000040004000100000000000000000000000000000 078030000010053007400720069006e006700460069006c00650049006e0066006f00000054030000 010030003400300039003000340042003000000018000000010043006f006d006d0065006e0074007 30000004c001600010043006f006d00700061006e0079004e0061006d006500000000004d00690063 0072006f0073006f0066007400200043006f00720070006f0072006100740069006f006e000000680 020000100460069006c0065004400650073006300720069007000740069006f006e00000000004d00 6900630072006f0073006f00660074002000450078006300680061006e00670065002000530065007 200760065007200200053006500740075007000000036000b000100460069006c0065005600650072 00730069006f006e000000000035002e0035002e0031003900360030002e003700000000002c00060 0010049006e007400650072006e0061006c004e0061006d0065000000530065007400750070000000 9a003b0001004c006500670061006c0043006f007000790072006900670068007400000043006f007 00079007200690067006800740020000200000000000000010000004c0000003cfd06000500000000 000000650500000200000000000000000000005300650072007600690063006500200050006100630 06b002000330000002400 ApplicationGoo REG_BINARY 140200001002000000020000040334000000560053005f00560045005200530049004f004e005f00 49004e0046004f0000000000bd04effe000001001c0008000000000000000800000000003f0000000 0000000040000000100000000000000000000000000000064020000010053007400720069006e0067 00460069006c00650049006e0066006f0000004002000001003000340030003900300034006200300 0000044001200010043006f006d00700061006e0079004e0061006d0065000000000043006f007200 65006c00200043006f00720070006f0072006100740069006f006e0000004e0013000100460069006 c0065004400650073006300720069007000740069006f006e000000000043006f00720065006c0020 00530065007400750070002000570069007a00610072006400000000002c0006000100460069006c0 06500560065007200730069006f006e000000000038002e0030003200380000004600130001004900 6e007400650072006e0061006c004e0061006d006500000043006f00720065006c002000530065007 400750070002000570069007a00610072006400000000006c00240001004c006500670061006c0043 006f007000790072006900670068007400000043006f0070007900720069006700680074002000a90 0200031003900390037002c00200043006f00720065006c00200043006f00720070006f0072000800 000000000000 ApplicationGoo REG_BINARY 140200001002000000020000380334000000560053005f00560045005200530049004f004e005f00 49004e0046004f0000000000bd04effe0000010002000a0001000a0002000a0001000a00000000000 0000000040001000100000000000000000000000000000098020000010053007400720069006e0067 00460069006c00650049006e0066006f0000007402000001003000340030003900300034004500340 000004a001500010043006f006d00700061006e0079004e0061006d00650000000000530079006d00 61006e00740065006300200043006f00720070006f0072006100740069006f006e000000000060001 c000100460069006c0065004400650073006300720069007000740069006f006e0000000000530079 006d0061006e007400650063002000530079006d006500760065006e007400200049006e007300740 061006c006c0065007200000034000a000100460069006c006500560065007200730069006f006e00 00000000310030002e0032002e00310030002e003100000030000800010049006e007400650072006 e0061006c004e0061006d006500000053004500560049004e005300540000007e002d0001004c0065 00670061006c0043006f007000790072006900670068007400000043006f007000790072006900670 06800740020002800430029002000530079006d0061006e00740065006300200043006f0072000100 000000000000 CheckAppHelp REG_DWORD 1 (0x1) CheckAppHelp REG_DWORD 1 (0x1) CheckAppHelp REG_DWORD 1 (0x1) DisableHeapLookAside REG_SZ 1 CheckAppHelp REG_DWORD 1 (0x1) CheckAppHelp REG_DWORD 1 (0x1) CheckAppHelp REG_DWORD 1 (0x1) CheckAppHelp REG_DWORD 1 (0x1) DisableHeapLookAside REG_SZ 1 CheckAppHelp REG_DWORD 1 (0x1) ApplicationGoo REG_BINARY 1402000010020000000200007c0334000000560053005f00560045005200530049004f004e005f00 49004e0046004f0000000000bd04effe00000100000001000900260000000100090026003f0000000 00000000400000001000000000000000000000000000000dc020000010053007400720069006e0067 00460069006c00650049006e0066006f000000b802000001003000340030003900300034006200300 0000066002700010043006f006d006d0065006e0074007300000042007500730069006e0065007300 7300200049006e00740065006c006c006900670065006e006300650020006f006e002000450076006 5007200790020004400650073006b0074006f0070000000000048001400010043006f006d00700061 006e0079004e0061006d0065000000000043006f0067006e006f007300200049006e0063006f00720 070006f0072006100740065006400000060001c000100460069006c00650044006500730063007200 69007000740069006f006e000000000043006f0067006e006f0073002000470065006e00650072006 9006300200049006e007300740061006c006c006100740069006f006e00000038000c000100460069 006c006500560065007200730069006f006e000000000031002c00200030002c002000330038002c0 020003900000030000800010049006e007400650072006e0061006c004e0061006d00650000000100 000000000000 GlobalFlag REG_SZ 0x000010F0 ApplicationGoo REG_BINARY 140200001002000000020000a40234000000560053005f00560045005200530049004f004e005f00 49004e0046004f0000000000bd04effe00000100000001000100000000000100010000003f0000000 0000000010001000100000000000000000000000000000004020000010053007400720069006e0067 00460069006c00650049006e0066006f000000e001000001003000340030003900300034004500340 0000020000000010043006f006d00700061006e0079004e0061006d00650000000000580018000100 460069006c0065004400650073006300720069007000740069006f006e000000000049004e0053005 40041004c004c0020004d004600430020004100700070006c00690063006100740069006f006e0000 00300008000100460069006c006500560065007200730069006f006e000000000031002e0030002e0 0300030003100000030000800010049006e007400650072006e0061006c004e0061006d0065000000 49004e005300540041004c004c0000002400000001004c006500670061006c0043006f00700079007 200690067006800740000002800000001004c006500670061006c00540072006100640065006d0061 0072006b0073000000000040000c0001004f0072006900670069006e0061006c00460069006c00650 06e0061006d006500000049004e005300540041004c004c002e004500580045000000300008000800 000000000000 "Notification Packages scecli Written by Bobbi Flekman 2006 © Error: Key: software\microsoft\windows\currentversion\group policy\state does not exist! Written by Bobbi Flekman 2006 © SecurityProviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders\SaslProfiles HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders\SCHANNEL HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders\WDigest SafeBoot registry key needs repairs. This machine cannot enter Safe Mode. [hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\File system] @="Driver Group" [hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\RpcSs] @="Service" [hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\vgasave.sys] @="Driver" [hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] @="DiskDrive" [hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] @="Hdc" [hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] @="Keyboard" [hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] @="Mouse" [hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] @="System" [hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] @="Volume" SteelWerX Registry Console Tool 2.0 Written by Bobbi Flekman 2006 © Error: Key: software\microsoft\shared tools\msconfig\startupfolder does not exist! SteelWerX Registry Console Tool 2.0 Written by Bobbi Flekman 2006 © Error: Key: software\microsoft\shared tools\msconfig\startupreg does not exist! HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\termsvcs Written by Bobbi Flekman 2006 © HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components 7,0,5730,0 * 2,0,0,0 6,0,5730,11 en 2,0,0,0 01000000 C:\WINDOWS\System32\msjava.dll EN 01000000 01000000 EN 01000000 11,0,5721,5145 1 (0x1) Adobe Shockwave Director 10.1.4 DirectAnimation Adobe Shockwave Director 10.1.4 1,1,1,7 * 1,397,2406,1 Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) 6,0,2800,1106 1 (0x1) EN 11,0,5721,5145 0400090000008603 4,71,1113,0 7,0,5730,11 3 (0x3) 5,6,0,8513 C:\Program Files\Messenger\msmsgs.exe 5,00,2918,1900 KB918439 7,0,5730,11 C:\WINDOWS\System32\msieftp.dll 11,0,5721,5145 4,9,9,2 WAB Q831167 en en HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}\AuthorizedCDFPrefix 2 (0x2) EN 1 (0x1) 7,0,5730,11 6,0,5730,11 .NET Framework 4,71,1968,1 2,1,4026,0 HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000} KB925486 6,0,5730,11 5,0,00,0 Q832894 KB911567 -- End of Deckard's System Scanner: finished at 2008-08-11 19:12:17 ------------ Ahuge thanks in advance to anyone who can assist. Regards, Robin.

RobinC

Aug 11 2008, 02:35 PM

Post #2

Member

Posts: 15
OS: XP

I have also run SMITFRAUDFIX per some other bulletin board entries here:

Option 1 Search returned this log:

SmitFraudFix v2.334

Scan done at 21:22:59.09, 11/08/2008
Run from C:\Documents and Settings\Robin Coleman\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is
Fix run in normal mode

�� Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\V0250Mon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\lexpps.exe
C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Robin Coleman\Desktop\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

�� hosts

�� C:\

�� C:\WINDOWS

�� C:\WINDOWS\system

�� C:\WINDOWS\Web

�� C:\WINDOWS\system32

�� C:\WINDOWS\system32\LogFiles

�� C:\Documents and Settings\Robin Coleman

�� C:\Documents and Settings\Robin Coleman\Application Data

�� Start Menu

�� C:\DOCUME~1\ROBINC~1\FAVORI~1

C:\DOCUME~1\ROBINC~1\FAVORI~1\Error Cleaner.url FOUND !
C:\DOCUME~1\ROBINC~1\FAVORI~1\Privacy Protector.url FOUND !
C:\DOCUME~1\ROBINC~1\FAVORI~1\Spyware?Malware Protection.url FOUND !

�� Desktop

�� C:\Program Files

�� Corrupted keys

�� Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="http://www.broadjam.com/search/images/hifimp3.gif"
"SubscribedURL"="about:home"
"FriendlyName"=""

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

�� IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

�� VACFix
!!!Attention, following keys are not inevitably infected!!!

�� 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

�� Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

�� AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

�� Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""

�� Rustock

�� DNS

Description: RTL8139D PCI Fast Ethernet Adapter - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.254

Description: RTL8139D PCI Fast Ethernet Adapter - Packet Scheduler Miniport
DNS Server Search Order: 192.168.0.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{4A04A61E-7DB6-4CD7-92B9-9EE45D22E434}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{82CF646D-F8D0-42D2-BCAC-54ECF326BF5D}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{4A04A61E-7DB6-4CD7-92B9-9EE45D22E434}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{82CF646D-F8D0-42D2-BCAC-54ECF326BF5D}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\..\{4A04A61E-7DB6-4CD7-92B9-9EE45D22E434}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{82CF646D-F8D0-42D2-BCAC-54ECF326BF5D}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254

�� Scanning for wininet.dll infection

�� End

Option 2 Clean returned this log:

SmitFraudFix v2.334

Scan done at 21:26:22.87, 11/08/2008
Run from C:\Documents and Settings\Robin Coleman\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is
Fix run in normal mode

�� SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected&