Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Can't seem to find what's blocking things in my computer!

Started by hottiemom24 , Jan 07 2008 01:49 AM

This topic is locked

#1
hottiemom24

Posted 07 January 2008 - 01:49 AM

Member

Member
42 posts

I have already gone through the steps listed in the instructions. There is something in my system that has either not been detected or cannot be detected with the normal anti-virus. I can't print, I can't do anything as Administrator on my own computer and I can't get into my registry. Here is the logs from both SuperAntiSpyware and HiJack this. I could not run the Panda software because I am running Vista. Please help!!

SuperAntiSpyware:

SUPERAntiSpyware Scan Log
Generated 01/07/2008 at 00:31 AM

Application Version : 3.6.1000

Core Rules Database Version : 3375
Trace Rules Database Version: 1369

Scan type : Complete Scan
Total Scan Time : 00:50:24

Memory items scanned : 775
Memory threats detected : 0
Registry items scanned : 7814
Registry threats detected : 12
File items scanned : 63036
File threats detected : 15

Adware.HBHelper
HKLM\Software\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32#ThreadingModel
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\ProgID
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\VersionIndependentProgID
C:\PROGRA~1\BARGAI~1.COM\TBHELPER.DLL

Adware.Tracking Cookie
C:\Users\Cassandra\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Cassandra\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Cassandra\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Cassandra\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Cassandra\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Cassandra\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Cassandra\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Cassandra\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Cassandra\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Cassandra\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Cassandra\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Cassandra\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt

Browser Hijacker.Deskbar
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid32
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib#Version

HiJack This:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:00:26 PM, on 1/6/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\PROGRA~1\Grisoft\AVG7\avgfw2kv.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hello\Hello.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Dell DataSafe Online\Bin\DataSafeOnlineScheduler.exe
C:\Program Files\Dell DataSafe Online\Bin\DataSafeOnlineTrayIcon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Dell\DELL Webcam Manager\DellWMgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\PROGRA~1\Webshots\Webshots.scr
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Windows\System32\mobsync.exe
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\Program Files\Enigma Software Group\SpyHunter\SHService.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe
C:\PROGRA~1\INCRED~1\bin\ImNotfy.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....w.google.com/ig
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: Trellian BHO Impl - {24180B00-2EB6-11d7-BD6F-004854603DCE} - C:\Program Files\TRELLIAN\Toolbar\toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Trellian &Toolbar - {71AAABE5-1F0F-11d7-BD6F-004854603DCE} - C:\Program Files\TRELLIAN\Toolbar\toolbar.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [PicasaNet] "C:\Program Files\Hello\Hello.exe" -b
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SHStartup.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\CASSAN~1\AppData\Local\Temp\qopnk.dll,c
O4 - HKCU\..\Run: [Dell DataSafe Scheduler] "C:\Program Files\Dell DataSafe Online\Bin\DataSafeOnlineScheduler.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\DELL Webcam Manager\DellWMgr.exe" /s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...etup1.0.1.0.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-48.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall Service (AVGFw2kv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfw2kv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SpyHunter3 Service - Enigma Software Group, Inc. - C:\Program Files\Enigma Software Group\SpyHunter\SHService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 14797 bytes

Thank you for your help in advance,
Cassandra

#2
Rorschach112

Posted 09 January 2008 - 12:37 PM

Ralphie

Retired Staff
47,710 posts

Hello

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

Close all other windows before proceeding.
Double-click on dss.exe and follow the prompts.
If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
- Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.

* Click here to download AVG Anti Rootkit and save it to your desktop.

Double-click on the AVG_AntiRootkit_1.1.0.42.exe file to run it.
Click "I Agree" to agree to the EULA.
By default it will install to "G:\Program Files\GRISOFT\AVG Anti-Rootkit Beta".
Click "Next" to begin the installation then click "Install".
It will then ask you to reboot now to finish the installation.
Click "Finish" and your computer will reboot.
After it reboots, double-click on the AVG Anti-Rootkit Beta shortcut that is now on your desktop.
Click on the "Perform in-depth search" button to begin the scan.
The scan will take a while so be patient and let it complete.
When the scan is finished, click the "Save result to file" button.
Save the scan results to your desktop then come back here to copy and paste the results in your next reply to this thread.

#3
hottiemom24

Posted 10 January 2008 - 09:07 AM

Member

Topic Starter
Member
42 posts

Here is the DSS Main Log, the system did not open the 2nd Extra log:

Deckard's System Scanner v20071014.68
Run by Cassandra on 2008-01-10 07:57:13
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Cassandra.exe) -------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:57:41 AM, on 1/10/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Hello\Hello.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Dell DataSafe Online\Bin\DataSafeOnlineScheduler.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Dell DataSafe Online\Bin\DataSafeOnlineTrayIcon.exe
C:\Program Files\Dell\DELL Webcam Manager\DellWMgr.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Webshots\Webshots.scr
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Cassandra\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\CASSAN~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....w.google.com/ig
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [PicasaNet] "C:\Program Files\Hello\Hello.exe" -b
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\CASSAN~1\AppData\Local\Temp\qopnk.dll,c
O4 - HKCU\..\Run: [Dell DataSafe Scheduler] "C:\Program Files\Dell DataSafe Online\Bin\DataSafeOnlineScheduler.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\DELL Webcam Manager\DellWMgr.exe" /s
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...etup1.0.1.0.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-48.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall Service (AVGFw2kv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfw2kv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12511 bytes

-- Files created between 2007-12-10 and 2008-01-10 -----------------------------

2008-01-06 22:12:03 0 d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-01-06 22:11:45 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-01-06 20:59:52 0 d-------- C:\Program Files\Trend Micro
2008-01-06 18:23:01 0 d-------- C:\Users\All Users\Lavasoft
2008-01-06 18:23:01 0 d-------- C:\Program Files\Lavasoft
2008-01-06 18:21:25 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-06 17:44:46 0 d-------- C:\Program Files\Enigma Software Group
2008-01-04 21:01:08 0 d-------- C:\Program Files\TaxCut Business 2005
2008-01-04 20:59:23 102469 --a------ C:\Windows\system32\VBPrnDlg.dll <Not Verified; Microsoft; Microsoft VBPrnDlg>
2008-01-04 20:59:23 72192 --a------ C:\Windows\system32\Ssprn32.dll <Not Verified; Sheridan Software Systems, Inc.; Sheridan Software Systems, Inc.>
2008-01-04 20:59:23 61440 --a------ C:\Windows\system32\Ssmedt32.dll <Not Verified; Sheridan Software Systems, Inc.; Sheridan Software Systems Masked Edit>
2008-01-04 20:59:23 216064 --a------ C:\Windows\system32\Cp5dll32.dll <Not Verified; EllTech Development, Inc.; Compression Plus 5.0>
2008-01-04 20:59:23 441344 --a------ C:\Windows\system32\ATXPDF.dll <Not Verified; wpcubed GmbH; PDFControl>
2008-01-04 20:59:22 24576 --a------ C:\Windows\system32\Rsrc32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-01-04 20:59:20 368912 --a------ C:\Windows\system32\Vbar332.dll <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2008-01-04 20:59:20 29696 --a------ C:\Windows\system32\Vb5stkit.dll <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-01-04 20:59:20 166672 --a------ C:\Windows\system32\Mstext35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-01-04 20:59:20 415504 --a------ C:\Windows\system32\msrepl35.dll <Not Verified; Microsoft Corporation; Microsoft® Access>
2008-01-04 20:59:20 252176 --a------ C:\Windows\system32\msrd2x35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-01-04 20:59:20 24848 --a------ C:\Windows\system32\msjter35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-01-04 20:59:20 123664 --a------ C:\Windows\system32\msjint35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-01-04 20:59:20 1050896 --a------ C:\Windows\system32\msjet35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-01-04 20:59:20 252688 --a------ C:\Windows\system32\Msexcl35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-01-04 20:59:20 0 d-------- C:\Program Files\Common Files\ATX
2008-01-03 16:55:44 0 d-------- C:\Users\All Users\NVIDIA
2008-01-02 19:33:51 0 d-------- C:\Program Files\Hello
2007-12-31 23:54:59 0 d-------- C:\Windows\nvtmpinst
2007-12-31 19:20:24 0 d-------- C:\Users\All Users\Microsoft Corporation
2007-12-31 19:19:12 0 d-------- C:\Program Files\Microsoft Windows Vista Upgrade Advisor
2007-12-31 16:17:40 0 d-------- C:\ScanSoft Documents
2007-12-31 16:17:40 0 d-------- C:\Program Files\ScanSoft
2007-12-26 00:59:18 0 dr-h----- C:\$VAULT$.AVG
2007-12-25 23:58:58 76 -r-hs---- C:\Windows\CT4CET.bin
2007-12-25 23:58:12 0 d-------- C:\Documents and Settings
2007-12-25 23:12:20 0 d-------- C:\Users\All Users\Grisoft
2007-12-25 23:12:20 0 d-------- C:\Users\All Users\avg7
2007-12-16 21:47:52 0 d-------- C:\pi30nnw1
2007-12-14 01:21:27 0 d-------- C:\Program Files\Dell DataSafe Online

-- Find3M Report ---------------------------------------------------------------

2008-01-10 07:52:35 27715 --a------ C:\Users\Cassandra\AppData\Roaming\nvModes.001
2008-01-10 03:11:44 836 --a------ C:\Windows\bthservsdp.dat
2008-01-10 03:11:35 0 d-------- C:\Program Files\Windows Mail
2008-01-10 03:02:28 0 d-------- C:\Program Files\Windows Sidebar
2008-01-09 08:00:08 0 d-------- C:\Users\Cassandra\AppData\Roaming\AVG7
2008-01-06 22:11:45 0 d-------- C:\Users\Cassandra\AppData\Roaming\SUPERAntiSpyware.com
2008-01-06 18:21:25 0 d-------- C:\Program Files\Common Files
2007-12-31 15:31:30 0 d-------- C:\Users\Cassandra\AppData\Roaming\Skype
2007-12-25 23:58:13 0 d-------- C:\Program Files\Creative
2007-12-25 23:56:49 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-25 23:53:40 0 d-------- C:\Program Files\Creative Live! Cam
2007-12-25 23:53:03 0 d-------- C:\Program Files\Dell
2007-12-24 11:51:53 0 d-------- C:\Users\Cassandra\AppData\Roaming\Vso
2007-12-22 11:45:53 0 d-------- C:\Users\Cassandra\AppData\Roaming\CopyToDvd
2007-12-19 09:13:08 33 --a------ C:\Users\Cassandra\AppData\Roaming\pcouffin.log
2007-12-19 09:13:08 7887 --a------ C:\Users\Cassandra\AppData\Roaming\pcouffin.cat
2007-12-02 11:28:52 0 d-------- C:\Program Files\iTunes
2007-12-02 11:28:44 0 d-------- C:\Program Files\iPod
2007-12-02 11:26:37 0 d-------- C:\Program Files\QuickTime
2007-12-01 01:00:06 0 d-------- C:\Users\Cassandra\AppData\Roaming\pdf995
2007-11-23 23:29:42 0 d-------- C:\Users\Cassandra\AppData\Roaming\DataSafeOnline
2007-11-20 19:40:21 0 d--hs---- C:\Program Files\outlook
2007-11-13 22:08:44 134 --a------ C:\n.bat
2007-11-13 22:08:36 0 -rahs---- C:\MSDOS.SYS
2007-11-13 22:08:36 0 -rahs---- C:\IO.SYS
2007-11-13 22:08:34 339 --a------ C:\Windows\17PHolmes1000137.exe
2007-11-13 22:08:18 0 --a------ C:\x.dat
2007-11-13 22:08:17 2364 --a------ C:\Windows\system32\x.dat
2007-11-13 22:08:03 0 --a------ C:\z.dat
2007-11-13 22:07:58 0 --a------ C:\Windows\system32\z.dat
2007-11-13 22:07:56 172032 --a------ C:\winlogon.exe
2007-11-13 22:00:30 0 d-------- C:\Users\Cassandra\AppData\Roaming\Adobe
2007-11-13 22:00:30 0 d-------- C:\Program Files\Common Files\Adobe
2007-11-13 21:36:33 0 d-------- C:\Users\Cassandra\AppData\Roaming\LimeWire
2007-10-24 10:29:20 27715 --a------ C:\Users\Cassandra\AppData\Roaming\nvModes.dat
2007-10-11 12:04:16 249856 --a------ C:\Windows\system32\pdfmona.dll <Not Verified; TODO: <Company name>; TODO: <Product name>>
2007-10-11 12:04:16 51716 --a------ C:\Windows\system32\pdf995mon.dll

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [08/14/2007 05:08 AM]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [04/17/2007 08:31 PM]
"OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [02/02/2007 02:00 AM]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [06/24/2007 10:17 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [10/03/2006 09:37 AM]
"@"="" []
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [04/16/2007 02:10 PM]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [09/16/2007 06:06 PM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [10/03/2006 09:35 AM]
"Windows Mobile-based device management"="%windir%\WindowsMobile\wmdSync.exe" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 06:51 PM]
"eBayToolbar"="C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe" [09/16/2007 06:02 PM]
"NWEReboot"="" []
"MSConfig"="C:\Windows\system32\msconfig.exe" [11/02/2006 02:45 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [11/14/2007 11:43 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11/15/2007 01:11 PM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [12/25/2007 11:12 PM]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [10/04/2007 09:24 PM]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [10/04/2007 09:24 PM]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [10/04/2007 09:24 PM]
"NVHotkey"="C:\Windows\system32\nvHotkey.dll" [10/04/2007 09:24 PM]
"PicasaNet"="C:\Program Files\Hello\Hello.exe" [01/11/2005 07:09 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 10:09 AM]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [07/19/2007 09:54 AM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/17/2007 11:46 AM]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [11/02/2006 05:35 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [08/24/2007 08:20 PM]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector" []
"cmds"="C:\Users\CASSAN~1\AppData\Local\Temp\qopnk.dll,c" []
"Dell DataSafe Scheduler"="C:\Program Files\Dell DataSafe Online\Bin\DataSafeOnlineScheduler.exe" [12/02/2007 04:30 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 05:36 AM]
"DELL Webcam Manager"="C:\Program Files\Dell\DELL Webcam Manager\DellWMgr.exe" [06/07/2007 11:14 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/27/2007 11:39 AM]

C:\Users\Cassandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [8/20/2007 2:17:48 PM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [11/3/2006 3:55:50 PM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [8/13/2007 9:29:30 PM]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [8/24/2007 8:20:44 PM]
QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [8/13/2007 9:28:31 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 02/27/2007 11:39 AM 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 12/25/2007 11:12 PM 9216 C:\Windows\System32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Cassandra^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Users\Cassandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
c:\dell\E-Center\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]
"C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
"C:\Program Files\Norton Internet Security\osCheck.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
bthsvcs BthServ
WindowsMobile wcescomm rapimgr
LocalServiceRestricted WcesComm RapiMgr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{949f3ef7-4a1c-11dc-a096-806e6f6e6963}]
AutoRun\command- E:\autoRcd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

-- End of Deckard's System Scanner: finished at 2008-01-10 07:58:09 ------------

I can't run the Kaspersky one. I had it actually installed on this system as a trial and it's expired. I use that online scanner when I suspect something in my system, the last time it did, so I took the trial to fix the problems. Now I can't get in my registry to delete the file that is telling that site I have already done the trial! It does nothing when I go and click ACCEPT.

I will run the last thing and post it after my kids leave for school. That program requires a reboot and I don't want to lose the rest of this post. This will have to be a two-post reply! Thanks

#4
Rorschach112

Posted 10 January 2008 - 10:00 AM

Ralphie

Retired Staff
47,710 posts

Hello

For Kaspersky, go to Add or Remove Programs and Remove Kaspersky Webscanner. That should let you run it again

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\CASSAN~1\AppData\Local\Temp\qopnk.dll,c
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...etup1.0.1.0.cab

2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

Please download OTMoveIt by OldTimer.

Save it to your desktop.
Please double-click OTMoveIt.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\n.bat
C:\MSDOS.SYS
C:\IO.SYS
C:\Windows\17PHolmes1000137.exe
C:\x.dat
C:\Windows\system32\x.dat
C:\z.dat
C:\Windows\system32\z.dat
C:\winlogon.exe
C:\Users\CASSAN~1\AppData\Local\Temp\qopnk.dll
Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
Click the red Moveit! button.
Close OTMoveIt

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please "Copy" the results from the "Results" window (to the right) and then "Paste" them into your next reply on the forum.

Note : If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :
C:\_OTMoveIt\MovedFiles\********_******.log
(where "********_******" is the "date_time")

Click "Exit" to close OTMoveIt.

Then do this

click on Start, click on Run
copy and paste the following in bold in the open window and then click OK
"%userprofile%\desktop\dss.exe" /config
This will open up DSS configuration
click on Check All
click Scan
DSS will now run again when finished
Please post back both logs that open in notepad
Main txt and extra txt

So I need to see the following in your next reply

The Kaspersky Webscanner report if it works
The two DSS texts if it works
The AVG anti-rootkit log if it finds anything
The OTMoveIt results

#5
hottiemom24

Posted 11 January 2008 - 09:13 AM

Member

Topic Starter
Member
42 posts

Hi there,
The Kaspersky Webscan worked and found nothing, so there isn't a report. The Rootkit also found nothing and there was no report. I deleted the 3 items you mentioned after running the HiJack this again.

Here is the report from OT MoveIt:

File move failed. C:\n.bat scheduled to be moved on reboot.
File move failed. C:\MSDOS.SYS scheduled to be moved on reboot.
File move failed. C:\IO.SYS scheduled to be moved on reboot.
File move failed. C:\Windows\17PHolmes1000137.exe scheduled to be moved on reboot.
File move failed. C:\x.dat scheduled to be moved on reboot.
File move failed. C:\Windows\system32\x.dat scheduled to be moved on reboot.
File move failed. C:\z.dat scheduled to be moved on reboot.
File move failed. C:\Windows\system32\z.dat scheduled to be moved on reboot.
File move failed. C:\winlogon.exe scheduled to be moved on reboot.
File/Folder C:\Users\CASSAN~1\AppData\Local\Temp\qopnk.dll not found.

Created on 01/11/2008 08:07:44

I am going to reboot, as it asked me to and will post the DSS logs again. One thing; when I tried to run HiJack this by just clicking on it, it gave me a message saying something was blocking it. That I needed to right click and run as administrator. that was strange, it didn't say WHAT was blocking it.

FYI: I still can't print. I can't see the other computers on my network at all. the other computers can't see me either. My other laptop can see the computers just fine.

I will repost with the DSS logs. Thanks

#6
hottiemom24

Posted 11 January 2008 - 12:07 PM

Member

Topic Starter
Member
42 posts

Here is the DSS Log that was generated:

Deckard's System Scanner v20071014.68
Run by Cassandra on 2008-01-11 11:04:12
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Cassandra.exe) -------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:04:37 AM, on 1/11/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hello\Hello.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Dell DataSafe Online\Bin\DataSafeOnlineScheduler.exe
C:\Program Files\Dell DataSafe Online\Bin\DataSafeOnlineTrayIcon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Dell\DELL Webcam Manager\DellWMgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\System32\rundll32.exe
C:\PROGRA~1\Webshots\Webshots.scr
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Cassandra\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\CASSAN~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....w.google.com/ig
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [PicasaNet] "C:\Program Files\Hello\Hello.exe" -b
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector
O4 - HKCU\..\Run: [Dell DataSafe Scheduler] "C:\Program Files\Dell DataSafe Online\Bin\DataSafeOnlineScheduler.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\DELL Webcam Manager\DellWMgr.exe" /s
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-48.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall Service (AVGFw2kv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfw2kv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12391 bytes

-- Files created between 2007-12-11 and 2008-01-11 -----------------------------

2008-01-10 20:34:13 0 d-------- C:\Windows\system32\Kaspersky Lab
2008-01-06 22:12:03 0 d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-01-06 22:11:45 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-01-06 20:59:52 0 d-------- C:\Program Files\Trend Micro
2008-01-06 18:23:01 0 d-------- C:\Users\All Users\Lavasoft
2008-01-06 18:23:01 0 d-------- C:\Program Files\Lavasoft
2008-01-06 18:21:25 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-06 17:44:46 0 d-------- C:\Program Files\Enigma Software Group
2008-01-04 21:01:08 0 d-------- C:\Program Files\TaxCut Business 2005
2008-01-04 20:59:23 102469 --a------ C:\Windows\system32\VBPrnDlg.dll <Not Verified; Microsoft; Microsoft VBPrnDlg>
2008-01-04 20:59:23 72192 --a------ C:\Windows\system32\Ssprn32.dll <Not Verified; Sheridan Software Systems, Inc.; Sheridan Software Systems, Inc.>
2008-01-04 20:59:23 61440 --a------ C:\Windows\system32\Ssmedt32.dll <Not Verified; Sheridan Software Systems, Inc.; Sheridan Software Systems Masked Edit>
2008-01-04 20:59:23 216064 --a------ C:\Windows\system32\Cp5dll32.dll <Not Verified; EllTech Development, Inc.; Compression Plus 5.0>
2008-01-04 20:59:23 441344 --a------ C:\Windows\system32\ATXPDF.dll <Not Verified; wpcubed GmbH; PDFControl>
2008-01-04 20:59:22 24576 --a------ C:\Windows\system32\Rsrc32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-01-04 20:59:20 368912 --a------ C:\Windows\system32\Vbar332.dll <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2008-01-04 20:59:20 29696 --a------ C:\Windows\system32\Vb5stkit.dll <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-01-04 20:59:20 166672 --a------ C:\Windows\system32\Mstext35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-01-04 20:59:20 415504 --a------ C:\Windows\system32\msrepl35.dll <Not Verified; Microsoft Corporation; Microsoft® Access>
2008-01-04 20:59:20 252176 --a------ C:\Windows\system32\msrd2x35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-01-04 20:59:20 24848 --a------ C:\Windows\system32\msjter35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-01-04 20:59:20 123664 --a------ C:\Windows\system32\msjint35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-01-04 20:59:20 1050896 --a------ C:\Windows\system32\msjet35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-01-04 20:59:20 252688 --a------ C:\Windows\system32\Msexcl35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-01-04 20:59:20 0 d-------- C:\Program Files\Common Files\ATX
2008-01-03 16:55:44 0 d-------- C:\Users\All Users\NVIDIA
2008-01-02 19:33:51 0 d-------- C:\Program Files\Hello
2007-12-31 23:54:59 0 d-------- C:\Windows\nvtmpinst
2007-12-31 19:20:24 0 d-------- C:\Users\All Users\Microsoft Corporation
2007-12-31 19:19:12 0 d-------- C:\Program Files\Microsoft Windows Vista Upgrade Advisor
2007-12-31 16:17:40 0 d-------- C:\ScanSoft Documents
2007-12-31 16:17:40 0 d-------- C:\Program Files\ScanSoft
2007-12-26 00:59:18 0 dr-h----- C:\$VAULT$.AVG
2007-12-25 23:58:58 76 -r-hs---- C:\Windows\CT4CET.bin
2007-12-25 23:58:12 0 d-------- C:\Documents and Settings
2007-12-25 23:12:20 0 d-------- C:\Users\All Users\Grisoft
2007-12-25 23:12:20 0 d-------- C:\Users\All Users\avg7
2007-12-16 21:47:52 0 d-------- C:\pi30nnw1
2007-12-14 01:21:27 0 d-------- C:\Program Files\Dell DataSafe Online

-- Find3M Report ---------------------------------------------------------------

2008-01-11 09:59:34 27715 --a------ C:\Users\Cassandra\AppData\Roaming\nvModes.001
2008-01-11 08:14:34 836 --a------ C:\Windows\bthservsdp.dat
2008-01-11 08:00:03 0 d-------- C:\Users\Cassandra\AppData\Roaming\AVG7
2008-01-10 03:11:35 0 d-------- C:\Program Files\Windows Mail
2008-01-10 03:02:28 0 d-------- C:\Program Files\Windows Sidebar
2008-01-06 22:11:45 0 d-------- C:\Users\Cassandra\AppData\Roaming\SUPERAntiSpyware.com
2008-01-06 18:21:25 0 d-------- C:\Program Files\Common Files
2007-12-31 15:31:30 0 d-------- C:\Users\Cassandra\AppData\Roaming\Skype
2007-12-25 23:58:13 0 d-------- C:\Program Files\Creative
2007-12-25 23:56:49 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-25 23:53:40 0 d-------- C:\Program Files\Creative Live! Cam
2007-12-25 23:53:03 0 d-------- C:\Program Files\Dell
2007-12-24 11:51:53 0 d-------- C:\Users\Cassandra\AppData\Roaming\Vso
2007-12-22 11:45:53 0 d-------- C:\Users\Cassandra\AppData\Roaming\CopyToDvd
2007-12-19 09:13:08 33 --a------ C:\Users\Cassandra\AppData\Roaming\pcouffin.log
2007-12-19 09:13:08 7887 --a------ C:\Users\Cassandra\AppData\Roaming\pcouffin.cat
2007-12-02 11:28:52 0 d-------- C:\Program Files\iTunes
2007-12-02 11:28:44 0 d-------- C:\Program Files\iPod
2007-12-02 11:26:37 0 d-------- C:\Program Files\QuickTime
2007-12-01 01:00:06 0 d-------- C:\Users\Cassandra\AppData\Roaming\pdf995
2007-11-23 23:29:42 0 d-------- C:\Users\Cassandra\AppData\Roaming\DataSafeOnline
2007-11-20 19:40:21 0 d--hs---- C:\Program Files\outlook
2007-11-13 22:08:44 134 --a------ C:\n.bat
2007-11-13 22:08:36 0 -rahs---- C:\MSDOS.SYS
2007-11-13 22:08:36 0 -rahs---- C:\IO.SYS
2007-11-13 22:08:34 339 --a------ C:\Windows\17PHolmes1000137.exe
2007-11-13 22:08:18 0 --a------ C:\x.dat
2007-11-13 22:08:17 2364 --a------ C:\Windows\system32\x.dat
2007-11-13 22:08:03 0 --a------ C:\z.dat
2007-11-13 22:07:58 0 --a------ C:\Windows\system32\z.dat
2007-11-13 22:07:56 172032 --a------ C:\winlogon.exe
2007-11-13 22:00:30 0 d-------- C:\Users\Cassandra\AppData\Roaming\Adobe
2007-11-13 22:00:30 0 d-------- C:\Program Files\Common Files\Adobe
2007-11-13 21:36:33 0 d-------- C:\Users\Cassandra\AppData\Roaming\LimeWire
2007-10-24 10:29:20 27715 --a------ C:\Users\Cassandra\AppData\Roaming\nvModes.dat
2007-10-11 12:04:16 249856 --a------ C:\Windows\system32\pdfmona.dll <Not Verified; TODO: <Company name>; TODO: <Product name>>
2007-10-11 12:04:16 51716 --a------ C:\Windows\system32\pdf995mon.dll

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [08/14/2007 05:08 AM]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [04/17/2007 08:31 PM]
"OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [02/02/2007 02:00 AM]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [06/24/2007 10:17 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [10/03/2006 09:37 AM]
"@"="" []
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [04/16/2007 02:10 PM]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [09/16/2007 06:06 PM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [10/03/2006 09:35 AM]
"Windows Mobile-based device management"="%windir%\WindowsMobile\wmdSync.exe" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 06:51 PM]
"eBayToolbar"="C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe" [09/16/2007 06:02 PM]
"NWEReboot"="" []
"MSConfig"="C:\Windows\system32\msconfig.exe" [11/02/2006 02:45 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [11/14/2007 11:43 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11/15/2007 01:11 PM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [12/25/2007 11:12 PM]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [10/04/2007 09:24 PM]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [10/04/2007 09:24 PM]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [10/04/2007 09:24 PM]
"NVHotkey"="C:\Windows\system32\nvHotkey.dll" [10/04/2007 09:24 PM]
"PicasaNet"="C:\Program Files\Hello\Hello.exe" [01/11/2005 07:09 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 10:09 AM]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [07/19/2007 09:54 AM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/17/2007 11:46 AM]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [11/02/2006 05:35 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [08/24/2007 08:20 PM]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector" []
"Dell DataSafe Scheduler"="C:\Program Files\Dell DataSafe Online\Bin\DataSafeOnlineScheduler.exe" [12/02/2007 04:30 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 05:36 AM]
"DELL Webcam Manager"="C:\Program Files\Dell\DELL Webcam Manager\DellWMgr.exe" [06/07/2007 11:14 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/27/2007 11:39 AM]

C:\Users\Cassandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [8/20/2007 2:17:48 PM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [11/3/2006 3:55:50 PM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [8/13/2007 9:29:30 PM]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [8/24/2007 8:20:44 PM]
QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [8/13/2007 9:28:31 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 02/27/2007 11:39 AM 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 12/25/2007 11:12 PM 9216 C:\Windows\System32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Cassandra^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Users\Cassandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
c:\dell\E-Center\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]
"C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
"C:\Program Files\Norton Internet Security\osCheck.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
bthsvcs BthServ
WindowsMobile wcescomm rapimgr
LocalServiceRestricted WcesComm RapiMgr

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

-- End of Deckard's System Scanner: finished at 2008-01-11 11:05:09 ------------

There was only one.

#7
Rorschach112

Posted 11 January 2008 - 12:28 PM

Ralphie

Retired Staff
47,710 posts

We need to run something a little stronger

Download Combofix and save it to your desktop.

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" for further review.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

#8
hottiemom24

Posted 13 January 2008 - 12:28 AM

Member

Topic Starter
Member
42 posts

Here's the Combofix log:

ComboFix 08-01-13.1 - Cassandra 2008-01-12 23:22:39.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1276 [GMT -7:00]
Running from: C:\Users\Cassandra\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\outlook
C:\Program Files\outlook\p.zip
C:\Users\Cassandra\AppData\Roaming\inst.exe
C:\Windows\17PHolmes1000137.exe
C:\winlogon.exe
C:\x.dat
C:\z.dat

.
((((((((((((((((((((((((( Files Created from 2007-12-13 to 2008-01-13 )))))))))))))))))))))))))))))))
.

2008-01-12 23:09 . 2000-08-31 08:00 51,200 --a------ C:\Windows\NirCmd.exe
2008-01-10 08:08 . 2007-01-18 05:00 3,968 --a------ C:\Windows\System32\drivers\AvgArCln.sys
2008-01-10 03:04 . 2008-01-10 03:04 802,816 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-01-10 03:04 . 2008-01-10 03:04 216,760 --a------ C:\Windows\System32\drivers\netio.sys
2008-01-10 03:04 . 2008-01-10 03:04 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-01-10 03:04 . 2008-01-10 03:04 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-01-10 03:04 . 2008-01-10 03:04 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-01-10 03:02 . 2008-01-10 03:02 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-01-10 03:02 . 2008-01-10 03:02 1,686,016 --a------ C:\Windows\System32\gameux.dll
2008-01-10 03:02 . 2008-01-10 03:02 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-01-10 03:02 . 2008-01-10 03:02 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys
2008-01-10 03:02 . 2008-01-10 03:02 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-01-10 03:02 . 2008-01-10 03:02 110,136 --a------ C:\Windows\System32\drivers\ataport.sys
2008-01-10 03:02 . 2008-01-10 03:02 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-01-10 03:02 . 2008-01-10 03:02 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-01-10 03:02 . 2008-01-10 03:02 15,928 --a------ C:\Windows\System32\drivers\pciide.sys
2008-01-10 03:02 . 2008-01-10 03:02 11,776 --a------ C:\Windows\System32\sbunattend.exe
2008-01-09 23:49 . 2008-01-09 23:49 <DIR> d-------- C:\Deckard
2008-01-06 22:12 . 2008-01-06 22:12 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-01-06 22:12 . 2008-01-06 22:12 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-01-06 22:11 . 2008-01-06 22:11 <DIR> d-------- C:\Users\Cassandra\AppData\Roaming\SUPERAntiSpyware.com
2008-01-06 22:11 . 2008-01-11 10:03 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-06 20:59 . 2008-01-06 20:59 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-06 18:23 . 2008-01-06 18:23 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-01-06 18:23 . 2008-01-06 18:23 <DIR> d-------- C:\ProgramData\Lavasoft
2008-01-06 18:23 . 2008-01-06 18:23 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-06 18:21 . 2008-01-06 22:11 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-06 17:44 . 2008-01-06 17:44 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-01-04 21:01 . 2008-01-04 21:02 <DIR> d-------- C:\Program Files\TaxCut Business 2005
2008-01-04 20:59 . 2008-01-04 20:59 <DIR> d-------- C:\Program Files\Common Files\ATX
2008-01-03 16:55 . 2008-01-06 11:13 <DIR> d-------- C:\Users\All Users\NVIDIA
2008-01-03 16:55 . 2008-01-06 11:13 <DIR> d-------- C:\ProgramData\NVIDIA
2008-01-02 19:33 . 2008-01-02 19:33 <DIR> d-------- C:\Program Files\Hello
2007-12-31 23:54 . 2007-12-31 23:55 <DIR> d-------- C:\Windows\nvtmpinst
2007-12-31 19:20 . 2007-12-31 19:20 <DIR> d-------- C:\Users\All Users\Microsoft Corporation
2007-12-31 19:20 . 2007-12-31 19:20 <DIR> d-------- C:\ProgramData\Microsoft Corporation
2007-12-31 19:19 . 2007-12-31 19:19 <DIR> d-------- C:\Program Files\Microsoft Windows Vista Upgrade Advisor
2007-12-31 18:37 . 2007-12-31 19:19 2,205 --a------ C:\Windows\diagerr.xml
2007-12-31 18:37 . 2007-12-31 19:19 1,905 --a------ C:\Windows\diagwrn.xml
2007-12-31 16:17 . 2007-12-31 16:18 <DIR> d-------- C:\ScanSoft Documents
2007-12-31 16:17 . 2007-12-31 16:17 <DIR> d-------- C:\Program Files\ScanSoft
2007-12-25 23:58 . 2007-12-25 23:58 <DIR> d-------- C:\Documents and Settings
2007-12-25 23:58 . 2007-12-25 23:58 76 -r-hs---- C:\Windows\CT4CET.bin
2007-12-25 23:55 . 2007-02-14 12:27 5,627,904 --a------ C:\Windows\System32\LiveCamVirtual.ocx
2007-12-25 23:13 . 2008-01-11 08:00 <DIR> d-------- C:\Users\Cassandra\AppData\Roaming\AVG7
2007-12-25 23:12 . 2007-12-25 23:12 <DIR> d-------- C:\Users\All Users\Grisoft
2007-12-25 23:12 . 2008-01-06 21:45 <DIR> d-------- C:\Users\All Users\avg7
2007-12-25 23:12 . 2007-12-25 23:12 <DIR> d-------- C:\ProgramData\Grisoft
2007-12-25 23:12 . 2008-01-06 21:45 <DIR> d-------- C:\ProgramData\avg7
2007-12-25 23:12 . 2007-12-25 23:12 55,304 --a------ C:\Windows\System32\drivers\avgwfp.sys
2007-12-25 23:12 . 2007-12-25 23:12 9,216 --a------ C:\Windows\System32\avgwlntf.dll
2007-12-16 21:47 . 2007-12-16 21:47 <DIR> d-------- C:\pi30nnw1
2007-12-14 01:21 . 2007-12-14 01:21 <DIR> d-------- C:\Program Files\Dell DataSafe Online

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-13 06:16 47,360 ----a-w C:\Users\Cassandra\AppData\Roaming\pcouffin.sys
2008-01-13 06:16 --------- d-----w C:\Users\Cassandra\AppData\Roaming\Vso
2008-01-13 06:16 --------- d-----w C:\Program Files\VSO
2008-01-11 07:21 --------- d-----w C:\ProgramData\Google Updater
2008-01-10 19:58 --------- d-----w C:\ProgramData\pdf995
2008-01-10 10:11 --------- d-----w C:\Program Files\Windows Mail
2008-01-10 10:02 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-01-10 10:02 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-01-10 10:02 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-01-10 10:02 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-01-10 10:02 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-01 02:13 --------- d-----w C:\ProgramData\Microsoft Help
2007-12-31 22:31 --------- d-----w C:\Users\Cassandra\AppData\Roaming\Skype
2007-12-26 06:58 --------- d-----w C:\Program Files\Creative
2007-12-26 06:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-26 06:53 --------- d-----w C:\Program Files\Dell
2007-12-26 06:53 --------- d-----w C:\Program Files\Creative Live! Cam
2007-12-24 19:10 --------- d-----w C:\ProgramData\Kaspersky Lab
2007-12-24 03:53 --------- d-----w C:\ProgramData\DVD Shrink
2007-12-22 18:45 --------- d-----w C:\Users\Cassandra\AppData\Roaming\CopyToDvd
2007-12-12 10:06 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-12 10:06 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-12 10:06 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-12-12 10:05 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2007-12-12 10:05 824,832 ----a-w C:\Windows\System32\wininet.dll
2007-12-12 10:05 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2007-12-12 10:05 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-12-12 10:05 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-12 10:05 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-12-12 10:05 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2007-12-12 10:05 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2007-12-12 10:03 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
2007-12-12 10:03 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe
2007-12-02 18:28 --------- d-----w C:\ProgramData\Apple Computer
2007-12-02 18:28 --------- d-----w C:\Program Files\iTunes
2007-12-02 18:28 --------- d-----w C:\Program Files\iPod
2007-12-02 18:26 --------- d-----w C:\Program Files\QuickTime
2007-12-01 08:00 --------- d-----w C:\Users\Cassandra\AppData\Roaming\pdf995
2007-11-24 06:29 --------- d-----w C:\Users\Cassandra\AppData\Roaming\DataSafeOnline
2007-11-17 10:02 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2007-11-14 10:03 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-11-14 10:03 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-11-14 10:03 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-11-14 10:03 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-11-14 10:03 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-11-14 10:03 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-11-14 10:03 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-11-14 10:03 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
2007-11-14 10:03 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2007-11-14 10:03 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-11-14 10:03 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
2007-11-14 10:03 2,923,520 ----a-w C:\Windows\explorer.exe
2007-11-14 10:03 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-11-14 10:03 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys
2007-11-14 10:03 11,264 ----a-w C:\Windows\system32\drivers\wmiacpi.sys
2007-11-14 05:08 134 ----a-w C:\n.bat
2007-11-14 05:00 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-14 04:58 --------- d-----w C:\ProgramData\Adobe Systems
2007-11-14 04:36 --------- d-----w C:\Users\Cassandra\AppData\Roaming\LimeWire
2007-11-14 04:35 3,380,048 ----a-w C:\Users\Cassandra\LimeWireWin.exe
2007-10-24 17:29 27,715 ----a-w C:\Users\Cassandra\AppData\Roaming\nvModes.dat
2007-08-30 09:12 174 --sha-w C:\Program Files\desktop.ini
2007-09-22 05:34 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-09-22 05:34 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-09-22 05:34 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09 460784]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-07-19 09:54 208946]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-17 11:46 4670704]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 05:35 125440]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-24 20:20 68856]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector" [ ]
"Dell DataSafe Scheduler"="C:\Program Files\Dell DataSafe Online\Bin\DataSafeOnlineScheduler.exe" [2007-12-02 16:30 308464]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 05:36 201728]
"DELL Webcam Manager"="C:\Program Files\Dell\DELL Webcam Manager\DellWMgr.exe" [2007-06-07 11:14 118784]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39 1310720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-14 05:08 1006264]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2007-04-17 20:31 159744]
"OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [2007-02-02 02:00 36864]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-06-24 22:17 405504]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 09:37 81920]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-04-16 14:10 184320]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-09-16 18:06 1836544]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 09:35 221184]
"Windows Mobile-based device management"="%windir%\WindowsMobile\wmdSync.exe" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51 39792]
"eBayToolbar"="C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe" [2007-09-16 18:02 550128]
"NWEReboot"="" []
"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 02:45 222208]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-25 23:12 579072]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-10-04 21:24 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-10-04 21:24 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-10-04 21:24 81920]
"NVHotkey"="C:\Windows\system32\nvHotkey.dll" [2007-10-04 21:24 86016]
"PicasaNet"="C:\Program Files\Hello\Hello.exe" [2005-01-11 19:09 2572288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-25 23:12 219136]

C:\Users\Cassandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2007-08-20 14:17:48]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-03 15:55:50]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-08-13 21:29:30]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-08-24 20:20:44]
QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-08-13 21:28:31]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2007-12-25 23:12 9216 C:\Windows\System32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKLM\~\startupfolder\C:^Users^Cassandra^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Users\Cassandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2007-04-27 14:17 50736 C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
--a------ 2007-03-16 03:20 17920 c:\dell\E-Center\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]
C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-11-15 13:11 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
C:\Program Files\Norton Internet Security\osCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-11-14 23:43 286720 C:\Program Files\QuickTime\QTTask.exe

R0 CLFS;Common Log (CLFS);C:\Windows\system32\CLFS.sys [2006-11-02 02:51]
R0 crcdisk;Crcdisk Filter Driver;C:\Windows\system32\drivers\crcdisk.sys [2006-11-02 02:49]
R0 Ecache;ReadyBoost Caching Driver;C:\Windows\system32\drivers\ecache.sys [2006-11-02 05:34]
R0 FileInfo;File Information FS MiniFilter;C:\Windows\system32\drivers\fileinfo.sys [2006-11-02 02:49]
R0 iaStorV;Intel RAID Controller Vista;C:\Windows\system32\drivers\iastorv.sys [2006-11-02 02:51]
R0 msisadrv;ISA/EISA Class Driver;C:\Windows\system32\drivers\msisadrv.sys [2007-08-14 05:07]
R0 spldr;Security Processor Loader Driver;C:\Windows\system32\drivers\spldr.sys [2006-11-02 02:49]
R0 volmgr;Volume Manager Driver;C:\Windows\system32\drivers\volmgr.sys [2007-08-14 05:07]
R0 volmgrx;Dynamic Volume Manager;C:\Windows\system32\drivers\volmgrx.sys [2006-11-02 02:51]
R1 DfsC;Dfs Client Driver;C:\Windows\system32\Drivers\dfsc.sys [2006-11-02 01:31]
R1 DLARTL_M;DLARTL_M;C:\Windows\system32\Drivers\DLARTL_M.SYS [2007-02-08 19:05]
R1 nsiproxy;NSI proxy service;C:\Windows\system32\drivers\nsiproxy.sys [2006-11-02 01:57]
R1 RDPENCDD;RDP Encoder Mirror Driver;C:\Windows\system32\drivers\rdpencdd.sys [2006-11-02 02:02]
R1 Smb;Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session);C:\Windows\system32\DRIVERS\smb.sys [2006-11-02 01:57]
R1 tdx;NetIO Legacy TDI Support Driver;C:\Windows\system32\DRIVERS\tdx.sys [2006-11-02 01:57]
R1 Wanarpv6;Remote Access IPv6 ARP Driver;C:\Windows\system32\DRIVERS\wanarp.sys [2007-08-30 02:03]
R2 AeLookupSvc;Application Experience;C:\Windows\system32\svchost.exe [2006-11-02 02:45]
R2 AudioEndpointBuilder;Windows Audio Endpoint Builder;C:\Windows\System32\svchost.exe [2006-11-02 02:45]
R2 AVGFw2kv;AVG Firewall Service;C:\PROGRA~1\Grisoft\AVG7\avgfw2kv.exe [2007-12-25 23:12]
R2 BFE;Base Filtering Engine;C:\Windows\system32\svchost.exe [2006-11-02 02:45]
R2 DPS;Diagnostic Policy Service;C:\Windows\System32\svchost.exe [2006-11-02 02:45]
R2 FDResPub;Function Discovery Resource Publication;C:\Windows\system32\svchost.exe [2006-11-02 02:45]
R2 gpsvc;Group Policy Client;C:\Windows\system32\svchost.exe [2006-11-02 02:45]
R2 IKEEXT;IKE and AuthIP IPsec Keying Modules;C:\Windows\system32\svchost.exe [2006-11-02 02:45]
R2 iphlpsvc;IP Helper;C:\Windows\System32\svchost.exe [2006-11-02 02:45]
R2 KtmRm;KtmRm for Distributed Transaction Coordinator;C:\Windows\System32\svchost.exe [2006-11-02 02:45]
R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;C:\Windows\system32\DRIVERS\lltdio.sys [2006-11-02 01:56]
R2 luafv;UAC File Virtualization;C:\Windows\system32\drivers\luafv.sys [2006-11-02 01:33]
R2 MMCSS;Multimedia Class Scheduler;C:\Windows\system32\svchost.exe [2006-11-02 02:45]
R2 MpsSvc;Windows Firewall;C:\Windows\system32\svchost.exe [2006-11-02 02:45]
R2 netprofm;Network List Service;C:\Windows\System32\svchost.exe [2006-11-02 02:45]
R2 NlaSvc;Network Location Awareness;C:\Windows\System32\svchost.exe [2006-11-02 02:45]
R2 nsi;Network Store Interface Service;C:\Windows\system32\svchost.exe [2006-11-02 02:45]
R2 PcaSvc;Program Compatibility Assistant Service;C:\Windows\system32\svchost.exe [2006-11-02 02:45]
R2 PEAUTH;PEAUTH;C:\Windows\system32\drivers\peauth.sys [2006-11-02 02:04]
R2 ProfSvc;User Profile Service;C:\Windows\system32\svchost.exe [2006-11-02 02:45]
R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 02:45]
R2 slsvc;Software Licensing;C:\Windows\system32\SLsvc.exe [2007-08-20 09:52]
R2 SysMain;Superfetch;C:\Windows\system32\svchost.exe [2006-11-02 02:45]
R2 TabletInputService;Tablet PC Input Service;C:\Windows\System32\svchost.exe [2006-11-02 02:45]
R2 tcpipreg;TCP/IP Registry Compatibility;C:\Windows\system32\drivers\tcpipreg.sys [2006-11-02 01:57]
R2 UxSms;Desktop Window Manager Session Manager;C:\Windows\System32\svchost.exe [2006-11-02 02:45]
R2 WcesComm;Windows Mobile 2003-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 02:45]
R2 WerSvc;Windows Error Reporting Service;C:\Windows\System32\svchost.exe [2006-11-02 02:45]
R2 Wlansvc;WLAN AutoConfig;C:\Windows\system32\svchost.exe [2006-11-02 02:45]
R2 WPDBusEnum;Portable Device Enumerator Service;C:\Windows\system32\svchost.exe [2006-11-02 02:45]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 17:39]
R3 Appinfo;Application Information;C:\Windows\system32\svchost.exe [2006-11-02 02:45]
R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2007-12-25 23:12]
R3 bowser;Bowser;C:\Windows\system32\DRIVERS\bowser.sys [2006-11-02 01:31]
R3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2006-11-06 18:37]
R3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2006-11-06 16:13]
R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-06 16:13]
R3 circlass;Consumer IR Devices;C:\Windows\system32\DRIVERS\circlass.sys [2006-11-02 01:55]
R3 DXGKrnl;LDDM Graphics Subsystem;C:\Windows\system32\drivers\dxgkrnl.sys [2007-08-30 02:03]
R3 fdPHost;Function Discovery Provider Host;C:\Windows\system32\svchost.exe [2006-11-02 02:45]
R3 iScsiPrt;iScsiPort Driver;C:\Windows\system32\DRIVERS\msiscsi.sys [2006-11-02 02:51]
R3 KeyIso;CNG Key Isolation;C:\Windows\system32\lsass.exe [2006-11-02 02:45]
R3 monitor;Microsoft Monitor Class Function Driver Service;C:\Windows\system32\DRIVERS\monitor.sys [2006-11-02 01:54]
R3 mpsdrv;Windows Firewall Authorization Driver;C:\Windows\system32\drivers\mpsdrv.sys [2007-08-20 09:55]
R3 mrxsmb10;SMB 1.x MiniRedirector;C:\Windows\system32\DRIVERS\mrxsmb10.sys [2006-11-02 01:31]
R3 mrxsmb20;SMB 2.0 MiniRedirector;C:\Windows\system32\DRIVERS\mrxsmb20.sys [2007-12-12 03:05]
R3 NativeWifiP;NativeWiFi Filter;C:\Windows\system32\DRIVERS\nwifi.sys [2008-01-10 03:02]
R3 NETw4v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-02-25 07:14]
R3 srv2;srv2;C:\Windows\system32\DRIVERS\srv2.sys [2007-12-12 03:05]
R3 srvnet;srvnet;C:\Windows\system32\DRIVERS\srvnet.sys [2007-12-12 03:05]
R3 tunnel;Microsoft IPv6 Tunnel Miniport Adapter Driver;C:\Windows\system32\DRIVERS\tunnel.sys [2007-08-20 09:55]
R3 umbus;UMBus Enumerator Driver;C:\Windows\system32\DRIVERS\umbus.sys [2006-11-02 01:55]
R3 WdiSystemHost;Diagnostic System Host;C:\Windows\System32\svchost.exe [2006-11-02 02:45]
S2 EMDMgmt;ReadyBoost;C:\Windows\system32\svchost.exe [2006-11-02 02:45]
S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;C:\Windows\system32\drivers\brfiltlo.sys [2006-11-02 01:24]
S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;C:\Windows\system32\drivers\brfiltup.sys [2006-11-02 01:24]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\Windows\system32\drivers\brusbser.sys [2006-11-02 01:24]
S3 CertPropSvc;Certificate Propagation;C:\Windows\system32\svchost.exe [2006-11-02 02:45]
S3 DFSR;DFS Replication;C:\Windows\system32\DFSR.exe [2006-11-02 05:36]
S3 E1G60;Intel® PRO/1000 NDIS 6 Adapter Driver;C:\Windows\system32\DRIVERS\E1G60I32.sys [2006-11-02 00:30]
S3 Filetrace;FileTrace;C:\Windows\system32\drivers\filetrace.sys [2006-11-02 01:32]
S3 IPBusEnum;PnP-X IP Bus Enumerator;C:\Windows\system32\svchost.exe [2006-11-02 02:45]
S3 lltdsvc;Link-Layer Topology Discovery Mapper;C:\Windows\System32\svchost.exe [2006-11-02 02:45]
S3 MotDev;Motorola Inc. USB Device;C:\Windows\system32\DRIVERS\motodrv.sys [2006-12-14 09:27]
S3 MSiSCSI;Microsoft iSCSI Initiator Service;C:\Windows\system32\svchost.exe [2006-11-02 02:45]
S3 MsRPC;MsRPC;C:\Windows\system32\drivers\MsRPC.sys [2006-11-02 02:51]
S3 OEM02Dev;Creative Camera OEM002 Driver;C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-03-20 02:00]
S3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-03-05 19:45]
S3 p2pimsvc;Peer Networking Identity Manager;C:\Windows\System32\svchost.exe [2006-11-02 02:45]
S3 p2psvc;Peer Networking Grouping;C:\Windows\System32\svchost.exe [2006-11-02 02:45]
S3 pla;Performance Logs & Alerts;C:\Windows\System32\svchost.exe [2006-11-02 02:45]
S3 PNRPAutoReg;PNRP Machine Name Publication Service;C:\Windows\System32\svchost.exe [2006-11-02 02:45]
S3 PNRPsvc;Peer Name Resolution Protocol;C:\Windows\System32\svchost.exe [2006-11-02 02:45]
S3 QWAVE;Quality Windows Audio Video Experience;C:\Windows\system32\svchost.exe [2006-11-02 02:45]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 00:36]
S3 SCPolicySvc;Smart Card Removal Policy;C:\Windows\system32\svchost.exe [2006-11-02 02:45]
S3 SDRSVC;Windows Backup;C:\Windows\system32\svchost.exe [2006-11-02 02:45]
S3 SessionEnv;Terminal Services Configuration;C:\Windows\System32\svchost.exe [2006-11-02 02:45]
S3 sffp_mmc;SFF Storage Protocol Driver for MMC;C:\Windows\system32\drivers\sffp_mmc.sys [2006-11-02 01:51]
S3 SLUINotify;SL UI Notification Service;C:\Windows\system32\svchost.exe [2006-11-02 02:45]
S3 TBS;TPM Base Services;C:\Windows\System32\svchost.exe [2006-11-02 02:45]
S3 THREADORDER;Thread Ordering Server;C:\Windows\system32\svchost.exe [2006-11-02 02:45]
S3 TrustedInstaller;Windows Modules Installer;C:\Windows\servicing\TrustedInstaller.exe [2006-11-02 02:45]
S3 tssecsrv;Terminal Services Security Filter Driver;C:\Windows\system32\DRIVERS\tssecsrv.sys [2006-11-02 02:02]
S3 UI0Detect;Interactive Services Detection;C:\Windows\system32\UI0Detect.exe [2006-11-02 02:45]
S3 uliagpkx;Uli AGP Bus Filter;C:\Windows\system32\drivers\uliagpkx.sys [2007-08-14 05:07]
S3 usbcir;eHome Infrared Receiver (USBCIR);C:\Windows\system32\DRIVERS\usbcir.sys [2006-11-02 01:55]
S3 vga;vga;C:\Windows\system32\DRIVERS\vgapnp.sys [2006-11-02 01:53]
S3 wcncsvc;Windows Connect Now - Config Registrar;C:\Windows\System32\svchost.exe [2006-11-02 02:45]
S3 WcsPlugInService;Windows Color System;C:\Windows\system32\svchost.exe [2006-11-02 02:45]
S3 WdiServiceHost;Diagnostic Service Host;C:\Windows\System32\svchost.exe [2006-11-02 02:45]
S3 Wecsvc;Windows Event Collector;C:\Windows\system32\svchost.exe [2006-11-02 02:45]
S3 wercplsupport;Problem Reports and Solutions Control Panel Support;C:\Windows\System32\svchost.exe [2006-11-02 02:45]
S3 WinHttpAutoProxySvc;WinHTTP Web Proxy Auto-Discovery Service;C:\Windows\system32\svchost.exe [2006-11-02 02:45]
S3 WinRM;Windows Remote Management (WS-Management);C:\Windows\System32\svchost.exe [2006-11-02 02:45]
S3 WPCSvc;Parental Controls;C:\Windows\system32\svchost.exe [2006-11-02 02:45]
S4 adp94xx;adp94xx;C:\Windows\system32\drivers\adp94xx.sys [2006-11-02 02:51]
S4 adpahci;adpahci;C:\Windows\system32\drivers\adpahci.sys [2006-11-02 02:51]
S4 amdide;amdide;C:\Windows\system32\drivers\amdide.sys [2007-08-14 05:07]
S4 arc;arc;C:\Windows\system32\drivers\arc.sys [2006-11-02 02:50]
S4 arcsas;arcsas;C:\Windows\system32\drivers\arcsas.sys [2006-11-02 02:50]
S4 Brserid;Brother MFC Serial Port Interface Driver (WDM);C:\Windows\system32\drivers\brserid.sys [2006-11-02 01:25]
S4 BrSerWdm;Brother WDM Serial driver;C:\Windows\system32\drivers\brserwdm.sys [2006-11-02 01:24]
S4 BrUsbMdm;Brother MFC USB Fax Only Modem;C:\Windows\system32\drivers\brusbmdm.sys [2006-11-02 01:24]
S4 Crusoe;Transmeta Crusoe Processor Driver;C:\Windows\system32\drivers\crusoe.sys [2006-11-02 01:30]
S4 elxstor;elxstor;C:\Windows\system32\drivers\elxstor.sys [2006-11-02 02:51]
S4 HpCISSs;HpCISSs;C:\Windows\system32\drivers\hpcisss.sys [2006-11-02 02:50]
S4 iirsp;iirsp;C:\Windows\system32\drivers\iirsp.sys [2006-11-02 02:50]
S4 IPMIDRV;IPMIDRV;C:\Windows\system32\drivers\ipmidrv.sys [2006-11-02 01:42]
S4 iteraid;ITERAID_Service_Install;C:\Windows\system32\drivers\iteraid.sys [2006-11-02 02:50]
S4 LSI_FC;LSI_FC;C:\Windows\system32\drivers\lsi_fc.sys [2006-11-02 02:50]
S4 LSI_SAS;LSI_SAS;C:\Windows\system32\drivers\lsi_sas.sys [2006-11-02 02:50]
S4 LSI_SCSI;LSI_SCSI;C:\Windows\system32\drivers\lsi_scsi.sys [2006-11-02 02:50]
S4 Mcx2Svc;Windows Media Center Extender Service;C:\Windows\system32\svchost.exe [2006-11-02 02:45]
S4 megasas;megasas;C:\Windows\system32\drivers\megasas.sys [2006-11-02 02:49]
S4 mpio;Microsoft Multi-Path Bus Driver;C:\Windows\system32\drivers\mpio.sys [2006-11-02 02:50]
S4 msahci;msahci;C:\Windows\system32\drivers\msahci.sys [2007-08-14 05:07]
S4 msdsm;Microsoft Multi-Path Device Specific Module;C:\Windows\system32\drivers\msdsm.sys [2006-11-02 02:50]
S4 nfrd960;nfrd960;C:\Windows\system32\drivers\nfrd960.sys [2006-11-02 02:50]
S4 ntrigdigi;N-trig HID Tablet Driver;C:\Windows\system32\drivers\ntrigdigi.sys [2006-11-02 00:36]
S4 nvstor;nvstor;C:\Windows\system32\drivers\nvstor.sys [2006-11-02 02:50]
S4 ql2300;QLogic Fibre Channel Miniport Driver;C:\Windows\system32\drivers\ql2300.sys [2006-11-02 02:51]
S4 ql40xx;QLogic iSCSI Miniport Driver;C:\Windows\system32\drivers\ql40xx.sys [2006-11-02 02:50]
S4 SiSRaid2;SiSRaid2;C:\Windows\system32\drivers\sisraid2.sys [2006-11-02 02:50]
S4 SiSRaid4;SiSRaid4;C:\Windows\system32\drivers\sisraid4.sys [2006-11-02 02:50]
S4 uliahci;uliahci;C:\Windows\system32\drivers\uliahci.sys [2006-11-02 02:51]
S4 ulsata2;ulsata2;C:\Windows\system32\drivers\ulsata2.sys [2006-11-02 02:50]
S4 ViaC7;VIA C7 Processor Driver;C:\Windows\system32\drivers\viac7.sys [2006-11-02 01:30]
S4 vsmraid;vsmraid;C:\Windows\system32\drivers\vsmraid.sys [2006-11-02 02:50]
S4 WacomPen;Wacom Serial Pen HID Driver;C:\Windows\system32\drivers\wacompen.sys [2006-11-02 01:52]
S4 Wd;Microsoft Watchdog Timer Driver;C:\Windows\system32\drivers\wd.sys [2006-11-02 02:49]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService REG_MULTI_SZ nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
NetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgent
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc ehstart
NetworkService REG_MULTI_SZ CryptSvc DHCP TermService KtmRm DNSCache NapAgent nlasvc WinRM WECSVC Tapisrv
WerSvcGroup REG_MULTI_SZ wersvc
swprv REG_MULTI_SZ swprv
LocalServiceNetworkRestricted REG_MULTI_SZ DHCP eventlog AudioSrv LmHosts wscsvc p2pimsvc PNRPSvc p2psvc WPCSvc PnrpAutoReg
regsvc REG_MULTI_SZ RemoteRegistry
wcssvc REG_MULTI_SZ WcsPlugInService
DcomLaunch REG_MULTI_SZ PlugPlay DcomLaunch
wdisvc REG_MULTI_SZ WdiServiceHost
sdrsvc REG_MULTI_SZ sdrsvc
secsvcs REG_MULTI_SZ WinDefend
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
AeLookupSvc
wercplsupport
Themes
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Nla
NWCWorkstation
SRService
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
ProfSvc
EapHost
winmgmt
schedule
SessionEnv
browser
hkmsvc

*Newly Created Service* - PROCEXP90

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-12 23:26:02
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwEnumerateKey, ZwQueryKey, ZwOpenKey, ZwClose, ZwEnumerateValueKey, ZwQueryValueKey, ZwOpenFile, ZwQueryDirectoryFile, ZwQuerySystemInformation

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-12 23:27:00
ComboFix-quarantined-files.txt 2008-01-13 06:26:57
.
2008-01-11 07:52:25 --- E O F ---

#9
Rorschach112

Posted 13 January 2008 - 10:35 AM

Ralphie

Retired Staff
47,710 posts

Hello

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\n.bat

dirlook::
C:\pi30nnw1

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Download and scan with SUPERAntiSpyware Free for Home Users

Double-click SUPERAntiSpyware.exe and use the default settings for installation.
An icon will be created on your desktop. Double-click that icon to launch the program.
If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
Under "Configuration and Preferences", click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked (leave all others unchecked):
- Close browsers before scanning.
- Scan for tracking cookies.
- Terminate memory threats before quarantining.
Click the "Close" button to leave the control center screen.
Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
On the left, make sure you check C:\Fixed Drive.
On the right, under "Complete Scan", choose Perform Complete Scan.
Click "Next" to start the scan. Please be patient while it scans your computer.
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
Make sure everything has a checkmark next to it and click "Next".
A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
If asked if you want to reboot, click "Yes".
To retrieve the removal information after reboot, launch SUPERAntispyware again.
- Click Preferences, then click the Statistics/Logs tab.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
- Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.

Also post a new HijackThis log

#10
hottiemom24

Posted 13 January 2008 - 03:18 PM

Member

Topic Starter
Member
42 posts

Here's the combofix log after I added the text file you asked for. I already have that SuperAntiSpyware. I will run it and post the two logs you asked for.

ComboFix 08-01-13.1 - Cassandra 2008-01-13 13:55:56.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1002 [GMT -7:00]
Running from: C:\Users\Cassandra\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-12-13 to 2008-01-13 )))))))))))))))))))))))))))))))
.

2008-01-12 23:09 . 2000-08-31 08:00 51,200 --a------ C:\Windows\NirCmd.exe
2008-01-10 08:08 . 2007-01-18 05:00 3,968 --a------ C:\Windows\System32\drivers\AvgArCln.sys
2008-01-10 03:04 . 2008-01-10 03:04 802,816 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-01-10 03:04 . 2008-01-10 03:04 216,760 --a------ C:\Windows\System32\drivers\netio.sys
2008-01-10 03:04 . 2008-01-10 03:04 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-01-10 03:04 . 2008-01-10 03:04 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-01-10 03:04 . 2008-01-10 03:04 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-01-10 03:02 . 2008-01-10 03:02 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-01-10 03:02 . 2008-01-10 03:02 1,686,016 --a------ C:\Windows\System32\gameux.dll
2008-01-10 03:02 . 2008-01-10 03:02 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-01-10 03:02 . 2008-01-10 03:02 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys
2008-01-10 03:02 . 2008-01-10 03:02 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-01-10 03:02 . 2008-01-10 03:02 110,136 --a------ C:\Windows\System32\drivers\ataport.sys
2008-01-10 03:02 . 2008-01-10 03:02 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-01-10 03:02 . 2008-01-10 03:02 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-01-10 03:02 . 2008-01-10 03:02 15,928 --a------ C:\Windows\System32\drivers\pciide.sys
2008-01-10 03:02 . 2008-01-10 03:02 11,776 --a------ C:\Windows\System32\sbunattend.exe
2008-01-09 23:49 . 2008-01-09 23:49 <DIR> d-------- C:\Deckard
2008-01-06 22:12 . 2008-01-06 22:12 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-01-06 22:12 . 2008-01-06 22:12 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-01-06 22:11 . 2008-01-06 22:11 <DIR> d-------- C:\Users\Cassandra\AppData\Roaming\SUPERAntiSpyware.com
2008-01-06 22:11 . 2008-01-13 01:04 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-06 20:59 . 2008-01-06 20:59 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-06 18:23 . 2008-01-06 18:23 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-01-06 18:23 . 2008-01-06 18:23 <DIR> d-------- C:\ProgramData\Lavasoft
2008-01-06 18:23 . 2008-01-06 18:23 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-06 18:21 . 2008-01-06 22:11 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-04 20:59 . 2008-01-04 20:59 <DIR> d-------- C:\Program Files\Common Files\ATX
2008-01-03 16:55 . 2008-01-06 11:13 <DIR> d-------- C:\Users\All Users\NVIDIA
2008-01-03 16:55 . 2008-01-06 11:13 <DIR> d-------- C:\ProgramData\NVIDIA
2008-01-02 19:33 . 2008-01-02 19:33 <DIR> d-------- C:\Program Files\Hello
2007-12-31 23:54 . 2007-12-31 23:55 <DIR> d-------- C:\Windows\nvtmpinst
2007-12-31 19:20 . 2007-12-31 19:20 <DIR> d-------- C:\Users\All Users\Microsoft Corporation
2007-12-31 19:20 . 2007-12-31 19:20 <DIR> d-------- C:\ProgramData\Microsoft Corporation
2007-12-31 19:19 . 2007-12-31 19:19 <DIR> d-------- C:\Program Files\Microsoft Windows Vista Upgrade Advisor
2007-12-31 18:37 . 2007-12-31 19:19 2,205 --a------ C:\Windows\diagerr.xml
2007-12-31 18:37 . 2007-12-31 19:19 1,905 --a------ C:\Windows\diagwrn.xml
2007-12-31 16:17 . 2007-12-31 16:18 <DIR> d-------- C:\ScanSoft Documents
2007-12-31 16:17 . 2007-12-31 16:17 <DIR> d-------- C:\Program Files\ScanSoft
2007-12-25 23:58 . 2007-12-25 23:58 <DIR> d-------- C:\Documents and Settings
2007-12-25 23:58 . 2007-12-25 23:58 76 -r-hs---- C:\Windows\CT4CET.bin
2007-12-25 23:55 . 2007-02-14 12:27 5,627,904 --a------ C:\Windows\System32\LiveCamVirtual.ocx
2007-12-25 23:13 . 2008-01-13 08:00 <DIR> d-------- C:\Users\Cassandra\AppData\Roaming\AVG7
2007-12-25 23:12 . 2007-12-25 23:12 <DIR> d-------- C:\Users\All Users\Grisoft
2007-12-25 23:12 . 2008-01-06 21:45 <DIR> d-------- C:\Users\All Users\avg7
2007-12-25 23:12 . 2007-12-25 23:12 <DIR> d-------- C:\ProgramData\Grisoft
2007-12-25 23:12 . 2008-01-06 21:45 <DIR> d-------- C:\ProgramData\avg7
2007-12-25 23:12 . 2007-12-25 23:12 55,304 --a------ C:\Windows\System32\drivers\avgwfp.sys
2007-12-25 23:12 . 2007-12-25 23:12 9,216 --a------ C:\Windows\System32\avgwlntf.dll
2007-12-14 01:21 . 2007-12-14 01:21 <DIR> d-------- C:\Program Files\Dell DataSafe Online

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-13 08:05 --------- d-----w C:\ProgramData\Google Updater
2008-01-13 06:16 47,360 ----a-w C:\Users\Cassandra\AppData\Roaming\pcouffin.sys
2008-01-10 19:58 --------- d-----w C:\ProgramData\pdf995
2008-01-10 10:11 --------- d-----w C:\Program Files\Windows Mail
2008-01-10 10:02 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-01-10 10:02 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-01-10 10:02 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-01-10 10:02 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-01-10 10:02 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-01 02:13 --------- d-----w C:\ProgramData\Microsoft Help
2007-12-31 22:31 --------- d-----w C:\Users\Cassandra\AppData\Roaming\Skype
2007-12-26 06:58 --------- d-----w C:\Program Files\Creative
2007-12-26 06:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-26 06:53 --------- d-----w C:\Program Files\Dell
2007-12-26 06:53 --------- d-----w C:\Program Files\Creative Live! Cam
2007-12-24 03:53 --------- d-----w C:\ProgramData\DVD Shrink
2007-12-12 10:06 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-12 10:06 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-12 10:06 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-12-12 10:05 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2007-12-12 10:05 824,832 ----a-w C:\Windows\System32\wininet.dll
2007-12-12 10:05 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2007-12-12 10:05 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-12-12 10:05 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-12 10:05 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-12-12 10:05 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2007-12-12 10:05 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2007-12-12 10:03 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
2007-12-12 10:03 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe
2007-12-02 18:28 --------- d-----w C:\ProgramData\Apple Computer
2007-12-02 18:28 --------- d-----w C:\Program Files\iTunes
2007-12-02 18:28 --------- d-----w C:\Program Files\iPod
2007-12-02 18:26 --------- d-----w C:\Program Files\QuickTime
2007-12-01 08:00 --------- d-----w C:\Users\Cassandra\AppData\Roaming\pdf995
2007-11-24 06:29 --------- d-----w C:\Users\Cassandra\AppData\Roaming\DataSafeOnline
2007-11-17 10:02 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2007-11-14 10:03 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-11-14 10:03 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-11-14 10:03 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-11-14 10:03 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-11-14 10:03 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-11-14 10:03 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-11-14 10:03 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-11-14 10:03 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
2007-11-14 10:03 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2007-11-14 10:03 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-11-14 10:03 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
2007-11-14 10:03 2,923,520 ----a-w C:\Windows\explorer.exe
2007-11-14 10:03 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-11-14 10:03 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys
2007-11-14 10:03 11,264 ----a-w C:\Windows\system32\drivers\wmiacpi.sys
2007-11-14 05:08 134 ----a-w C:\n.bat
2007-11-14 05:00 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-14 04:58 --------- d-----w C:\ProgramData\Adobe Systems
2007-11-14 04:36 --------- d-----w C:\Users\Cassandra\AppData\Roaming\LimeWire
2007-11-14 04:35 3,380,048 ----a-w C:\Users\Cassandra\LimeWireWin.exe
2007-10-24 17:29 27,715 ----a-w C:\Users\Cassandra\AppData\Roaming\nvModes.dat
2007-08-30 09:12 174 --sha-w C:\Program Files\desktop.ini
2007-09-22 05:34 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-09-22 05:34 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-09-22 05:34 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((( [email protected]_23.26.19.23 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-13 05:27:17 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-01-13 07:55:36 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-01-13 05:27:21 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat
+ 2008-01-13 08:46:39 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat
- 2008-01-11 15:26:23 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-01-13 08:00:26 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-01-12 20:40:05 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat
+ 2008-01-13 20:56:00 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat
- 2008-01-13 06:25:57 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-01-13 20:59:22 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-01-13 20:59:22 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-01-11 16:59:02 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-13 08:05:01 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-01-11 16:59:02 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-13 08:05:01 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-11 16:59:02 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-13 08:05:01 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-01-11 02:49:27 5,558 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2992744742-1780164442-678448807-1000_UserData.bin
+ 2008-01-13 08:01:25 5,626 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2992744742-1780164442-678448807-1000_UserData.bin
- 2008-01-11 02:49:26 64,380 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-01-13 08:01:24 64,732 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-01-11 02:49:24 43,014 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-01-13 08:04:45 43,110 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09 460784]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-07-19 09:54 208946]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-17 11:46 4670704]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 05:35 125440]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-24 20:20 68856]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector" [ ]
"Dell DataSafe Scheduler"="C:\Program Files\Dell DataSafe Online\Bin\DataSafeOnlineScheduler.exe" [2007-12-02 16:30 308464]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 05:36 201728]
"DELL Webcam Manager"="C:\Program Files\Dell\DELL Webcam Manager\DellWMgr.exe" [2007-06-07 11:14 118784]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39 1310720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-14 05:08 1006264]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2007-04-17 20:31 159744]
"OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [2007-02-02 02:00 36864]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-06-24 22:17 405504]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 09:37 81920]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-04-16 14:10 184320]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-09-16 18:06 1836544]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 09:35 221184]
"Windows Mobile-based device management"="%windir%\WindowsMobile\wmdSync.exe" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51 39792]
"eBayToolbar"="C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe" [2007-09-16 18:02 550128]
"NWEReboot"="" []
"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 02:45 222208]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-25 23:12 579072]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-10-04 21:24 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-10-04 21:24 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-10-04 21:24 81920]
"NVHotkey"="C:\Windows\system32\nvHotkey.dll" [2007-10-04 21:24 86016]
"PicasaNet"="C:\Program Files\Hello\Hello.exe" [2005-01-11 19:09 2572288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-25 23:12 219136]

C:\Users\Cassandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2007-08-20 14:17:48]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-03 15:55:50]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-08-13 21:29:30]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-08-24 20:20:44]
QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-08-13 21:28:31]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2007-12-25 23:12 9216 C:\Windows\System32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKLM\~\startupfolder\C:^Users^Cassandra^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Users\Cassandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2007-04-27 14:17 50736 C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
--a------ 2007-03-16 03:20 17920 c:\dell\E-Center\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]
C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-11-15 13:11 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
C:\Program Files\Norton Internet Security\osCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-11-14 23:43 286720 C:\Program Files\QuickTime\QTTask.exe

R0 CLFS;Common Log (CLFS);C:\Windows\system32\CLFS.sys [2006-11-02 02:51]
R0 crcdisk;Crcdisk Filter Driver;C:\Windows\system32\drivers\crcdisk.sys [2006-11-02 02:49]
R0 Ecache;ReadyBoost Caching Driver;C:\Windows\system32\drivers\ecache.sys [2006-11-02 05:34]
R0 FileInfo;File Information FS MiniFilter;C:\Windows\system32\drivers\fileinfo.sys [2006-11-02 02:49]
R0 iaStorV;Intel RAID Controller Vista;C:\Windows\system32\drivers\iastorv.sys [2006-11-02 02:51]
R0 msisadrv;ISA/EISA Class Driver;C:\Windows\system32\drivers\msisadrv.sys [2007-08-14 05:07]
R0 spldr;Security Processor Loader Driver;C:\Windows\system32\drivers\spldr.sys [2006-11-02 02:49]
R0 volmgr;Volume Manager Driver;C:\Windows\system32\drivers\volmgr.sys [2007-08-14 05:07]
R0 volmgrx;Dynamic Volume Manager;C:\Windows\system32\drivers\volmgrx.sys [2006-11-02 02:51]
R1 DfsC;Dfs Client Driver;C:\Windows\system32\Drivers\dfsc.sys [2006-11-02 01:31]
R1 DLARTL_M;DLARTL_M;C:\Windows\system32\Drivers\DLARTL_M.SYS [2007-02-08 19:05]
R1 nsiproxy;NSI proxy service;C:\Windows\system32\drivers\nsiproxy.sys [2006-11-02 01:57]
R1 RDPENCDD;RDP Encoder Mirror Driver;C:\Windows\system32\drivers\rdpencdd.sys [2006-11-02 02:02]
R1 Smb;Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session);C:\Windows\system32\DRIVERS\smb.sys [2006-11-02 01:57]
R1 tdx;NetIO Legacy TDI Support Driver;C:\Windows\system32\DRIVERS\tdx.sys [2006-11-02 01:57]
R1 Wanarpv6;Remote Access IPv6 ARP Driver;C:\Windows\system32\DRIVERS\wanarp.sys [2007-08-30 02:03]
R2 AeLookupSvc;Application Experience;C:\Windows\system32\svchost.exe [2006-11-02 02:45]
R2 AudioEndpointBuilder;Windows Audio Endpoint Builder;C:\Windows\System32\svchost.exe [2006-11-02 02:45]
R2 AVGFw2kv;AVG Firewall Service;C:\PROGRA~1\Grisoft\AVG7\avgfw2kv.exe [2007-12-25 23:12]
R2 BFE;Base Filtering Engine;C:\Windows\system32\svchost.exe [2006-11-02 02:45]
R2 DPS;Diagnostic Policy Service;C:\Windows\System32\svchost.exe [2006-11-02 02:45]
R2 EMDMgmt;ReadyBoost;C:\Windows\system32\svchost.exe [2006-11-02 02:45]
R2 FDResPub;Function Discovery Resource Publication;C:\Windows\system32\svchost.exe [2006-11-02 02:45]
R2 gpsvc;Group Policy Client;C:\Windows\system32\svchost.exe [2006-11-02 02:45]
R2 IKEEXT;IKE and AuthIP IPsec Keying Modules;C:\Windows\system32\svchost.exe [2006-11-02 02:45]
R2 iphlpsvc;IP Helper;C:\Windows\System32\svchost.exe [2006-11-02 02:45]
R2 KtmRm;KtmRm for Distributed Transaction Coordinator;C:\Windows\System32\svchost.exe [2006-11-02 02:45]
R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;C:\Windows\system32\DRIVERS\lltdio.sys [2006-11-02 01:56]
R2 luafv;UAC File Virtualization;C:\Windows\system32\drivers\luafv.sys [2006-11-02 01:33]
R2 MMCSS;Multimedia Class Scheduler;C:\Windows\system32\svchost.exe [2006-11-02 02:45]
R2 MpsSvc;Windows Firewall;C:\Windows\system32\svchost.exe [2006-11-02 02:45]
R2 netprofm;Network List Service;C:\Windows\System32\svchost.exe [2006-11-02 02:45]
R2 NlaSvc;Network Location Awareness;C:\Windows\System32\svchost.exe [2006-11-02 02:45]
R2 nsi;Network Store Interface Service;C:\Windows\system32\svchost.exe [2006-11-02 02:45]
R2 PcaSvc;Program Compatibility Assistant Service;C:\Windows\system32\svchost.exe [2006-11-02 02:45]
R2 PEAUTH;PEAUTH;C:\Windows\system32\drivers\peauth.sys [2006-11-02 02:04]
R2 ProfSvc;User Profile Service;C:\Windows\system32\svchost.exe [2006-11-02 02:45]
R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 02:45]
R2 slsvc;Software Licensing;C:\Windows\system32\SLsvc.exe [2007-08-20 09:52]
R2 SysMain;Superfetch;C:\Windows\system32\svchost.exe [2006-11-02 02:45]
R2 TabletInputService;Tablet PC Input Service;C:\Windows\System32\svchost.exe [2006-11-02 02:45]
R2 tcpipreg;TCP/IP Registry Compatibility;C:\Windows\system32\drivers\tcpipreg.sys [2006-11-02 01:57]
R2 UxSms;Desktop Window Manager Session Manager;C:\Windows\System32\svchost.exe [2006-11-02 02:45]
R2 WcesComm;Windows Mobile 2003-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 02:45]
R2 WerSvc;Windows Error Reporting Service;C:\Windows\System32\svchost.exe [2006-11-02 02:45]
R2 Wlansvc;WLAN AutoConfig;C:\Windows\system32\svchost.exe [2006-11-02 02:45]
R2 WPDBusEnum;Portable Device Enumerator Service;C:\Windows\system32\svchost.exe [2006-11-02 02:45]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 17:39]
R3 Appinfo;Application Information;C:\Windows\system32\svchost.exe [2006-11-02 02:45]
R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2007-12-25 23:12]
R3 bowser;Bowser;C:\Windows\system32\DRIVERS\bowser.sys [2006-11-02 01:31]
R3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2006-11-06 18:37]
R3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2006-11-06 16:13]
R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-06 16:13]
R3 circlass;Consumer IR Devices;C:\Windows\system32\DRIVERS\circlass.sys [2006-11-02 01:55]
R3 DXGKrnl;LDDM Graphics Subsystem;C:\Windows\system32\drivers\dxgkrnl.sys [2007-08-30 02:03]
R3 fdPHost;Function Discovery Provider Host;C:\Windows\system32\svchost.exe [2006-11-02 02:45]
R3 iScsiPrt;iScsiPort Driver;C:\Windows\system32\DRIVERS\msiscsi.sys [2006-11-02 02:51]
R3 KeyIso;CNG Key Isolation;C:\Windows\system32\lsass.exe [2006-11-02 02:45]
R3 monitor;Microsoft Monitor Class Function Driver Service;C:\Windows\system32\DRIVERS\monitor.sys [2006-11-02 01:54]
R3 mpsdrv;Windows Firewall Authorization Driver;C:\Windows\system32\drivers\mpsdrv.sys [2007-08-20 09:55]
R3 mrxsmb10;SMB 1.x MiniRedirector;C:\Windows\system32\DRIVERS\mrxsmb10.sys [2006-11-02 01:31]
R3 mrxsmb20;SMB 2.0 MiniRedirector;C:\Windows\system32\DRIVERS\mrxsmb20.sys [2007-12-12 03:05]
R3 NativeWifiP;NativeWiFi Filter;C:\Windows\system32\DRIVERS\nwifi.sys [2008-01-10 03:02]
R3 NETw4v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-02-25 07:14]
R3 SDRSVC;Windows Backup;C:\Windows\system32\svchost.exe [2006-11-02 02:45]
R3 srv2;srv2;C:\Windows\system32\DRIVERS\srv2.sys [2007-12-12 03:05]
R3 srvnet;srvnet;C:\Windows\system32\DRIVERS\srvnet.sys [2007-12-12 03:05]
R3 tunnel;Microsoft IPv6 Tunnel Miniport Adapter Driver;C:\Windows\system32\DRIVERS\tunnel.sys [2007-08-20 09:55]
R3 umbus;UMBus Enumerator Driver;C:\Windows\system32\DRIVERS\umbus.sys [2006-11-02 01:55]
R3 wcncsvc;Windows Connect Now - Config Registrar;C:\Windows\System32\svchost.exe [2006-11-02 02:45]
R3 WdiSystemHost;Diagnostic System Host;C:\Windows\System32\svchost.exe [2006-11-02 02:45]
S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;C:\Windows\system32\drivers\brfiltlo.sys [2006-11-02 01:24]
S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;C:\Windows\system32\drivers\brfiltup.sys [2006-11-02 01:24]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\Windows\system32\drivers\brusbser.sys [2006-11-02 01:24]
S3 CertPropSvc;Certificate Propagation;C:\Windows\system32\svchost.exe [2006-11-02 02:45]
S3 DFSR;DFS Replication;C:\Windows\system32\DFSR.exe [2006-11-02 05:36]
S3 E1G60;Intel® PRO/1000 NDIS 6 Adapter Driver;C:\Windows\system32\DRIVERS\E1G60I32.sys [2006-11-02 00:30]
S3 Filetrace;FileTrace;C:\Windows\system32\drivers\filetrace.sys [2006-11-02 01:32]
S3 IPBusEnum;PnP-X IP Bus Enumerator;C:\Windows\system32\svchost.exe [2006-11-02 02:45]
S3 lltdsvc;Link-Layer Topology Discovery Mapper;C:\Windows\System32\svchost.exe [2006-11-02 02:45]
S3 MotDev;Motorola Inc. USB Device;C:\Windows\system32\DRIVERS\motodrv.sys [2006-12-14 09:27]
S3 MSiSCSI;Microsoft iSCSI Initiator Service;C:\Windows\system32\svchost.exe [2006-11-02 02:45]
S3 MsRPC;MsRPC;C:\Windows\system32\drivers\MsRPC.sys [2006-11-02 02:51]
S3 OEM02Dev;Creative Camera OEM002 Driver;C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-03-20 02:00]
S3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-03-05 19:45]
S3 p2pimsvc;Peer Networking Identity Manager;C:\Windows\System32\svchost.exe [2006-11-02 02:45]
S3 p2psvc;Peer Networking Grouping;C:\Windows\System32\svchost.exe [2006-11-02 02:45]
S3 pla;Performance Logs & Alerts;C:\Windows\System32\svchost.exe [2006-11-02 02:45]
S3 PNRPAutoReg;PNRP Machine Name Publication Service;C:\Windows\System32\svchost.exe [2006-11-02 02:45]
S3 PNRPsvc;Peer Name Resolution Protocol;C:\Windows\System32\svchost.exe [2006-11-02 02:45]
S3 QWAVE;Quality Windows Audio Video Experience;C:\Windows\system32\svchost.exe [2006-11-02 02:45]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 00:36]
S3 SCPolicySvc;Smart Card Removal Policy;C:\Windows\system32\svchost.exe [2006-11-02 02:45]
S3 SessionEnv;Terminal Services Configuration;C:\Windows\System32\svchost.exe [2006-11-02 02:45]
S3 sffp_mmc;SFF Storage Protocol Driver for MMC;C:\Windows\system32\drivers\sffp_mmc.sys [2006-11-02 01:51]
S3 SLUINotify;SL UI Notification Service;C:\Windows\system32\svchost.exe [2006-11-02 02:45]
S3 TBS;TPM Base Services;C:\Windows\System32\svchost.exe [2006-11-02 02:45]
S3 THREADORDER;Thread Ordering Server;C:\Windows\system32\svchost.exe [2006-11-02 02:45]
S3 TrustedInstaller;Windows Modules Installer;C:\Windows\servicing\TrustedInstaller.exe [2006-11-02 02:45]
S3 tssecsrv;Terminal Services Security Filter Driver;C:\Windows\system32\DRIVERS\tssecsrv.sys [2006-11-02 02:02]
S3 UI0Detect;Interactive Services Detection;C:\Windows\system32\UI0Detect.exe [2006-11-02 02:45]
S3 uliagpkx;Uli AGP Bus Filter;C:\Windows\system32\drivers\uliagpkx.sys [2007-08-14 05:07]
S3 usbcir;eHome Infrared Receiver (USBCIR);C:\Windows\system32\DRIVERS\usbcir.sys [2006-11-02 01:55]
S3 vga;vga;C:\Windows\system32\DRIVERS\vgapnp.sys [2006-11-02 01:53]
S3 WcsPlugInService;Windows Color System;C:\Windows\system32\svchost.exe [2006-11-02 02:45]
S3 WdiServiceHost;Diagnostic Service Host;C:\Windows\System32\svchost.exe [2006-11-02 02:45]
S3 Wecsvc;Windows Event Collector;C:\Windows\system32\svchost.exe [2006-11-02 02:45]
S3 wercplsupport;Problem Reports and Solutions Control Panel Support;C:\Windows\System32\svchost.exe [2006-11-02 02:45]
S3 WinHttpAutoProxySvc;WinHTTP Web Proxy Auto-Discovery Service;C:\Windows\system32\svchost.exe [2006-11-02 02:45]
S3 WinRM;Windows Remote Management (WS-Management);C:\Windows\System32\svchost.exe [2006-11-02 02:45]
S3 WPCSvc;Parental Controls;C:\Windows\system32\svchost.exe [2006-11-02 02:45]
S4 adp94xx;adp94xx;C:\Windows\system32\drivers\adp94xx.sys [2006-11-02 02:51]
S4 adpahci;adpahci;C:\Windows\system32\drivers\adpahci.sys [2006-11-02 02:51]
S4 amdide;amdide;C:\Windows\system32\drivers\amdide.sys [2007-08-14 05:07]
S4 arc;arc;C:\Windows\system32\drivers\arc.sys [2006-11-02 02:50]
S4 arcsas;arcsas;C:\Windows\system32\drivers\arcsas.sys [2006-11-02 02:50]
S4 Brserid;Brother MFC Serial Port Interface Driver (WDM);C:\Windows\system32\drivers\brserid.sys [2006-11-02 01:25]
S4 BrSerWdm;Brother WDM Serial driver;C:\Windows\system32\drivers\brserwdm.sys [2006-11-02 01:24]
S4 BrUsbMdm;Brother MFC USB Fax Only Modem;C:\Windows\system32\drivers\brusbmdm.sys [2006-11-02 01:24]
S4 Crusoe;Transmeta Crusoe Processor Driver;C:\Windows\system32\drivers\crusoe.sys [2006-11-02 01:30]
S4 elxstor;elxstor;C:\Windows\system32\drivers\elxstor.sys [2006-11-02 02:51]
S4 HpCISSs;HpCISSs;C:\Windows\system32\drivers\hpcisss.sys [2006-11-02 02:50]
S4 iirsp;iirsp;C:\Windows\system32\drivers\iirsp.sys [2006-11-02 02:50]
S4 IPMIDRV;IPMIDRV;C:\Windows\system32\drivers\ipmidrv.sys [2006-11-02 01:42]
S4 iteraid;ITERAID_Service_Install;C:\Windows\system32\drivers\iteraid.sys [2006-11-02 02:50]
S4 LSI_FC;LSI_FC;C:\Windows\system32\drivers\lsi_fc.sys [2006-11-02 02:50]
S4 LSI_SAS;LSI_SAS;C:\Windows\system32\drivers\lsi_sas.sys [2006-11-02 02:50]
S4 LSI_SCSI;LSI_SCSI;C:\Windows\system32\drivers\lsi_scsi.sys [2006-11-02 02:50]
S4 Mcx2Svc;Windows Media Center Extender Service;C:\Windows\system32\svchost.exe [2006-11-02 02:45]
S4 megasas;megasas;C:\Windows\system32\drivers\megasas.sys [2006-11-02 02:49]
S4 mpio;Microsoft Multi-Path Bus Driver;C:\Windows\system32\drivers\mpio.sys [2006-11-02 02:50]
S4 msahci;msahci;C:\Windows\system32\drivers\msahci.sys [2007-08-14 05:07]
S4 msdsm;Microsoft Multi-Path Device Specific Module;C:\Windows\system32\drivers\msdsm.sys [2006-11-02 02:50]
S4 nfrd960;nfrd960;C:\Windows\system32\drivers\nfrd960.sys [2006-11-02 02:50]
S4 ntrigdigi;N-trig HID Tablet Driver;C:\Windows\system32\drivers\ntrigdigi.sys [2006-11-02 00:36]
S4 nvstor;nvstor;C:\Windows\system32\drivers\nvstor.sys [2006-11-02 02:50]
S4 ql2300;QLogic Fibre Channel Miniport Driver;C:\Windows\system32\drivers\ql2300.sys [2006-11-02 02:51]
S4 ql40xx;QLogic iSCSI Miniport Driver;C:\Windows\system32\drivers\ql40xx.sys [2006-11-02 02:50]
S4 SiSRaid2;SiSRaid2;C:\Windows\system32\drivers\sisraid2.sys [2006-11-02 02:50]
S4 SiSRaid4;SiSRaid4;C:\Windows\system32\drivers\sisraid4.sys [2006-11-02 02:50]
S4 uliahci;uliahci;C:\Windows\system32\drivers\uliahci.sys [2006-11-02 02:51]
S4 ulsata2;ulsata2;C:\Windows\system32\drivers\ulsata2.sys [2006-11-02 02:50]
S4 ViaC7;VIA C7 Processor Driver;C:\Windows\system32\drivers\viac7.sys [2006-11-02 01:30]
S4 vsmraid;vsmraid;C:\Windows\system32\drivers\vsmraid.sys [2006-11-02 02:50]
S4 WacomPen;Wacom Serial Pen HID Driver;C:\Windows\system32\drivers\wacompen.sys [2006-11-02 01:52]
S4 Wd;Microsoft Watchdog Timer Driver;C:\Windows\system32\drivers\wd.sys [2006-11-02 02:49]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService REG_MULTI_SZ nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
NetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgent
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc ehstart
NetworkService REG_MULTI_SZ CryptSvc DHCP TermService KtmRm DNSCache NapAgent nlasvc WinRM WECSVC Tapisrv
WerSvcGroup REG_MULTI_SZ wersvc
swprv REG_MULTI_SZ swprv
LocalServiceNetworkRestricted REG_MULTI_SZ DHCP eventlog AudioSrv LmHosts wscsvc p2pimsvc PNRPSvc p2psvc WPCSvc PnrpAutoReg
regsvc REG_MULTI_SZ RemoteRegistry
wcssvc REG_MULTI_SZ WcsPlugInService
DcomLaunch REG_MULTI_SZ PlugPlay DcomLaunch
wdisvc REG_MULTI_SZ WdiServiceHost
sdrsvc REG_MULTI_SZ sdrsvc
secsvcs REG_MULTI_SZ WinDefend
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
AeLookupSvc
wercplsupport
Themes
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Nla
NWCWorkstation
SRService
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
ProfSvc
EapHost
winmgmt
schedule
SessionEnv
browser
hkmsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-13 13:59:32
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwEnumerateKey, ZwQueryKey, ZwOpenKey, ZwClose, ZwEnumerateValueKey, ZwQueryValueKey, ZwOpenFile, ZwQueryDirectoryFile, ZwQuerySystemInformation

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\Windows\Explorer.exe [6.00.6000.16549]
-> C:\Windows\system32\DLAAPI_W.DLL
.
Completion time: 2008-01-13 14:00:36
ComboFix-quarantined-files.txt 2008-01-13 21:00:32
ComboFix2.txt 2008-01-13 06:27:01
.
2008-01-11 07:52:25 --- E O F ---

#11
hottiemom24

Posted 14 January 2008 - 09:02 AM

Member

Topic Starter
Member
42 posts

OMG that SAS scan took almost 24 hours! I marked to do both my drives and it was so long!! Here are the two logs you asked for:

SUPERAntiSpyware Scan Log
Generated 01/14/2008 at 07:50 AM

Application Version : 3.6.1000

Core Rules Database Version : 3375
Trace Rules Database Version: 1369

Scan type : Complete Scan
Total Scan Time : 17:29:02

Memory items scanned : 682
Memory threats detected : 0
Registry items scanned : 7693
Registry threats detected : 0
File items scanned : 1186264
File threats detected : 14

Adware.Tracking Cookie
C:\Users\Cassandra\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Cassandra\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Cassandra\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Cassandra\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Cassandra\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Cassandra\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Cassandra\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Cassandra\AppData\Roaming\Microsoft\Windows\Cookies\[email protected]rofit[2].txt
C:\Users\Cassandra\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Cassandra\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Cassandra\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Cassandra\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt

Adware.Vundo Variant/Rel
C:\DECKARD\SYSTEM SCANNER\20080110075712\BACKUP\USERS\CASSAN~1\APPDATA\LOCAL\TEMP\KNPOQ.BAK1
C:\DECKARD\SYSTEM SCANNER\20080110075712\BACKUP\USERS\CASSAN~1\APPDATA\LOCAL\TEMP\KNPOQ.INI

and the Hijack this:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:01:42 AM, on 1/14/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hello\Hello.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Dell DataSafe Online\Bin\DataSafeOnlineScheduler.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Dell\DELL Webcam Manager\DellWMgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRA~1\Webshots\Webshots.scr
C:\Windows\System32\rundll32.exe
C:\Program Files\Dell DataSafe Online\Bin\DataSafeOnlineTrayIcon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Grisoft\AVG7\avgw.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....w.google.com/ig
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [PicasaNet] "C:\Program Files\Hello\Hello.exe" -b
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector
O4 - HKCU\..\Run: [Dell DataSafe Scheduler] "C:\Program Files\Dell DataSafe Online\Bin\DataSafeOnlineScheduler.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\DELL Webcam Manager\DellWMgr.exe" /s
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-48.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall Service (AVGFw2kv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfw2kv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11963 bytes

#12
Rorschach112

Posted 14 January 2008 - 10:20 AM

Ralphie

Retired Staff
47,710 posts

Hello

Delete this file in bold

C:\n.bat

Also tell me how your PC is running

#13
hottiemom24

Posted 14 January 2008 - 05:18 PM

Member

Topic Starter
Member
42 posts

HI there,
I deleted that file you said and emptied the recycle bin. My computer seems to be running just fine, however, I still can't print. Which was the biggest problem I was having. I am wondering if one of the worms/trojans that were installed, changed some settings that allow me to print over my network.

I am running a wireless network with my kids' PC plugged directly into the printer and then plugged directly into my wireless router. I connect through my wireless router to the printer, normally, to print. I tried deleting the printer and starting over, but ended up having to roll back to before I deleted it. I can't see that computer on my network at all. Nor can I see anything on the network. My other laptop and the PC's have no issue seeing each other in my network places. Something has suddenly changed that allows my computer to get on the network and get on the internet, but blocks the other computers!

Anyway, that's a synopsis of what's going on.

Thanks

#14
Rorschach112

Posted 14 January 2008 - 05:26 PM

Ralphie

Retired Staff
47,710 posts

I think you would be better off posting in another section of the forum like Windows Vista. This isn't a malware problem and wouldn't have been caused by malware. They should be able to fix you up.

Few things to do

You can delete the tools that we used

You now need to update your Java and remove your older versions.

Please follow these steps to remove older version Java components.

* Click Start > Control Panel.
* Click Add/Remove Programs.
* Check any item with Java Runtime Environment (JRE) in the name.
* Click the Remove or Change/Remove button.

Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
here

Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts.

Make Internet Explorer more secure

Click Start > Run
Type Inetcpl.cpl & click OK
Click on the Security tab
Click Reset all zones to default level
Make sure the Internet Zone is selected & Click Custom level
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.

#15
hottiemom24

Posted 15 January 2008 - 04:24 PM

Member

Topic Starter
Member
42 posts

thank you! I actually do already use Mozilla Firefox as my default browser. So the original issue was that I couldn't print and thought that the malware that had been infecting my system, was to blame. All Malware had been found with the steps listed in your start page. Thanks for trying to help me, I will try posting in the Vista section to see how to fix whatever is blocking my network!

thanks again