[mdesantis]

Logfile of HijackThis v1.99.1
Scan saved at 3:20:08 PM, on 12/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\DOCUME~1\MARKDE~1\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {10C776FB-1EFD-4E99-BC17-BAB0F26EFA10} - c:\windows\system32\dmscriptl.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {AA649F62-074F-4B1E-A61B-85836CEC2AFB} - C:\WINDOWS\system32\dxmasfq.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [WindowsHive] C:\WINDOWS\system32\rpcc.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O20 - Winlogon Notify: guoiocds - C:\WINDOWS\SYSTEM32\dmscriptl.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

[mdesantis]

HELP, HELP,

Posted yesterday and things have gotten dramatically worse. rebooted last nite and now i cannot open ie or anything on internet. getting a virus warning and redirect to avsystems.com and on desktop screen bogus scanning operation. computer is snail slow. please see oringal hijack this log above. this is my bussiness computer at home and im toast without it nay help is greatly appreciated.

thanx in advance
Mark

PS. iam sending this reply from my actual at work computer not he infected one

[Rorschach112]

Hello

CLICK THIS TO LINK TO BE SURE YOU CAN VIEW HIDDEN FILES

Please go here:
The Spy Killer Forum

• Click on "New Topic"
  
• Put your name, e-mail address, and this as the title: "c:\windows\system32\dmscriptl.dll"
  
• Put a link to this topic in the description box.
  
• Then next to the file box, at the bottom, click the browse button, then navigate to this file:
  
  
  • c:\windows\system32\dmscriptl.dll
  
  
  
• Click Open.
  
• Click Post.

Thank you!


Repeat that for this file

C:\WINDOWS\system32\dxmasfq.dll




Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

• Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  
• Under Additional Scans on the bottom right, check the boxes for Reg - Disabled MS Config Items.
  
• Now click the Run Scan button on the toolbar.
  
• When the scan is complete Notepad will open with the report file loaded in it.
  
• Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Use the Add Reply button and Copy/Paste the information back here in an attachment. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in the attached report.

Make sure you attach the report in your reply.

[mdesantis]

hello rorshack,

Cant even get on the internet from infected computer to follow your directives or even post to other forum. writing this from another computer at work im not really savy with this stuff so now im really lost. sent you an email with two adresses. can open at work but not from infected computer because it has shut down my iexplorerer. im frantic infeceted computer is my personal office computer for mty company. any way to handle this with out internet access from infected computer?

this thing turns off my mcafee virus suite temporarily, slows launch of my zonelabs firewall (cable modem) , and shuts down browser by messing with winsock?


thanxs and sorry i cant move to another forum,

Mark

[Rorschach112]

You will need to use a USB flash key or a cd to transfer some of the tools over to the infected PC, so that you can run them.

So transfer WinPFind3.exe over and follow my instructions.

[mdesantis]

Hi rorschach, well had to run a purchased spyware detector to find a rpcc. trojan and numerous uglies reinstalled windows over old os and finnally got back networking but the files you requested are still there in registry so good luck looking at my screwed up machine and windows ie is attempting to act as aserver on internet but my zonelabs firewall told me and i am denying access for now till i get a green lite from you ,ok ,thankyou so much for your help. and i posted the files you directed to the spyware site






WinPFind3 logfile created on: 12/9/2007 10:50:24 AM
WinPFind3U by OldTimer - Version 1.0.44 Folder = C:\Documents and Settings\Mark DeSantis\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

2.00 Gb Total Physical Memory | 1.48 Gb Available Physical Memory | 74.01% Memory free
3.85 Gb Paging File | 3.50 Gb Available in Paging File | 91.05% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.18 Gb Total Space | 17.96 Gb Free Space | 52.54% Space Free
D: Drive not present or media not loaded
Drive E: | 40.32 Gb Total Space | 34.82 Gb Free Space | 86.37% Space Free
F: Drive not present or media not loaded

Computer Name: QUARTZ-3E62E170
Current User Name: Mark DeSantis
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
dvd43_tray.exe -> %ProgramFiles%\dvd43\dvd43_tray.exe -> [Ver = 3.9.0.0 | Size = 694272 bytes | Modified Date = 5/22/2006 12:26:00 PM | Attr = ]
hpqste08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqste08.exe -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.170.000 | Size = 239320 bytes | Modified Date = 2/19/2006 5:24:52 AM | Attr = ]
hpqtra08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.170.000 | Size = 288472 bytes | Modified Date = 2/19/2006 4:21:22 AM | Attr = ]
hpwuschd2.exe -> %ProgramFiles%\HP\HP Software Update\HPWuSchd2.exe -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.170.000 | Size = 49152 bytes | Modified Date = 2/19/2006 2:41:10 AM | Attr = ]
hpzipm12.exe -> %System32%\hpzipm12.exe -> HP [Ver = 10, 1, 1, 6 | Size = 73728 bytes | Modified Date = 8/9/2007 2:27:52 AM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_01\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 83608 bytes | Modified Date = 3/14/2007 2:43:44 AM | Attr = ]
lssrvc.exe -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.136.1 | Size = 61440 bytes | Modified Date = 12/14/2006 4:49:10 PM | Attr = ]
mcagent.exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> McAfee, Inc [Ver = 6, 0, 0, 16 | Size = 303104 bytes | Modified Date = 9/22/2005 5:29:08 PM | Attr = ]
mcdetect.exe -> %ProgramFiles%\McAfee.com\Agent\Mcdetect.exe -> McAfee, Inc [Ver = 6, 0, 0, 19 | Size = 126976 bytes | Modified Date = 10/13/2005 6:56:16 PM | Attr = ]
mctskshd.exe -> %ProgramFiles%\McAfee.com\Agent\McTskshd.exe -> McAfee, Inc [Ver = 6, 0, 0, 13 | Size = 122368 bytes | Modified Date = 8/24/2005 3:01:04 PM | Attr = ]
nmbgmonitor.exe -> %CommonProgramFiles%\Ahead\Lib\NMBgMonitor.exe -> Nero AG [Ver = 1, 5, 13, 0 | Size = 143360 bytes | Modified Date = 12/23/2006 5:05:20 PM | Attr = ]
nmindexingservice.exe -> %CommonProgramFiles%\Ahead\Lib\NMIndexingService.exe -> Nero AG [Ver = 1, 5, 13, 0 | Size = 262144 bytes | Modified Date = 12/23/2006 4:54:04 PM | Attr = ]
nmindexstoresvr.exe -> %CommonProgramFiles%\Ahead\Lib\NMIndexStoreSvr.exe -> Nero AG [Ver = 1, 5, 13, 0 | Size = 905216 bytes | Modified Date = 12/23/2006 5:04:42 PM | Attr = ]
nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.9371 | Size = 159810 bytes | Modified Date = 10/22/2006 12:22:00 PM | Attr = ]
opwarese4.exe -> %ProgramFiles%\ScanSoft\OmniPageSE4.0\OpwareSE4.exe -> ScanSoft, Inc. [Ver = 15.0 | Size = 75304 bytes | Modified Date = 10/11/2006 11:45:12 AM | Attr = ]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 6.5 | Size = 98304 bytes | Modified Date = 2/11/2006 2:56:44 PM | Attr = ]
realplay.exe -> %ProgramFiles%\Real\RealPlayer\realplay.exe -> RealNetworks, Inc. [Ver = 6.0.9.584 | Size = 26112 bytes | Modified Date = 2/11/2006 2:56:28 PM | Attr = ]
sdservice.exe -> %ProgramFiles%\SpywareDetector\SDService.exe -> Max Secure Software [Ver = 6, 0, 4, 2 | Size = 251344 bytes | Modified Date = 9/17/2007 1:40:04 PM | Attr = ]
sdsystemtray.exe -> %ProgramFiles%\SpywareDetector\SDSystemTray.exe -> Max Secure Software [Ver = 3, 0, 4, 6 | Size = 681424 bytes | Modified Date = 9/17/2007 1:40:14 PM | Attr = ]
soundman.exe -> %SystemRoot%\SOUNDMAN.EXE -> Realtek Semiconductor Corp. [Ver = 5.1.0.24 | Size = 65024 bytes | Modified Date = 2/26/2004 3:53:30 AM | Attr = ]
vsmon.exe -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.408.000 | Size = 75304 bytes | Modified Date = 9/6/2007 4:14:18 PM | Attr = ]
wincinemamgr.exe -> %ProgramFiles%\InterVideo\Common\Bin\WinCinemaMgr.exe -> InterVideo Inc. [Ver = 1.8.1 | Size = 184320 bytes | Modified Date = 1/27/2004 1:59:40 AM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.44.0 | Size = 371200 bytes | Modified Date = 11/21/2007 9:19:46 AM | Attr = ]
wrtmon.exe -> %System32%\spool\drivers\w32x86\3\WrtMon.exe -> [Ver = 1, 0, 0, 1 | Size = 20480 bytes | Modified Date = 9/20/2006 7:35:26 AM | Attr = ]
wrtproc.exe -> %System32%\spool\drivers\w32x86\3\WrtProc.exe -> [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 9/19/2006 3:05:32 PM | Attr = ]
zlclient.exe -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.408.000 | Size = 919016 bytes | Modified Date = 9/6/2007 4:14:18 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
(LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.136.1 | Size = 61440 bytes | Modified Date = 12/14/2006 4:49:10 PM | Attr = ]
(McDetect.exe) McAfee WSC Integration [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee.com\Agent\Mcdetect.exe -> McAfee, Inc [Ver = 6, 0, 0, 19 | Size = 126976 bytes | Modified Date = 10/13/2005 6:56:16 PM | Attr = ]
(McTskshd.exe) McAfee Task Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee.com\Agent\McTskshd.exe -> McAfee, Inc [Ver = 6, 0, 0, 13 | Size = 122368 bytes | Modified Date = 8/24/2005 3:01:04 PM | Attr = ]
(mcupdmgr.exe) McAfee SecurityCenter Update Manager [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\McAfee.com\Agent\mcupdmgr.exe -> McAfee, Inc [Ver = 6, 0, 0, 4 | Size = 245760 bytes | Modified Date = 7/1/2005 6:22:50 PM | Attr = ]
(NMIndexingService) NMIndexingService [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Ahead\Lib\NMIndexingService.exe -> Nero AG [Ver = 1, 5, 13, 0 | Size = 262144 bytes | Modified Date = 12/23/2006 4:54:04 PM | Attr = ]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.9371 | Size = 159810 bytes | Modified Date = 10/22/2006 12:22:00 PM | Attr = ]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Running] -> %System32%\hpzipm12.exe -> HP [Ver = 10, 1, 1, 6 | Size = 73728 bytes | Modified Date = 8/9/2007 2:27:52 AM | Attr = ]
(SDService) SDService [Win32_Own | Auto | Running] -> %ProgramFiles%\SpywareDetector\SDService.exe -> Max Secure Software [Ver = 6, 0, 4, 2 | Size = 251344 bytes | Modified Date = 9/17/2007 1:40:04 PM | Attr = ]
(vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Running] -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.408.000 | Size = 75304 bytes | Modified Date = 9/6/2007 4:14:18 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
dvd43 -> %ProgramFiles%\dvd43\dvd43_tray.exe -> [Ver = 3.9.0.0 | Size = 694272 bytes | Modified Date = 5/22/2006 12:26:00 PM | Attr = ]
HP Software Update -> %ProgramFiles%\HP\HP Software Update\HPWuSchd2.exe -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.170.000 | Size = 49152 bytes | Modified Date = 2/19/2006 2:41:10 AM | Attr = ]
MCAgentExe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> McAfee, Inc [Ver = 6, 0, 0, 16 | Size = 303104 bytes | Modified Date = 9/22/2005 5:29:08 PM | Attr = ]
MCUpdateExe -> %ProgramFiles%\McAfee.com\Agent\mcupdate.exe -> McAfee, Inc [Ver = 6, 0, 0, 21 | Size = 212992 bytes | Modified Date = 1/11/2006 11:05:42 AM | Attr = ]
NeroFilterCheck -> %CommonProgramFiles%\Ahead\Lib\NeroCheck.exe -> Nero AG [Ver = 1, 0, 0, 5 | Size = 155648 bytes | Modified Date = 1/12/2006 2:40:44 PM | Attr = ]
NvCplDaemon -> %System32%\nvcpl.dll ["RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.9371 | Size = 7700480 bytes | Modified Date = 10/22/2006 12:22:00 PM | Attr = ]
NvMediaCenter -> %System32%\nvmctray.dll ["RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.10.9371 | Size = 86016 bytes | Modified Date = 10/22/2006 12:22:00 PM | Attr = ]
nwiz -> %System32%\nwiz.exe -> [Ver = | Size = 1622016 bytes | Modified Date = 10/22/2006 12:22:00 PM | Attr = ]
OpwareSE4 -> %ProgramFiles%\ScanSoft\OmniPageSE4.0\OpwareSE4.exe -> ScanSoft, Inc. [Ver = 15.0 | Size = 75304 bytes | Modified Date = 10/11/2006 11:45:12 AM | Attr = ]
Ptipbmf -> %System32%\ptipbmf.dll ["rundll32.exe" ptipbmf.dll,SetWriteCacheMode] -> Promise Technology, Inc. [Ver = 1.00.0.3 | Size = 118784 bytes | Modified Date = 6/20/2003 10:06:56 AM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 6.5 | Size = 98304 bytes | Modified Date = 2/11/2006 2:56:44 PM | Attr = ]
RealTray -> %ProgramFiles%\Real\RealPlayer\realplay.exe -> RealNetworks, Inc. [Ver = 6.0.9.584 | Size = 26112 bytes | Modified Date = 2/11/2006 2:56:28 PM | Attr = ]
SDAutoLiveupdate -> %ProgramFiles%\SpywareDetector\LiveUpdateSD.exe -> Max Secure Software [Ver = 5, 0, 3, 8 | Size = 402896 bytes | Modified Date = 9/17/2007 1:39:56 PM | Attr = ]
SoundMan -> %SystemRoot%\SOUNDMAN.EXE -> Realtek Semiconductor Corp. [Ver = 5.1.0.24 | Size = 65024 bytes | Modified Date = 2/26/2004 3:53:30 AM | Attr = ]
SSBkgdUpdate -> %CommonProgramFiles%\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -> Nuance Communications, Inc. [Ver = 5,0,0,0 | Size = 185896 bytes | Modified Date = 9/28/2006 12:16:20 PM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_01\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 83608 bytes | Modified Date = 3/14/2007 2:43:44 AM | Attr = ]
SystemTraySD -> %ProgramFiles%\SpywareDetector\SDSystemTray.exe -> Max Secure Software [Ver = 3, 0, 4, 6 | Size = 681424 bytes | Modified Date = 9/17/2007 1:40:14 PM | Attr = ]
WrtMon.exe -> %System32%\spool\drivers\w32x86\3\WrtMon.exe -> [Ver = 1, 0, 0, 1 | Size = 20480 bytes | Modified Date = 9/20/2006 7:35:26 AM | Attr = ]
ZoneAlarm Client -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.408.000 | Size = 919016 bytes | Modified Date = 9/6/2007 4:14:18 PM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} -> %CommonProgramFiles%\Ahead\Lib\NMBgMonitor.exe -> Nero AG [Ver = 1, 5, 13, 0 | Size = 143360 bytes | Modified Date = 12/23/2006 5:05:20 PM | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 29696 bytes | Modified Date = 12/14/2004 4:44:06 AM | Attr = ]
%AllUsersStartup%\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.170.000 | Size = 288472 bytes | Modified Date = 2/19/2006 4:21:22 AM | Attr = ]
%AllUsersStartup%\InterVideo WinCinema Manager.lnk -> %ProgramFiles%\InterVideo\Common\Bin\WinCinemaMgr.exe -> InterVideo Inc. [Ver = 1.8.1 | Size = 184320 bytes | Modified Date = 1/27/2004 1:59:40 AM | Attr = ]
%AllUsersStartup%\QuickBooks Update Agent.lnk -> %CommonProgramFiles%\Intuit\QuickBooks\QBUpdate\qbupdate.exe -> Intuit, Inc. [Ver = 13.0 R11 | Size = 724992 bytes | Modified Date = 11/21/2006 5:16:02 PM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
guoiocds -> %System32%\dmscriptl.dll -> [Ver = | Size = 84480 bytes | Modified Date = 12/6/2007 7:28:10 PM | Attr = ]
SDNotify -> %ProgramFiles%\SpywareDetector\SDNotify.dll -> Max Secure Software [Ver = 2, 0, 1, 12 | Size = 167936 bytes | Modified Date = 8/22/2007 3:25:46 PM | Attr = ]
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
< HOSTS File > (35740 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings > -> ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home ->
HKLM: CustomizeSearch -> http://ie.search.msn...st/srchcust.htm ->
HKLM: SearchAssistant -> http://ie.search.msn...st/srchasst.htm ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Page -> http://go.microsoft....k/?LinkId=54896 ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 7.0.0.2004121400 | Size = 63136 bytes | Modified Date = 12/14/2004 1:56:50 AM | Attr = ]
{10C776FB-1EFD-4E99-BC17-BAB0F26EFA10} [HKLM] -> %System32%\dmscriptl.dll [] -> [Ver = | Size = 84480 bytes | Modified Date = 12/6/2007 7:28:10 PM | Attr = ]
{68F9551E-0411-48E4-9AAF-4BC42A6A46BE} [HKLM] -> %ProgramFiles%\Canon\Easy-WebPrint\EWPBrowseLoader.dll [EWPBrowseObject Class] -> [Ver = 2, 6, 4, 1 | Size = 34304 bytes | Modified Date = 6/9/2006 1:37:54 PM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 3/14/2007 2:43:40 AM | Attr = ]
{AA649F62-074F-4B1E-A61B-85836CEC2AFB} [HKLM] -> %System32%\dxmasfq.dll [Reg Data - Value does not exist] -> [Ver = | Size = 84992 bytes | Modified Date = 8/22/2006 4:05:26 AM | Attr = ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} [HKLM] -> %ProgramFiles%\Canon\Easy-WebPrint\Toolband.dll [Easy-WebPrint] -> [Ver = 2, 6, 4, 1 | Size = 552960 bytes | Modified Date = 6/9/2006 1:39:38 PM | Attr = ]
ID [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\npjpi160_01.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 132760 bytes | Modified Date = 3/14/2007 2:43:42 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 3/14/2007 2:43:40 AM | Attr = ]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -> Reg Data - Value does not exist [ButtonText: Real.com] -> File not found
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found
CmdMapping [HKLM] -> Reg Data - Key not found [MenuText: Reg Data - Value does not exist] -> File not found
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform ->
SV1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{41C00C48-D3EC-4AEC-9B19-8AEDF2EFD288} -> (1394 Net Adapter) ->
{4AB91026-F68B-4812-A39B-EC16E7E52B4F} -> (Marvell Yukon Gigabit Ethernet 10/100/1000Base-T Adapter, Copper RJ-45) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase = http://download.microsoft.com/download/3/9...heckControl.cab ->
{49232000-16E4-426C-A231-62846947304B} -> SysData Class - CodeBase = http://ipgweb.cce.hp...ads/sysinfo.cab ->
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -> McAfee.com Operating System Class - CodeBase = http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -> DwnldGroupMgr Class - CodeBase = http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab ->
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://download.macromedia.com/pub/shockwa...ash/swflash.cab ->


[Registry - Additional Scans - Non-Microsoft Only]

[Files/Folders - Created Within 30 days]
$WIN_NT$.~BT -> %SystemDrive%\$WIN_NT$.~BT -> [Folder | Created Date = 12/8/2007 2:03:39 PM | Attr = ]
txtsetup.sif -> %SystemDrive%\txtsetup.sif -> [Ver = | Size = 472007 bytes | Created Date = 12/8/2007 2:04:02 PM | Attr = R ]
CSC -> %SystemRoot%\CSC -> [Folder | Created Date = 12/7/2007 1:25:22 PM | Attr = HS]
LastGood -> %SystemRoot%\LastGood -> [Folder | Created Date = 12/8/2007 4:14:28 PM | Attr = ]
NV7801216.TMP -> %SystemRoot%\NV7801216.TMP -> [Folder | Created Date = 12/8/2007 3:39:55 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Created Date = 12/8/2007 2:54:56 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 12/3/2007 7:07:30 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 12/3/2007 7:07:30 PM | Attr = H ]
SETCC.tmp -> %SystemRoot%\SETCC.tmp -> [Ver = | Size = 1042903 bytes | Created Date = 12/8/2007 2:28:41 PM | Attr = R ]
SETCF.tmp -> %SystemRoot%\SETCF.tmp -> [Ver = | Size = 1086058 bytes | Created Date = 12/8/2007 2:28:43 PM | Attr = R ]
SETDB.tmp -> %SystemRoot%\SETDB.tmp -> [Ver = | Size = 13753 bytes | Created Date = 12/8/2007 2:28:45 PM | Attr = R ]
WindowsShell.Manifest -> %SystemRoot%\WindowsShell.Manifest -> [Ver = | Size = 749 bytes | Created Date = 12/8/2007 2:46:20 PM | Attr = RH ]
zllsputility.exe -> %SystemRoot%\zllsputility.exe -> Zone Labs, LLC [Ver = 7.0.408.000 | Size = 75248 bytes | Created Date = 12/8/2007 3:47:32 PM | Attr = ]
At1.job -> %SystemRoot%\tasks\At1.job -> [Ver = | Size = 370 bytes | Created Date = 12/3/2007 7:08:41 PM | Attr = ]
RegCure Program Check.job -> %SystemRoot%\tasks\RegCure Program Check.job -> [Ver = | Size = 454 bytes | Created Date = 12/8/2007 1:19:25 PM | Attr = ]
RegCure.job -> %SystemRoot%\tasks\RegCure.job -> [Ver = | Size = 388 bytes | Created Date = 12/8/2007 1:19:25 PM | Attr = ]
AppCert -> %System32%\AppCert -> [Folder | Created Date = 12/3/2007 7:08:15 PM | Attr = ]
CheckDll.dll -> %System32%\CheckDll.dll -> Max Secure Software [Ver = 3. 0. 0. 3 | Size = 270336 bytes | Created Date = 12/8/2007 3:08:06 PM | Attr = ]
CloseAll.exe -> %System32%\CloseAll.exe -> Max Secure Software [Ver = 3, 0, 1, 1 | Size = 67024 bytes | Created Date = 12/8/2007 3:08:06 PM | Attr = ]
dmscriptl.dll -> %System32%\dmscriptl.dll -> [Ver = | Size = 84480 bytes | Created Date = 12/3/2007 7:08:31 PM | Attr = ]
dmscriptl.dll.bak -> %System32%\dmscriptl.dll.bak -> [Ver = | Size = 84480 bytes | Created Date = 12/3/2007 7:08:31 PM | Attr = ]
dxmasfq.dll -> %System32%\dxmasfq.dll -> [Ver = | Size = 84992 bytes | Created Date = 12/3/2007 7:07:48 PM | Attr = ]
hncqip.bak -> %System32%\hncqip.bak -> [Ver = | Size = 84480 bytes | Created Date = 12/3/2007 7:08:31 PM | Attr = ]
libeay32_0.9.6l.dll -> %System32%\libeay32_0.9.6l.dll -> [Ver = | Size = 796048 bytes | Created Date = 12/8/2007 3:47:20 PM | Attr = ]
logonui.exe.manifest -> %System32%\logonui.exe.manifest -> [Ver = | Size = 488 bytes | Created Date = 12/8/2007 2:46:30 PM | Attr = RH ]
ncpa.cpl.manifest -> %System32%\ncpa.cpl.manifest -> [Ver = | Size = 749 bytes | Created Date = 12/8/2007 2:46:20 PM | Attr = RH ]
nwc.cpl.manifest -> %System32%\nwc.cpl.manifest -> [Ver = | Size = 749 bytes | Created Date = 12/8/2007 2:46:20 PM | Attr = RH ]
ProxySettings.ini -> %System32%\ProxySettings.ini -> [Ver = | Size = 104 bytes | Created Date = 12/8/2007 3:08:06 PM | Attr = ]
sapi.cpl.manifest -> %System32%\sapi.cpl.manifest -> [Ver = | Size = 749 bytes | Created Date = 12/8/2007 2:46:20 PM | Attr = RH ]
SDEarlyDelete.exe -> %System32%\SDEarlyDelete.exe -> [Ver = | Size = 11728 bytes | Created Date = 12/8/2007 3:08:21 PM | Attr = ]
SDRemoveDB.db -> %System32%\SDRemoveDB.db -> [Ver = | Size = 392 bytes | Created Date = 12/8/2007 10:44:56 AM | Attr = ]
spxcoins.dll -> %System32%\spxcoins.dll -> Perle Systems Ltd. [Ver = 1.0.0.0007 | Size = 24661 bytes | Created Date = 12/8/2007 2:28:57 PM | Attr = ]
ugteauxw.dat -> %System32%\ugteauxw.dat -> [Ver = | Size = 119552 bytes | Created Date = 12/3/2007 7:16:05 PM | Attr = ]
vsconfig.xml -> %System32%\vsconfig.xml -> [Ver = | Size = 353247 bytes | Created Date = 12/8/2007 3:47:16 PM | Attr = ]
vsdata.dll -> %System32%\vsdata.dll -> Zone Labs, LLC [Ver = 7.0.408.000 | Size = 83432 bytes | Created Date = 12/8/2007 3:46:37 PM | Attr = ]
vsdatant.sys -> %System32%\vsdatant.sys -> Zone Labs, LLC [Ver = 7.0.408.000 | Size = 395080 bytes | Created Date = 12/8/2007 3:47:16 PM | Attr = ]
vsinit.dll -> %System32%\vsinit.dll -> Zone Labs, LLC [Ver = 7.0.408.000 | Size = 157160 bytes | Created Date = 12/8/2007 3:46:37 PM | Attr = ]
vsmonapi.dll -> %System32%\vsmonapi.dll -> Zone Labs, LLC [Ver = 7.0.408.000 | Size = 103912 bytes | Created Date = 12/8/2007 3:47:16 PM | Attr = ]
vspubapi.dll -> %System32%\vspubapi.dll -> Zone Labs, LLC [Ver = 7.0.408.000 | Size = 275944 bytes | Created Date = 12/8/2007 3:47:16 PM | Attr = ]
vsregexp.dll -> %System32%\vsregexp.dll -> Zone Labs, LLC [Ver = 7.0.408.000 | Size = 71144 bytes | Created Date = 12/8/2007 3:47:20 PM | Attr = ]
vsutil.dll -> %System32%\vsutil.dll -> Zone Labs, LLC [Ver = 7.0.408.000 | Size = 472552 bytes | Created Date = 12/8/2007 3:46:37 PM | Attr = ]
vswmi.dll -> %System32%\vswmi.dll -> Zone Labs, LLC [Ver = 7.0.408.000 | Size = 46568 bytes | Created Date = 12/8/2007 3:47:16 PM | Attr = ]
WRLogonNtf.dll -> %System32%\WRLogonNtf.dll -> Webroot Software, Inc. [Ver = 3,5,6,91 | Size = 219448 bytes | Created Date = 12/7/2007 4:20:32 PM | Attr = ]
wuaucpl.cpl.manifest -> %System32%\wuaucpl.cpl.manifest -> [Ver = | Size = 749 bytes | Created Date = 12/8/2007 2:46:20 PM | Attr = RH ]
zlcomm.dll -> %System32%\zlcomm.dll -> Zone Labs, LLC [Ver = 7.0.408.000 | Size = 83432 bytes | Created Date = 12/8/2007 3:47:20 PM | Attr = ]
zlcommdb.dll -> %System32%\zlcommdb.dll -> Zone Labs, LLC [Ver = 7.0.408.000 | Size = 71144 bytes | Created Date = 12/8/2007 3:47:20 PM | Attr = ]
zpeng24.dll -> %System32%\zpeng24.dll -> Python Software Foundation [Ver = 2.4.2 | Size = 1086952 bytes | Created Date = 12/8/2007 3:47:16 PM | Attr = ]
big5.nls -> %System32%\dllcache\big5.nls -> [Ver = | Size = 66728 bytes | Created Date = 12/8/2007 2:49:02 PM | Attr = ]
bopomofo.nls -> %System32%\dllcache\bopomofo.nls -> [Ver = | Size = 82172 bytes | Created Date = 12/8/2007 2:49:02 PM | Attr = ]
cap7146.sys -> %System32%\dllcache\cap7146.sys -> Philips Semiconductors GmbH [Ver = 1.00 (XPClient.010817-1148) | Size = 54528 bytes | Created Date = 12/8/2007 2:49:15 PM | Attr = ]
chtskf.dll -> %System32%\dllcache\chtskf.dll -> [Ver = | Size = 173568 bytes | Created Date = 12/8/2007 2:49:18 PM | Attr = ]
c_10001.nls -> %System32%\dllcache\c_10001.nls -> [Ver = | Size = 162850 bytes | Created Date = 12/8/2007 2:49:03 PM | Attr = ]
c_10002.nls -> %System32%\dllcache\c_10002.nls -> [Ver = | Size = 195618 bytes | Created Date = 12/8/2007 2:49:03 PM | Attr = ]
c_10003.nls -> %System32%\dllcache\c_10003.nls -> [Ver = | Size = 177698 bytes | Created Date = 12/8/2007 2:49:03 PM | Attr = ]
c_10004.nls -> %System32%\dllcache\c_10004.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/8/2007 2:49:04 PM | Attr = ]
c_10005.nls -> %System32%\dllcache\c_10005.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/8/2007 2:49:04 PM | Attr = ]
c_10008.nls -> %System32%\dllcache\c_10008.nls -> [Ver = | Size = 173602 bytes | Created Date = 12/8/2007 2:49:04 PM | Attr = ]
c_10021.nls -> %System32%\dllcache\c_10021.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/8/2007 2:49:04 PM | Attr = ]
c_1047.nls -> %System32%\dllcache\c_1047.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/8/2007 2:49:04 PM | Attr = ]
c_1140.nls -> %System32%\dllcache\c_1140.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/8/2007 2:49:04 PM | Attr = ]
c_1141.nls -> %System32%\dllcache\c_1141.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/8/2007 2:49:04 PM | Attr = ]
c_1142.nls -> %System32%\dllcache\c_1142.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/8/2007 2:49:05 PM | Attr = ]
c_1143.nls -> %System32%\dllcache\c_1143.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/8/2007 2:49:05 PM | Attr = ]
c_1144.nls -> %System32%\dllcache\c_1144.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/8/2007 2:49:05 PM | Attr = ]
c_1145.nls -> %System32%\dllcache\c_1145.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/8/2007 2:49:05 PM | Attr = ]
c_1146.nls -> %System32%\dllcache\c_1146.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/8/2007 2:49:05 PM | Attr = ]
c_1147.nls -> %System32%\dllcache\c_1147.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/8/2007 2:49:05 PM | Attr = ]
c_1148.nls -> %System32%\dllcache\c_1148.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/8/2007 2:49:05 PM | Attr = ]
c_1149.nls -> %System32%\dllcache\c_1149.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/8/2007 2:49:07 PM | Attr = ]
c_1361.nls -> %System32%\dllcache\c_1361.nls -> [Ver = | Size = 189986 bytes | Created Date = 12/8/2007 2:49:07 PM | Attr = ]
c_20000.nls -> %System32%\dllcache\c_20000.nls -> [Ver = | Size = 180258 bytes | Created Date = 12/8/2007 2:49:07 PM | Attr = ]
c_20001.nls -> %System32%\dllcache\c_20001.nls -> [Ver = | Size = 186402 bytes | Created Date = 12/8/2007 2:49:07 PM | Attr = ]
c_20002.nls -> %System32%\dllcache\c_20002.nls -> [Ver = | Size = 173602 bytes | Created Date = 12/8/2007 2:49:08 PM | Attr = ]
c_20003.nls -> %System32%\dllcache\c_20003.nls -> [Ver = | Size = 185378 bytes | Created Date = 12/8/2007 2:49:08 PM | Attr = ]
c_20004.nls -> %System32%\dllcache\c_20004.nls -> [Ver = | Size = 180258 bytes | Created Date = 12/8/2007 2:49:08 PM | Attr = ]
c_20005.nls -> %System32%\dllcache\c_20005.nls -> [Ver = | Size = 187938 bytes | Created Date = 12/8/2007 2:49:08 PM | Attr = ]
c_20105.nls -> %System32%\dllcache\c_20105.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/8/2007 2:49:08 PM | Attr = ]
c_20106.nls -> %System32%\dllcache\c_20106.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/8/2007 2:49:08 PM | Attr = ]
c_20107.nls -> %System32%\dllcache\c_20107.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/8/2007 2:49:08 PM | Attr = ]
c_20108.nls -> %System32%\dllcache\c_20108.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/8/2007 2:49:09 PM | Attr = ]
c_20269.nls -> %System32%\dllcache\c_20269.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/8/2007 2:49:09 PM | Attr = ]
c_20273.nls -> %System32%\dllcache\c_20273.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/8/2007 2:49:09 PM | Attr = ]
c_20277.nls -> %System32%\dllcache\c_20277.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/8/2007 2:49:09 PM | Attr = ]
c_20278.nls -> %System32%\dllcache\c_20278.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/8/2007 2:49:09 PM | Attr = ]
c_20280.nls -> %System32%\dllcache\c_20280.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/8/2007 2:49:09 PM | Attr = ]
c_20284.nls -> %System32%\dllcache\c_20284.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/8/2007 2:49:09 PM | Attr = ]
c_20285.nls -> %System32%\dllcache\c_20285.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/8/2007 2:49:09 PM | Attr = ]
c_20290.nls -> %System32%\dllcache\c_20290.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/8/2007 2:49:09 PM | Attr = ]
c_20297.nls -> %System32%\dllcache\c_20297.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/8/2007 2:49:10 PM | Attr = ]
c_20420.nls -> %System32%\dllcache\c_20420.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/8/2007 2:49:10 PM | Attr = ]
c_20423.nls -> %System32%\dllcache\c_20423.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/8/2007 2:49:10 PM | Attr = ]
c_20424.nls -> %System32%\dllcache\c_20424.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/8/2007 2:49:10 PM | Attr = ]
c_20833.nls -> %System32%\dllcache\c_20833.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/8/2007 2:49:10 PM | Attr = ]
c_20838.nls -> %System32%\dllcache\c_20838.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/8/2007 2:49:10 PM | Attr = ]
c_20871.nls -> %System32%\dllcache\c_20871.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/8/2007 2:49:10 PM | Attr = ]
c_20880.nls -> %System32%\dllcache\c_20880.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/8/2007 2:49:10 PM | Attr = ]
c_20924.nls -> %System32%\dllcache\c_20924.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/8/2007 2:49:10 PM | Attr = ]
c_20932.nls -> %System32%\dllcache\c_20932.nls -> [Ver = | Size = 180770 bytes | Created Date = 12/8/2007 2:49:11 PM | Attr = ]
c_20936.nls -> %System32%\dllcache\c_20936.nls -> [Ver = | Size = 173602 bytes | Created Date = 12/8/2007 2:49:11 PM | Attr = ]
c_20949.nls -> %System32%\dllcache\c_20949.nls -> [Ver = | Size = 177698 bytes | Created Date = 12/8/2007 2:49:11 PM | Attr = ]
c_21025.nls -> %System32%\dllcache\c_21025.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/8/2007 2:49:11 PM | Attr = ]
c_21027.nls -> %System32%\dllcache\c_21027.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/8/2007 2:49:11 PM | Attr = ]
c_28596.nls -> %System32%\dllcache\c_28596.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/8/2007 2:49:11 PM | Attr = ]
c_708.nls -> %System32%\dllcache\c_708.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/8/2007 2:49:12 PM | Attr = ]
c_720.nls -> %System32%\dllcache\c_720.nls -> [Ver = | Size = 66594 bytes | Created Date = 12/8/2007 2:49:12 PM | Attr = ]
c_858.nls -> %System32%\dllcache\c_858.nls -> [Ver = | Size = 66594 bytes | Created Date = 12/8/2007 2:49:12 PM | Attr = ]
c_862.nls -> %System32%\dllcache\c_862.nls -> [Ver = | Size = 66594 bytes | Created Date = 12/8/2007 2:49:12 PM | Attr = ]
c_864.nls -> %System32%\dllcache\c_864.nls -> [Ver = | Size = 66594 bytes | Created Date = 12/8/2007 2:49:13 PM | Attr = ]
c_870.nls -> %System32%\dllcache\c_870.nls -> [Ver = | Size = 66082 bytes | Created Date = 12/8/2007 2:49:13 PM | Attr = ]
esucmd.dll -> %System32%\dllcache\esucmd.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 31744 bytes | Created Date = 12/8/2007 2:49:34 PM | Attr = ]
esuimgd.dll -> %System32%\dllcache\esuimgd.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 57856 bytes | Created Date = 12/8/2007 2:49:34 PM | Attr = ]
esunid.dll -> %System32%\dllcache\esunid.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 45056 bytes | Created Date = 12/8/2007 2:49:34 PM | Attr = ]
FP4.CAT -> %System32%\dllcache\FP4.CAT -> [Ver = | Size = 31281 bytes | Created Date = 12/8/2007 2:28:51 PM | Attr = ]
fpencode.dll -> %System32%\dllcache\fpencode.dll -> [Ver = | Size = 94208 bytes | Created Date = 12/8/2007 2:49:38 PM | Attr = ]
hanja.lex -> %System32%\dllcache\hanja.lex -> [Ver = | Size = 108827 bytes | Created Date = 12/8/2007 2:49:45 PM | Attr = ]
HPCRDP.CAT -> %System32%\dllcache\HPCRDP.CAT -> [Ver = | Size = 13472 bytes | Created Date = 12/8/2007 2:28:51 PM | Attr = ]
hwxjpn.dll -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Created Date = 12/8/2007 2:49:50 PM | Attr = ]
IASNT4.CAT -> %System32%\dllcache\IASNT4.CAT -> [Ver = | Size = 8574 bytes | Created Date = 12/8/2007 2:28:51 PM | Attr = ]
imekr.lex -> %System32%\dllcache\imekr.lex -> [Ver = | Size = 134339 bytes | Created Date = 12/8/2007 2:50:01 PM | Attr = ]
imjpinst.exe -> %System32%\dllcache\imjpinst.exe -> [Ver = | Size = 196665 bytes | Created Date = 12/8/2007 2:50:03 PM | Attr = ]
IMS.CAT -> %System32%\dllcache\IMS.CAT -> [Ver = | Size = 13753 bytes | Created Date = 12/8/2007 2:28:51 PM | Attr = ]
imscinst.exe -> %System32%\dllcache\imscinst.exe -> [Ver = | Size = 59392 bytes | Created Date = 12/8/2007 2:50:05 PM | Attr = ]
korwbrkr.lex -> %System32%\dllcache\korwbrkr.lex -> [Ver = | Size = 1158818 bytes | Created Date = 12/8/2007 2:50:16 PM | Attr = ]
ksc.nls -> %System32%\dllcache\ksc.nls -> [Ver = | Size = 47066 bytes | Created Date = 12/8/2007 2:50:17 PM | Attr = ]
MAPIMIG.CAT -> %System32%\dllcache\MAPIMIG.CAT -> [Ver = | Size = 399645 bytes | Created Date = 12/8/2007 2:28:51 PM | Attr = ]
mediactr.cat -> %System32%\dllcache\mediactr.cat -> [Ver = | Size = 31965 bytes | Created Date = 12/8/2007 2:28:52 PM | Attr = ]
MSMSGS.CAT -> %System32%\dllcache\MSMSGS.CAT -> [Ver = | Size = 9581 bytes | Created Date = 12/8/2007 2:28:51 PM | Attr = ]
msn7.cat -> %System32%\dllcache\msn7.cat -> [Ver = | Size = 24209 bytes | Created Date = 12/8/2007 2:28:52 PM | Attr = ]
msn9.cat -> %System32%\dllcache\msn9.cat -> [Ver = | Size = 11651 bytes | Created Date = 12/8/2007 2:28:52 PM | Attr = ]
MSTSWEB.CAT -> %System32%\dllcache\MSTSWEB.CAT -> [Ver = | Size = 7245 bytes | Created Date = 12/8/2007 2:28:51 PM | Attr = ]
MW770.CAT -> %System32%\dllcache\MW770.CAT -> [Ver = | Size = 37484 bytes | Created Date = 12/8/2007 2:28:51 PM | Attr = ]
netfx.cat -> %System32%\dllcache\netfx.cat -> [Ver = | Size = 141702 bytes | Created Date = 12/8/2007 2:28:52 PM | Attr = ]
NT5.CAT -> %System32%\dllcache\NT5.CAT -> [Ver = | Size = 2012670 bytes | Created Date = 12/8/2007 2:28:50 PM | Attr = ]
NT5IIS.CAT -> %System32%\dllcache\NT5IIS.CAT -> [Ver = | Size = 797189 bytes | Created Date = 12/8/2007 2:28:51 PM | Attr = ]
NT5INF.CAT -> %System32%\dllcache\NT5INF.CAT -> [Ver = | Size = 502724 bytes | Created Date = 12/8/2007 2:28:50 PM | Attr = ]
NTPRINT.CAT -> %System32%\dllcache\NTPRINT.CAT -> [Ver = | Size = 1086058 bytes | Created Date = 12/8/2007 2:28:51 PM | Attr = ]
OEMBIOS.CAT -> %System32%\dllcache\OEMBIOS.CAT -> [Ver = | Size = 7382 bytes | Created Date = 12/8/2007 2:28:51 PM | Attr = ]
pintlcsa.dll -> %System32%\dllcache\pintlcsa.dll -> [Ver = | Size = 175104 bytes | Created Date = 12/8/2007 2:50:51 PM | Attr = ]
prc.nls -> %System32%\dllcache\prc.nls -> [Ver = | Size = 83748 bytes | Created Date = 12/8/2007 2:50:53 PM | Attr = ]
prcp.nls -> %System32%\dllcache\prcp.nls -> [Ver = | Size = 83748 bytes | Created Date = 12/8/2007 2:50:54 PM | Attr = ]
rw330ext.dll -> %System32%\dllcache\rw330ext.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 26624 bytes | Created Date = 12/8/2007 2:51:04 PM | Attr = ]
rwia001.dll -> %System32%\dllcache\rwia001.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 79872 bytes | Created Date = 12/8/2007 2:51:04 PM | Attr = ]
rwia330.dll -> %System32%\dllcache\rwia330.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 79872 bytes | Created Date = 12/8/2007 2:51:04 PM | Attr = ]
SP2.CAT -> %System32%\dllcache\SP2.CAT -> [Ver = | Size = 1042903 bytes | Created Date = 12/8/2007 2:28:51 PM | Attr = ]
spxcoins.dll -> %System32%\dllcache\spxcoins.dll -> Perle Systems Ltd. [Ver = 1.0.0.0007 | Size = 24661 bytes | Created Date = 12/8/2007 2:28:57 PM | Attr = ]
tabletpc.cat -> %System32%\dllcache\tabletpc.cat -> [Ver = | Size = 110116 bytes | Created Date = 12/8/2007 2:28:52 PM | Attr = ]
xjis.nls -> %System32%\dllcache\xjis.nls -> [Ver = | Size = 28288 bytes | Created Date = 12/8/2007 2:51:47 PM | Attr = ]
klif.sys -> %System32%\drivers\klif.sys -> Kaspersky Lab [Ver = 7.0.0.122 | Size = 127768 bytes | Created Date = 12/8/2007 3:47:26 PM | Attr = ]
VIAAGP1.SYS -> %System32%\drivers\VIAAGP1.SYS -> VIA Technologies, Inc. [Ver = 5.1.0.3442 built by: VIA | Size = 27904 bytes | Created Date = 12/8/2007 3:36:24 PM | Attr = ]
wiithurl.dat -> %System32%\drivers\wiithurl.dat -> [Ver = | Size = 19456 bytes | Created Date = 1/1/1601 5:00:00 AM | Attr = ]
hosts.backup -> %System32%\drivers\etc\hosts.backup -> [Ver = | Size = 734 bytes | Created Date = 12/8/2007 10:43:47 AM | Attr = ]

[Files/Folders - Modified Within 30 days]
$WIN_NT$.~BT -> %SystemDrive%\$WIN_NT$.~BT -> [Folder | Modified Date = 12/8/2007 2:04:04 PM | Attr = ]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 12/8/2007 2:43:58 PM | Attr = HS]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 12/8/2007 3:22:44 PM | Attr = H ]
Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 12/8/2007 1:12:30 PM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 12/8/2007 4:11:26 PM | Attr = R ]
RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 12/7/2007 5:29:10 PM | Attr = HS]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 12/9/2007 10:47:24 AM | Attr = HS]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 12/8/2007 4:16:08 PM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 11/14/2007 3:02:10 AM | Attr = H ]
AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 12/8/2007 9:25:10 AM | Attr = ]
Ascd_tmp.ini -> %SystemRoot%\Ascd_tmp.ini -> [Ver = | Size = 5249 bytes | Modified Date = 12/8/2007 3:35:16 PM | Attr = ]
assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 12/8/2007 3:22:38 PM | Attr = R S]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 12/8/2007 4:13:02 PM | Attr = S]
CSC -> %SystemRoot%\CSC -> [Folder | Modified Date = 12/7/2007 1:25:24 PM | Attr = HS]
Driver Cache -> %SystemRoot%\Driver Cache -> [Folder | Modified Date = 12/8/2007 9:18:46 AM | Attr = ]
ehome -> %SystemRoot%\ehome -> [Folder | Modified Date = 12/8/2007 9:25:02 AM | Attr = ]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 12/8/2007 3:22:10 PM | Attr = R S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 12/8/2007 2:56:44 PM | Attr = ]
ime -> %SystemRoot%\ime -> [Folder | Modified Date = 12/8/2007 9:25:00 AM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 4566 bytes | Modified Date = 12/8/2007 10:40:04 AM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 12/8/2007 4:15:04 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 12/8/2007 3:22:44 PM | Attr = HS]
Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Modified Date = 12/8/2007 4:30:56 PM | Attr = ]
LastGood -> %SystemRoot%\LastGood -> [Folder | Modified Date = 12/8/2007 4:14:30 PM | Attr = ]
Media -> %SystemRoot%\Media -> [Folder | Modified Date = 12/8/2007 9:25:00 AM | Attr = ]
MEMORY.DMP -> %SystemRoot%\MEMORY.DMP -> [Ver = | Size = 2145386496 bytes | Modified Date = 12/8/2007 3:38:36 PM | Attr = ]
msagent -> %SystemRoot%\msagent -> [Folder | Modified Date = 12/8/2007 9:24:26 AM | Attr = ]
mui -> %SystemRoot%\mui -> [Folder | Modified Date = 12/8/2007 9:25:02 AM | Attr = ]
network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Modified Date = 12/7/2007 1:33:32 PM | Attr = ]
NV7801216.TMP -> %SystemRoot%\NV7801216.TMP -> [Folder | Modified Date = 12/8/2007 3:40:04 PM | Attr = ]
ODBCINST.INI -> %SystemRoot%\ODBCINST.INI -> [Ver = | Size = 4161 bytes | Modified Date = 12/8/2007 2:47:40 PM | Attr = ]
PeerNet -> %SystemRoot%\PeerNet -> [Folder | Modified Date = 12/8/2007 9:24:48 AM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 12/9/2007 10:50:08 AM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 12/3/2007 7:07:32 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 12/3/2007 7:07:32 PM | Attr = H ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 12/8/2007 2:56:58 PM | Attr = ]
security -> %SystemRoot%\security -> [Folder | Modified Date = 12/8/2007 3:49:14 PM | Attr = ]
setupapi.old -> %SystemRoot%\setupapi.old -> [Ver = | Size = 335373 bytes | Modified Date = 12/8/2007 1:07:20 PM | Attr = ]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 12/8/2007 2:56:46 PM | Attr = ]
system -> %SystemRoot%\system -> [Folder | Modified Date = 12/8/2007 9:25:26 AM | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 231 bytes | Modified Date = 12/8/2007 2:29:06 PM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 12/8/2007 4:11:24 PM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 12/8/2007 4:11:24 PM | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 12/9/2007 9:43:34 AM | Attr = ]
twain_32 -> %SystemRoot%\twain_32 -> [Folder | Modified Date = 12/8/2007 9:21:26 AM | Attr = ]
Web -> %SystemRoot%\Web -> [Folder | Modified Date = 12/8/2007 2:46:34 PM | Attr = R ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 674 bytes | Modified Date = 12/8/2007 2:46:06 PM | Attr = ]
WindowsShell.Manifest -> %SystemRoot%\WindowsShell.Manifest -> [Ver = | Size = 749 bytes | Modified Date = 12/8/2007 2:46:22 PM | Attr = RH ]
WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx -> [Ver = | Size = 316640 bytes | Modified Date = 12/8/2007 2:47:56 PM | Attr = ]
At1.job -> %SystemRoot%\tasks\At1.job -> [Ver = | Size = 370 bytes | Modified Date = 12/8/2007 5:25:00 PM | Attr = ]
RegCure Program Check.job -> %SystemRoot%\tasks\RegCure Program Check.job -> [Ver = | Size = 454 bytes | Modified Date = 12/8/2007 5:00:02 PM | Attr = ]
RegCure.job -> %SystemRoot%\tasks\RegCure.job -> [Ver = | Size = 388 bytes | Modified Date = 12/8/2007 1:19:28 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 12/8/2007 4:13:08 PM | Attr = H ]
$winnt$.inf -> %System32%\$winnt$.inf -> [Ver = | Size = 24579 bytes | Modified Date = 12/8/2007 2:53:24 PM | Attr = ]
1033 -> %System32%\1033 -> [Folder | Modified Date = 12/8/2007 9:19:52 AM | Attr = ]
amcompat.tlb -> %System32%\amcompat.tlb -> [Ver = | Size = 16832 bytes | Modified Date = 12/8/2007 2:47:54 PM | Attr = ]
AppCert -> %System32%\AppCert -> [Folder | Modified Date = 12/6/2007 7:23:48 PM | Attr = ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 12/8/2007 3:47:34 PM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 12/8/2007 4:14:28 PM | Attr = ]
cdplayer.exe.manifest -> %System32%\cdplayer.exe.manifest -> [Ver = | Size = 749 bytes | Modified Date = 12/8/2007 2:46:22 PM | Attr = RH ]
Com -> %System32%\Com -> [Folder | Modified Date = 12/8/2007 2:44:58 PM | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 12/8/2007 2:54:26 PM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 12/8/2007 3:39:38 PM | Attr = RHS]
dmscriptl.dll -> %System32%\dmscriptl.dll -> [Ver = | Size = 84480 bytes | Modified Date = 12/6/2007 7:28:10 PM | Attr = ]
drivers -> %System32%\drivers -> [Folder | Modified Date = 12/8/2007 4:11:26 PM | Attr = ]
emptyregdb.dat -> %System32%\emptyregdb.dat -> [Ver = | Size = 23376 bytes | Modified Date = 12/8/2007 2:44:56 PM | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 115768 bytes | Modified Date = 12/8/2007 3:38:38 PM | Attr = ]
hncqip.bak -> %System32%\hncqip.bak -> [Ver = | Size = 84480 bytes | Modified Date = 12/3/2007 7:16:06 PM | Attr = ]
ias -> %System32%\ias -> [Folder | Modified Date = 12/8/2007 9:19:58 AM | Attr = ]
icsxml -> %System32%\icsxml -> [Folder | Modified Date = 12/8/2007 9:20:32 AM | Attr = ]
logonui.exe.manifest -> %System32%\logonui.exe.manifest -> [Ver = | Size = 488 bytes | Modified Date = 12/8/2007 2:46:32 PM | Attr = RH ]
ncpa.cpl.manifest -> %System32%\ncpa.cpl.manifest -> [Ver = | Size = 749 bytes | Modified Date = 12/8/2007 2:46:22 PM | Attr = RH ]
npp -> %System32%\npp -> [Folder | Modified Date = 12/8/2007 9:24:34 AM | Attr = ]
nscompat.tlb -> %System32%\nscompat.tlb -> [Ver = | Size = 23392 bytes | Modified Date = 12/8/2007 2:47:54 PM | Attr = ]
nvapps.nvb -> %System32%\nvapps.nvb -> [Ver = | Size = 87724 bytes | Modified Date = 12/8/2007 3:51:12 PM | Attr = ]
nwc.cpl.manifest -> %System32%\nwc.cpl.manifest -> [Ver = | Size = 749 bytes | Modified Date = 12/8/2007 2:46:22 PM | Attr = RH ]
oobe -> %System32%\oobe -> [Folder | Modified Date = 12/8/2007 2:46:02 PM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 62548 bytes | Modified Date = 12/8/2007 2:56:52 PM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 401394 bytes | Modified Date = 12/8/2007 2:56:52 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 471326 bytes | Modified Date = 12/8/2007 2:56:52 PM | Attr = ]
Restore -> %System32%\Restore -> [Folder | Modified Date = 12/9/2007 10:47:24 AM | Attr = ]
sapi.cpl.manifest -> %System32%\sapi.cpl.manifest -> [Ver = | Size = 749 bytes | Modified Date = 12/8/2007 2:46:22 PM | Attr = RH ]
SDRemoveDB.db -> %System32%\SDRemoveDB.db -> [Ver = | Size = 392 bytes | Modified Date = 12/8/2007 3:30:40 PM | Attr = ]
Setup -> %System32%\Setup -> [Folder | Modified Date = 12/8/2007 9:25:26 AM | Attr = ]
ugteauxw.dat -> %System32%\ugteauxw.dat -> [Ver = | Size = 119552 bytes | Modified Date = 12/6/2007 7:28:10 PM | Attr = ]
usmt -> %System32%\usmt -> [Folder | Modified Date = 12/8/2007 9:25:18 AM | Attr = ]
vsconfig.xml -> %System32%\vsconfig.xml -> [Ver = | Size = 353247 bytes | Modified Date = 12/8/2007 4:13:22 PM | Attr = ]
wbem -> %System32%\wbem -> [Folder | Modified Date = 12/8/2007 2:44:36 PM | Attr = ]
WindowsLogon.manifest -> %System32%\WindowsLogon.manifest -> [Ver = | Size = 488 bytes | Modified Date = 12/8/2007 2:46:32 PM | Attr = RH ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 13646 bytes | Modified Date = 12/8/2007 4:16:14 PM | Attr = ]
wuaucpl.cpl.manifest -> %System32%\wuaucpl.cpl.manifest -> [Ver = | Size = 749 bytes | Modified Date = 12/8/2007 2:46:22 PM | Attr = RH ]
zllictbl.dat -> %System32%\zllictbl.dat -> [Ver = | Size = 4212 bytes | Modified Date = 12/8/2007 3:48:38 PM | Attr = H ]
ZoneLabs -> %System32%\ZoneLabs -> [Folder | Modified Date = 12/8/2007 3:47:36 PM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 12/8/2007 3:08:08 PM | Attr = ]
fidbox.dat -> %System32%\drivers\fidbox.dat -> [Ver = | Size = 2902048 bytes | Modified Date = 12/8/2007 4:11:58 PM | Attr = HS]
fidbox.idx -> %System32%\drivers\fidbox.idx -> [Ver = | Size = 32648 bytes | Modified Date = 12/8/2007 4:11:58 PM | Attr = HS]
pcouffin.sys -> %System32%\drivers\pcouffin.sys -> VSO Software [Ver = 1.37 | Size = 47360 bytes | Modified Date = 11/20/2007 6:15:36 PM | Attr = ]
wiithurl.dat -> %System32%\drivers\wiithurl.dat -> [Ver = | Size = 19456 bytes | Modified Date = 12/6/2007 2:39:02 PM | Attr = ]
hosts.backup -> %System32%\drivers\etc\hosts.backup -> [Ver = | Size = 734 bytes | Modified Date = 12/7/2007 4:26:40 PM | Attr = ]

[File String Scan - Non-Microsoft Only]
ad-w-a-r-e.com , -> %SystemRoot%\hosts -> [Ver = | Size = 34504 bytes | Modified Date = 1/30/2007 12:20:44 PM | Attr = ]
File scan skipped for file %SystemRoot%\MEMORY.DMP -> File size too big (2145386496 bytes) ->
WSUD , -> %System32%\ALSNDMGR.CPL -> Realtek Semiconductor Corp. [Ver = 2.2.22 | Size = 14250496 bytes | Modified Date = 3/18/2004 9:44:32 PM | Attr = ]
Thawte Consulting , -> %System32%\CloseAll.exe -> Max Secure Software [Ver = 3, 0, 1, 1 | Size = 67024 bytes | Modified Date = 9/17/2007 1:39:44 PM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
PEC2 , -> %System32%\Dwapilib.tlb -> [Ver = | Size = 197171 bytes | Modified Date = 2/14/1997 10:24:14 PM | Attr = ]
UPX! , UPX0 , -> %System32%\dxmasfq.dll -> [Ver = | Size = 84992 bytes | Modified Date = 8/22/2006 4:05:26 AM | Attr = ]
Thawte Consulting , -> %System32%\SDEarlyDelete.exe -> [Ver = | Size = 11728 bytes | Modified Date = 9/29/2007 2:04:38 PM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
ad-w-a-r-e.com , -> %System32%\drivers\etc\hosts -> [Ver = | Size = 35740 bytes | Modified Date = 12/8/2007 4:11:24 PM | Attr = ]

< End of report >

[Rorschach112]

Hello

Start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

Quote

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YY -> guoiocds -> %System32%\dmscriptl.dll
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YY -> {10C776FB-1EFD-4E99-BC17-BAB0F26EFA10} [HKLM] -> %System32%\dmscriptl.dll []
YY -> {AA649F62-074F-4B1E-A61B-85836CEC2AFB} [HKLM] -> %System32%\dxmasfq.dll [Reg Data - Value does not exist]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> ID [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research]
YN -> {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -> Reg Data - Value does not exist [ButtonText: Real.com]
YN -> {e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001]
YN -> CmdMapping [HKLM] -> Reg Data - Key not found [MenuText: Reg Data - Value does not exist]
[Files/Folders - Created Within 30 days]
NY -> dmscriptl.dll -> %System32%\dmscriptl.dll
NY -> dmscriptl.dll.bak -> %System32%\dmscriptl.dll.bak
NY -> dxmasfq.dll -> %System32%\dxmasfq.dll
NY -> hncqip.bak -> %System32%\hncqip.bak
[Files/Folders - Modified Within 30 days]
NY -> hncqip.bak -> %System32%\hncqip.bak
NY -> ugteauxw.dat -> %System32%\ugteauxw.dat
[File String Scan - Non-Microsoft Only]
NY -> UPX! , UPX0 , -> %System32%\dxmasfq.dll
[Empty Temp Folders]
[Start Explorer]
[Reboot]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new WinPFind3u scan(attach the WinPFind3 scan report).

I will review the information when it comes back in.



Also post a new HijackThis log

[mdesantis]

here is the report for fix:

Explorer killed successfully
[Registry - Non-Microsoft Only]
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\guoiocds not found.
C:\WINDOWS\SYSTEM32\dmscriptl.dll unregistered successfully.
File move failed. C:\WINDOWS\SYSTEM32\dmscriptl.dll scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10C776FB-1EFD-4E99-BC17-BAB0F26EFA10} not found.
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10C776FB-1EFD-4E99-BC17-BAB0F26EFA10} .
C:\WINDOWS\SYSTEM32\dmscriptl.dll unregistered successfully.
File move failed. C:\WINDOWS\SYSTEM32\dmscriptl.dll scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA649F62-074F-4B1E-A61B-85836CEC2AFB} not found.
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA649F62-074F-4B1E-A61B-85836CEC2AFB} .
C:\WINDOWS\SYSTEM32\dxmasfq.dll unregistered successfully.
File move failed. C:\WINDOWS\SYSTEM32\dxmasfq.dll scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\ID deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping deleted successfully.
[Files/Folders - Created Within 30 days]
C:\WINDOWS\SYSTEM32\dmscriptl.dll unregistered successfully.
File move failed. C:\WINDOWS\SYSTEM32\dmscriptl.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\SYSTEM32\dmscriptl.dll.bak scheduled to be moved on reboot.
C:\WINDOWS\SYSTEM32\dxmasfq.dll unregistered successfully.
File move failed. C:\WINDOWS\SYSTEM32\dxmasfq.dll scheduled to be moved on reboot.
C:\WINDOWS\SYSTEM32\hncqip.bak moved successfully.
[Files/Folders - Modified Within 30 days]
File C:\WINDOWS\SYSTEM32\hncqip.bak not found!
C:\WINDOWS\SYSTEM32\ugteauxw.dat moved successfully.
[File String Scan - Non-Microsoft Only]
C:\WINDOWS\SYSTEM32\dxmasfq.dll unregistered successfully.
File move failed. C:\WINDOWS\SYSTEM32\dxmasfq.dll scheduled to be moved on reboot.
[Empty Temp Folders]
C:\DOCUME~1\MARKDE~1\LOCALS~1\Temp\ -> emptied.
C:\Documents and Settings\Mark DeSantis\Local Settings\Temporary Internet Files\Content.IE5\ -> emptied
RecycleBin -> emptied.
Explorer started successfully
< End of log >
Created on 12/09/2007 20:41:28


heres the latest Hijack log. I dont kow much but those BHO's dmscriptl, and dxmasq are still there? thanks again


Logfile of HijackThis v1.99.1
Scan saved at 8:54:24 PM, on 12/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\SpywareDetector\SDSystemTray.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\SpywareDetector\SDService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mark DeSantis\Desktop\New Folder\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {10C776FB-1EFD-4E99-BC17-BAB0F26EFA10} - c:\windows\system32\dmscriptl.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {AA649F62-074F-4B1E-A61B-85836CEC2AFB} - C:\WINDOWS\system32\dxmasfq.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [Ptipbmf] "rundll32.exe" ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [dvd43] "C:\Program Files\dvd43\dvd43_tray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SystemTraySD] "C:\Program Files\SpywareDetector\SDSystemTray.exe" -AUTO
O4 - HKLM\..\Run: [SDAutoLiveupdate] "C:\Program Files\SpywareDetector\LiveUpdateSD.exe" -AUTO
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O20 - Winlogon Notify: guoiocds - C:\WINDOWS\SYSTEM32\dmscriptl.dll
O20 - Winlogon Notify: SDNotify - C:\Program Files\SpywareDetector\SDNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SDService - Max Secure Software - C:\Program Files\SpywareDetector\SDService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

[Rorschach112]

Don't worry we will get rid of them

Delete your version of VundoFix.exe and do the following

Please download VundoFix.exe to your desktop

• Double-click VundoFix.exe to run it.
  
• Click the Scan for Vundo button.
  
• Once it's done scanning, click the Remove Vundo button.
  
• If it says "No infected files were found", right-click the list box (white box) in the main VundoFix window.
  
• Select "Add More Files?" from the menu that comes up.
  
• This will open a new VundoFix window that says "Paste files into the boxes below:"
  
• In that window, copy and paste the following file path in the first (top) field:
  c:\windows\system32\dmscriptl.dll
  
• Now copy and paste the following file path in the second field:
  C:\WINDOWS\system32\dxmasfq.dll
  
• Click the 'Add Files' button.
  
• Click the 'Close Window' button.
  
• Click the 'Remove Vundo' button.
  
• You will receive a prompt asking if you want to remove the files, click YES
  
• Once you click yes, your desktop will go blank as it starts removing Vundo.
  
• When completed, it will prompt that it will shutdown your computer, click OK.
  
• Turn your computer back on.
  
• Please post the contents of C:\vundofix.txt and a new HiJackThis log in your next reply.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears at reboot
.



Please download Deckard's System Scanner (DSS) and save it to your Desktop.

• Close all other windows before proceeding.
  
• Double-click on dss.exe and follow the prompts.
  
• If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

[mdesantis]

[mdesantis]

should i start worryig yet


VundoFix V6.7.0

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Scan started at 4:12:04 PM 12/10/2007

Listing files found while scanning....

No infected files were found.


Beginning removal...

Beginning removal...

Beginning removal...

Attempting to delete c:\windows\system32\dmscriptl.dll
c:\windows\system32\dmscriptl.dll Could not be deleted.

Attempting to delete c:\windows\system32\dmscriptl.dll
c:\windows\system32\dmscriptl.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\dxmasfq.dll
C:\WINDOWS\system32\dxmasfq.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\dxmasfq.dll
C:\WINDOWS\system32\dxmasfq.dll Could not be deleted.

Performing Repairs to the registry.
Done!

VundoFix V6.7.0

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Scan started at 4:46:15 PM 12/10/2007

Listing files found while scanning....

No infected files were found.


Beginning removal...

Beginning removal...

Attempting to delete c:\windows\system32\dmscriptl.dll
c:\windows\system32\dmscriptl.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\dxmasfq.dll
C:\WINDOWS\system32\dxmasfq.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete c:\windows\system32\dmscriptl.dll
c:\windows\system32\dmscriptl.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\dxmasfq.dll
C:\WINDOWS\system32\dxmasfq.dll Could not be deleted.

Performing Repairs to the registry.
Done!


Deckard's System Scanner v20071014.68
Run by Mark DeSantis on 2007-12-10 22:32:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 2 Restore Point(s) --
2: 2007-12-11 03:32:47 UTC - RP8 - Deckard's System Scanner Restore Point
1: 2007-12-10 22:28:53 UTC - RP7 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Mark DeSantis.exe) ---------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-12-10 22:34:46
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee.com\Agent\Mcdetect.exe
C:\Program Files\McAfee.com\Agent\McTskshd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\hpzipm12.exe
C:\Program Files\SpywareDetector\SDService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\alg.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\dvd43\DVD43_Tray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\SpywareDetector\SDSystemTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Documents and Settings\Mark DeSantis\Desktop\dss.exe
C:\Documents and Settings\Mark DeSantis\Desktop\New Folder\Mark DeSantis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {10C776FB-1EFD-4E99-BC17-BAB0F26EFA10} - C:\WINDOWS\system32\dmscriptl.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {AA649F62-074F-4B1E-A61B-85836CEC2AFB} - C:\WINDOWS\system32\dxmasfq.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: (no name) - ID - (no file)
O4 - HKLM\..\Run: [Ptipbmf] "rundll32.exe" ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [dvd43] "C:\Program Files\dvd43\dvd43_tray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SystemTraySD] "C:\Program Files\SpywareDetector\SDSystemTray.exe" -AUTO
O4 - HKLM\..\Run: [SDAutoLiveupdate] "C:\Program Files\SpywareDetector\LiveUpdateSD.exe" -AUTO
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/3/9...heckControl.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: guoiocds - C:\WINDOWS\system32\dmscriptl.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - C:\Program Files\McAfee.com\Agent\Mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - C:\Program Files\McAfee.com\Agent\McTskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\Program Files\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\hpzipm12.exe
O23 - Service: SDService - Max Secure Software - C:\Program Files\SpywareDetector\SDService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


--
End of file - 8075 bytes

-- HijackThis Fixed Entries (C:\DOCUME~1\MARKDE~1\Desktop\NEWFOL~1\backups\) ---

backup-20071207-160210-623 O2 - BHO: (no name) - {AA649F62-074F-4B1E-A61B-85836CEC2AFB} - C:\WINDOWS\system32\dxmasfq.dll
backup-20071207-160210-789 O2 - BHO: (no name) - {10C776FB-1EFD-4E99-BC17-BAB0F26EFA10} - c:\windows\system32\dmscriptl.dll
backup-20071207-160317-624 O2 - BHO: (no name) - {AA649F62-074F-4B1E-A61B-85836CEC2AFB} - C:\WINDOWS\system32\dxmasfq.dll
backup-20071207-160317-918 O2 - BHO: (no name) - {10C776FB-1EFD-4E99-BC17-BAB0F26EFA10} - c:\windows\system32\dmscriptl.dll
backup-20071207-160505-260 O2 - BHO: (no name) - {AA649F62-074F-4B1E-A61B-85836CEC2AFB} - C:\WINDOWS\system32\dxmasfq.dll
backup-20071207-160505-907 O2 - BHO: (no name) - {10C776FB-1EFD-4E99-BC17-BAB0F26EFA10} - c:\windows\system32\dmscriptl.dll
backup-20071210-170802-201 O2 - BHO: (no name) - {10C776FB-1EFD-4E99-BC17-BAB0F26EFA10} - c:\windows\system32\dmscriptl.dll
backup-20071210-170802-243 O2 - BHO: (no name) - {AA649F62-074F-4B1E-A61B-85836CEC2AFB} - C:\WINDOWS\system32\dxmasfq.dll
backup-20071210-170834-348 O2 - BHO: (no name) - {10C776FB-1EFD-4E99-BC17-BAB0F26EFA10} - c:\windows\system32\dmscriptl.dll
backup-20071210-170834-369 O2 - BHO: (no name) - {AA649F62-074F-4B1E-A61B-85836CEC2AFB} - C:\WINDOWS\system32\dxmasfq.dll

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 asmjsedk - c:\windows\system32\drivers\wiithurl.dat
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R3 dvd43llh - c:\windows\system32\drivers\dvd43llh.sys <Not Verified; RIF; DVD For Free>
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

S3 L8042Kbd (Logitech SetPoint Keyboard Driver) - c:\windows\system32\drivers\l8042kbd.sys (file missing)
S3 L8042mou (Logitech SetPoint PS/2 Mouse Filter Driver) - c:\windows\system32\drivers\l8042mou.sys (file missing)
S3 LMouKE (Logitech SetPoint Mouse Filter Driver) - c:\windows\system32\drivers\lmouke.sys (file missing)
S3 MapMem - d:\mapmem.sys (file missing)


pe386 driver present

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R3 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" <Not Verified; Nero AG; Nero Home>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-12-10 17:28:44 454 --a------ C:\WINDOWS\Tasks\RegCure Program Check.job
2007-12-10 17:25:00 370 --a------ C:\WINDOWS\Tasks\At1.job
2007-12-08 13:19:26 388 --a------ C:\WINDOWS\Tasks\RegCure.job


-- Files created between 2007-11-10 and 2007-12-10 -----------------------------

2007-12-10 17:22:18 24576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe <Not Verified; Atribune.org; Vundofix Service>
2007-12-10 16:12:04 0 d-------- C:\VundoFix Backups
2007-12-09 20:51:06 119552 --a------ C:\WINDOWS\system32\ugteauxw.dat
2007-12-09 10:51:18 36096 --a------ C:\WINDOWS\system32\quzyeyvg.dat
2007-12-09 10:51:18 246545 --a------ C:\WINDOWS\system32\libssl32.dll <Not Verified; OpenSSL <www.openssl.org>; OpenSSL>
2007-12-09 10:51:18 1188375 --a------ C:\WINDOWS\system32\libeay32.dll <Not Verified; OpenSSL <www.openssl.org>; OpenSSL>
2007-12-09 10:51:18 35072 --a------ C:\WINDOWS\system32\lgixemsf.dat
2007-12-09 10:51:18 42240 --a------ C:\WINDOWS\system32\lahxswyr.dat
2007-12-09 10:51:18 741632 --a------ C:\WINDOWS\system32\ghkxewvr.dat
2007-12-08 15:39:55 0 d-------- C:\WINDOWS\NV7801216.TMP
2007-12-08 15:08:06 270336 --a------ C:\WINDOWS\system32\CheckDll.dll <Not Verified; Max Secure Software; Spyware Detector>
2007-12-08 14:54:56 0 d-------- C:\WINDOWS\Prefetch
2007-12-08 14:03:39 0 d-------- C:\$WIN_NT$.~BT
2007-12-08 13:19:22 0 d-------- C:\Program Files\RegCure
2007-12-08 10:44:04 123 --a------ C:\WINDOWS\system\SysSD.dll
2007-12-08 10:43:47 34504 --a------ C:\WINDOWS\hosts
2007-12-08 10:43:45 0 d-------- C:\Program Files\SpywareDetector
2007-12-07 16:16:13 0 d-------- C:\Program Files\RogueRemover FREE
2007-12-07 13:25:32 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-12-07 13:25:32 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-12-07 13:25:32 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-12-07 13:25:32 0 d--h----- C:\Documents and Settings\Administrator\Recent
2007-12-07 13:25:32 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-12-07 13:25:32 524288 --ah----- C:\Documents and Settings\Administrator\ntuser.dat
2007-12-07 13:25:32 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-12-07 13:25:32 0 d-------- C:\Documents and Settings\Administrator\My Documents
2007-12-07 13:25:32 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-12-07 13:25:32 0 d-------- C:\Documents and Settings\Administrator\Favorites
2007-12-07 13:25:32 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-12-07 13:25:32 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2007-12-07 13:25:32 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-12-07 13:25:32 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-12-07 13:25:22 0 d--hs---- C:\WINDOWS\CSC
2007-12-06 15:18:56 0 d-------- C:\Documents and Settings\Mark DeSantis\New Folder <NEWFOL~1>
2007-12-06 14:39:00 19456 --a------ C:\WINDOWS\system32\drivers\wiithurl.dat
2007-12-03 19:08:31 83456 --a------ C:\WINDOWS\system32\dmscriptl.dll
2007-12-03 19:08:15 0 d-------- C:\WINDOWS\system32\AppCert
2007-12-03 19:07:48 84992 --a------ C:\WINDOWS\system32\dxmasfq.dll
2007-11-22 13:53:28 0 d-------- C:\Documents and Settings\Mark DeSantis\Application Data\Canon
2007-11-22 10:07:28 0 d-------- C:\Program Files\Audacity
2007-11-20 18:15:32 0 d-------- C:\Program Files\LG Software Innovations


-- Find3M Report ---------------------------------------------------------------

2007-12-10 16:10:35 0 d-------- C:\Documents and Settings\Mark DeSantis\Application Data\U3
2007-12-08 15:48:36 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-12-08 15:22:14 0 d-------- C:\Program Files\Common Files
2007-12-08 15:21:34 0 d-------- C:\Program Files\Common Files\HP
2007-12-08 14:44:55 23376 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-12-08 13:09:17 0 d-------- C:\Program Files\McAfee.com
2007-11-20 18:15:40 0 d-------- C:\Documents and Settings\Mark DeSantis\Application Data\Vso
2007-11-20 18:15:39 34 --a------ C:\Documents and Settings\Mark DeSantis\Application Data\pcouffin.log
2007-11-20 18:15:35 47360 --a------ C:\Documents and Settings\Mark DeSantis\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2007-11-20 18:15:35 1144 --a------ C:\Documents and Settings\Mark DeSantis\Application Data\pcouffin.inf
2007-11-20 18:15:35 7887 --a------ C:\Documents and Settings\Mark DeSantis\Application Data\pcouffin.cat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10C776FB-1EFD-4E99-BC17-BAB0F26EFA10}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA649F62-074F-4B1E-A61B-85836CEC2AFB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ptipbmf"="rundll32.exe" [08/04/2004 07:00 AM C:\WINDOWS\system32\rundll32.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [03/14/2007 02:43 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/19/2006 02:41 AM]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [02/11/2006 02:56 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/11/2006 02:56 PM]
"NvCplDaemon"="RUNDLL32.exe" [08/04/2004 07:00 AM C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [10/22/2006 12:22 PM C:\WINDOWS\system32\nwiz.exe]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [09/22/2005 05:29 PM]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [01/11/2006 11:05 AM]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [09/28/2006 12:16 PM]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [10/11/2006 11:45 AM]
"WrtMon.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe" [09/20/2006 07:35 AM]
"dvd43"="C:\Program Files\dvd43\dvd43_tray.exe" [05/22/2006 12:26 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/12/2006 02:40 PM]
"SoundMan"="SOUNDMAN.EXE" [02/26/2004 03:53 AM C:\WINDOWS\SOUNDMAN.EXE]
"SystemTraySD"="C:\Program Files\SpywareDetector\SDSystemTray.exe" [09/17/2007 01:40 PM]
"SDAutoLiveupdate"="C:\Program Files\SpywareDetector\LiveUpdateSD.exe" [09/17/2007 01:39 PM]
"NvMediaCenter"="RUNDLL32.exe" [08/04/2004 07:00 AM C:\WINDOWS\system32\rundll32.exe]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [09/06/2007 04:14 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [12/23/2006 05:05 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [12/14/2004 4:44:06 AM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2/19/2006 4:21:22 AM]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2/14/2006 8:47:44 PM]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2/11/2006 12:20:37 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\guoiocds]
dmscriptl.dll 12/09/2007 10:51 AM 83456 C:\WINDOWS\system32\dmscriptl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SDNotify]
C:\Program Files\SpywareDetector\SDNotify.dll 08/22/2007 03:25 PM 167936 C:\Program Files\SpywareDetector\SDNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup"

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ilwsnfwh




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.test.com
127.0.0.1 www.ads.x10.com
127.0.0.1 www.600pics.com
127.0.0.1 www.doberman.befree.com
127.0.0.1 www.enews.bfast.com
127.0.0.1 www.etoys.bfast.com
127.0.0.1 www.falcon.bfast.com
127.0.0.1 www.ftp.befree.com
127.0.0.1 www.ftp.bfast.com
127.0.0.1 www.geocities.bfast.com

844 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2007-12-10 22:36:35 ------------


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 Processor 3200+
Percentage of Memory in Use: 23%
Physical Memory (total/avail): 2047.22 MiB / 1557.67 MiB
Pagefile Memory (total/avail): 3939.75 MiB / 3599.88 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1928.2 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 34.18 GiB total, 17.86 GiB free.
D: is CDROM (No Media)
E: is Fixed (NTFS) - 40.32 GiB total, 34.82 GiB free.
F: is Removable (No Media)
G: is CDROM (No Media)
H: is Removable (No Media)

\\.\PHYSICALDRIVE0 - IOMEGA ZIP 100

\\.\PHYSICALDRIVE1 - Promise 1X2 Mirror/RAID1 SCSI Disk Device - 74.5 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 34.18 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 40.32 GiB - E:

\\.\PHYSICALDRIVE2 - HP USB Device



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
AntivirusOverride is set.

FW: ZoneAlarm Firewall v7.0.408.000 (Check Point, LTD.)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Application Loader"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe:*:Enabled:AOLTsMon"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"C:\\Program Files\\Common Files\\AOL\\1139687750\\EE\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1139687750\\EE\\AOLServiceHost.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"="C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"="C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe:*:Enabled:AOL"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Mark DeSantis\Application Data
COLLECTIONID=COL8143
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=QUARTZ-3E62E170
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HMSERVER=https://wwss1proa.cce.hp.com/wuss/servlet/WUSSServlet
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Mark DeSantis
ITEMID=dj-22741-15
LANG=1033
LOGONSERVER=\\QUARTZ-3E62E170
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
OSVER=winXPP
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 47 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2f00
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONID=1138922626234htx6060142e23f:109597a50a4:-6568
SESSIONNAME=Console
SWUTVER=1.0.22.20030804
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\MARKDE~1\LOCALS~1\Temp
TIMEOUT=0
TMP=C:\DOCUME~1\MARKDE~1\LOCALS~1\Temp
TOOLPATH=/C:\Program%20Files\HP\HP%20Software%20Update\install.htm
tvdumpflags=8
UPDATEDIR=C:\DOCUME~1\MARKDE~1\LOCALS~1\Temp\radB1B1D.tmp
USERDOMAIN=QUARTZ-3E62E170
USERNAME=Mark DeSantis
USERPROFILE=C:\Documents and Settings\Mark DeSantis
VERSION=3.0.5.001
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Mark DeSantis (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Installshield Installation Information\{08082021-2a50-4196-8196-a6f86d6e8f12}\QBReplace.exe {08082021-2a50-4196-8196-a6f86d6e8f12}#{01288593-26bb-4b3a-a04e-0a4ed28cc937}
--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\system32\UninstIPP.isu
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{329899E1-CBBA-49BC-9FFE-199E94316727}\setup.exe" -l0x9 -removeonly
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
1Click DVD Copy 5.3.1.6 --> "C:\Program Files\LG Software Innovations\1Click DVD Copy 5\unins000.exe"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"
Canon MP Navigator 2.2 --> "C:\Program Files\Canon\MP Navigator 2.2\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 2.2\uninst.ini
Canon MP530 --> "C:\WINDOWS\system32\CanonIJ Uninstaller Information\{3215EBED-1D06-42fb-A05C-A752A46FB24C}\DelDrv.exe" /U:{3215EBED-1D06-42fb-A05C-A752A46FB24C} /L0x0009
Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
Creative DVD Audio Plugin for Audigy Series --> "C:\Program Files\Creative\CTDPlugin\CTUIDVD.exe " -u
diypp --> MsiExec.exe /I{C14B436A-D462-4B19-BCB9-DEFF7263EECE}
DTCLookup --> C:\PROGRA~1\DTCLOO~1\UNWISE.EXE C:\PROGRA~1\DTCLOO~1\INSTALL.LOG
DVD43 v3.9.0 --> "C:\Program Files\dvd43\unins000.exe"
Easy-WebPrint --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
EVGA Display Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEF3EFE7-5159-436D-9BF0-CCC633179EB4}\setup.exe" -l0x9 -removeonly
Free Window Registry Repair --> C:\PROGRA~1\FREEWI~1\UNWISE.EXE C:\PROGRA~1\FREEWI~1\INSTALL.LOG
GdiplusUpgrade --> MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5}
HijackThis 1.99.1 --> C:\DOCUME~1\MARKDE~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe /uninstall
HP Customer Participation Program 7.0 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 7.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart and Deskjet 7.0 Software --> C:\Program Files\HP\Digital Imaging\{76BEC1D7-8A9F-472D-84C7-014BB155E4B2}\setup\hpzscr01.exe -datfile hphscr11.dat -showdisconnect -forcereboot
HP Solution Center 7.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
InterVideo WinDVD 5 --> "C:\Program Files\InstallShield Installation Information\{1B399A41-C1D0-40A2-9E4F-095868EFAF01}\setup.exe" REMOVEALL
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Malwarebytes' RogueRemover 1.22 --> "C:\Program Files\RogueRemover FREE\unins000.exe"
Marvell Miniport Driver --> MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
McAfee SecurityCenter --> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=msc /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\screm.ui::uninstall.htm
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Sounds --> MsiExec.exe /I{10CE1EA2-12E9-11D3-825E-00C04F6843FE}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
Nero 7 Essentials --> MsiExec.exe /X{B28B351F-1232-46EA-85EF-B8EA91641033}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
overland --> MsiExec.exe /I{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}
Presto! PageManager 7.15.14 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}\PMSetup.exe" -l0x9 anything -removeonly
QuickBooks Basic Edition 2004 --> C:\Program Files\Installshield Installation Information\{2b02f821-a9b9-458c-80e5-3ea8c0de8471}\QBReplace.exe {2b02f821-a9b9-458c-80e5-3ea8c0de8471}#{2B02F82E-A9B9-458C-80E5-3EA8C0DE8471}
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
RegCure 1.5.0.0 --> C:\Program Files\RegCure\uninst.exe
Savings Bond Wizard --> C:\WINDOWS\unvise32.exe C:\Program Files\Savings Bond Wizard\uninstal.log
ScanSoft OmniPage SE 4.0 --> MsiExec.exe /I{C1E693A4-B1D5-4DCD-B68D-2087835B7184}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Spyware Detector --> "C:\Program Files\SpywareDetector\unins000.exe"
TurboTax ItsDeductible 2005 --> MsiExec.exe /X{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}
TurboTax Premier 2005 --> C:\Program Files\TurboTax\Premier 2005\TaxUnst.EXE "C:\Program Files\TurboTax\Premier 2005\Uninstall.log" -NoGui
URGE --> MsiExec.exe /I{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WexTech AnswerWorks --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}\SETUP.EXE" -l0x9 -eliminate
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type523 / Error
Event Submitted/Written: 12/09/2007 10:45:45 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 6.0.2900.2180, faulting module mshtml.dll, version 6.0.2900.2180, fault address 0x00052d7d.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type522 / Error
Event Submitted/Written: 12/09/2007 10:40:55 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 6.0.2900.2180, faulting module mshtml.dll, version 6.0.2900.2180, fault address 0x00064885.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type521 / Error
Event Submitted/Written: 12/09/2007 10:32:37 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 6.0.2900.2180, faulting module mshtml.dll, version 6.0.2900.2180, fault address 0x00052d7d.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type520 / Error
Event Submitted/Written: 12/09/2007 10:14:01 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type519 / Error
Event Submitted/Written: 12/09/2007 10:12:57 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type26434 / Warning
Event Submitted/Written: 12/10/2007 11:11:19 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type26313 / Error
Event Submitted/Written: 12/07/2007 04:10:01 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%2001

Event Record #/Type26312 / Error
Event Submitted/Written: 12/07/2007 04:10:01 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The TCP/IP Protocol Driver service failed to start due to the following error:
%%2001

Event Record #/Type26310 / Error
Event Submitted/Written: 12/07/2007 04:10:01 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%2001

Event Record #/Type26309 / Error
Event Submitted/Written: 12/07/2007 04:10:00 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The TCP/IP Protocol Driver service failed to start due to the following error:
%%2001



-- End of Deckard's System Scanner: finished at 2007-12-10 22:36:35 ------------



Logfile of HijackThis v1.99.1
Scan saved at 11:01:33 PM, on 12/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\SpywareDetector\SDService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\SpywareDetector\SDSystemTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\DOCUME~1\MARKDE~1\Desktop\NEWFOL~1\Mark DeSantis.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {10C776FB-1EFD-4E99-BC17-BAB0F26EFA10} - c:\windows\system32\dmscriptl.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {AA649F62-074F-4B1E-A61B-85836CEC2AFB} - C:\WINDOWS\system32\dxmasfq.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [Ptipbmf] "rundll32.exe" ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [dvd43] "C:\Program Files\dvd43\dvd43_tray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SystemTraySD] "C:\Program Files\SpywareDetector\SDSystemTray.exe" -AUTO
O4 - HKLM\..\Run: [SDAutoLiveupdate] "C:\Program Files\SpywareDetector\LiveUpdateSD.exe" -AUTO
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O20 - Winlogon Notify: guoiocds - C:\WINDOWS\SYSTEM32\dmscriptl.dll
O20 - Winlogon Notify: SDNotify - C:\Program Files\SpywareDetector\SDNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SDService - Max Secure Software - C:\Program Files\SpywareDetector\SDService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

thank you again

[Rorschach112]

No need to worry, you are in good hands

Is your internet still not working on your PC ?


Download Combofix and save it to your desktop.

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

• Please post the "C:\ComboFix.txt" for further review.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

[mdesantis]

Hello sir and thank you.

My networking is functioning and at this juncture is adaquately stable. internet access is restored as a result of reinstalling xp os days ago. computer is much less buggy and as you can see by logs some malicious files are still present and my spyware detector has repeatedly found and deleted minor to moderated infections. one being a keylogger and another a trojan with filename rpcc.exe these were already there are may be reloading from somewhere? but i am fairly sure spyware program has deleted or at least quarantined.

upon returning home i will execute combofix and follow your directions.


thankyou'
Mark

[mdesantis]

hello,


combofix said it quarantined and deleted the uglies. i will post log reboot and hijack to see if they come back there were several other uglies in ther too as you will see.

thankyou mark

ComboFix 07-12-09.1 - Mark DeSantis 2007-12-11 10:09:14.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1521 [GMT -5:00]
Running from: C:\Documents and Settings\Mark DeSantis\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Mark DeSantis\Application Data\inst.exe
C:\WINDOWS\hosts
C:\WINDOWS\system32\dmscriptl.dll
C:\WINDOWS\system32\drivers\wiithurl.dat
C:\WINDOWS\system32\dxmasfq.dll
C:\WINDOWS\system32\koos.exe
C:\WINDOWS\system32\kprof
C:\WINDOWS\system32\poof
C:\WINDOWS\Tasks.\At1.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_ASMJSEDK
-------\LEGACY_ILWSNFWH
-------\asmjsedk
-------\ilwsnfwh


((((((((((((((((((((((((( Files Created from 2007-11-11 to 2007-12-11 )))))))))))))))))))))))))))))))
.

2007-12-10 22:32 . 2007-12-10 22:32 <DIR> d-------- C:\Deckard
2007-12-10 17:22 . 2007-12-10 17:22 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2007-12-10 16:12 . 2007-12-10 17:20 <DIR> d-------- C:\VundoFix Backups
2007-12-09 20:51 . 2007-12-09 20:51 119,552 --a------ C:\WINDOWS\system32\ugteauxw.dat
2007-12-09 10:51 . 2007-12-09 10:51 1,188,375 --a------ C:\WINDOWS\system32\libeay32.dll
2007-12-09 10:51 . 2007-12-09 10:51 741,632 --a------ C:\WINDOWS\system32\ghkxewvr.dat
2007-12-09 10:51 . 2007-12-09 10:51 246,545 --a------ C:\WINDOWS\system32\libssl32.dll
2007-12-09 10:51 . 2007-12-09 10:51 42,240 --a------ C:\WINDOWS\system32\lahxswyr.dat
2007-12-09 10:51 . 2007-12-09 10:51 36,096 --a------ C:\WINDOWS\system32\quzyeyvg.dat
2007-12-09 10:51 . 2007-12-09 10:51 35,072 --a------ C:\WINDOWS\system32\lgixemsf.dat
2007-12-08 15:39 . 2007-12-08 15:40 <DIR> d-------- C:\WINDOWS\NV7801216.TMP
2007-12-08 15:36 . 2003-07-02 04:42 27,904 --a------ C:\WINDOWS\system32\drivers\VIAAGP1.SYS
2007-12-08 15:08 . 2007-03-19 12:39 270,336 --a------ C:\WINDOWS\system32\CheckDll.dll
2007-12-08 15:08 . 2007-09-17 13:39 67,024 --a------ C:\WINDOWS\system32\CloseAll.exe
2007-12-08 15:08 . 2007-09-29 14:04 11,728 --a------ C:\WINDOWS\system32\SDEarlyDelete.exe
2007-12-08 15:08 . 2005-02-06 09:02 104 --a------ C:\WINDOWS\system32\ProxySettings.ini
2007-12-08 14:50 . 2004-08-04 07:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2007-12-08 14:49 . 2004-08-04 07:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2007-12-08 14:48 . 2004-08-04 07:00 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll
2007-12-08 14:46 . 2007-12-08 14:46 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2007-12-08 14:46 . 2007-12-08 14:46 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2007-12-08 14:46 . 2007-12-08 14:46 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2007-12-08 14:46 . 2007-12-08 14:46 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2007-12-08 14:46 . 2007-12-08 14:46 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2007-12-08 14:46 . 2007-12-08 14:46 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2007-12-08 14:45 . 2004-08-04 07:00 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe
2007-12-08 14:04 . 2004-08-04 07:00 472,007 -ra------ C:\txtsetup.sif
2007-12-08 14:04 . 2004-08-04 07:00 260,272 -ra------ C:\$LDR$
2007-12-08 13:19 . 2007-12-09 10:07 <DIR> d-------- C:\Program Files\RegCure
2007-12-08 10:44 . 2007-12-11 06:30 2,096 --a------ C:\WINDOWS\system32\SDRemoveDB.db
2007-12-08 10:44 . 2007-12-10 23:07 123 --a------ C:\WINDOWS\system\SysSD.dll
2007-12-08 10:43 . 2007-12-11 10:15 <DIR> d-------- C:\Program Files\SpywareDetector
2007-12-07 16:16 . 2007-12-08 15:57 <DIR> d-------- C:\Program Files\RogueRemover FREE
2007-12-06 15:18 . 2007-12-06 15:52 <DIR> d-------- C:\Documents and Settings\Mark DeSantis\New Folder
2007-12-03 19:08 . 2007-12-06 19:23 <DIR> d-------- C:\WINDOWS\system32\AppCert
2007-12-03 19:08 . 2007-12-06 19:28 84,480 --a------ C:\WINDOWS\system32\dmscriptl.dll.bak
2007-12-03 19:07 . 2007-12-03 19:07 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-03 19:07 . 2007-12-03 19:07 1,409 --a------ C:\WINDOWS\QTFont.for
2007-11-22 13:53 . 2007-11-22 14:04 <DIR> d-------- C:\Documents and Settings\Mark DeSantis\Application Data\Canon
2007-11-22 10:07 . 2007-11-22 10:07 <DIR> d-------- C:\Program Files\Audacity
2007-11-20 18:15 . 2007-11-20 18:15 <DIR> d-------- C:\Program Files\LG Software Innovations

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-11 15:13 36,056 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-11 15:13 2,902,048 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-10 21:10 --------- d-----w C:\Documents and Settings\Mark DeSantis\Application Data\U3
2007-12-08 20:21 --------- d-----w C:\Program Files\Common Files\HP
2007-12-08 18:09 --------- d-----w C:\Program Files\McAfee.com
2007-11-20 23:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\1Click DVD Copy
2007-11-20 23:15 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2007-11-20 23:15 47,360 ----a-w C:\Documents and Settings\Mark DeSantis\Application Data\pcouffin.sys
2007-11-20 23:15 --------- d-----w C:\Documents and Settings\Mark DeSantis\Application Data\Vso
2007-10-22 16:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-07-30 23:45 21,033,911 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_07_30_12_24_48_full.dmp.zip
2007-07-30 23:44 106,381 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_07_30_12_24_45_small.dmp.zip
2007-07-29 12:29 47,095 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2007_07_29_02_29_18_small.dmp.zip
2007-07-29 12:29 20,611,759 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_07_29_02_29_23_full.dmp.zip
2007-07-29 12:27 20,998,843 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_07_29_02_28_57_full.dmp.zip
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 17:05]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ptipbmf"="rundll32.exe" [2004-08-04 07:00 C:\WINDOWS\system32\rundll32.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 02:43]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-02-11 14:56]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-02-11 14:56]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 07:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 17:29]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 11:05]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 12:16]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 11:45]
"WrtMon.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 07:35]
"dvd43"="C:\Program Files\dvd43\dvd43_tray.exe" [2006-05-22 12:26]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 14:40]
"SoundMan"="SOUNDMAN.EXE" [2004-02-26 03:53 C:\WINDOWS\SOUNDMAN.EXE]
"SystemTraySD"="C:\Program Files\SpywareDetector\SDSystemTray.exe" [2007-09-17 13:40]
"SDAutoLiveupdate"="C:\Program Files\SpywareDetector\LiveUpdateSD.exe" [2007-09-17 13:39]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 07:00 C:\WINDOWS\system32\rundll32.exe]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 16:14]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2006-02-14 20:47:44]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2006-02-11 12:20:37]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SDNotify]
C:\Program Files\SpywareDetector\SDNotify.dll 2007-08-22 15:25 167936 C:\Program Files\SpywareDetector\SDNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys
S3 MapMem;MapMem;\??\D:\mapmem.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-12-11 15:15:02 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2007-12-08 18:19:26 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.2180]
-> C:\WINDOWS\system32\AppCert\prx93f.dll
.
**************************************************************************

catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-11 10:15:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-11 10:17:41 - machine was rebooted
.
--- E O F ---

[mdesantis]

yeah, bho uglies are gone! Am i all better?

for some strange reason this web sit keeps hanging my browser (IE). hangs loading pictures all other sites work fine

very strange, i know my cookies are wiped out by spyware detector(maxsecure) can i set it to disregard cookies?

also do you recomend i continue using this particular program(spyware detector by maxsecure or what i purchased the license?

also should i continue to autorun macaffe security suite with this spyware prog in your experience.

once again thank you so much for your help
Mark

Logfile of HijackThis v1.99.1
Scan saved at 10:38:09 AM, on 12/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\SpywareDetector\SDSystemTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\SpywareDetector\SDService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Mark DeSantis\Desktop\New Folder\Mark DeSantis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [Ptipbmf] "rundll32.exe" ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [dvd43] "C:\Program Files\dvd43\dvd43_tray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SystemTraySD] "C:\Program Files\SpywareDetector\SDSystemTray.exe" -AUTO
O4 - HKLM\..\Run: [SDAutoLiveupdate] "C:\Program Files\SpywareDetector\LiveUpdateSD.exe" -AUTO
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O20 - Winlogon Notify: SDNotify - C:\Program Files\SpywareDetector\SDNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SDService - Max Secure Software - C:\Program Files\SpywareDetector\SDService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe