I seem to have a repeated Adssite infection problem, with SuperAntiSpyWare finding the same things on every scan, and all of the other programs showing the same things.
I had a similar problem without the Adssite infections last year, that Rorschach112, I think, solved for me, very professionally I might add. But for some reason, the system restore point that I was advised to make would not reload when I tried, so I am left with the same problem I had before. I am very dilligent with scans, unfortunately though, my wife seems to think that online, she is indestructible.
Thanks for any help you can give.
Here are my Hijackthis, DSS, & Kaspersky logs.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:04:12, on 04/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\NoteBurner\VTBurnerGUI.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\lxbscoms.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\notepad.exe
c:\program files\mcafee\msc\mcshell.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = Download Directory
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5061101
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5061101
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: (no name) - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - (no file)
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [LXBSCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBStime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NoteBurner] C:\Program Files\NoteBurner\VTBurnerGUI.exe /silence
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_SD31.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish...shUKActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxbs_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbscoms.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 13832 bytes
Deckard's System Scanner v20070905.67
Run by Christopher Overend on 2008-03-04 14:34:55
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis (run as Christopher Overend.exe) ---------------------------------
Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of HijackThis v1.99.1
Scan saved at 2008-03-04 14:35:57
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16608)
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\Program Files\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\Program Files\McAfee\VirusScan\mcods.exe
C:\Program Files\McAfee\MSC\mcpromgr.exe
C:\Program Files\Common Files\McAfee\RedirSvc\RedirSvc.exe
C:\Program Files\McAfee\VirusScan\Mcshield.exe
C:\Program Files\McAfee\VirusScan\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\NoteBurner\VTBurnerGUI.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\dvd43\DVD43_Tray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\lxbscoms.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Christopher Overend\Desktop\Security\dss.exe
C:\Program Files\Hijackthis\Christopher Overend.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = Download Directory
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5061101
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.co...amp;ibd=5061101
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5061101
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: (no name) - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - (no file)
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptcl.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKEY_LOCAL_MACHINE\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKEY_LOCAL_MACHINE\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKEY_LOCAL_MACHINE\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKEY_LOCAL_MACHINE\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [LXBSCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBStime.dll,_RunDLLEntry@16
O4 - HKEY_LOCAL_MACHINE\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKEY_LOCAL_MACHINE\..\Run: [NoteBurner] C:\Program Files\NoteBurner\VTBurnerGUI.exe /silence
O4 - HKEY_LOCAL_MACHINE\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKEY_LOCAL_MACHINE\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKEY_LOCAL_MACHINE\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKEY_LOCAL_MACHINE\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_SD31.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.micr...heckControl.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish...shUKActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ent/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Adobe LM Service - Adobe Systems - "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"
O23 - Service: Apple Mobile Device - Apple, Inc. - "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - "C:\Program Files\Bonjour\mDNSResponder.exe"
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"
O23 - Service: GoogleDesktopManager - Google - "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe"
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
-- Files created between 2008-02-04 and 2008-03-04 -----------------------------
2008-03-04 14:33:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-04 14:33:29 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-04 14:33:28 0 d-------- C:\WINDOWS\LastGood
2008-03-04 14:14:35 80090 --a------ C:\WINDOWS\system32\adssite-remove.exe
2008-02-26 09:58:57 0 d-------- C:\Documents and Settings\All Users\Application Data\TomTom
2008-02-24 11:59:01 0 d-------- C:\Program Files\iPod
2008-02-24 11:58:20 0 d-------- C:\Program Files\iTunes
2008-02-08 22:11:53 691545 --a------ C:\WINDOWS\unins000.exe
2008-02-08 22:11:53 3459 --a------ C:\WINDOWS\unins000.dat
2008-02-07 16:49:54 80896 --a------ C:\WINDOWS\system32\nsz45.dll
2008-02-07 13:15:09 3038398 --a------ C:\WINDOWS\Betrayal of the Jedi.scr
2008-02-05 09:56:17 0 d-------- C:\Program Files\SmartFTP Client 2.5 Setup Files
-- Find3M Report ---------------------------------------------------------------
2008-03-03 23:54:52 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-03-03 23:32:39 256 --a------ C:\Documents and Settings\Christopher Overend\Application Data\urlredir.cfg
2008-03-03 13:00:29 77353 --a------ C:\WINDOWS\system32\adssite_sidebar_uninstall.exe
2008-03-02 11:04:30 0 d-------- C:\Program Files\SpywareBlaster
2008-03-02 10:51:35 0 d-------- C:\Program Files\QuickTime
2008-03-02 10:51:20 0 d-------- C:\Program Files\SpywareGuard
2008-02-27 10:05:11 0 d-------- C:\Program Files\McAfee
2008-02-27 10:04:57 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-26 09:57:07 0 d-------- C:\Program Files\TomTom HOME 2
2008-02-26 09:38:24 0 d-------- C:\Program Files\Lx_cats
2008-02-23 22:02:25 0 d-------- C:\Program Files\Common Files\Adobe
2008-02-17 21:28:45 0 d-------- C:\Program Files\CoffeeCup Software
2008-02-10 14:08:13 0 d-------- C:\Documents and Settings\Christopher Overend\Application Data\Macromedia
2008-02-05 10:08:32 0 d-------- C:\Program Files\SmartFTP Client
2008-01-25 17:30:30 46300 --a------ C:\WINDOWS\system32\AdssiteSocial-uninstall.exe
2008-01-19 14:47:12 5388 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-21 14:39:14 10752 --a------ C:\WINDOWS\system32\WhoisCL.exe <Not Verified; NirSoft; WhoisCL>
2007-12-20 23:11:52 81920 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [29/09/2005 20:01]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [14/12/2005 05:44]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [14/12/2005 05:41]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [14/12/2005 05:45]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [01/05/2006 15:28]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [01/05/2006 15:28]
"SigmatelSysTrayApp"="stsystra.exe" [25/03/2006 05:30 C:\WINDOWS\stsystra.exe]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [04/08/2006 00:51]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [09/03/2006 00:48]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [06/12/2004 07:05]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [27/07/2004 22:50]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [27/07/2004 22:50]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [22/08/2006 21:32]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [27/01/2003 17:16]
"LXBSCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBStime.dll" [17/03/2004 12:26]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [10/04/2007 18:35]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 09:25]
"NoteBurner"="C:\Program Files\NoteBurner\VTBurnerGUI.exe" [18/05/2007 17:33]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [20/07/2007 22:49]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11]
"dvd43"="C:\Program Files\dvd43\dvd43_tray.exe" [22/05/2006 12:26]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03/11/2006 18:20]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [23/09/2007 17:30]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [19/02/2008 13:10]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [31/01/2008 23:13]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [10/08/2004 11:00]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [17/07/2006 03:29]
"Steam"="" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [03/03/2008 23:54]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 11:43]
"EPSON Stylus DX4400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.exe" [01/03/2007 06:01]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [18/02/2008 10:58]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
C:\Documents and Settings\Christopher Overend\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [29/08/2003 18:05:35]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [25/05/2006 00:28:28]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [02/11/2006 02:03:25]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 11:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 16/09/2007 21:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5a7ecfe-ab51-11dc-857c-0015c5b9abb0}]
AutoRun\command- F:\InstallTomTomHOME.exe
-- End of Deckard's System Scanner: finished at 2008-03-04 14:37:38 ------------
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, March 04, 2008 6:41:06 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 4/03/2008
Kaspersky Anti-Virus database records: 595435
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 135124
Number of viruses found: 2
Number of infected objects: 5
Number of suspicious objects: 0
Duration of the scan process: 02:03:43
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Administrator\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Administrator\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\cf521459d3a8\dbc2e.ht1 Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\cf521459d3a8\dbdam Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\cf521459d3a8\dbdao Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\cf521459d3a8\dbeam Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\cf521459d3a8\dbeao Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\cf521459d3a8\dbm Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\cf521459d3a8\dbu2d.ht1 Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\cf521459d3a8\dbvm.cf1 Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\cf521459d3a8\dbvmh.ht1 Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\cf521459d3a8\fii.cf1 Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\cf521459d3a8\fiih.ht1 Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\cf521459d3a8\hp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\cf521459d3a8\hpt2i.ht1 Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\cf521459d3a8\rpm.cf1 Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\cf521459d3a8\rpm1m.cf1 Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\cf521459d3a8\rpm1mh.ht1 Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\cf521459d3a8\rpmh.ht1 Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\cf521459d3a8\safeweb\goog-black-enchashm.cf1 Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\cf521459d3a8\safeweb\goog-black-enchashmh.ht1 Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\cf521459d3a8\safeweb\goog-black-urlm.cf1 Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\cf521459d3a8\safeweb\goog-black-urlmh.ht1 Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\cf521459d3a8\safeweb\goog-malware-domainm.cf1 Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\cf521459d3a8\safeweb\goog-malware-domainmh.ht1 Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\cf521459d3a8\safeweb\goog-white-domainm.cf1 Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\cf521459d3a8\safeweb\goog-white-domainmh.ht1 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\log.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\logout.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{BF615F10-7FF3-45FB-9B86-057B8E3996FC}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR1.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\440e0da66604bbacb54cfcf7b9ce144d_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-09132007-101946.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare Object is locked skipped
C:\Documents and Settings\Christopher Overend\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\AUPNP.log Object is locked skipped
C:\Documents and Settings\Christopher Overend\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped
C:\Documents and Settings\Christopher Overend\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt_GTActions.log Object is locked skipped
C:\Documents and Settings\Christopher Overend\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\glog.log Object is locked skipped
C:\Documents and Settings\Christopher Overend\Application Data\Mozilla\Firefox\Profiles\gnhn24u8.default\cert8.db Object is locked skipped
C:\Documents and Settings\Christopher Overend\Application Data\Mozilla\Firefox\Profiles\gnhn24u8.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Christopher Overend\Application Data\Mozilla\Firefox\Profiles\gnhn24u8.default\history.dat Object is locked skipped
C:\Documents and Settings\Christopher Overend\Application Data\Mozilla\Firefox\Profiles\gnhn24u8.default\key3.db Object is locked skipped
C:\Documents and Settings\Christopher Overend\Application Data\Mozilla\Firefox\Profiles\gnhn24u8.default\parent.lock Object is locked skipped
C:\Documents and Settings\Christopher Overend\Application Data\Mozilla\Firefox\Profiles\gnhn24u8.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Christopher Overend\Application Data\Mozilla\Firefox\Profiles\gnhn24u8.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Christopher Overend\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-3-4-2008( 12-16-14 ).LOG Object is locked skipped
C:\Documents and Settings\Christopher Overend\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Christopher Overend\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Christopher Overend\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Christopher Overend\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{DCF9CE42-DB1C-4F53-9320-B2095CB820CD} Object is locked skipped
C:\Documents and Settings\Christopher Overend\Local Settings\Application Data\Mozilla\Firefox\Profiles\gnhn24u8.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Christopher Overend\Local Settings\Application Data\Mozilla\Firefox\Profiles\gnhn24u8.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Christopher Overend\Local Settings\Application Data\Mozilla\Firefox\Profiles\gnhn24u8.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Christopher Overend\Local Settings\Application Data\Mozilla\Firefox\Profiles\gnhn24u8.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Christopher Overend\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Christopher Overend\Local Settings\History\History.IE5\MSHist012008030420080305\index.dat Object is locked skipped
C:\Documents and Settings\Christopher Overend\Local Settings\Temp\~DF314C.tmp Object is locked skipped
C:\Documents and Settings\Christopher Overend\Local Settings\Temp\~DF3595.tmp Object is locked skipped
C:\Documents and Settings\Christopher Overend\Local Settings\Temp\~DF9DE4.tmp Object is locked skipped
C:\Documents and Settings\Christopher Overend\Local Settings\Temp\~DFDDFE.tmp Object is locked skipped
C:\Documents and Settings\Christopher Overend\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Christopher Overend\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Christopher Overend\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Christopher Overend\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data