Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

worm.win32.netsky help!? [RESOLVED]

Started by lozard , Jan 26 2008 12:26 AM

  • This topic is locked This topic is locked

#1
lozard
Posted 26 January 2008 - 12:26 AM

lozard

    Member

  • Member
  • PipPip
  • 17 posts
worm.win32.netsky
Help is welcomed – glad to donate – thank you!
I first ran all the pre-Hijack steps SmitfraudFix, FixIEDef... then I used Webroot then ATFCleaner, System Restore, AVG (could not get to run!), SUPERAntiSoyware, Panda (could not produce ActiveScan report), Windows Updates failed [error number: 0x80072EE2], Reboot… Still got all the system alerts, red X, 3 bogus links, xpa, and crazy pop ups keep happening. And now have run Hijack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:16:43 AM, on 1/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.baylor.ed...ness/splash.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SXG Advisor - {5415A533-17B1-4A38-B3CA-70AEEF8C41AC} - C:\WINDOWS\dopfwrlgwx.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: The egodktf - {45E9CE94-2C67-4230-92D0-E64ACD6EBA7F} - C:\WINDOWS\egodktf.dll
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PDF4 Registry Controller] "C:\Program Files\ScanSoft\PDF Professional 4.0\\RegistryController.exe"
O4 - HKLM\..\Run: [NoteBurner] C:\Program Files\NoteBurner\VTBurnerGUI.exe /silence
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALLTEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\SystemErrorFixer\strpmon.exe" dm=http://systemerrorfixer.com ad=http://systemerrorfixer.com sd=http://inspaid.systemerrorfixer.com
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [XP Antivirus] "C:\Program Files\XP Antivirus\xpa.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Program Files\Citrix\ICA Client\pnagent.exe
O4 - Global Startup: Windstream Broadband Check-up Center.lnk = C:\Program Files\ALLTEL DSL Check-up Center\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with ScanSoft PDF Converter 4.0 - res://C:\Program Files\ScanSoft\PDF Professional 4.0\cnvres_eng.dll /100
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL (file missing)
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL (file missing)
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - https://activation.a...aller_2-0-0.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgree...eensActivia.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin....nderControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {AE6C4705-0F11-4ACB-BDD4-37F138BEF289} (Image Uploader Control) - http://www.hebphoto....PUploader45.cab
O16 - DPF: {F5131C24-E56D-11CF-B78A-444553540000} (Ikonic Menu Control) - https://wc.wachovia....ab/ikcntrls.cab
O21 - SSODL: aslpmqk - {4FFA557F-B39B-4CD9-8EFC-ADF0D0114DD8} - C:\WINDOWS\aslpmqk.dll
O21 - SSODL: bxsnvqt - {49C57AE2-49F1-4B1F-A1A8-AC5F6AE36806} - C:\WINDOWS\bxsnvqt.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 10653 bytes

Edited by lozard, 26 January 2008 - 09:04 AM.

  • 0

Advertisements

#2
Rorschach112
Posted 26 January 2008 - 09:35 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
lozard
Posted 26 January 2008 - 08:15 PM

lozard

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Thanks for helping Ror!!!!


Deckard's System Scanner v20071014.68
Run by Original on 2008-01-26 20:07:15
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-01-27 02:07:17 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 7.59 GiB (less than 15%) free.


-- HijackThis (run as Original.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:12:33 PM, on 1/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\basfipm.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\SystemErrorFixer\strpmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
C:\Program Files\Citrix\ICA Client\pnagent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Original\Desktop\dss.exe
C:\WINDOWS\system32\cidaemon.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Original.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.baylor.ed...ness/splash.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SXG Advisor - {5415A533-17B1-4A38-B3CA-70AEEF8C41AC} - C:\WINDOWS\dopfwrlgwx.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: The egodktf - {45E9CE94-2C67-4230-92D0-E64ACD6EBA7F} - C:\WINDOWS\egodktf.dll
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PDF4 Registry Controller] "C:\Program Files\ScanSoft\PDF Professional 4.0\\RegistryController.exe"
O4 - HKLM\..\Run: [NoteBurner] C:\Program Files\NoteBurner\VTBurnerGUI.exe /silence
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALLTEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\SystemErrorFixer\strpmon.exe" dm=http://systemerrorfixer.com ad=http://systemerrorfixer.com sd=http://inspaid.systemerrorfixer.com
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [XP Antivirus] "C:\Program Files\XP Antivirus\xpa.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Program Files\Citrix\ICA Client\pnagent.exe
O4 - Global Startup: Windstream Broadband Check-up Center.lnk = C:\Program Files\ALLTEL DSL Check-up Center\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with ScanSoft PDF Converter 4.0 - res://C:\Program Files\ScanSoft\PDF Professional 4.0\cnvres_eng.dll /100
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL (file missing)
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL (file missing)
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - https://activation.a...aller_2-0-0.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgree...eensActivia.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin....nderControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {AE6C4705-0F11-4ACB-BDD4-37F138BEF289} (Image Uploader Control) - http://www.hebphoto....PUploader45.cab
O16 - DPF: {F5131C24-E56D-11CF-B78A-444553540000} (Ikonic Menu Control) - https://wc.wachovia....ab/ikcntrls.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 12042 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 SysPlant (SysPlant for NT) - c:\windows\system32\drivers\sysplant.sys <Not Verified; Symantec Corporation; Symantec CMC Firewall>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Inc; OMCI Driver>
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
R3 Appdrv - c:\program files\dell\nicconfigsvc\appdrv.sys <Not Verified; Dell Inc; Application Driver>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
R3 Tosrfbd (Bluetooth RFBUS from TOSHIBA) - c:\windows\system32\drivers\tosrfbd.sys <Not Verified; TOSHIBA CORPORATION; Bluetooth BUS Driver(WindowsXP,Windows2000)>
R3 Tosrfhid (Bluetooth RFHID from TOSHIBA) - c:\windows\system32\drivers\tosrfhid.sys <Not Verified; TOSHIBA Corporation.; Bluetooth HID Driver from TOSHIBA>
R3 Tosrfusb (Bluetooth USB Controller) - c:\windows\system32\drivers\tosrfusb.sys <Not Verified; TOSHIBA CORPORATION; Bluetooth USB Miniport Driver(Windows2000,WindowsXP)>

S0 ntcdrdrv - c:\windows\system32\drivers\ntcdrdrv.sys (file missing)
S1 Tosrfcom - c:\windows\system32\drivers\tosrfcom.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFCOMM Driver>
S3 LVUSBSta (Logitech USB Monitor Filter) - c:\windows\system32\drivers\lvusbsta.sys (file missing)
S3 MREMPR5 (MREMPR5 NDIS Protocol Driver) - c:\program files\common files\motive\mrempr5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
S3 MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - c:\program files\common files\motive\mrendis5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
S3 PCAMPR5 (PCAMPR5 NDIS Protocol Driver) - d:\ppp\pcampr5.sys (file missing)
S3 PCANDIS5 (PCANDIS5 NDIS Protocol Driver) - d:\ppp\pcandis5.sys (file missing)
S3 pepifilter (Volume Adapter) - c:\windows\system32\drivers\lv302af.sys (file missing)
S3 PID_PEPI (Logitech QuickCam IM(PID_PEPI)) - c:\windows\system32\drivers\lv302v32.sys (file missing)
S4 vsdatant - a (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 BAsfIpM (Broadcom ASF IP monitoring service v6.0.4) - c:\windows\system32\basfipm.exe <Not Verified; Broadcom Corp.; Broadcom ASF IP monitoring service>
R2 Iap - "c:\program files\dell\openmanage\client\iap.exe" <Not Verified; Dell Inc; OpenManage Client Instrumentation>
R2 NICCONFIGSVC - c:\program files\dell\nicconfigsvc\nicconfigsvc.exe <Not Verified; Dell Inc.; NicConfigSvc>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom NetXtreme 57xx Gigabit Controller
Device ID: PCI\VEN_14E4&DEV_1677&SUBSYS_01821028&REV_01\4&2959CBDC&0&00E0
Manufacturer: Broadcom
Name: Broadcom NetXtreme 57xx Gigabit Controller
PNP Device ID: PCI\VEN_14E4&DEV_1677&SUBSYS_01821028&REV_01\4&2959CBDC&0&00E0
Service: b57w2k


-- Scheduled Tasks -------------------------------------------------------------

2008-01-25 20:53:15 428 --ah----- C:\WINDOWS\Tasks\User_Feed_Synchronization-{FCED3B27-FF7D-4D36-8741-FFED57F606A6}.job
2008-01-21 12:12:31 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-12-26 and 2008-01-26 -----------------------------

2008-01-26 19:51:46 0 d-------- C:\Program Files\msn gaming zone
2008-01-25 21:08:14 0 d-------- C:\Program Files\Trend Micro
2008-01-25 20:17:59 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-01-25 20:12:41 0 d-------- C:\WINDOWS\privacy_danger
2008-01-21 22:24:20 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-21 22:11:48 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-01-21 22:11:48 0 d-------- C:\Documents and Settings\Original\Application Data\SUPERAntiSpyware.com
2008-01-21 22:07:04 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-21 21:20:06 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-01-20 20:26:02 4780 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-20 20:23:00 81920 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-01-20 20:22:59 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-01-20 20:22:58 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-01-20 20:22:57 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-01-20 20:22:55 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-01-20 20:22:51 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-01-20 08:24:06 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-01-20 08:23:59 0 d-------- C:\Program Files\Webroot
2008-01-20 08:23:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-01-20 00:17:05 0 d-------- C:\Program Files\Enigma Software Group
2008-01-19 23:46:19 164 --a------ C:\install.dat
2008-01-19 23:40:57 0 d-------- C:\Documents and Settings\Original\Application Data\Webroot
2008-01-19 22:04:52 87424 --a------ C:\WINDOWS\system32\drivers\SysPlant.sys <Not Verified; Symantec Corporation; Symantec CMC Firewall>
2008-01-19 06:47:35 0 d-------- C:\Documents and Settings\Original\Application Data\Motive
2008-01-19 01:43:34 0 dr------- C:\Documents and Settings\All Users\Application Data\systemerrorfixer
2008-01-19 01:43:30 0 d-------- C:\Program Files\Common Files\SystemErrorFixer
2008-01-19 01:38:17 0 d--hs---- C:\TrustedAntivirus
2008-01-19 01:38:03 0 d-------- C:\Documents and Settings\Original\Application Data\TrustedAntivirus
2008-01-19 01:38:01 0 dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-01-19 01:19:25 90112 --a------ C:\WINDOWS\fknxwqf.exe
2008-01-19 01:19:25 200704 --a------ C:\WINDOWS\egodktf.dll <Not Verified; ; egodktf Module>
2008-01-19 01:19:25 278528 --a------ C:\WINDOWS\dopfwrlgwx.dll
2008-01-19 00:07:16 0 d-------- C:\WINDOWS\Motive
2008-01-19 00:06:34 0 d-------- C:\Program Files\ALLTEL DSL Check-up Center
2008-01-19 00:05:11 0 d-------- C:\Documents and Settings\All Users\Application Data\MotiveSysIDs
2008-01-19 00:04:58 69632 --a------ C:\WINDOWS\system32\MCCDevice.dll <Not Verified; Motive Communications, Inc.; >
2008-01-19 00:04:58 6048 --a------ C:\WINDOWS\system32\MCC16.dll
2008-01-18 23:19:11 589824 --a------ C:\WINDOWS\system32\MCCDNSHLP_1-0-0_DSR.dll <Not Verified; Motive Communications, Inc.; >
2008-01-18 23:18:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Motive
2008-01-18 23:18:56 0 d-------- C:\Program Files\Common Files\Motive
2008-01-18 23:15:54 46352 --a------ C:\WINDOWS\setdebug.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-01-18 23:15:53 171280 --a------ C:\WINDOWS\system32\jit.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-01-18 23:15:53 139536 --a------ C:\WINDOWS\system32\javaee.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-01-18 23:15:53 313856 --a------ C:\WINDOWS\system32\dx3j.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Java>
2008-01-18 23:15:53 6550 --a------ C:\WINDOWS\jautoexp.dat
2008-01-18 23:15:46 113 --a------ C:\WINDOWS\system32\zonedon.reg
2008-01-18 23:15:46 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2008-01-18 23:15:45 171792 --a------ C:\WINDOWS\system32\wjview.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-01-18 23:15:45 286992 --a------ C:\WINDOWS\system32\vmhelper.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-01-18 23:15:45 21264 --a------ C:\WINDOWS\system32\msjdbc10.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-01-18 23:15:44 945424 --a------ C:\WINDOWS\system32\msjava.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-01-18 23:15:44 154896 --a------ C:\WINDOWS\system32\msawt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-01-18 23:15:44 172304 --a------ C:\WINDOWS\system32\jview.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-01-18 23:15:43 15120 --a------ C:\WINDOWS\system32\jdbgmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-01-18 23:15:43 404752 --a------ C:\WINDOWS\system32\javart.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-01-18 23:15:43 63248 --a------ C:\WINDOWS\system32\javaprxy.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-01-18 23:15:42 187152 --a------ C:\WINDOWS\system32\javacypt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-01-18 23:15:41 49424 --a------ C:\WINDOWS\system32\clspack.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>


-- Find3M Report ---------------------------------------------------------------

2008-01-21 22:07:04 0 d-------- C:\Program Files\Common Files
2008-01-20 07:40:56 0 d-------- C:\Program Files\Symantec
2008-01-20 00:34:54 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-01-19 22:12:27 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-19 21:34:14 0 d-------- C:\Program Files\Google
2008-01-19 21:19:14 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-19 21:04:21 0 d-------- C:\Documents and Settings\Original\Application Data\Macromedia
2008-01-19 20:28:51 0 d-------- C:\Program Files\Common Files\Logitech
2008-01-19 20:22:39 0 d-------- C:\Program Files\Yahoo!
2008-01-19 20:22:27 0 d-------- C:\Documents and Settings\Original\Application Data\Yahoo!
2008-01-04 21:53:23 0 d-------- C:\Documents and Settings\Original\Application Data\LimeWire
2007-12-22 10:00:50 0 d-------- C:\Documents and Settings\Original\Application Data\Propellerhead Software


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5415A533-17B1-4A38-B3CA-70AEEF8C41AC}]
01/18/2008 10:20 AM 278528 --a------ C:\WINDOWS\dopfwrlgwx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [09/13/2004 03:33 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [12/03/2004 08:00 PM]
"Dell Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" []
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [04/26/2004 07:04 AM]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [01/07/2004 12:01 AM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [12/06/2004 12:05 AM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [08/09/2004 05:03 AM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [08/09/2004 05:03 AM]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [02/15/2005 08:02 AM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [02/15/2005 08:02 AM]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [06/26/2006 09:46 AM]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" []
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [09/29/2003 11:14 PM]
"PDF4 Registry Controller"="C:\Program Files\ScanSoft\PDF Professional 4.0\\RegistryController.exe" [08/22/2006 06:09 PM]
"NoteBurner"="C:\Program Files\NoteBurner\VTBurnerGUI.exe" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 09:50 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 05:24 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [09/26/2007 01:42 PM]
"Motive SmartBridge"="C:\PROGRA~1\ALLTEL~1\SMARTB~1\MotiveSB.exe" [11/09/2004 10:32 AM]
"Salestart"="C:\Program Files\Common Files\SystemErrorFixer\strpmon.exe" [12/04/2007 02:49 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [08/06/2007 03:08 AM]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [01/25/2007 09:58 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 04:00 AM]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [01/19/2007 11:54 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/28/2007 08:50 PM]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" []
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" []
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [08/30/2007 04:43 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 08:05 PM]
"XP Antivirus"="C:\Program Files\XP Antivirus\xpa.exe" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [06/21/2007 02:06 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [12/14/2004 3:44:06 AM]
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [12/22/2004 12:42:22 PM]
Program Neighborhood Agent.lnk - C:\Program Files\Citrix\ICA Client\pnagent.exe [5/2/2006 6:22:30 PM]
Windstream Broadband Check-up Center.lnk - C:\Program Files\ALLTEL DSL Check-up Center\bin\matcli.exe [1/19/2008 12:06:37 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{286017fd-308f-11db-8244-0014a411b20c}]
Auto\command- F:\RavMonE.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b515c82-27d2-11da-8231-0014a411b20c}]
Auto\command- E:\RavMonE.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ac999d3-f844-11db-8264-0014a411b20c}]
AutoRun\command- E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{95a0a2ce-7af6-11db-8248-00123f1aa80e}]
Auto\command- RavMonE.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e




-- End of Deckard's System Scanner: finished at 2008-01-26 20:13:18 ------------
  • 0

#4
lozard
Posted 26 January 2008 - 08:17 PM

lozard

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
the first one was main.txt here is extra.txt:
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® M processor 2.00GHz
Percentage of Memory in Use: 45%
Physical Memory (total/avail): 1015.36 MiB / 552.38 MiB
Pagefile Memory (total/avail): 2443.24 MiB / 2044.41 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1935.19 MiB

C: is Fixed (NTFS) - 55.81 GiB total, 7.59 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Hitachi HTS541060G9AT00 - 55.89 GiB - 2 partitions
\PARTITION0 - Unknown - 62.72 MiB
\PARTITION1 (bootable) - Installable File System - 55.81 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: Symantec Endpoint Protection v10.0 (Symantec Corporation.)
AV: Spy Sweeper with AntiVirus v5.3.1.2344 (Webroot Software Inc) Disabled
AV: Symantec Endpoint Protection v11.0.777.1008 (Symantec Corporation) Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Java\\jre1.5.0_02\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.5.0_02\\bin\\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\TurboTax\\Premier 2006\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Premier 2006\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax\\Premier 2006\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Premier 2006\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Logitech\\VideoCall\\VideoCall.exe"="C:\\Program Files\\Logitech\\VideoCall\\VideoCall.exe:*:Enabled:videocall.exe"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"="C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE:*:Disabled:Connection Manager"
"C:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"="C:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe:*:Enabled:SMC Service"
"C:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"="C:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE:*:Enabled:SNAC Service"
"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"="C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe:*:Enabled:Symantec Email"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Original\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_02\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=TREY-HAGINS
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Original
LOGONSERVER=\\TREY-HAGINS
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d08
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Original\LOCALS~1\Temp
TMP=C:\DOCUME~1\Original\LOCALS~1\Temp
USERDOMAIN=TREY-HAGINS
USERNAME=Original
USERPROFILE=C:\Documents and Settings\Original
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Original (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\PROGRA~1\ALLTEL~1\bin\CustomUninstall.exe ALLTEL
--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNNMIX.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
@RISK 4.5 for Excel --> C:\WINDOWS\system32\unwise32.EXE C:\PROGRA~1\Palisade\RISK45\Install.log @RISK 4.5 for Excel
Adobe Acrobat 7.0.1 and Reader 7.0.1 Update --> MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000702}
Adobe Acrobat 7.0.2 and Reader 7.0.2 Update --> MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000703}
Adobe Acrobat 7.0.3 and Reader 7.0.3 Update --> MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000704}
Adobe Download Manager 2.0 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
ALPS Touch Pad Driver --> C:\Program Files\Apoint\Uninstap.exe ADDREMOVE
Apple Mobile Device Support --> MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Bluetooth Stack for Windows by Toshiba --> MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Broadcom Advanced Control Suite 2 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{64A77F14-0E08-4A97-A859-E93CFF428756} /l1033
Broadcom ASF Management Applications --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{25D24E84-64A9-40D2-85CF-540B1C4A6D52} /l1033
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant D110 MDC V.9x Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1\HXFSETUP.EXE -U -Idel5422k.inf
Crystal Ball 7 --> MsiExec.exe /I{F6DF1885-2B59-494C-8585-6D6FF1EF08F2}
Dell Wireless WLAN Card --> C:\WINDOWS\system32\BCMWLU00.exe verbose
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar4.dll"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Intel® Graphics Media Accelerator Driver for Mobile --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
Internal Network Card Power Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F528948-0E80-4C96-B455-DE4167CB1DF7}\setup.exe" -l0x9 UNINSTALL APPDRVNT4
iPod for Windows 2005-09-23 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC} /l1033
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
iTunes --> MsiExec.exe /I{B045B608-4A47-4C77-9EAD-06C394503306}
J2SE Runtime Environment 5.0 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
LimeWire 4.12.15 --> "C:\Program Files\LimeWire\uninstall.exe"
Linksys PrintServer Driver --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Linksys\PrintDriver\Uninst.isu"
LiveUpdate 3.3 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Logitech QuickCam --> MsiExec.exe /X{EC42ED6A-751D-45C0-A4F9-8CD00E4690FC}
Logitech® Camera Driver --> "C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
MegaStat 9.1 --> C:\PROGRA~1\MICROS~2\Office\Library\UNWISE.EXE C:\PROGRA~1\MICROS~2\Office\Library\INSTALL.LOG
MetaFrame Presentation Server Client --> MsiExec.exe /I{D989BCC0-757C-4FB6-893C-512DF4382656}
MetaFrame Presentation Server Web Client for Win32 --> C:\WINDOWS\system32\ctxsetup.exe /uninst C:\PROGRA~1\Citrix\icaweb32\uninst.inf
Microsoft ActiveSync 3.7 --> "C:\WINDOWS\ISUNINST.EXE" -f"C:\Program Files\Microsoft ActiveSync\DeIsL1.isu" -c"C:\Program Files\Microsoft ActiveSync\ceuninst.dll"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Converter Pack --> MsiExec.exe /X{6EECB283-E65F-40EF-86D3-D51BF02A8D43}
Microsoft Office Excel Viewer 2003 --> MsiExec.exe /I{90840409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Live Image Uploader --> MsiExec.exe /I{E78DAA24-38F8-4D35-B732-B18ABA0424DF}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Project Professional 2003 --> MsiExec.exe /I{903B0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Visio Professional 2003 --> MsiExec.exe /I{90510409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
MOV Converter 3 --> C:\Program Files\ImTOO\MOV Converter 3\Uninstall.exe
MySpaceIM --> C:\Program Files\MySpace\IM\Uninstall.exe
Nero Suite --> C:\Program Files\Common Files\Ahead\Uninstall\Setupx.exe /uninstall ExtraUninstallID=""
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
OMCI --> MsiExec.exe /X{73F1BDB7-11E1-11D5-9DC6-00C04F2FC33B}
PowerDVD 5.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
ScanSoft PDF Professional 4 --> MsiExec.exe /I{40B0A7CC-1676-43E9-8444-2EF2377E87B8}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow! Plus --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Spy Sweeper --> "C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
Symantec Endpoint Protection --> MsiExec.exe /I{FB8A4E30-9915-4814-ADF9-42E00D9FDC3D}
The SAS System V8 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\SAS Institute\SAS\V8\UNINSTAL.ISU" -c"C:\Program Files\SAS Institute\SAS\V8\uninst.dll"
UMVPLStandalone --> MsiExec.exe /X{8AC049F7-1383-45C3-9E7D-F93CA667F9E1}
WebVideo Support --> C:\WINDOWS\fknxwqf.exe
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windstream Broadband Check-up Center --> C:\WINDOWS\Motive\ALLTEL\MCCUninst.exe
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG


-- Application Event Log -------------------------------------------------------

Event Record #/Type3369 / Warning
Event Submitted/Written: 01/26/2008 08:04:25 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{EC42ED6A-751D-45C0-A4F9-8CD00E4690FC}', feature 'QuickCam' failed during request for component '{C207503F-9631-4AF6-8CD2-D11260DBA3C5}'

Event Record #/Type3368 / Warning
Event Submitted/Written: 01/26/2008 08:04:25 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{EC42ED6A-751D-45C0-A4F9-8CD00E4690FC}', feature 'QuickCam', component '{F2052F0B-732B-4154-9797-4D069D2DA2EA}' failed. The resource 'C:\Program Files\Logitech\QuickCam10\ContentHelpr.exe' does not exist.

Event Record #/Type3366 / Warning
Event Submitted/Written: 01/26/2008 08:04:17 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{EC42ED6A-751D-45C0-A4F9-8CD00E4690FC}', feature 'QuickCam' failed during request for component '{C207503F-9631-4AF6-8CD2-D11260DBA3C5}'

Event Record #/Type3365 / Warning
Event Submitted/Written: 01/26/2008 08:04:17 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{EC42ED6A-751D-45C0-A4F9-8CD00E4690FC}', feature 'QuickCam', component '{F2052F0B-732B-4154-9797-4D069D2DA2EA}' failed. The resource 'C:\Program Files\Logitech\QuickCam10\ContentHelpr.exe' does not exist.

Event Record #/Type3364 / Warning
Event Submitted/Written: 01/26/2008 08:04:17 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{EC42ED6A-751D-45C0-A4F9-8CD00E4690FC}', feature 'QuickCam' failed during request for component '{C207503F-9631-4AF6-8CD2-D11260DBA3C5}'



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type1695 / Error
Event Submitted/Written: 01/26/2008 07:57:05 PM
Event ID/Source: 16 / Windows Update Agent
Event Description:
Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Event Record #/Type1659 / Error
Event Submitted/Written: 01/26/2008 00:30:19 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type1658 / Error
Event Submitted/Written: 01/26/2008 00:29:59 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service Iap with arguments "-Service"
in order to run the server:
{B0C61A79-0870-4BE4-9153-9CCAF422E31F}

Event Record #/Type1657 / Error
Event Submitted/Written: 01/26/2008 00:29:59 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service Iap with arguments "-Service"
in order to run the server:
{B0C61A79-0870-4BE4-9153-9CCAF422E31F}

Event Record #/Type1656 / Error
Event Submitted/Written: 01/26/2008 00:29:58 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service Iap with arguments "-Service"
in order to run the server:
{B0C61A79-0870-4BE4-9153-9CCAF422E31F}



-- End of Deckard's System Scanner: finished at 2008-01-26 20:13:18 ------------
  • 0

#5
Rorschach112
Posted 27 January 2008 - 11:07 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please click on Start > Control Panel > Add/Remove Programs and uninstall the following programs(if present):

XP Antivirus



1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: SXG Advisor - {5415A533-17B1-4A38-B3CA-70AEEF8C41AC} - C:\WINDOWS\dopfwrlgwx.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: The egodktf - {45E9CE94-2C67-4230-92D0-E64ACD6EBA7F} - C:\WINDOWS\egodktf.dll
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\SystemErrorFixer\strpmon.exe" dm=http://systemerrorfixer.com ad=http://systemerrorfixer.com sd=http://inspaid.systemerrorfixer.com
O4 - HKCU\..\Run: [XP Antivirus] "C:\Program Files\XP Antivirus\xpa.exe"

2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.



Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\WINDOWS\privacy_danger
C:\Documents and Settings\All Users\Application Data\systemerrorfixer
C:\Program Files\Common Files\SystemErrorFixer
C:\TrustedAntivirus
C:\Documents and Settings\Original\Application Data\TrustedAntivirus
C:\Documents and Settings\All Users\Application Data\SalesMon
C:\WINDOWS\fknxwqf.exe
C:\WINDOWS\egodktf.dll 
C:\WINDOWS\dopfwrlgwx.dll
C:\Program Files\XP Antivirus
C:\Program Files\Common Files\SystemErrorFixer
F:\RavMonE.exe
E:\RavMonE.exe
E:\LaunchU3.exe
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    purity
  • Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Backup Your Registry with ERUNT
  • Please use the following link and scroll down to ERUNT and download it.
    http://aumha.org/freeware/freeware.php
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.
Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe




Now we need to fix your problems by making a .reg file. Copy the code below into a Notepad file. Name the file as fix.reg, change the "Save as Type" to "All files" and save it on the desktop.

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{286017fd-308f-11db-8244-0014a411b20c}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b515c82-27d2-11da-8231-0014a411b20c}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ac999d3-f844-11db-8264-0014a411b20c}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{95a0a2ce-7af6-11db-8248-00123f1aa80e}]


Then double click on the fix.reg file, when it prompts to merge click "Yes".



Reboot and post a new DSS log
  • 0

#6
lozard
Posted 27 January 2008 - 09:19 PM

lozard

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Thank you! Ran above instructions smoothly, here is OTmoveIt2:

C:\WINDOWS\privacy_danger\images moved successfully.
C:\WINDOWS\privacy_danger moved successfully.
C:\Documents and Settings\All Users\Application Data\systemerrorfixer\Data moved successfully.
C:\Documents and Settings\All Users\Application Data\systemerrorfixer moved successfully.
C:\Program Files\Common Files\SystemErrorFixer moved successfully.
C:\TrustedAntivirus\AVQuar moved successfully.
C:\TrustedAntivirus moved successfully.
C:\Documents and Settings\Original\Application Data\TrustedAntivirus\Logs moved successfully.
C:\Documents and Settings\Original\Application Data\TrustedAntivirus moved successfully.
C:\Documents and Settings\All Users\Application Data\SalesMon\Data moved successfully.
C:\Documents and Settings\All Users\Application Data\SalesMon moved successfully.
C:\WINDOWS\fknxwqf.exe moved successfully.
C:\WINDOWS\egodktf.dll unregistered successfully.
C:\WINDOWS\egodktf.dll moved successfully.
File/Folder C:\WINDOWS\dopfwrlgwx.dll not found.
File/Folder C:\Program Files\XP Antivirus not found.
File/Folder C:\Program Files\Common Files\SystemErrorFixer not found.
File/Folder F:\RavMonE.exe not found.
File/Folder E:\RavMonE.exe not found.
File/Folder E:\LaunchU3.exe not found.
[Custom Input]
< purity >

OTMoveIt2 v1.0.15 log created on 01272008_203340


I did not receive extra.txt, here is main.txt from second DSS:


Deckard's System Scanner v20071014.68
Run by Original on 2008-01-27 20:59:24
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 7.49 GiB (less than 15%) free.


-- HijackThis (run as Original.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:59:37 PM, on 1/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\basfipm.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\msiexec.exe
C:\PROGRA~1\ALLTEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
C:\Program Files\Citrix\ICA Client\pnagent.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ALLTEL DSL Check-up Center\bin\mpbtn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Documents and Settings\Original\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Original.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.baylor.ed...ness/splash.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PDF4 Registry Controller] "C:\Program Files\ScanSoft\PDF Professional 4.0\\RegistryController.exe"
O4 - HKLM\..\Run: [NoteBurner] C:\Program Files\NoteBurner\VTBurnerGUI.exe /silence
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALLTEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Program Files\Citrix\ICA Client\pnagent.exe
O4 - Global Startup: Windstream Broadband Check-up Center.lnk = C:\Program Files\ALLTEL DSL Check-up Center\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with ScanSoft PDF Converter 4.0 - res://C:\Program Files\ScanSoft\PDF Professional 4.0\cnvres_eng.dll /100
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL (file missing)
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL (file missing)
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - https://activation.a...aller_2-0-0.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgree...eensActivia.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin....nderControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {AE6C4705-0F11-4ACB-BDD4-37F138BEF289} (Image Uploader Control) - http://www.hebphoto....PUploader45.cab
O16 - DPF: {F5131C24-E56D-11CF-B78A-444553540000} (Ikonic Menu Control) - https://wc.wachovia....ab/ikcntrls.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 11585 bytes

-- Files created between 2007-12-27 and 2008-01-27 -----------------------------

2008-01-26 19:51:46 0 d-------- C:\Program Files\msn gaming zone
2008-01-25 21:08:14 0 d-------- C:\Program Files\Trend Micro
2008-01-25 20:17:59 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-01-21 22:24:20 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-21 22:11:48 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-01-21 22:11:48 0 d-------- C:\Documents and Settings\Original\Application Data\SUPERAntiSpyware.com
2008-01-21 22:07:04 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-21 21:20:06 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-01-20 20:26:02 4780 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-20 20:23:00 81920 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-01-20 20:22:59 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-01-20 20:22:58 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-01-20 20:22:57 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-01-20 20:22:55 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-01-20 20:22:51 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-01-20 08:24:06 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-01-20 08:23:59 0 d-------- C:\Program Files\Webroot
2008-01-20 08:23:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-01-20 00:17:05 0 d-------- C:\Program Files\Enigma Software Group
2008-01-19 23:46:19 164 --a------ C:\install.dat
2008-01-19 23:40:57 0 d-------- C:\Documents and Settings\Original\Application Data\Webroot
2008-01-19 22:04:52 87424 --a------ C:\WINDOWS\system32\drivers\SysPlant.sys <Not Verified; Symantec Corporation; Symantec CMC Firewall>
2008-01-19 06:47:35 0 d-------- C:\Documents and Settings\Original\Application Data\Motive
2008-01-19 00:07:16 0 d-------- C:\WINDOWS\Motive
2008-01-19 00:06:34 0 d-------- C:\Program Files\ALLTEL DSL Check-up Center
2008-01-19 00:05:11 0 d-------- C:\Documents and Settings\All Users\Application Data\MotiveSysIDs
2008-01-19 00:04:58 69632 --a------ C:\WINDOWS\system32\MCCDevice.dll <Not Verified; Motive Communications, Inc.; >
2008-01-19 00:04:58 6048 --a------ C:\WINDOWS\system32\MCC16.dll
2008-01-18 23:19:11 589824 --a------ C:\WINDOWS\system32\MCCDNSHLP_1-0-0_DSR.dll <Not Verified; Motive Communications, Inc.; >
2008-01-18 23:18:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Motive
2008-01-18 23:18:56 0 d-------- C:\Program Files\Common Files\Motive
2008-01-18 23:15:54 46352 --a------ C:\WINDOWS\setdebug.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-01-18 23:15:53 171280 --a------ C:\WINDOWS\system32\jit.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-01-18 23:15:53 139536 --a------ C:\WINDOWS\system32\javaee.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-01-18 23:15:53 313856 --a------ C:\WINDOWS\system32\dx3j.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Java>
2008-01-18 23:15:53 6550 --a------ C:\WINDOWS\jautoexp.dat
2008-01-18 23:15:46 113 --a------ C:\WINDOWS\system32\zonedon.reg
2008-01-18 23:15:46 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2008-01-18 23:15:45 171792 --a------ C:\WINDOWS\system32\wjview.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-01-18 23:15:45 286992 --a------ C:\WINDOWS\system32\vmhelper.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-01-18 23:15:45 21264 --a------ C:\WINDOWS\system32\msjdbc10.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-01-18 23:15:44 945424 --a------ C:\WINDOWS\system32\msjava.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-01-18 23:15:44 154896 --a------ C:\WINDOWS\system32\msawt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-01-18 23:15:44 172304 --a------ C:\WINDOWS\system32\jview.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-01-18 23:15:43 15120 --a------ C:\WINDOWS\system32\jdbgmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-01-18 23:15:43 404752 --a------ C:\WINDOWS\system32\javart.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-01-18 23:15:43 63248 --a------ C:\WINDOWS\system32\javaprxy.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-01-18 23:15:42 187152 --a------ C:\WINDOWS\system32\javacypt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-01-18 23:15:41 49424 --a------ C:\WINDOWS\system32\clspack.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>


-- Find3M Report ---------------------------------------------------------------

2008-01-27 20:58:25 0 d-------- C:\Program Files\Common Files\Logitech
2008-01-27 20:33:41 0 d-------- C:\Program Files\Common Files
2008-01-20 07:40:56 0 d-------- C:\Program Files\Symantec
2008-01-20 00:34:54 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-01-19 22:12:27 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-19 21:34:14 0 d-------- C:\Program Files\Google
2008-01-19 21:19:14 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-19 21:04:21 0 d-------- C:\Documents and Settings\Original\Application Data\Macromedia
2008-01-19 20:22:39 0 d-------- C:\Program Files\Yahoo!
2008-01-19 20:22:27 0 d-------- C:\Documents and Settings\Original\Application Data\Yahoo!
2008-01-04 21:53:23 0 d-------- C:\Documents and Settings\Original\Application Data\LimeWire
2007-12-22 10:00:50 0 d-------- C:\Documents and Settings\Original\Application Data\Propellerhead Software


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [09/13/2004 03:33 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [12/03/2004 08:00 PM]
"Dell Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" []
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [04/26/2004 07:04 AM]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [01/07/2004 12:01 AM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [12/06/2004 12:05 AM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [08/09/2004 05:03 AM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [08/09/2004 05:03 AM]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [02/15/2005 08:02 AM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [02/15/2005 08:02 AM]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [09/29/2003 11:14 PM]
"PDF4 Registry Controller"="C:\Program Files\ScanSoft\PDF Professional 4.0\\RegistryController.exe" [08/22/2006 06:09 PM]
"NoteBurner"="C:\Program Files\NoteBurner\VTBurnerGUI.exe" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 09:50 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 05:24 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [09/26/2007 01:42 PM]
"Motive SmartBridge"="C:\PROGRA~1\ALLTEL~1\SMARTB~1\MotiveSB.exe" [11/09/2004 10:32 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [08/06/2007 03:08 AM]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [01/25/2007 09:58 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 04:00 AM]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [01/19/2007 11:54 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/28/2007 08:50 PM]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" []
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" []
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [08/30/2007 04:43 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 08:05 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [06/21/2007 02:06 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [12/14/2004 3:44:06 AM]
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [12/22/2004 12:42:22 PM]
Program Neighborhood Agent.lnk - C:\Program Files\Citrix\ICA Client\pnagent.exe [5/2/2006 6:22:30 PM]
Windstream Broadband Check-up Center.lnk - C:\Program Files\ALLTEL DSL Check-up Center\bin\matcli.exe [1/19/2008 12:06:37 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

*Newly Created Service* - LVSRVLAUNCHER



-- End of Deckard's System Scanner: finished at 2008-01-27 21:00:13 ------------

Edited by lozard, 27 January 2008 - 09:20 PM.

  • 0

#7
Rorschach112
Posted 27 January 2008 - 09:53 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2

2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.



Backup Your Registry with ERUNT
  • Please use the following link and scroll down to ERUNT and download it.
    http://aumha.org/freeware/freeware.php
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.
Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe



Now we need to fix your problems by making a .reg file. Copy the code below into a Notepad file. Name the file as fix.reg, change the "Save as Type" to "All files" and save it on the desktop.

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=-


Then double click on the fix.reg file, when it prompts to merge click "Yes".



Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.


Reboot and post a new DSS log
  • 0

#8
lozard
Posted 28 January 2008 - 07:29 PM

lozard

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/28/2008 at 01:05 AM

Application Version : 3.9.1008

Core Rules Database Version : 3259
Trace Rules Database Version: 1270

Scan type : Complete Scan
Total Scan Time : 02:31:16

Memory items scanned : 613
Memory threats detected : 0
Registry items scanned : 6644
Registry threats detected : 2
File items scanned : 77208
File threats detected : 1

Adware.Tracking Cookie
C:\Documents and Settings\Original\Cookies\[email protected][1].txt

Adware.ClickSpring
HKLM\Software\ClickSpring
HKLM\Software\ClickSpring#UBWKR




Deckard's System Scanner v20071014.68
Run by Original on 2008-01-28 19:26:54
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 7.51 GiB (less than 15%) free.


-- HijackThis (run as Original.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:27:02 PM, on 1/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\basfipm.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALLTEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
C:\Program Files\Citrix\ICA Client\pnagent.exe
C:\Program Files\ALLTEL DSL Check-up Center\bin\mpbtn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Documents and Settings\Original\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Original.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.baylor.ed...ness/splash.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PDF4 Registry Controller] "C:\Program Files\ScanSoft\PDF Professional 4.0\\RegistryController.exe"
O4 - HKLM\..\Run: [NoteBurner] C:\Program Files\NoteBurner\VTBurnerGUI.exe /silence
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALLTEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Program Files\Citrix\ICA Client\pnagent.exe
O4 - Global Startup: Windstream Broadband Check-up Center.lnk = C:\Program Files\ALLTEL DSL Check-up Center\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with ScanSoft PDF Converter 4.0 - res://C:\Program Files\ScanSoft\PDF Professional 4.0\cnvres_eng.dll /100
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL (file missing)
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL (file missing)
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - https://activation.a...aller_2-0-0.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgree...eensActivia.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin....nderControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {AE6C4705-0F11-4ACB-BDD4-37F138BEF289} (Image Uploader Control) - http://www.hebphoto....PUploader45.cab
O16 - DPF: {F5131C24-E56D-11CF-B78A-444553540000} (Ikonic Menu Control) - https://wc.wachovia....ab/ikcntrls.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 11418 bytes

-- Files created between 2007-12-28 and 2008-01-28 -----------------------------

2008-01-26 19:51:46 0 d-------- C:\Program Files\msn gaming zone
2008-01-25 21:08:14 0 d-------- C:\Program Files\Trend Micro
2008-01-25 20:17:59 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-01-21 22:24:20 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-21 22:11:48 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-01-21 22:11:48 0 d-------- C:\Documents and Settings\Original\Application Data\SUPERAntiSpyware.com
2008-01-21 22:07:04 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-21 21:20:06 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-01-20 20:26:02 4780 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-20 20:23:00 81920 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-01-20 20:22:59 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-01-20 20:22:58 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-01-20 20:22:57 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-01-20 20:22:55 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-01-20 20:22:51 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-01-20 08:24:06 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-01-20 08:23:59 0 d-------- C:\Program Files\Webroot
2008-01-20 08:23:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-01-20 00:17:05 0 d-------- C:\Program Files\Enigma Software Group
2008-01-19 23:46:19 164 --a------ C:\install.dat
2008-01-19 23:40:57 0 d-------- C:\Documents and Settings\Original\Application Data\Webroot
2008-01-19 22:04:52 87424 --a------ C:\WINDOWS\system32\drivers\SysPlant.sys <Not Verified; Symantec Corporation; Symantec CMC Firewall>
2008-01-19 06:47:35 0 d-------- C:\Documents and Settings\Original\Application Data\Motive
2008-01-19 00:07:16 0 d-------- C:\WINDOWS\Motive
2008-01-19 00:06:34 0 d-------- C:\Program Files\ALLTEL DSL Check-up Center
2008-01-19 00:05:11 0 d-------- C:\Documents and Settings\All Users\Application Data\MotiveSysIDs
2008-01-19 00:04:58 69632 --a------ C:\WINDOWS\system32\MCCDevice.dll <Not Verified; Motive Communications, Inc.; >
2008-01-19 00:04:58 6048 --a------ C:\WINDOWS\system32\MCC16.dll
2008-01-18 23:19:11 589824 --a------ C:\WINDOWS\system32\MCCDNSHLP_1-0-0_DSR.dll <Not Verified; Motive Communications, Inc.; >
2008-01-18 23:18:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Motive
2008-01-18 23:18:56 0 d-------- C:\Program Files\Common Files\Motive
2008-01-18 23:15:54 46352 --a------ C:\WINDOWS\setdebug.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-01-18 23:15:53 171280 --a------ C:\WINDOWS\system32\jit.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-01-18 23:15:53 139536 --a------ C:\WINDOWS\system32\javaee.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-01-18 23:15:53 313856 --a------ C:\WINDOWS\system32\dx3j.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Java>
2008-01-18 23:15:53 6550 --a------ C:\WINDOWS\jautoexp.dat
2008-01-18 23:15:46 113 --a------ C:\WINDOWS\system32\zonedon.reg
2008-01-18 23:15:46 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2008-01-18 23:15:45 171792 --a------ C:\WINDOWS\system32\wjview.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-01-18 23:15:45 286992 --a------ C:\WINDOWS\system32\vmhelper.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-01-18 23:15:45 21264 --a------ C:\WINDOWS\system32\msjdbc10.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-01-18 23:15:44 945424 --a------ C:\WINDOWS\system32\msjava.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-01-18 23:15:44 154896 --a------ C:\WINDOWS\system32\msawt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-01-18 23:15:44 172304 --a------ C:\WINDOWS\system32\jview.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-01-18 23:15:43 15120 --a------ C:\WINDOWS\system32\jdbgmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-01-18 23:15:43 404752 --a------ C:\WINDOWS\system32\javart.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-01-18 23:15:43 63248 --a------ C:\WINDOWS\system32\javaprxy.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-01-18 23:15:42 187152 --a------ C:\WINDOWS\system32\javacypt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-01-18 23:15:41 49424 --a------ C:\WINDOWS\system32\clspack.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>


-- Find3M Report ---------------------------------------------------------------

2008-01-27 20:58:25 0 d-------- C:\Program Files\Common Files\Logitech
2008-01-27 20:33:41 0 d-------- C:\Program Files\Common Files
2008-01-20 07:40:56 0 d-------- C:\Program Files\Symantec
2008-01-20 00:34:54 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-01-19 22:12:27 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-19 21:34:14 0 d-------- C:\Program Files\Google
2008-01-19 21:19:14 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-19 21:04:21 0 d-------- C:\Documents and Settings\Original\Application Data\Macromedia
2008-01-19 20:22:39 0 d-------- C:\Program Files\Yahoo!
2008-01-19 20:22:27 0 d-------- C:\Documents and Settings\Original\Application Data\Yahoo!
2008-01-04 21:53:23 0 d-------- C:\Documents and Settings\Original\Application Data\LimeWire
2007-12-22 10:00:50 0 d-------- C:\Documents and Settings\Original\Application Data\Propellerhead Software


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [09/13/2004 03:33 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [12/03/2004 08:00 PM]
"Dell Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" []
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [04/26/2004 07:04 AM]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [01/07/2004 12:01 AM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [12/06/2004 12:05 AM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [08/09/2004 05:03 AM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [08/09/2004 05:03 AM]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [02/15/2005 08:02 AM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [02/15/2005 08:02 AM]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [09/29/2003 11:14 PM]
"PDF4 Registry Controller"="C:\Program Files\ScanSoft\PDF Professional 4.0\\RegistryController.exe" [08/22/2006 06:09 PM]
"NoteBurner"="C:\Program Files\NoteBurner\VTBurnerGUI.exe" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 09:50 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 05:24 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [09/26/2007 01:42 PM]
"Motive SmartBridge"="C:\PROGRA~1\ALLTEL~1\SMARTB~1\MotiveSB.exe" [11/09/2004 10:32 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [08/06/2007 03:08 AM]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [01/25/2007 09:58 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 04:00 AM]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [01/19/2007 11:54 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/28/2007 08:50 PM]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" []
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" []
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [08/30/2007 04:43 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 08:05 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [06/21/2007 02:06 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [12/14/2004 3:44:06 AM]
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [12/22/2004 12:42:22 PM]
Program Neighborhood Agent.lnk - C:\Program Files\Citrix\ICA Client\pnagent.exe [5/2/2006 6:22:30 PM]
Windstream Broadband Check-up Center.lnk - C:\Program Files\ALLTEL DSL Check-up Center\bin\matcli.exe [1/19/2008 12:06:37 AM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"




-- End of Deckard's System Scanner: finished at 2008-01-28 19:27:31 ------------
  • 0

#9
Rorschach112
Posted 29 January 2008 - 08:50 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
We just need to remove on entry then we are all done

Do the following in HijackThis and DSS

1. Please re-open HiJackThis and DSS and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2

2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.


Then send me a new DSS log
  • 0

#10
lozard
Posted 29 January 2008 - 08:12 PM

lozard

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
cannot seem to get rid of: R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2

Deckard's System Scanner v20071014.68
Run by Original on 2008-01-29 20:10:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 7.46 GiB (less than 15%) free.


-- HijackThis (run as Original.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:10:11 PM, on 1/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\basfipm.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALLTEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
C:\Program Files\Citrix\ICA Client\pnagent.exe
C:\Program Files\ALLTEL DSL Check-up Center\bin\mpbtn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msfeedssync.exe
C:\Documents and Settings\Original\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Original.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.baylor.ed...ness/splash.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PDF4 Registry Controller] "C:\Program Files\ScanSoft\PDF Professional 4.0\\RegistryController.exe"
O4 - HKLM\..\Run: [NoteBurner] C:\Program Files\NoteBurner\VTBurnerGUI.exe /silence
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALLTEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Program Files\Citrix\ICA Client\pnagent.exe
O4 - Global Startup: Windstream Broadband Check-up Center.lnk = C:\Program Files\ALLTEL DSL Check-up Center\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with ScanSoft PDF Converter 4.0 - res://C:\Program Files\ScanSoft\PDF Professional 4.0\cnvres_eng.dll /100
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL (file missing)
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL (file missing)
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - https://activation.a...aller_2-0-0.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgree...eensActivia.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin....nderControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {AE6C4705-0F11-4ACB-BDD4-37F138BEF289} (Image Uploader Control) - http://www.hebphoto....PUploader45.cab
O16 - DPF: {F5131C24-E56D-11CF-B78A-444553540000} (Ikonic Menu Control) - https://wc.wachovia....ab/ikcntrls.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 11488 bytes

-- Files created between 2007-12-29 and 2008-01-29 -----------------------------

2008-01-26 19:51:46 0 d-------- C:\Program Files\msn gaming zone
2008-01-25 21:08:14 0 d-------- C:\Program Files\Trend Micro
2008-01-25 20:17:59 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-01-21 22:24:20 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-21 22:11:48 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-01-21 22:11:48 0 d-------- C:\Documents and Settings\Original\Application Data\SUPERAntiSpyware.com
2008-01-21 22:07:04 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-21 21:20:06 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-01-20 20:26:02 4780 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-20 20:23:00 81920 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-01-20 20:22:59 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-01-20 20:22:58 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-01-20 20:22:57 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-01-20 20:22:55 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-01-20 20:22:51 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-01-20 08:24:06 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-01-20 08:23:59 0 d-------- C:\Program Files\Webroot
2008-01-20 08:23:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-01-20 00:17:05 0 d-------- C:\Program Files\Enigma Software Group
2008-01-19 23:46:19 164 --a------ C:\install.dat
2008-01-19 23:40:57 0 d-------- C:\Documents and Settings\Original\Application Data\Webroot
2008-01-19 22:04:52 87424 --a------ C:\WINDOWS\system32\drivers\SysPlant.sys <Not Verified; Symantec Corporation; Symantec CMC Firewall>
2008-01-19 06:47:35 0 d-------- C:\Documents and Settings\Original\Application Data\Motive
2008-01-19 00:07:16 0 d-------- C:\WINDOWS\Motive
2008-01-19 00:06:34 0 d-------- C:\Program Files\ALLTEL DSL Check-up Center
2008-01-19 00:05:11 0 d-------- C:\Documents and Settings\All Users\Application Data\MotiveSysIDs
2008-01-19 00:04:58 69632 --a------ C:\WINDOWS\system32\MCCDevice.dll <Not Verified; Motive Communications, Inc.; >
2008-01-19 00:04:58 6048 --a------ C:\WINDOWS\system32\MCC16.dll
2008-01-18 23:19:11 589824 --a------ C:\WINDOWS\system32\MCCDNSHLP_1-0-0_DSR.dll <Not Verified; Motive Communications, Inc.; >
2008-01-18 23:18:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Motive
2008-01-18 23:18:56 0 d-------- C:\Program Files\Common Files\Motive
2008-01-18 23:15:54 46352 --a------ C:\WINDOWS\setdebug.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-01-18 23:15:53 171280 --a------ C:\WINDOWS\system32\jit.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-01-18 23:15:53 139536 --a------ C:\WINDOWS\system32\javaee.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-01-18 23:15:53 313856 --a------ C:\WINDOWS\system32\dx3j.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Java>
2008-01-18 23:15:53 6550 --a------ C:\WINDOWS\jautoexp.dat
2008-01-18 23:15:46 113 --a------ C:\WINDOWS\system32\zonedon.reg
2008-01-18 23:15:46 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2008-01-18 23:15:45 171792 --a------ C:\WINDOWS\system32\wjview.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-01-18 23:15:45 286992 --a------ C:\WINDOWS\system32\vmhelper.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-01-18 23:15:45 21264 --a------ C:\WINDOWS\system32\msjdbc10.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-01-18 23:15:44 945424 --a------ C:\WINDOWS\system32\msjava.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-01-18 23:15:44 154896 --a------ C:\WINDOWS\system32\msawt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-01-18 23:15:44 172304 --a------ C:\WINDOWS\system32\jview.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-01-18 23:15:43 15120 --a------ C:\WINDOWS\system32\jdbgmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-01-18 23:15:43 404752 --a------ C:\WINDOWS\system32\javart.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-01-18 23:15:43 63248 --a------ C:\WINDOWS\system32\javaprxy.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-01-18 23:15:42 187152 --a------ C:\WINDOWS\system32\javacypt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-01-18 23:15:41 49424 --a------ C:\WINDOWS\system32\clspack.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>


-- Find3M Report ---------------------------------------------------------------

2008-01-27 20:58:25 0 d-------- C:\Program Files\Common Files\Logitech
2008-01-27 20:33:41 0 d-------- C:\Program Files\Common Files
2008-01-20 07:40:56 0 d-------- C:\Program Files\Symantec
2008-01-20 00:34:54 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-01-19 22:12:27 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-19 21:34:14 0 d-------- C:\Program Files\Google
2008-01-19 21:19:14 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-19 21:04:21 0 d-------- C:\Documents and Settings\Original\Application Data\Macromedia
2008-01-19 20:22:39 0 d-------- C:\Program Files\Yahoo!
2008-01-19 20:22:27 0 d-------- C:\Documents and Settings\Original\Application Data\Yahoo!
2008-01-04 21:53:23 0 d-------- C:\Documents and Settings\Original\Application Data\LimeWire
2007-12-22 10:00:50 0 d-------- C:\Documents and Settings\Original\Application Data\Propellerhead Software


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [09/13/2004 03:33 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [12/03/2004 08:00 PM]
"Dell Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" []
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [04/26/2004 07:04 AM]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [01/07/2004 12:01 AM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [12/06/2004 12:05 AM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [08/09/2004 05:03 AM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [08/09/2004 05:03 AM]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [02/15/2005 08:02 AM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [02/15/2005 08:02 AM]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [09/29/2003 11:14 PM]
"PDF4 Registry Controller"="C:\Program Files\ScanSoft\PDF Professional 4.0\\RegistryController.exe" [08/22/2006 06:09 PM]
"NoteBurner"="C:\Program Files\NoteBurner\VTBurnerGUI.exe" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 09:50 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 05:24 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [09/26/2007 01:42 PM]
"Motive SmartBridge"="C:\PROGRA~1\ALLTEL~1\SMARTB~1\MotiveSB.exe" [11/09/2004 10:32 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [08/06/2007 03:08 AM]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [01/25/2007 09:58 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 04:00 AM]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [01/19/2007 11:54 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/28/2007 08:50 PM]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" []
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" []
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [08/30/2007 04:43 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 08:05 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [06/21/2007 02:06 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [12/14/2004 3:44:06 AM]
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [12/22/2004 12:42:22 PM]
Program Neighborhood Agent.lnk - C:\Program Files\Citrix\ICA Client\pnagent.exe [5/2/2006 6:22:30 PM]
Windstream Broadband Check-up Center.lnk - C:\Program Files\ALLTEL DSL Check-up Center\bin\matcli.exe [1/19/2008 12:06:37 AM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"




-- End of Deckard's System Scanner: finished at 2008-01-29 20:10:41 ------------
  • 0

Advertisements

#11
Rorschach112
Posted 29 January 2008 - 08:36 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Download WinPFind35U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.
  • Open the WinPFind35u folder and double-click on WinPFind35U.exe to start the program.
  • Under Additional Scans check the box beside Reg - Disabled MS Config Items.
  • Under Rootkit Search change that to Yes.
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here in an attachment. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in the attached report.

Make sure you attach the report in your reply.

Edited by jwbirdsong, 08 February 2008 - 06:15 AM.

  • 0

#12
lozard
Posted 29 January 2008 - 09:22 PM

lozard

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Here is the WinPFind35u report --

WinPFind35 logfile created on: 1/29/2008 9:11:14 PM
WinPFind35U Version Beta40	 Folder = C:\Documents and Settings\Original\Desktop\WinPFind35u
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
 
1015.36 Mb Total Physical Memory | 478.98 Mb Available Physical Memory | 47.17% Memory free
2.39 Gb Paging File | 1.91 Gb Available in Paging File | 79.92% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.81 Gb Total Space | 7.45 Gb Free Space | 13.35% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: TREY-HAGINS
Current User Name: Original
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user


[Processes - Non-Microsoft Only]
smc.exe -> %ProgramFiles%\Symantec\Symantec Endpoint Protection\Smc.exe -> Symantec Corporation [Ver = 11.0.780.980 | Size = 2532736 bytes | Modified Date = 9/7/2007 10:33:32 PM | Attr =	]
ccsvchst.exe -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.3.3.16 | Size = 108392 bytes | Modified Date = 8/6/2007 3:08:06 AM | Attr =	]
wltrysvc.exe -> %System32%\WLTRYSVC.EXE ->  [Ver =  | Size = 65536 bytes | Modified Date = 12/6/2004 7:45:14 PM | Attr =	]
bcmwltry.exe -> %System32%\BCMWLTRY.EXE -> Dell Inc [Ver = 3.100.41.0 | Size = 872556 bytes | Modified Date = 12/6/2004 7:45:12 PM | Attr =	]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 9/6/2007 12:28:18 PM | Attr =	]
basfipm.exe -> %System32%\BAsfIpM.exe -> Broadcom Corp. [Ver = 6.0.4 | Size = 77824 bytes | Modified Date = 4/1/2004 5:05:48 PM | Attr =	]
iap.exe -> %ProgramFiles%\Dell\OpenManage\Client\Iap.exe -> Dell Inc [Ver = 7, 1, 382, 0 | Size = 155648 bytes | Modified Date = 2/13/2004 9:47:02 AM | Attr =	]
nicconfigsvc.exe -> %ProgramFiles%\Dell\NicConfigSvc\NicConfigSvc.exe -> Dell Inc. [Ver = 1, 0, 0, 1 | Size = 356352 bytes | Modified Date = 3/3/2005 10:29:02 PM | Attr =	]
rtvscan.exe -> %ProgramFiles%\Symantec\Symantec Endpoint Protection\Rtvscan.exe -> Symantec Corporation [Ver = 11.0.777.1008 | Size = 2177464 bytes | Modified Date = 9/6/2007 3:55:38 AM | Attr =	]
spysweeper.exe -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeper.exe -> Webroot Software, Inc. [Ver = 3,3,1,2592 | Size = 3376704 bytes | Modified Date = 1/25/2007 9:58:50 PM | Attr =	]
smcgui.exe -> %ProgramFiles%\Symantec\Symantec Endpoint Protection\SmcGui.exe -> Symantec Corporation [Ver = 11.0.780.980 | Size = 1635712 bytes | Modified Date = 9/7/2007 10:33:34 PM | Attr =	]
apoint.exe -> %ProgramFiles%\Apoint\Apoint.exe -> Alps Electric Co., Ltd. [Ver = 5.5.101.141 | Size = 155648 bytes | Modified Date = 9/13/2004 3:33:20 PM | Attr =	]
wltray.exe -> %System32%\WLTRAY.EXE -> Dell Inc [Ver = 3.100.41.0 | Size = 696425 bytes | Modified Date = 12/6/2004 7:45:14 PM | Attr =	]
dvdlauncher.exe -> %ProgramFiles%\CyberLink\PowerDVD\DVDLauncher.exe -> CyberLink Corp. [Ver = 3.00.0000 | Size = 53248 bytes | Modified Date = 4/26/2004 7:04:14 AM | Attr =	]
tfswctrl.exe -> %System32%\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 127035 bytes | Modified Date = 12/6/2004 12:05:00 AM | Attr =	]
hkcmd.exe -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4020 | Size = 126976 bytes | Modified Date = 2/15/2005 8:02:56 AM | Attr =	]
apntex.exe -> %ProgramFiles%\Apoint\ApntEx.exe -> Alps Electric Co., Ltd. [Ver = 5.5.1.19 | Size = 45056 bytes | Modified Date = 8/19/2004 1:40:08 PM | Attr =	]
qttask.exe -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.2 | Size = 286720 bytes | Modified Date = 6/29/2007 5:24:52 AM | Attr =	]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.4.3.1 | Size = 267064 bytes | Modified Date = 9/26/2007 1:42:04 PM | Attr =	]
motivesb.exe -> %ProgramFiles%\ALLTEL DSL Check-up Center\SmartBridge\MotiveSB.exe -> Motive Communications, Inc. [Ver = 5.8.10.asst_classic.smartbridge.20041013_160000 | Size = 393216 bytes | Modified Date = 11/9/2004 10:32:44 AM | Attr =	]
ccapp.exe -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 106.3.3.16 | Size = 115560 bytes | Modified Date = 8/6/2007 3:08:40 AM | Attr =	]
spysweeperui.exe -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeperUI.exe -> Webroot Software, Inc. [Ver = 5,3,1,2344 | Size = 4865600 bytes | Modified Date = 1/25/2007 9:58:38 PM | Attr =	]
googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 7/28/2007 8:50:24 PM | Attr =	]
superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 6/21/2007 2:06:28 PM | Attr =	]
ymsgr_tray.exe -> %ProgramFiles%\Yahoo!\Messenger\Ymsgr_tray.exe -> Yahoo! Inc. [Ver = 8,1,0,0 | Size = 103664 bytes | Modified Date = 8/30/2007 4:43:18 PM | Attr =	]
reader_sl.exe -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 29696 bytes | Modified Date = 12/14/2004 3:44:06 AM | Attr =	]
tosbtmng1.exe -> %ProgramFiles%\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe ->  [Ver =  | Size = 45056 bytes | Modified Date = 12/22/2004 12:42:22 PM | Attr =	]
pnagent.exe -> %ProgramFiles%\Citrix\ICA Client\pnagent.exe -> Citrix Systems, Inc. [Ver = 9.200.44376 | Size = 233744 bytes | Modified Date = 5/2/2006 6:22:30 PM | Attr =	]
mpbtn.exe -> %ProgramFiles%\ALLTEL DSL Check-up Center\bin\mpbtn.exe ->  [Ver =  | Size = 192512 bytes | Modified Date = 3/16/2004 5:49:50 PM | Attr =	]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.4.3.1 | Size = 503608 bytes | Modified Date = 9/26/2007 1:41:56 PM | Attr =	]
ssu.exe -> %ProgramFiles%\Webroot\Spy Sweeper\ssu.exe ->  [Ver =  | Size = 168512 bytes | Modified Date = 1/25/2007 9:58:46 PM | Attr =	]
winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 307200 bytes | Modified Date = 1/29/2008 11:17:26 AM | Attr =	]

[Win32 Services - Non-Microsoft Only]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 9/6/2007 12:28:18 PM | Attr =	]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Stopped] -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4107 | Size = 405504 bytes | Modified Date = 12/4/2004 2:32:34 AM | Attr =	]
(BAsfIpM) Broadcom ASF IP monitoring service v6.0.4 [Win32_Own | Auto | Running] -> %System32%\BAsfIpM.exe -> Broadcom Corp. [Ver = 6.0.4 | Size = 77824 bytes | Modified Date = 4/1/2004 5:05:48 PM | Attr =	]
(ccEvtMgr) Symantec Event Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.3.3.16 | Size = 108392 bytes | Modified Date = 8/6/2007 3:08:06 AM | Attr =	]
(ccSetMgr) Symantec Settings Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.3.3.16 | Size = 108392 bytes | Modified Date = 8/6/2007 3:08:06 AM | Attr =	]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr =	]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 1/27/2007 2:01:52 PM | Attr =	]
(Iap) Iap [Win32_Own | Auto | Running] -> %ProgramFiles%\Dell\OpenManage\Client\Iap.exe -> Dell Inc [Ver = 7, 1, 382, 0 | Size = 155648 bytes | Modified Date = 2/13/2004 9:47:02 AM | Attr =	]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 73728 bytes | Modified Date = 10/22/2004 2:24:18 AM | Attr =	]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.4.3.1 | Size = 503608 bytes | Modified Date = 9/26/2007 1:41:56 PM | Attr =	]
(LVSrvLauncher) LVSrvLauncher [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Logitech\SrvLnch\SrvLnch.exe -> Logitech Inc. [Ver = 10.4.0.1401 | Size = 101152 bytes | Modified Date = 11/15/2006 10:05:40 PM | Attr =	]
(NICCONFIGSVC) NICCONFIGSVC [Win32_Own | Auto | Running] -> %ProgramFiles%\Dell\NicConfigSvc\NicConfigSvc.exe -> Dell Inc. [Ver = 1, 0, 0, 1 | Size = 356352 bytes | Modified Date = 3/3/2005 10:29:02 PM | Attr =	]
(SmcService) Symantec Management Client [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\Symantec Endpoint Protection\Smc.exe -> Symantec Corporation [Ver = 11.0.780.980 | Size = 2532736 bytes | Modified Date = 9/7/2007 10:33:32 PM | Attr =	]
(SNAC) Symantec Network Access Control [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\Symantec Endpoint Protection\SNAC.EXE -> Symantec Corporation [Ver = 11.0.780.980 | Size = 234888 bytes | Modified Date = 9/7/2007 10:35:04 PM | Attr =	]
(Symantec AntiVirus) Symantec Endpoint Protection [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\Symantec Endpoint Protection\Rtvscan.exe -> Symantec Corporation [Ver = 11.0.777.1008 | Size = 2177464 bytes | Modified Date = 9/6/2007 3:55:38 AM | Attr =	]
(WebrootSpySweeperService) Webroot Spy Sweeper Engine [Win32_Own | Auto | Running] -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeper.exe -> Webroot Software, Inc. [Ver = 3,3,1,2592 | Size = 3376704 bytes | Modified Date = 1/25/2007 9:58:50 PM | Attr =	]
(wltrysvc) Dell Wireless WLAN Tray Service [Win32_Own | Auto | Running] -> %System32%\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe -> File not found

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
Apoint -> %ProgramFiles%\Apoint\Apoint.exe -> Alps Electric Co., Ltd. [Ver = 5.5.101.141 | Size = 155648 bytes | Modified Date = 9/13/2004 3:33:20 PM | Attr =	]
ATIPTA -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5125 | Size = 344064 bytes | Modified Date = 12/3/2004 8:00:00 PM | Attr =	]
ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 106.3.3.16 | Size = 115560 bytes | Modified Date = 8/6/2007 3:08:40 AM | Attr =	]
Dell Wireless Manager UI -> %System32%\WLTRAY.EXE -> Dell Inc [Ver = 3.100.41.0 | Size = 696425 bytes | Modified Date = 12/6/2004 7:45:14 PM | Attr =	]
dla -> %System32%\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 127035 bytes | Modified Date = 12/6/2004 12:05:00 AM | Attr =	]
DVDLauncher -> %ProgramFiles%\CyberLink\PowerDVD\DVDLauncher.exe -> CyberLink Corp. [Ver = 3.00.0000 | Size = 53248 bytes | Modified Date = 4/26/2004 7:04:14 AM | Attr =	]
HotKeysCmds -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4020 | Size = 126976 bytes | Modified Date = 2/15/2005 8:02:56 AM | Attr =	]
IgfxTray -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4020 | Size = 155648 bytes | Modified Date = 2/15/2005 8:02:58 AM | Attr =	]
ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> InstallShield Software Corporation [Ver = 3, 20, 100, 1123 | Size = 221184 bytes | Modified Date = 8/9/2004 5:03:58 AM | Attr =	]
ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 3, 20, 100, 1123 | Size = 81920 bytes | Modified Date = 8/9/2004 5:03:38 AM | Attr =	]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.4.3.1 | Size = 267064 bytes | Modified Date = 9/26/2007 1:42:04 PM | Attr =	]
Motive SmartBridge -> %ProgramFiles%\ALLTEL DSL Check-up Center\SmartBridge\MotiveSB.exe -> Motive Communications, Inc. [Ver = 5.8.10.asst_classic.smartbridge.20041013_160000 | Size = 393216 bytes | Modified Date = 11/9/2004 10:32:44 AM | Attr =	]
NeroFilterCheck -> %System32%\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 7/9/2001 9:50:42 AM | Attr =	]
NoteBurner -> %ProgramFiles%\NoteBurner\VTBurnerGUI.exe -> File not found
PDF4 Registry Controller -> %ProgramFiles%\ScanSoft\PDF Professional 4.0\RegistryController.exe -> Nuance Communications, Inc. [Ver = 4.0.6422.2 | Size = 40960 bytes | Modified Date = 8/22/2006 6:09:54 PM | Attr =	]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.2 | Size = 286720 bytes | Modified Date = 6/29/2007 5:24:52 AM | Attr =	]
SpySweeper -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeperUI.exe -> Webroot Software, Inc. [Ver = 5,3,1,2344 | Size = 4865600 bytes | Modified Date = 1/25/2007 9:58:38 PM | Attr =	]
SSBkgdUpdate -> %CommonProgramFiles%\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe -> Scansoft, Inc. [Ver = 1, 0, 0, 6 | Size = 155648 bytes | Modified Date = 9/29/2003 11:14:58 PM | Attr = R  ]
UpdateManager -> %CommonProgramFiles%\Sonic\Update Manager\sgtray.exe -> Sonic Solutions [Ver = 1.01.33b | Size = 110592 bytes | Modified Date = 1/7/2004 12:01:00 AM | Attr =	]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = 1 -> 
MAPI-> Installed = 1 -> 
MSFS-> Installed = 1 -> 
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
H/PC Connection Agent -> %ProgramFiles%\Microsoft ActiveSync\WCESCOMM.EXE -> File not found
MySpaceIM -> %ProgramFiles%\MySpace\IM\MySpaceIM.exe -> File not found
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 6/21/2007 2:06:28 PM | Attr =	]
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 7/28/2007 8:50:24 PM | Attr =	]
Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 8/30/2007 4:43:18 PM | Attr =	]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 29696 bytes | Modified Date = 12/14/2004 3:44:06 AM | Attr =	]
%AllUsersStartup%\Bluetooth Manager.lnk -> %ProgramFiles%\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe ->  [Ver =  | Size = 45056 bytes | Modified Date = 12/22/2004 12:42:22 PM | Attr =	]
%AllUsersStartup%\Program Neighborhood Agent.lnk -> %ProgramFiles%\Citrix\ICA Client\pnagent.exe -> Citrix Systems, Inc. [Ver = 9.200.44376 | Size = 233744 bytes | Modified Date = 5/2/2006 6:22:30 PM | Attr =	]
%AllUsersStartup%\Windstream Broadband Check-up Center.lnk -> %ProgramFiles%\ALLTEL DSL Check-up Center\bin\matcli.exe -> Motive Communications, Inc. [Ver = 5.8.1.asst_classic.asst_matcli.20040316_162000 | Size = 217088 bytes | Modified Date = 3/16/2004 5:49:50 PM | Attr =	]
< Original Startup Folder > -> C:\Documents and Settings\Original\Start Menu\Programs\Startup -> 
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
AtiExtEvent -> %System32%\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4107 | Size = 90112 bytes | Modified Date = 12/4/2004 2:32:40 AM | Attr =	]
igfxcui -> %System32%\igfxsrvc.dll -> Intel Corporation [Ver = 3.0.0.4020 | Size = 348160 bytes | Modified Date = 2/15/2005 8:02:58 AM | Attr =	]
WgaLogon ->  -> File not found
WRNotifier -> %System32%\WRLogonNtf.dll -> Webroot Software, Inc. [Ver = 3,3,1,2592 | Size = 233024 bytes | Modified Date = 1/25/2007 9:58:48 PM | Attr =	]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.google.com/ie -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://www.google.com/ie -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Default_Page_URL -> http://www.dell.com/ -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.google.com/ie -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.google.com -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2 -> 
HKEY_CURRENT_USER\: Search\\SearchAssistant -> http://www.google.com/ie -> 
HKEY_CURRENT_USER\: SearchURL\\ -> http://www.google.com/search?q=%s[Reg Error: Value provider does not exist or could not be read.] -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
HKEY_CURRENT_USER\: ProxyOverride -> 127.0.0.1 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
turbotax.com .[https] -> Trusted sites -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 7.0.0.2004121400 | Size = 63136 bytes | Modified Date = 12/14/2004 12:56:50 AM | Attr =	]
{5CA3D70E-1895-11CF-8E15-001234567890} [HKEY_LOCAL_MACHINE] -> %System32%\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 1.04.08a | Size = 118842 bytes | Modified Date = 12/6/2004 12:05:00 AM | Attr =	]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R  ]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 0, 301, 7164 | Size = 325048 bytes | Modified Date = 7/28/2007 8:50:24 PM | Attr =	]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R  ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R  ]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_02\bin\NPJPI150_02.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.20.9 | Size = 69746 bytes | Modified Date = 3/4/2005 2:54:17 AM | Attr =	]
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}:{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Microsoft ActiveSync\INETREPL.DLL [Create Mobile Favorite] -> File not found
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}:{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Microsoft ActiveSync\INETREPL.DLL [Create Mobile Favorite...] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Open with ScanSoft PDF Converter 4.0 -> %ProgramFiles%\ScanSoft\PDF Professional 4.0\cnvres_eng.dll ->  [Ver =  | Size = 2150400 bytes | Modified Date = 8/16/2006 3:51:06 PM | Attr =	]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{1524D730-4159-4A68-A15A-E8E30FB50642} ->	(Dell Wireless 1370 WLAN Mini-PCI Card) -> 
{933601B8-66F8-409B-A8D7-EBD6CE6CF4FA} ->	(Broadcom NetXtreme 57xx Gigabit Controller) -> 
{A4C21C79-A5BC-4F9F-B3EB-CA0367E7618F} ->	() -> 
{EDB79E45-97F2-4BCB-A61A-16C15ACDD17B} ->	() -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
mctp:{d7b95390-b1c5-11d0-b111-0080c712fe82} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Microsoft ActiveSync\aatp.dll[mctp: Asynchronous Pluggable Protocol Handler] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}[HKEY_LOCAL_MACHINE] -> http://www.apple.com/qtactivex/qtplugin.cab[QuickTime Object] -> 
{166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> 
{321FB770-1FBE-4BFE-BDC1-6F622D4FA499}[HKEY_LOCAL_MACHINE] -> https://activation.alltel.com/wizlet/WINDSTREAM/static/controls/WebflowActiveXInstaller_2-0-0.cab[Reg Error: Value  does not exist or could not be read.] -> 
{406B5949-7190-4245-91A9-30A17DE16AD0}[HKEY_LOCAL_MACHINE] -> http://photo.walgreens.com/WalgreensActivia.cab[Snapfish Activia] -> 
{493ACF15-5CD9-4474-82A6-91670C3DD66E}[HKEY_LOCAL_MACHINE] -> http://www.linkedin.com/cab/LinkedInContactFinderControl.cab[LinkedIn ContactFinderControl] -> 
{4F1E5B1A-2A80-42CA-8532-2D05CB959537}[HKEY_LOCAL_MACHINE] -> http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab[MSN Photo Upload Tool] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab[Java Plug-in 1.5.0_02] -> 
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}[HKEY_LOCAL_MACHINE] -> http://acs.pandasoftware.com/activescan/as5free/asinst.cab[ActiveScan Installer Class] -> 
{AE6C4705-0F11-4ACB-BDD4-37F138BEF289}[HKEY_LOCAL_MACHINE] -> http://www.hebphoto.com/net/Uploader/LPUploader45.cab[Image Uploader Control] -> 
{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab[Java Plug-in 1.5.0_02] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 
{F5131C24-E56D-11CF-B78A-444553540000}[HKEY_LOCAL_MACHINE] -> https://wc.wachovia.com/common/cab/ikcntrls.cab[Ikonic Menu Control] -> 
Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file:///C:/WINDOWS/Java/classes/xmldso.cab[Reg Error: Key does not exist or could not be opened.] -> 


[Registry - Additional Scans - Non-Microsoft Only]


[Files/Folders - Created Within 30 days]
Deckard -> %SystemDrive%\Deckard ->  [Folder | Created Date = 1/26/2008 8:06:52 PM | Attr =	]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 1064755200 bytes | Created Date = 1/26/2008 7:51:41 PM | Attr =  HS]
install.dat -> %SystemDrive%\install.dat ->  [Ver =  | Size = 164 bytes | Created Date = 1/19/2008 11:46:19 PM | Attr =	]
SDFix -> %SystemDrive%\SDFix ->  [Folder | Created Date = 1/21/2008 9:24:06 PM | Attr =	]
sqmdata09.sqm -> %SystemDrive%\sqmdata09.sqm ->  [Ver =  | Size = 268 bytes | Created Date = 1/1/2008 8:07:18 PM | Attr =  H ]
sqmnoopt09.sqm -> %SystemDrive%\sqmnoopt09.sqm ->  [Ver =  | Size = 244 bytes | Created Date = 1/1/2008 8:07:18 PM | Attr =  H ]
_OTMoveIt -> %SystemDrive%\_OTMoveIt ->  [Folder | Created Date = 1/27/2008 8:33:40 PM | Attr =	]
enethusb.sys -> %System32%\drivers\enethusb.sys -> Efficient Networks, Inc. [Ver = 2.1.0.60 | Size = 28005 bytes | Created Date = 1/18/2008 11:34:30 PM | Attr = R  ]
SSFS0509.sys -> %System32%\drivers\SSFS0509.sys -> Webroot Software Inc (www.webroot.com) [Ver = 3.3.1.2592 | Size = 20544 bytes | Created Date = 1/20/2008 8:24:06 AM | Attr =	]
sshrmd.sys -> %System32%\drivers\sshrmd.sys -> Webroot Software Inc (www.webroot.com) [Ver = 3.3.1.2592 | Size = 22080 bytes | Created Date = 1/20/2008 8:24:05 AM | Attr =	]
ssidrv.sys -> %System32%\drivers\ssidrv.sys -> Webroot Software Inc (www.webroot.com) [Ver = 3.3.1.2592 | Size = 144448 bytes | Created Date = 1/20/2008 8:24:05 AM | Attr =	]
sskbfd.sys -> %System32%\drivers\sskbfd.sys -> Webroot Software Inc (www.webroot.com) [Ver = 3.3.1.2592 | Size = 21056 bytes | Created Date = 1/20/2008 8:24:05 AM | Attr =	]
SYMEVENT.CAT -> %System32%\drivers\SYMEVENT.CAT ->  [Ver =  | Size = 10652 bytes | Created Date = 1/19/2008 10:03:57 PM | Attr =	]
SYMEVENT.INF -> %System32%\drivers\SYMEVENT.INF ->  [Ver =  | Size = 806 bytes | Created Date = 1/19/2008 10:03:57 PM | Attr =	]
SYMEVENT.SYS -> %System32%\drivers\SYMEVENT.SYS -> Symantec Corporation [Ver = 12.4.0.24 | Size = 136496 bytes | Created Date = 1/19/2008 10:03:57 PM | Attr =	]
SysPlant.sys -> %System32%\drivers\SysPlant.sys -> Symantec Corporation [Ver = 11.0.780.980 | Size = 87424 bytes | Created Date = 1/19/2008 10:04:52 PM | Attr =	]
ActiveScan -> %System32%\ActiveScan ->  [Folder | Created Date = 1/25/2008 8:17:59 PM | Attr =	]
3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
asuninst.exe -> %System32%\asuninst.exe -> Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Created Date = 1/25/2008 8:55:56 PM | Attr =	]
DevMngr.vxd -> %System32%\DevMngr.vxd ->  [Ver =  | Size = 6345 bytes | Created Date = 1/18/2008 11:21:26 PM | Attr = R  ]
dumphive.exe -> %System32%\dumphive.exe ->  [Ver =  | Size = 51200 bytes | Created Date = 1/20/2008 8:22:57 PM | Attr =	]
Help.ico -> %System32%\Help.ico ->  [Ver =  | Size = 1406 bytes | Created Date = 1/25/2008 8:24:18 PM | Attr =	]
IEDFix.exe -> %System32%\IEDFix.exe -> S!Ri.URZ [Ver =  | Size = 81920 bytes | Created Date = 1/20/2008 8:23:00 PM | Attr =	]
javasup.vxd -> %System32%\javasup.vxd ->  [Ver =  | Size = 7315 bytes | Created Date = 1/18/2008 11:15:53 PM | Attr =	]
MCC16.dll -> %System32%\MCC16.dll ->  [Ver =  | Size = 6048 bytes | Created Date = 1/19/2008 12:04:58 AM | Attr =	]
MCCDevice.dll -> %System32%\MCCDevice.dll -> Motive Communications, Inc. [Ver = 4,10,7,2 | Size = 69632 bytes | Created Date = 1/19/2008 12:04:58 AM | Attr =	]
MCCDNSHLP_1-0-0_DSR.dll -> %System32%\MCCDNSHLP_1-0-0_DSR.dll -> Motive Communications, Inc. [Ver = 1,0,0,3 | Size = 589824 bytes | Created Date = 1/18/2008 11:19:11 PM | Attr =	]
MRT.INI -> %System32%\MRT.INI ->  [Ver =  | Size = 118 bytes | Created Date = 1/26/2008 7:59:03 PM | Attr =	]
pavas.ico -> %System32%\pavas.ico ->  [Ver =  | Size = 30590 bytes | Created Date = 1/25/2008 8:19:41 PM | Attr =	]
Process.exe -> %System32%\Process.exe -> http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Created Date = 1/20/2008 8:22:51 PM | Attr =	]
S32EVNT1.DLL -> %System32%\S32EVNT1.DLL -> Symantec Corporation [Ver = 12.4.0.25 | Size = 60808 bytes | Created Date = 1/19/2008 10:03:57 PM | Attr =	]
SrchSTS.exe -> %System32%\SrchSTS.exe -> S!Ri [Ver =  | Size = 288417 bytes | Created Date = 1/20/2008 8:22:55 PM | Attr =	]
ssiefr.EXE -> %System32%\ssiefr.EXE -> Webroot Software Inc (www.webroot.com) [Ver = 3.3.1.2592 | Size = 10240 bytes | Created Date = 1/20/2008 8:23:59 AM | Attr =	]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Created Date = 1/20/2008 8:22:52 PM | Attr =	]
swsc.exe -> %System32%\swsc.exe ->  [Ver =  | Size = 40960 bytes | Created Date = 1/20/2008 8:22:53 PM | Attr =	]
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Created Date = 1/20/2008 8:22:57 PM | Attr =	]
tmp.reg -> %System32%\tmp.reg ->  [Ver =  | Size = 4780 bytes | Created Date = 1/20/2008 8:26:02 PM | Attr =	]
Uninstall.ico -> %System32%\Uninstall.ico ->  [Ver =  | Size = 2550 bytes | Created Date = 1/25/2008 8:26:49 PM | Attr =	]
VCCLSID.exe -> %System32%\VCCLSID.exe -> S!Ri [Ver =  | Size = 289144 bytes | Created Date = 1/20/2008 8:22:58 PM | Attr =	]
WRLogonNtf.dll -> %System32%\WRLogonNtf.dll -> Webroot Software, Inc. [Ver = 3,3,1,2592 | Size = 233024 bytes | Created Date = 1/20/2008 8:24:04 AM | Attr =	]
wrlzma.dll -> %System32%\wrlzma.dll ->  [Ver =  | Size = 26688 bytes | Created Date = 1/20/2008 8:24:00 AM | Attr =	]
WS2Fix.exe -> %System32%\WS2Fix.exe ->  [Ver =  | Size = 25600 bytes | Created Date = 1/20/2008 8:22:59 PM | Attr =	]
zonedoff.reg -> %System32%\zonedoff.reg ->  [Ver =  | Size = 113 bytes | Created Date = 1/18/2008 11:15:46 PM | Attr =	]
zonedon.reg -> %System32%\zonedon.reg ->  [Ver =  | Size = 113 bytes | Created Date = 1/18/2008 11:15:46 PM | Attr =	]
ZPORT4AS.dll -> %System32%\ZPORT4AS.dll ->  [Ver =  | Size = 11776 bytes | Created Date = 1/25/2008 8:55:56 PM | Attr =	]
ERDNT -> %SystemRoot%\ERDNT ->  [Folder | Created Date = 1/26/2008 8:07:22 PM | Attr =	]
jautoexp.dat -> %SystemRoot%\jautoexp.dat ->  [Ver =  | Size = 6550 bytes | Created Date = 1/18/2008 11:15:53 PM | Attr =	]
Motive -> %SystemRoot%\Motive ->  [Folder | Created Date = 1/19/2008 12:07:16 AM | Attr =	]
WRUninstall.dll -> %SystemRoot%\WRUninstall.dll -> Webroot Software, Inc. [Ver = 5,3,1,2344 | Size = 271936 bytes | Created Date = 1/20/2008 8:23:59 AM | Attr =	]
_detmp.1 -> %SystemRoot%\_detmp.1 ->  [Ver =  | Size = 1619873 bytes | Created Date = 1/25/2008 11:41:18 PM | Attr =	]
_detmp.2 -> %SystemRoot%\_detmp.2 -> SAS Institute Inc. [Ver = 8.2.0.6 | Size = 72192 bytes | Created Date = 1/25/2008 11:41:35 PM | Attr =	]
_detmp.3 -> %SystemRoot%\_detmp.3 ->  [Ver =  | Size = 7091 bytes | Created Date = 1/25/2008 11:42:00 PM | Attr =	]
_detmp.4 -> %SystemRoot%\_detmp.4 ->  [Ver =  | Size = 33280 bytes | Created Date = 1/25/2008 11:43:00 PM | Attr =	]

[Files/Folders - Modified Within 30 days]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Modified Date = 1/28/2008 6:36:09 PM | Attr =  HS]
Deckard -> %SystemDrive%\Deckard ->  [Folder | Modified Date = 1/26/2008 8:06:52 PM | Attr =	]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 1064755200 bytes | Modified Date = 1/29/2008 9:04:35 PM | Attr =  HS]
install.dat -> %SystemDrive%\install.dat ->  [Ver =  | Size = 164 bytes | Modified Date = 1/19/2008 11:46:35 PM | Attr =	]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 1/29/2008 8:19:36 PM | Attr = R  ]
SDFix -> %SystemDrive%\SDFix ->  [Folder | Modified Date = 1/19/2008 7:26:04 AM | Attr =	]
sqmdata09.sqm -> %SystemDrive%\sqmdata09.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 1/1/2008 8:07:18 PM | Attr =  H ]
sqmnoopt09.sqm -> %SystemDrive%\sqmnoopt09.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 1/1/2008 8:07:18 PM | Attr =  H ]
System Volume Information -> %SystemDrive%\System Volume Information ->  [Folder | Modified Date = 1/26/2008 8:07:16 PM | Attr =  HS]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 1/29/2008 9:05:38 PM | Attr =	]
_OTMoveIt -> %SystemDrive%\_OTMoveIt ->  [Folder | Modified Date = 1/27/2008 8:33:40 PM | Attr =	]
SYMEVENT.CAT -> %System32%\drivers\SYMEVENT.CAT ->  [Ver =  | Size = 10652 bytes | Modified Date = 1/19/2008 10:04:07 PM | Attr =	]
SYMEVENT.INF -> %System32%\drivers\SYMEVENT.INF ->  [Ver =  | Size = 806 bytes | Modified Date = 1/19/2008 10:04:07 PM | Attr =	]
SYMEVENT.SYS -> %System32%\drivers\SYMEVENT.SYS -> Symantec Corporation [Ver = 12.4.0.24 | Size = 136496 bytes | Modified Date = 1/19/2008 10:04:07 PM | Attr =	]
WpsHelper.sys -> %System32%\drivers\WpsHelper.sys -> Symantec Corporation [Ver = 11.0.717.804 | Size = 50536 bytes | Modified Date = 1/19/2008 10:08:00 PM | Attr =	]
ActiveScan -> %System32%\ActiveScan ->  [Folder | Modified Date = 1/25/2008 8:56:00 PM | Attr =	]
3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
CatRoot2 -> %System32%\CatRoot2 ->  [Folder | Modified Date = 1/29/2008 9:05:16 PM | Attr =	]
dllcache -> %System32%\dllcache ->  [Folder | Modified Date = 1/26/2008 8:00:50 PM | Attr = RHS]
drivers -> %System32%\drivers ->  [Folder | Modified Date = 1/27/2008 8:58:19 PM | Attr =	]
Help.ico -> %System32%\Help.ico ->  [Ver =  | Size = 1406 bytes | Modified Date = 1/25/2008 8:26:43 PM | Attr =	]
Macromed -> %System32%\Macromed ->  [Folder | Modified Date = 1/19/2008 9:04:21 PM | Attr =	]
MRT.INI -> %System32%\MRT.INI ->  [Ver =  | Size = 118 bytes | Modified Date = 1/26/2008 7:59:03 PM | Attr =	]
pavas.ico -> %System32%\pavas.ico ->  [Ver =  | Size = 30590 bytes | Modified Date = 1/25/2008 8:24:13 PM | Attr =	]
Restore -> %System32%\Restore ->  [Folder | Modified Date = 1/26/2008 8:07:16 PM | Attr =	]
S32EVNT1.DLL -> %System32%\S32EVNT1.DLL -> Symantec Corporation [Ver = 12.4.0.25 | Size = 60808 bytes | Modified Date = 1/19/2008 10:04:07 PM | Attr =	]
tmp.reg -> %System32%\tmp.reg ->  [Ver =  | Size = 4780 bytes | Modified Date = 1/24/2008 9:15:14 PM | Attr =	]
Uninstall.ico -> %System32%\Uninstall.ico ->  [Ver =  | Size = 2550 bytes | Modified Date = 1/25/2008 8:29:50 PM | Attr =	]
wpa.dbl -> %System32%\wpa.dbl ->  [Ver =  | Size = 12598 bytes | Modified Date = 1/29/2008 8:15:31 PM | Attr =	]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 1/26/2008 7:59:08 PM | Attr =  H ]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 1/29/2008 9:04:38 PM | Attr =   S]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 1/26/2008 8:11:21 PM | Attr =   S]
ERDNT -> %SystemRoot%\ERDNT ->  [Folder | Modified Date = 1/27/2008 8:37:57 PM | Attr =	]
Help -> %SystemRoot%\Help ->  [Folder | Modified Date = 1/20/2008 12:34:52 AM | Attr =	]
ie7updates -> %SystemRoot%\ie7updates ->  [Folder | Modified Date = 1/26/2008 7:55:10 PM | Attr =	]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Modified Date = 1/26/2008 7:56:44 PM | Attr =	]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 1/26/2008 7:59:19 PM | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 1/27/2008 8:58:34 PM | Attr =  HS]
java -> %SystemRoot%\java ->  [Folder | Modified Date = 1/18/2008 11:15:51 PM | Attr =	]
Motive -> %SystemRoot%\Motive ->  [Folder | Modified Date = 1/19/2008 12:07:16 AM | Attr =	]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini ->  [Ver =  | Size = 116 bytes | Modified Date = 1/19/2008 12:57:55 AM | Attr =	]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 1/29/2008 8:33:11 PM | Attr =	]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 1/29/2008 9:05:53 PM | Attr =  H ]
system32 -> %System32% ->  [Folder | Modified Date = 1/26/2008 8:00:50 PM | Attr =	]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 1/29/2008 9:07:17 PM | Attr =	]
WinSxS -> %SystemRoot%\WinSxS ->  [Folder | Modified Date = 1/19/2008 10:03:45 PM | Attr =	]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 284 bytes | Modified Date = 1/28/2008 12:12:02 PM | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 1/29/2008 9:04:49 PM | Attr =  H ]
User_Feed_Synchronization-{FCED3B27-FF7D-4D36-8741-FFED57F606A6}.job -> %SystemRoot%\tasks\User_Feed_Synchronization-{FCED3B27-FF7D-4D36-8741-FFED57F606A6}.job ->  [Ver =  | Size = 428 bytes | Modified Date = 1/29/2008 9:10:25 PM | Attr =  H ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 41372 bytes | Modified Date = 1/25/2008 11:08:54 PM | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 41372 bytes | Modified Date = 1/25/2008 11:08:53 PM | Attr =	]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat ->  [Ver =  | Size = 12330 bytes | Modified Date = 12/10/2006 10:25:43 PM | Attr =	]
SSUPDATE.EXE -> C:\Documents and Settings\Original\Local Settings\Temp\SSUPDATE.EXE -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1030 | Size = 146672 bytes | Modified Date = 6/21/2007 2:07:10 PM | Attr =	]
4 C:\Documents and Settings\Original\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Original\Local Settings\Temp\*.tmp -> 
md5deep.exe -> C:\Documents and Settings\Original\Local Settings\Temp\~tamqlrz.tmp\md5deep.exe ->  [Ver =  | Size = 21504 bytes | Modified Date = 7/29/2007 8:23:07 PM | Attr =	]
sed.exe -> C:\Documents and Settings\Original\Local Settings\Temp\~tamqlrz.tmp\sed.exe ->  [Ver =  | Size = 37376 bytes | Modified Date = 7/29/2007 8:23:07 PM | Attr =	]
swreg.exe -> C:\Documents and Settings\Original\Local Settings\Temp\~tamqlrz.tmp\swreg.exe -> SteelWerX [Ver = 2.0.2.0 | Size = 119296 bytes | Modified Date = 7/29/2007 8:23:07 PM | Attr =	]
Resume.exe -> C:\Documents and Settings\Original\Local Settings\Temp\2S771O1K\Resume.exe ->  [Ver = 3.3 | Size = 433521 bytes | Modified Date = 1/29/2008 8:32:54 PM | Attr =	]
dss.dll -> C:\Documents and Settings\Original\Local Settings\Temp\~tamqlrz.tmp\dss.dll ->  [Ver =  | Size = 37888 bytes | Modified Date = 10/14/2007 12:42:28 AM | Attr =	]
unpack.dll -> C:\Documents and Settings\Original\Local Settings\Temp\2S771O1K\unpack.dll ->  [Ver =  | Size = 35328 bytes | Modified Date = 1/29/2008 8:32:54 PM | Attr =	]
CustomUI.dll -> C:\Documents and Settings\Original\Local Settings\Temp\2S771O1K\Uninstall\plugins\0\CustomUI.dll ->  [Ver =  | Size = 352768 bytes | Modified Date = 12/19/2006 12:28:12 PM | Attr =	]
Services.dll -> C:\Documents and Settings\Original\Local Settings\Temp\2S771O1K\Uninstall\plugins\1\Services.dll ->  [Ver =  | Size = 107520 bytes | Modified Date = 11/24/2004 12:53:52 PM | Attr =	]
_shfoldr.dll -> C:\Documents and Settings\Original\Local Settings\Temp\is-78QTU.tmp\_isetup\_shfoldr.dll -> Microsoft Corporation [Ver = 5.50.4807.2300 | Size = 23312 bytes | Modified Date = 1/29/2008 8:20:12 PM | Attr =	]
1 C:\Documents and Settings\Original\Local Settings\Temp\is-78QTU.tmp\_isetup\*.tmp files -> C:\Documents and Settings\Original\Local Settings\Temp\is-78QTU.tmp\_isetup\*.tmp -> 
Perflib_Perfdata_48c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_48c.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 1/28/2008 6:37:00 PM | Attr =	]
Perflib_Perfdata_604.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_604.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 1/29/2008 9:05:07 PM | Attr =	]
Perflib_Perfdata_618.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_618.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 1/26/2008 8:01:40 PM | Attr =	]
Perflib_Perfdata_648.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_648.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 1/27/2008 8:44:16 PM | Attr =	]
Perflib_Perfdata_664.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_664.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 1/27/2008 8:53:49 PM | Attr =	]
Perflib_Perfdata_6a0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_6a0.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 1/29/2008 8:24:05 PM | Attr =	]
Perflib_Perfdata_6b8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_6b8.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 1/29/2008 8:16:07 PM | Attr =	]

[CatchMe Rootkit Scan by GMER]
Rootkit scan error - could not find scan log
Rootkit scan error - could not find scan log

< End of report >

  • 0

#13
lozard
Posted 29 January 2008 - 09:29 PM

lozard

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
WinPFind35 logfile created on: 1/29/2008 9:11:14 PM
WinPFind35U Version Beta40 Folder = C:\Documents and Settings\Original\Desktop\WinPFind35u
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)

1015.36 Mb Total Physical Memory | 478.98 Mb Available Physical Memory | 47.17% Memory free
2.39 Gb Paging File | 1.91 Gb Available in Paging File | 79.92% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.81 Gb Total Space | 7.45 Gb Free Space | 13.35% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: TREY-HAGINS
Current User Name: Original
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user


[Processes - Non-Microsoft Only]
smc.exe -> %ProgramFiles%\Symantec\Symantec Endpoint Protection\Smc.exe -> Symantec Corporation [Ver = 11.0.780.980 | Size = 2532736 bytes | Modified Date = 9/7/2007 10:33:32 PM | Attr = ]
ccsvchst.exe -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.3.3.16 | Size = 108392 bytes | Modified Date = 8/6/2007 3:08:06 AM | Attr = ]
wltrysvc.exe -> %System32%\WLTRYSVC.EXE -> [Ver = | Size = 65536 bytes | Modified Date = 12/6/2004 7:45:14 PM | Attr = ]
bcmwltry.exe -> %System32%\BCMWLTRY.EXE -> Dell Inc [Ver = 3.100.41.0 | Size = 872556 bytes | Modified Date = 12/6/2004 7:45:12 PM | Attr = ]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 9/6/2007 12:28:18 PM | Attr = ]
basfipm.exe -> %System32%\BAsfIpM.exe -> Broadcom Corp. [Ver = 6.0.4 | Size = 77824 bytes | Modified Date = 4/1/2004 5:05:48 PM | Attr = ]
iap.exe -> %ProgramFiles%\Dell\OpenManage\Client\Iap.exe -> Dell Inc [Ver = 7, 1, 382, 0 | Size = 155648 bytes | Modified Date = 2/13/2004 9:47:02 AM | Attr = ]
nicconfigsvc.exe -> %ProgramFiles%\Dell\NicConfigSvc\NicConfigSvc.exe -> Dell Inc. [Ver = 1, 0, 0, 1 | Size = 356352 bytes | Modified Date = 3/3/2005 10:29:02 PM | Attr = ]
rtvscan.exe -> %ProgramFiles%\Symantec\Symantec Endpoint Protection\Rtvscan.exe -> Symantec Corporation [Ver = 11.0.777.1008 | Size = 2177464 bytes | Modified Date = 9/6/2007 3:55:38 AM | Attr = ]
spysweeper.exe -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeper.exe -> Webroot Software, Inc. [Ver = 3,3,1,2592 | Size = 3376704 bytes | Modified Date = 1/25/2007 9:58:50 PM | Attr = ]
smcgui.exe -> %ProgramFiles%\Symantec\Symantec Endpoint Protection\SmcGui.exe -> Symantec Corporation [Ver = 11.0.780.980 | Size = 1635712 bytes | Modified Date = 9/7/2007 10:33:34 PM | Attr = ]
apoint.exe -> %ProgramFiles%\Apoint\Apoint.exe -> Alps Electric Co., Ltd. [Ver = 5.5.101.141 | Size = 155648 bytes | Modified Date = 9/13/2004 3:33:20 PM | Attr = ]
wltray.exe -> %System32%\WLTRAY.EXE -> Dell Inc [Ver = 3.100.41.0 | Size = 696425 bytes | Modified Date = 12/6/2004 7:45:14 PM | Attr = ]
dvdlauncher.exe -> %ProgramFiles%\CyberLink\PowerDVD\DVDLauncher.exe -> CyberLink Corp. [Ver = 3.00.0000 | Size = 53248 bytes | Modified Date = 4/26/2004 7:04:14 AM | Attr = ]
tfswctrl.exe -> %System32%\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 127035 bytes | Modified Date = 12/6/2004 12:05:00 AM | Attr = ]
hkcmd.exe -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4020 | Size = 126976 bytes | Modified Date = 2/15/2005 8:02:56 AM | Attr = ]
apntex.exe -> %ProgramFiles%\Apoint\ApntEx.exe -> Alps Electric Co., Ltd. [Ver = 5.5.1.19 | Size = 45056 bytes | Modified Date = 8/19/2004 1:40:08 PM | Attr = ]
qttask.exe -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.2 | Size = 286720 bytes | Modified Date = 6/29/2007 5:24:52 AM | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.4.3.1 | Size = 267064 bytes | Modified Date = 9/26/2007 1:42:04 PM | Attr = ]
motivesb.exe -> %ProgramFiles%\ALLTEL DSL Check-up Center\SmartBridge\MotiveSB.exe -> Motive Communications, Inc. [Ver = 5.8.10.asst_classic.smartbridge.20041013_160000 | Size = 393216 bytes | Modified Date = 11/9/2004 10:32:44 AM | Attr = ]
ccapp.exe -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 106.3.3.16 | Size = 115560 bytes | Modified Date = 8/6/2007 3:08:40 AM | Attr = ]
spysweeperui.exe -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeperUI.exe -> Webroot Software, Inc. [Ver = 5,3,1,2344 | Size = 4865600 bytes | Modified Date = 1/25/2007 9:58:38 PM | Attr = ]
googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 7/28/2007 8:50:24 PM | Attr = ]
superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 6/21/2007 2:06:28 PM | Attr = ]
ymsgr_tray.exe -> %ProgramFiles%\Yahoo!\Messenger\Ymsgr_tray.exe -> Yahoo! Inc. [Ver = 8,1,0,0 | Size = 103664 bytes | Modified Date = 8/30/2007 4:43:18 PM | Attr = ]
reader_sl.exe -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 29696 bytes | Modified Date = 12/14/2004 3:44:06 AM | Attr = ]
tosbtmng1.exe -> %ProgramFiles%\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe -> [Ver = | Size = 45056 bytes | Modified Date = 12/22/2004 12:42:22 PM | Attr = ]
pnagent.exe -> %ProgramFiles%\Citrix\ICA Client\pnagent.exe -> Citrix Systems, Inc. [Ver = 9.200.44376 | Size = 233744 bytes | Modified Date = 5/2/2006 6:22:30 PM | Attr = ]
mpbtn.exe -> %ProgramFiles%\ALLTEL DSL Check-up Center\bin\mpbtn.exe -> [Ver = | Size = 192512 bytes | Modified Date = 3/16/2004 5:49:50 PM | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.4.3.1 | Size = 503608 bytes | Modified Date = 9/26/2007 1:41:56 PM | Attr = ]
ssu.exe -> %ProgramFiles%\Webroot\Spy Sweeper\ssu.exe -> [Ver = | Size = 168512 bytes | Modified Date = 1/25/2007 9:58:46 PM | Attr = ]
winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 307200 bytes | Modified Date = 1/29/2008 11:17:26 AM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 9/6/2007 12:28:18 PM | Attr = ]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Stopped] -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4107 | Size = 405504 bytes | Modified Date = 12/4/2004 2:32:34 AM | Attr = ]
(BAsfIpM) Broadcom ASF IP monitoring service v6.0.4 [Win32_Own | Auto | Running] -> %System32%\BAsfIpM.exe -> Broadcom Corp. [Ver = 6.0.4 | Size = 77824 bytes | Modified Date = 4/1/2004 5:05:48 PM | Attr = ]
(ccEvtMgr) Symantec Event Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.3.3.16 | Size = 108392 bytes | Modified Date = 8/6/2007 3:08:06 AM | Attr = ]
(ccSetMgr) Symantec Settings Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.3.3.16 | Size = 108392 bytes | Modified Date = 8/6/2007 3:08:06 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 1/27/2007 2:01:52 PM | Attr = ]
(Iap) Iap [Win32_Own | Auto | Running] -> %ProgramFiles%\Dell\OpenManage\Client\Iap.exe -> Dell Inc [Ver = 7, 1, 382, 0 | Size = 155648 bytes | Modified Date = 2/13/2004 9:47:02 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 73728 bytes | Modified Date = 10/22/2004 2:24:18 AM | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.4.3.1 | Size = 503608 bytes | Modified Date = 9/26/2007 1:41:56 PM | Attr = ]
(LVSrvLauncher) LVSrvLauncher [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Logitech\SrvLnch\SrvLnch.exe -> Logitech Inc. [Ver = 10.4.0.1401 | Size = 101152 bytes | Modified Date = 11/15/2006 10:05:40 PM | Attr = ]
(NICCONFIGSVC) NICCONFIGSVC [Win32_Own | Auto | Running] -> %ProgramFiles%\Dell\NicConfigSvc\NicConfigSvc.exe -> Dell Inc. [Ver = 1, 0, 0, 1 | Size = 356352 bytes | Modified Date = 3/3/2005 10:29:02 PM | Attr = ]
(SmcService) Symantec Management Client [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\Symantec Endpoint Protection\Smc.exe -> Symantec Corporation [Ver = 11.0.780.980 | Size = 2532736 bytes | Modified Date = 9/7/2007 10:33:32 PM | Attr = ]
(SNAC) Symantec Network Access Control [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\Symantec Endpoint Protection\SNAC.EXE -> Symantec Corporation [Ver = 11.0.780.980 | Size = 234888 bytes | Modified Date = 9/7/2007 10:35:04 PM | Attr = ]
(Symantec AntiVirus) Symantec Endpoint Protection [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\Symantec Endpoint Protection\Rtvscan.exe -> Symantec Corporation [Ver = 11.0.777.1008 | Size = 2177464 bytes | Modified Date = 9/6/2007 3:55:38 AM | Attr = ]
(WebrootSpySweeperService) Webroot Spy Sweeper Engine [Win32_Own | Auto | Running] -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeper.exe -> Webroot Software, Inc. [Ver = 3,3,1,2592 | Size = 3376704 bytes | Modified Date = 1/25/2007 9:58:50 PM | Attr = ]
(wltrysvc) Dell Wireless WLAN Tray Service [Win32_Own | Auto | Running] -> %System32%\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe -> File not found

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Apoint -> %ProgramFiles%\Apoint\Apoint.exe -> Alps Electric Co., Ltd. [Ver = 5.5.101.141 | Size = 155648 bytes | Modified Date = 9/13/2004 3:33:20 PM | Attr = ]
ATIPTA -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5125 | Size = 344064 bytes | Modified Date = 12/3/2004 8:00:00 PM | Attr = ]
ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 106.3.3.16 | Size = 115560 bytes | Modified Date = 8/6/2007 3:08:40 AM | Attr = ]
Dell Wireless Manager UI -> %System32%\WLTRAY.EXE -> Dell Inc [Ver = 3.100.41.0 | Size = 696425 bytes | Modified Date = 12/6/2004 7:45:14 PM | Attr = ]
dla -> %System32%\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 127035 bytes | Modified Date = 12/6/2004 12:05:00 AM | Attr = ]
DVDLauncher -> %ProgramFiles%\CyberLink\PowerDVD\DVDLauncher.exe -> CyberLink Corp. [Ver = 3.00.0000 | Size = 53248 bytes | Modified Date = 4/26/2004 7:04:14 AM | Attr = ]
HotKeysCmds -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4020 | Size = 126976 bytes | Modified Date = 2/15/2005 8:02:56 AM | Attr = ]
IgfxTray -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4020 | Size = 155648 bytes | Modified Date = 2/15/2005 8:02:58 AM | Attr = ]
ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> InstallShield Software Corporation [Ver = 3, 20, 100, 1123 | Size = 221184 bytes | Modified Date = 8/9/2004 5:03:58 AM | Attr = ]
ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 3, 20, 100, 1123 | Size = 81920 bytes | Modified Date = 8/9/2004 5:03:38 AM | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.4.3.1 | Size = 267064 bytes | Modified Date = 9/26/2007 1:42:04 PM | Attr = ]
Motive SmartBridge -> %ProgramFiles%\ALLTEL DSL Check-up Center\SmartBridge\MotiveSB.exe -> Motive Communications, Inc. [Ver = 5.8.10.asst_classic.smartbridge.20041013_160000 | Size = 393216 bytes | Modified Date = 11/9/2004 10:32:44 AM | Attr = ]
NeroFilterCheck -> %System32%\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 7/9/2001 9:50:42 AM | Attr = ]
NoteBurner -> %ProgramFiles%\NoteBurner\VTBurnerGUI.exe -> File not found
PDF4 Registry Controller -> %ProgramFiles%\ScanSoft\PDF Professional 4.0\RegistryController.exe -> Nuance Communications, Inc. [Ver = 4.0.6422.2 | Size = 40960 bytes | Modified Date = 8/22/2006 6:09:54 PM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.2 | Size = 286720 bytes | Modified Date = 6/29/2007 5:24:52 AM | Attr = ]
SpySweeper -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeperUI.exe -> Webroot Software, Inc. [Ver = 5,3,1,2344 | Size = 4865600 bytes | Modified Date = 1/25/2007 9:58:38 PM | Attr = ]
SSBkgdUpdate -> %CommonProgramFiles%\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe -> Scansoft, Inc. [Ver = 1, 0, 0, 6 | Size = 155648 bytes | Modified Date = 9/29/2003 11:14:58 PM | Attr = R ]
UpdateManager -> %CommonProgramFiles%\Sonic\Update Manager\sgtray.exe -> Sonic Solutions [Ver = 1.01.33b | Size = 110592 bytes | Modified Date = 1/7/2004 12:01:00 AM | Attr = ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
H/PC Connection Agent -> %ProgramFiles%\Microsoft ActiveSync\WCESCOMM.EXE -> File not found
MySpaceIM -> %ProgramFiles%\MySpace\IM\MySpaceIM.exe -> File not found
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 6/21/2007 2:06:28 PM | Attr = ]
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 7/28/2007 8:50:24 PM | Attr = ]
Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 8/30/2007 4:43:18 PM | Attr = ]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 29696 bytes | Modified Date = 12/14/2004 3:44:06 AM | Attr = ]
%AllUsersStartup%\Bluetooth Manager.lnk -> %ProgramFiles%\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe -> [Ver = | Size = 45056 bytes | Modified Date = 12/22/2004 12:42:22 PM | Attr = ]
%AllUsersStartup%\Program Neighborhood Agent.lnk -> %ProgramFiles%\Citrix\ICA Client\pnagent.exe -> Citrix Systems, Inc. [Ver = 9.200.44376 | Size = 233744 bytes | Modified Date = 5/2/2006 6:22:30 PM | Attr = ]
%AllUsersStartup%\Windstream Broadband Check-up Center.lnk -> %ProgramFiles%\ALLTEL DSL Check-up Center\bin\matcli.exe -> Motive Communications, Inc. [Ver = 5.8.1.asst_classic.asst_matcli.20040316_162000 | Size = 217088 bytes | Modified Date = 3/16/2004 5:49:50 PM | Attr = ]
< Original Startup Folder > -> C:\Documents and Settings\Original\Start Menu\Programs\Startup ->
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
AtiExtEvent -> %System32%\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4107 | Size = 90112 bytes | Modified Date = 12/4/2004 2:32:40 AM | Attr = ]
igfxcui -> %System32%\igfxsrvc.dll -> Intel Corporation [Ver = 3.0.0.4020 | Size = 348160 bytes | Modified Date = 2/15/2005 8:02:58 AM | Attr = ]
WgaLogon -> -> File not found
WRNotifier -> %System32%\WRLogonNtf.dll -> Webroot Software, Inc. [Ver = 3,3,1,2592 | Size = 233024 bytes | Modified Date = 1/25/2007 9:58:48 PM | Attr = ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft....k/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft....k/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft....k/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft....k/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn...st/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://www.google.com/ie ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Default_Page_URL -> http://www.dell.com/ ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.google.com/ie ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.google.com ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://softwarerefer...=...6Ojg5&lid=2 ->
HKEY_CURRENT_USER\: Search\\SearchAssistant -> http://www.google.com/ie ->
HKEY_CURRENT_USER\: SearchURL\\ -> http://www.google.com/search?q=%s[Reg Error: Value provider does not exist or could not be read.] ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
HKEY_CURRENT_USER\: ProxyOverride -> 127.0.0.1 ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
turbotax.com .[https] -> Trusted sites ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 7.0.0.2004121400 | Size = 63136 bytes | Modified Date = 12/14/2004 12:56:50 AM | Attr = ]
{5CA3D70E-1895-11CF-8E15-001234567890} [HKEY_LOCAL_MACHINE] -> %System32%\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 1.04.08a | Size = 118842 bytes | Modified Date = 12/6/2004 12:05:00 AM | Attr = ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 0, 301, 7164 | Size = 325048 bytes | Modified Date = 7/28/2007 8:50:24 PM | Attr = ]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_02\bin\NPJPI150_02.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.20.9 | Size = 69746 bytes | Modified Date = 3/4/2005 2:54:17 AM | Attr = ]
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}:{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Microsoft ActiveSync\INETREPL.DLL [Create Mobile Favorite] -> File not found
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}:{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Microsoft ActiveSync\INETREPL.DLL [Create Mobile Favorite...] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
Open with ScanSoft PDF Converter 4.0 -> %ProgramFiles%\ScanSoft\PDF Professional 4.0\cnvres_eng.dll -> [Ver = | Size = 2150400 bytes | Modified Date = 8/16/2006 3:51:06 PM | Attr = ]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.micro...d...=%s&mime=%s ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{1524D730-4159-4A68-A15A-E8E30FB50642} -> (Dell Wireless 1370 WLAN Mini-PCI Card) ->
{933601B8-66F8-409B-A8D7-EBD6CE6CF4FA} -> (Broadcom NetXtreme 57xx Gigabit Controller) ->
{A4C21C79-A5BC-4F9F-B3EB-CA0367E7618F} -> () ->
{EDB79E45-97F2-4BCB-A61A-16C15ACDD17B} -> () ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found
mctp:{d7b95390-b1c5-11d0-b111-0080c712fe82} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Microsoft ActiveSync\aatp.dll[mctp: Asynchronous Pluggable Protocol Handler] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}[HKEY_LOCAL_MACHINE] -> http://www.apple.com...ex/qtplugin.cab[QuickTime Object] ->
{166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macr...director/sw.cab[Shockwave ActiveX Control] ->
{321FB770-1FBE-4BFE-BDC1-6F622D4FA499}[HKEY_LOCAL_MACHINE] -> https://activation.a...aller_2-0-0.cab[Reg Error: Value does not exist or could not be read.] ->
{406B5949-7190-4245-91A9-30A17DE16AD0}[HKEY_LOCAL_MACHINE] -> http://photo.walgree...eensActivia.cab[Snapfish Activia] ->
{493ACF15-5CD9-4474-82A6-91670C3DD66E}[HKEY_LOCAL_MACHINE] -> http://www.linkedin....nderControl.cab[LinkedIn ContactFinderControl] ->
{4F1E5B1A-2A80-42CA-8532-2D05CB959537}[HKEY_LOCAL_MACHINE] -> http://gfx1.hotmail....es/MSNPUpld.cab[MSN Photo Upload Tool] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/...indows-i586.cab[Java Plug-in 1.5.0_02] ->
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}[HKEY_LOCAL_MACHINE] -> http://acs.pandasoft...free/asinst.cab[ActiveScan Installer Class] ->
{AE6C4705-0F11-4ACB-BDD4-37F138BEF289}[HKEY_LOCAL_MACHINE] -> http://www.hebphoto....PUploader45.cab[Image Uploader Control] ->
{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/...indows-i586.cab[Java Plug-in 1.5.0_02] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macr...ash/swflash.cab[Shockwave Flash Object] ->
{F5131C24-E56D-11CF-B78A-444553540000}[HKEY_LOCAL_MACHINE] -> https://wc.wachovia....ab/ikcntrls.cab[Ikonic Menu Control] ->
Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file:///C:/WINDOWS/Java/classes/xmldso.cab[Reg Error: Key does not exist or could not be opened.] ->


[Registry - Additional Scans - Non-Microsoft Only]


[Files/Folders - Created Within 30 days]
Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 1/26/2008 8:06:52 PM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1064755200 bytes | Created Date = 1/26/2008 7:51:41 PM | Attr = HS]
install.dat -> %SystemDrive%\install.dat -> [Ver = | Size = 164 bytes | Created Date = 1/19/2008 11:46:19 PM | Attr = ]
SDFix -> %SystemDrive%\SDFix -> [Folder | Created Date = 1/21/2008 9:24:06 PM | Attr = ]
sqmdata09.sqm -> %SystemDrive%\sqmdata09.sqm -> [Ver = | Size = 268 bytes | Created Date = 1/1/2008 8:07:18 PM | Attr = H ]
sqmnoopt09.sqm -> %SystemDrive%\sqmnoopt09.sqm -> [Ver = | Size = 244 bytes | Created Date = 1/1/2008 8:07:18 PM | Attr = H ]
_OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Created Date = 1/27/2008 8:33:40 PM | Attr = ]
enethusb.sys -> %System32%\drivers\enethusb.sys -> Efficient Networks, Inc. [Ver = 2.1.0.60 | Size = 28005 bytes | Created Date = 1/18/2008 11:34:30 PM | Attr = R ]
SSFS0509.sys -> %System32%\drivers\SSFS0509.sys -> Webroot Software Inc (www.webroot.com) [Ver = 3.3.1.2592 | Size = 20544 bytes | Created Date = 1/20/2008 8:24:06 AM | Attr = ]
sshrmd.sys -> %System32%\drivers\sshrmd.sys -> Webroot Software Inc (www.webroot.com) [Ver = 3.3.1.2592 | Size = 22080 bytes | Created Date = 1/20/2008 8:24:05 AM | Attr = ]
ssidrv.sys -> %System32%\drivers\ssidrv.sys -> Webroot Software Inc (www.webroot.com) [Ver = 3.3.1.2592 | Size = 144448 bytes | Created Date = 1/20/2008 8:24:05 AM | Attr = ]
sskbfd.sys -> %System32%\drivers\sskbfd.sys -> Webroot Software Inc (www.webroot.com) [Ver = 3.3.1.2592 | Size = 21056 bytes | Created Date = 1/20/2008 8:24:05 AM | Attr = ]
SYMEVENT.CAT -> %System32%\drivers\SYMEVENT.CAT -> [Ver = | Size = 10652 bytes | Created Date = 1/19/2008 10:03:57 PM | Attr = ]
SYMEVENT.INF -> %System32%\drivers\SYMEVENT.INF -> [Ver = | Size = 806 bytes | Created Date = 1/19/2008 10:03:57 PM | Attr = ]
SYMEVENT.SYS -> %System32%\drivers\SYMEVENT.SYS -> Symantec Corporation [Ver = 12.4.0.24 | Size = 136496 bytes | Created Date = 1/19/2008 10:03:57 PM | Attr = ]
SysPlant.sys -> %System32%\drivers\SysPlant.sys -> Symantec Corporation [Ver = 11.0.780.980 | Size = 87424 bytes | Created Date = 1/19/2008 10:04:52 PM | Attr = ]
ActiveScan -> %System32%\ActiveScan -> [Folder | Created Date = 1/25/2008 8:17:59 PM | Attr = ]
3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
asuninst.exe -> %System32%\asuninst.exe -> Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Created Date = 1/25/2008 8:55:56 PM | Attr = ]
DevMngr.vxd -> %System32%\DevMngr.vxd -> [Ver = | Size = 6345 bytes | Created Date = 1/18/2008 11:21:26 PM | Attr = R ]
dumphive.exe -> %System32%\dumphive.exe -> [Ver = | Size = 51200 bytes | Created Date = 1/20/2008 8:22:57 PM | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Created Date = 1/25/2008 8:24:18 PM | Attr = ]
IEDFix.exe -> %System32%\IEDFix.exe -> S!Ri.URZ [Ver = | Size = 81920 bytes | Created Date = 1/20/2008 8:23:00 PM | Attr = ]
javasup.vxd -> %System32%\javasup.vxd -> [Ver = | Size = 7315 bytes | Created Date = 1/18/2008 11:15:53 PM | Attr = ]
MCC16.dll -> %System32%\MCC16.dll -> [Ver = | Size = 6048 bytes | Created Date = 1/19/2008 12:04:58 AM | Attr = ]
MCCDevice.dll -> %System32%\MCCDevice.dll -> Motive Communications, Inc. [Ver = 4,10,7,2 | Size = 69632 bytes | Created Date = 1/19/2008 12:04:58 AM | Attr = ]
MCCDNSHLP_1-0-0_DSR.dll -> %System32%\MCCDNSHLP_1-0-0_DSR.dll -> Motive Communications, Inc. [Ver = 1,0,0,3 | Size = 589824 bytes | Created Date = 1/18/2008 11:19:11 PM | Attr = ]
MRT.INI -> %System32%\MRT.INI -> [Ver = | Size = 118 bytes | Created Date = 1/26/2008 7:59:03 PM | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Created Date = 1/25/2008 8:19:41 PM | Attr = ]
Process.exe -> %System32%\Process.exe -> http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Created Date = 1/20/2008 8:22:51 PM | Attr = ]
S32EVNT1.DLL -> %System32%\S32EVNT1.DLL -> Symantec Corporation [Ver = 12.4.0.25 | Size = 60808 bytes | Created Date = 1/19/2008 10:03:57 PM | Attr = ]
SrchSTS.exe -> %System32%\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Created Date = 1/20/2008 8:22:55 PM | Attr = ]
ssiefr.EXE -> %System32%\ssiefr.EXE -> Webroot Software Inc (www.webroot.com) [Ver = 3.3.1.2592 | Size = 10240 bytes | Created Date = 1/20/2008 8:23:59 AM | Attr = ]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Created Date = 1/20/2008 8:22:52 PM | Attr = ]
swsc.exe -> %System32%\swsc.exe -> [Ver = | Size = 40960 bytes | Created Date = 1/20/2008 8:22:53 PM | Attr = ]
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Created Date = 1/20/2008 8:22:57 PM | Attr = ]
tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 4780 bytes | Created Date = 1/20/2008 8:26:02 PM | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Created Date = 1/25/2008 8:26:49 PM | Attr = ]
VCCLSID.exe -> %System32%\VCCLSID.exe -> S!Ri [Ver = | Size = 289144 bytes | Created Date = 1/20/2008 8:22:58 PM | Attr = ]
WRLogonNtf.dll -> %System32%\WRLogonNtf.dll -> Webroot Software, Inc. [Ver = 3,3,1,2592 | Size = 233024 bytes | Created Date = 1/20/2008 8:24:04 AM | Attr = ]
wrlzma.dll -> %System32%\wrlzma.dll -> [Ver = | Size = 26688 bytes | Created Date = 1/20/2008 8:24:00 AM | Attr = ]
WS2Fix.exe -> %System32%\WS2Fix.exe -> [Ver = | Size = 25600 bytes | Created Date = 1/20/2008 8:22:59 PM | Attr = ]
zonedoff.reg -> %System32%\zonedoff.reg -> [Ver = | Size = 113 bytes | Created Date = 1/18/2008 11:15:46 PM | Attr = ]
zonedon.reg -> %System32%\zonedon.reg -> [Ver = | Size = 113 bytes | Created Date = 1/18/2008 11:15:46 PM | Attr = ]
ZPORT4AS.dll -> %System32%\ZPORT4AS.dll -> [Ver = | Size = 11776 bytes | Created Date = 1/25/2008 8:55:56 PM | Attr = ]
ERDNT -> %SystemRoot%\ERDNT -> [Folder | Created Date = 1/26/2008 8:07:22 PM | Attr = ]
jautoexp.dat -> %SystemRoot%\jautoexp.dat -> [Ver = | Size = 6550 bytes | Created Date = 1/18/2008 11:15:53 PM | Attr = ]
Motive -> %SystemRoot%\Motive -> [Folder | Created Date = 1/19/2008 12:07:16 AM | Attr = ]
WRUninstall.dll -> %SystemRoot%\WRUninstall.dll -> Webroot Software, Inc. [Ver = 5,3,1,2344 | Size = 271936 bytes | Created Date = 1/20/2008 8:23:59 AM | Attr = ]
_detmp.1 -> %SystemRoot%\_detmp.1 -> [Ver = | Size = 1619873 bytes | Created Date = 1/25/2008 11:41:18 PM | Attr = ]
_detmp.2 -> %SystemRoot%\_detmp.2 -> SAS Institute Inc. [Ver = 8.2.0.6 | Size = 72192 bytes | Created Date = 1/25/2008 11:41:35 PM | Attr = ]
_detmp.3 -> %SystemRoot%\_detmp.3 -> [Ver = | Size = 7091 bytes | Created Date = 1/25/2008 11:42:00 PM | Attr = ]
_detmp.4 -> %SystemRoot%\_detmp.4 -> [Ver = | Size = 33280 bytes | Created Date = 1/25/2008 11:43:00 PM | Attr = ]

[Files/Folders - Modified Within 30 days]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 1/28/2008 6:36:09 PM | Attr = HS]
Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 1/26/2008 8:06:52 PM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1064755200 bytes | Modified Date = 1/29/2008 9:04:35 PM | Attr = HS]
install.dat -> %SystemDrive%\install.dat -> [Ver = | Size = 164 bytes | Modified Date = 1/19/2008 11:46:35 PM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 1/29/2008 8:19:36 PM | Attr = R ]
SDFix -> %SystemDrive%\SDFix -> [Folder | Modified Date = 1/19/2008 7:26:04 AM | Attr = ]
sqmdata09.sqm -> %SystemDrive%\sqmdata09.sqm -> [Ver = | Size = 268 bytes | Modified Date = 1/1/2008 8:07:18 PM | Attr = H ]
sqmnoopt09.sqm -> %SystemDrive%\sqmnoopt09.sqm -> [Ver = | Size = 244 bytes | Modified Date = 1/1/2008 8:07:18 PM | Attr = H ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 1/26/2008 8:07:16 PM | Attr = HS]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 1/29/2008 9:05:38 PM | Attr = ]
_OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Modified Date = 1/27/2008 8:33:40 PM | Attr = ]
SYMEVENT.CAT -> %System32%\drivers\SYMEVENT.CAT -> [Ver = | Size = 10652 bytes | Modified Date = 1/19/2008 10:04:07 PM | Attr = ]
SYMEVENT.INF -> %System32%\drivers\SYMEVENT.INF -> [Ver = | Size = 806 bytes | Modified Date = 1/19/2008 10:04:07 PM | Attr = ]
SYMEVENT.SYS -> %System32%\drivers\SYMEVENT.SYS -> Symantec Corporation [Ver = 12.4.0.24 | Size = 136496 bytes | Modified Date = 1/19/2008 10:04:07 PM | Attr = ]
WpsHelper.sys -> %System32%\drivers\WpsHelper.sys -> Symantec Corporation [Ver = 11.0.717.804 | Size = 50536 bytes | Modified Date = 1/19/2008 10:08:00 PM | Attr = ]
ActiveScan -> %System32%\ActiveScan -> [Folder | Modified Date = 1/25/2008 8:56:00 PM | Attr = ]
3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 1/29/2008 9:05:16 PM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 1/26/2008 8:00:50 PM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 1/27/2008 8:58:19 PM | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 1/25/2008 8:26:43 PM | Attr = ]
Macromed -> %System32%\Macromed -> [Folder | Modified Date = 1/19/2008 9:04:21 PM | Attr = ]
MRT.INI -> %System32%\MRT.INI -> [Ver = | Size = 118 bytes | Modified Date = 1/26/2008 7:59:03 PM | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Modified Date = 1/25/2008 8:24:13 PM | Attr = ]
Restore -> %System32%\Restore -> [Folder | Modified Date = 1/26/2008 8:07:16 PM | Attr = ]
S32EVNT1.DLL -> %System32%\S32EVNT1.DLL -> Symantec Corporation [Ver = 12.4.0.25 | Size = 60808 bytes | Modified Date = 1/19/2008 10:04:07 PM | Attr = ]
tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 4780 bytes | Modified Date = 1/24/2008 9:15:14 PM | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 1/25/2008 8:29:50 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 12598 bytes | Modified Date = 1/29/2008 8:15:31 PM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 1/26/2008 7:59:08 PM | Attr = H ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 1/29/2008 9:04:38 PM | Attr = S]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 1/26/2008 8:11:21 PM | Attr = S]
ERDNT -> %SystemRoot%\ERDNT -> [Folder | Modified Date = 1/27/2008 8:37:57 PM | Attr = ]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 1/20/2008 12:34:52 AM | Attr = ]
ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 1/26/2008 7:55:10 PM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 1/26/2008 7:56:44 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 1/26/2008 7:59:19 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 1/27/2008 8:58:34 PM | Attr = HS]
java -> %SystemRoot%\java -> [Folder | Modified Date = 1/18/2008 11:15:51 PM | Attr = ]
Motive -> %SystemRoot%\Motive -> [Folder | Modified Date = 1/19/2008 12:07:16 AM | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 116 bytes | Modified Date = 1/19/2008 12:57:55 AM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 1/29/2008 8:33:11 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 1/29/2008 9:05:53 PM | Attr = H ]
system32 -> %System32% -> [Folder | Modified Date = 1/26/2008 8:00:50 PM | Attr = ]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 1/29/2008 9:07:17 PM | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 1/19/2008 10:03:45 PM | Attr = ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 1/28/2008 12:12:02 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 1/29/2008 9:04:49 PM | Attr = H ]
User_Feed_Synchronization-{FCED3B27-FF7D-4D36-8741-FFED57F606A6}.job -> %SystemRoot%\tasks\User_Feed_Synchronization-{FCED3B27-FF7D-4D36-8741-FFED57F606A6}.job -> [Ver = | Size = 428 bytes | Modified Date = 1/29/2008 9:10:25 PM | Attr = H ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 41372 bytes | Modified Date = 1/25/2008 11:08:54 PM | Attr = ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 41372 bytes | Modified Date = 1/25/2008 11:08:53 PM | Attr = ]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 12330 bytes | Modified Date = 12/10/2006 10:25:43 PM | Attr = ]
SSUPDATE.EXE -> C:\Documents and Settings\Original\Local Settings\Temp\SSUPDATE.EXE -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1030 | Size = 146672 bytes | Modified Date = 6/21/2007 2:07:10 PM | Attr = ]
4 C:\Documents and Settings\Original\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Original\Local Settings\Temp\*.tmp ->
md5deep.exe -> C:\Documents and Settings\Original\Local Settings\Temp\~tamqlrz.tmp\md5deep.exe -> [Ver = | Size = 21504 bytes | Modified Date = 7/29/2007 8:23:07 PM | Attr = ]
sed.exe -> C:\Documents and Settings\Original\Local Settings\Temp\~tamqlrz.tmp\sed.exe -> [Ver = | Size = 37376 bytes | Modified Date = 7/29/2007 8:23:07 PM | Attr = ]
swreg.exe -> C:\Documents and Settings\Original\Local Settings\Temp\~tamqlrz.tmp\swreg.exe -> SteelWerX [Ver = 2.0.2.0 | Size = 119296 bytes | Modified Date = 7/29/2007 8:23:07 PM | Attr = ]
Resume.exe -> C:\Documents and Settings\Original\Local Settings\Temp\2S771O1K\Resume.exe -> [Ver = 3.3 | Size = 433521 bytes | Modified Date = 1/29/2008 8:32:54 PM | Attr = ]
dss.dll -> C:\Documents and Settings\Original\Local Settings\Temp\~tamqlrz.tmp\dss.dll -> [Ver = | Size = 37888 bytes | Modified Date = 10/14/2007 12:42:28 AM | Attr = ]
unpack.dll -> C:\Documents and Settings\Original\Local Settings\Temp\2S771O1K\unpack.dll -> [Ver = | Size = 35328 bytes | Modified Date = 1/29/2008 8:32:54 PM | Attr = ]
CustomUI.dll -> C:\Documents and Settings\Original\Local Settings\Temp\2S771O1K\Uninstall\plugins\0\CustomUI.dll -> [Ver = | Size = 352768 bytes | Modified Date = 12/19/2006 12:28:12 PM | Attr = ]
Services.dll -> C:\Documents and Settings\Original\Local Settings\Temp\2S771O1K\Uninstall\plugins\1\Services.dll -> [Ver = | Size = 107520 bytes | Modified Date = 11/24/2004 12:53:52 PM | Attr = ]
_shfoldr.dll -> C:\Documents and Settings\Original\Local Settings\Temp\is-78QTU.tmp\_isetup\_shfoldr.dll -> Microsoft Corporation [Ver = 5.50.4807.2300 | Size = 23312 bytes | Modified Date = 1/29/2008 8:20:12 PM | Attr = ]
1 C:\Documents and Settings\Original\Local Settings\Temp\is-78QTU.tmp\_isetup\*.tmp files -> C:\Documents and Settings\Original\Local Settings\Temp\is-78QTU.tmp\_isetup\*.tmp ->
Perflib_Perfdata_48c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_48c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 1/28/2008 6:37:00 PM | Attr = ]
Perflib_Perfdata_604.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_604.dat -> [Ver = | Size = 16384 bytes | Modified Date = 1/29/2008 9:05:07 PM | Attr = ]
Perflib_Perfdata_618.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_618.dat -> [Ver = | Size = 16384 bytes | Modified Date = 1/26/2008 8:01:40 PM | Attr = ]
Perflib_Perfdata_648.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_648.dat -> [Ver = | Size = 16384 bytes | Modified Date = 1/27/2008 8:44:16 PM | Attr = ]
Perflib_Perfdata_664.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_664.dat -> [Ver = | Size = 16384 bytes | Modified Date = 1/27/2008 8:53:49 PM | Attr = ]
Perflib_Perfdata_6a0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_6a0.dat -> [Ver = | Size = 16384 bytes | Modified Date = 1/29/2008 8:24:05 PM | Attr = ]
Perflib_Perfdata_6b8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_6b8.dat -> [Ver = | Size = 16384 bytes | Modified Date = 1/29/2008 8:16:07 PM | Attr = ]

[CatchMe Rootkit Scan by GMER]
Rootkit scan error - could not find scan log
Rootkit scan error - could not find scan log

< End of report >
  • 0

#14
Rorschach112
Posted 30 January 2008 - 07:56 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Start WinPFind35U. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> NoteBurner -> %ProgramFiles%\NoteBurner\VTBurnerGUI.exe
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> H/PC Connection Agent -> %ProgramFiles%\Microsoft ActiveSync\WCESCOMM.EXE
YN -> MySpaceIM -> %ProgramFiles%\MySpace\IM\MySpaceIM.exe
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YN -> WgaLogon ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > ->
YN -> HKEY_CURRENT_USER\: Main\\Start Page -> http://softwarerefer...=...6Ojg5&lid=2
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}:{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Microsoft ActiveSync\INETREPL.DLL [Create Mobile Favorite]
YN -> {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}:{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Microsoft ActiveSync\INETREPL.DLL [Create Mobile Favorite...]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
YN -> ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.]
YN -> mctp:{d7b95390-b1c5-11d0-b111-0080c712fe82} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Microsoft ActiveSync\aatp.dll[mctp: Asynchronous Pluggable Protocol Handler]
YN -> msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.]
[Files/Folders - Modified Within 30 days]
YN -> 4 C:\Documents and Settings\Original\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Original\Local Settings\Temp\*.tmp
YN -> 1 C:\Documents and Settings\Original\Local Settings\Temp\is-78QTU.tmp\_isetup\*.tmp files -> C:\Documents and Settings\Original\Local Settings\Temp\is-78QTU.tmp\_isetup\*.tmp
[Start Explorer]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new WinPFind3u scan(attach the WinPFind3 scan report).

I will review the information when it comes back in.



Also post a new HijackThis log and tell me how your PC is running
  • 0

#15
lozard
Posted 30 January 2008 - 09:56 PM

lozard

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Explorer killed successfully
[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\NoteBurner deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\H/PC Connection Agent deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\MySpaceIM deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ipp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\mctp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d7b95390-b1c5-11d0-b111-0080c712fe82}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
[Files/Folders - Modified Within 30 days]
Explorer started successfully
< End of fix log >
WinPFind35U Version Beta40 fix logfile created on 01302008_214934

Attached Files


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP