Extra txt
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel® Pentium® 4 CPU 2.40GHz
Percentage of Memory in Use: 73%
Physical Memory (total/avail): 509.98 MiB / 133.71 MiB
Pagefile Memory (total/avail): 1245.32 MiB / 831.96 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1924.54 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 37.21 GiB total, 28.33 GiB free.
D: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - WDC WD400BB-75DEA0 - 37.25 GiB - 2 partitions
\PARTITION0 - Unknown - 31.35 MiB
\PARTITION1 (bootable) - Installable File System - 37.21 GiB - C:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
UpdatesDisableNotify is set.
AntivirusOverride is set.
AV: AVG 7.5.516 v7.5.516 (Grisoft)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Novell\\GroupWise\\grpwise.exe"="C:\\Novell\\GroupWise\\grpwise.exe:*:Enabled:Novell GroupWise"
"C:\\Novell\\GroupWise\\notify.exe"="C:\\Novell\\GroupWise\\notify.exe:*:Enabled:Novell Notify"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator.T12A\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.2\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=T12A
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator.T12A
LOGONSERVER=\\T12A
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Windows Resource Kits\Tools\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Attachmate\E!E2K\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.2\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1.T12\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1.T12\LOCALS~1\Temp
USERDOMAIN=T12A
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator.T12A
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Administrator.T12A (admin)
Administrator.T12A (admin)
hpalomino (admin)
ddonaldson (admin)
jejones (admin)
Jdouglas (admin)
karnold (admin)
jbhorton (new local, admin, net ready)
hisadmin.USADIR (admin)
hisadmin.USADIR (admin)
-- Add/Remove Programs ---------------------------------------------------------
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Apple Software Update --> MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6}
Attachmate myEXTRA! Enterprise 7.11 --> MsiExec.exe /I{ACA93BC6-A0E1-4032-BFD5-50D42BF64570}
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Citrix Presentation Server Client - Web Only --> MsiExec.exe /X{C49067A8-8212-4A82-A4D9-1519701644F0}
Dell Solution Center --> MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
GroupWise --> MsiExec.exe /I{97A2FF67-1EB6-483C-A6E6-716D91298763}
GroupWise Internet Browser Mail Integration --> C:\Novell\GroupWise\gwmailto.exe /uninstall
GroupWise Tip of the Day C3PO --> C:\Novell\GroupWise\gwtip.exe /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Intel ® Pro Alerting Agent --> MsiExec.exe /I{3C50A915-DD33-4802-B83B-9EA997D3337B}
Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
Intel® PROSet --> MsiExec.exe /I{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}
Java 2 Runtime Environment, SE v1.4.2 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
Lexmark Printer Software Uninstall --> C:\Program Files\Lexmark\Install\Uninstall.exe
LiveUpdate 2.0 (Symantec Corporation) --> C:\PROGRA~1\Symantec\LiveUpdate\LSETUP.EXE /U
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
OMCI --> MsiExec.exe /X{73F1BDB7-11E1-11D5-9DC6-00C04F2FC33B}
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"
Symantec AntiVirus --> MsiExec.exe /I{848AC794-8B81-440A-81AE-6474337DB527}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows NT Messaging --> RunDll32 setupapi.dll,InstallHinfSection Uninstall 4 MSMail.inf
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
-- Application Event Log -------------------------------------------------------
Event Record #/Type13200 / Error
Event Submitted/Written: 03/04/2008 07:51:07 PM
Event ID/Source: 11 / crypt32
Event Description:
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
Event Record #/Type13190 / Error
Event Submitted/Written: 03/04/2008 04:02:20 PM
Event ID/Source: 5 / Symantec AntiVirus
Event Description:
Threat Found!Threat: Trojan Horse in File: C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP195\A0038394.exe by: Auto-Protect scan. Action: Delete succeeded : Access denied. Action Description: The file was deleted successfully.
Event Record #/Type13189 / Error
Event Submitted/Written: 03/04/2008 04:02:20 PM
Event ID/Source: 5 / Symantec AntiVirus
Event Description:
Threat Found!Threat: Trojan Horse in File: C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP195\A0038393.exe by: Auto-Protect scan. Action: Delete succeeded : Access denied. Action Description: The file was deleted successfully.
Event Record #/Type13188 / Error
Event Submitted/Written: 03/04/2008 04:02:20 PM
Event ID/Source: 5 / Symantec AntiVirus
Event Description:
Threat Found!Threat: Trojan Horse in File: C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP195\A0038392.exe by: Auto-Protect scan. Action: Delete succeeded : Access denied. Action Description: The file was deleted successfully.
Event Record #/Type13187 / Error
Event Submitted/Written: 03/04/2008 04:02:20 PM
Event ID/Source: 5 / Symantec AntiVirus
Event Description:
Threat Found!Threat: Trojan Horse in File: C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP195\A0038391.exe by: Auto-Protect scan. Action: Delete succeeded : Access denied. Action Description: The file was deleted successfully.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type10779 / Error
Event Submitted/Written: 03/06/2008 07:40:13 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service Iap with arguments "-Service"
in order to run the server:
{B0C61A79-0870-4BE4-9153-9CCAF422E31F}
Event Record #/Type10778 / Error
Event Submitted/Written: 03/06/2008 07:40:07 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service Iap with arguments "-Service"
in order to run the server:
{B0C61A79-0870-4BE4-9153-9CCAF422E31F}
Event Record #/Type10777 / Error
Event Submitted/Written: 03/06/2008 07:26:07 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service Iap with arguments "-Service"
in order to run the server:
{B0C61A79-0870-4BE4-9153-9CCAF422E31F}
Event Record #/Type10776 / Error
Event Submitted/Written: 03/06/2008 06:50:12 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service Iap with arguments "-Service"
in order to run the server:
{B0C61A79-0870-4BE4-9153-9CCAF422E31F}
Event Record #/Type10775 / Error
Event Submitted/Written: 03/06/2008 06:50:07 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service Iap with arguments "-Service"
in order to run the server:
{B0C61A79-0870-4BE4-9153-9CCAF422E31F}
-- End of Deckard's System Scanner: finished at 2008-03-06 12:12:13 ------------
Main txt
Deckard's System Scanner v20071014.68
Run by Administrator on 2008-03-06 12:09:22
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
31: 2008-03-06 18:09:34 UTC - RP199 - Deckard's System Scanner Restore Point
30: 2008-03-06 16:49:33 UTC - RP198 - Installed AVG 7.5
29: 2008-03-05 19:33:05 UTC - RP197 - System Checkpoint
28: 2008-03-04 16:52:24 UTC - RP196 - Installed Ad-Aware 2007
27: 2008-03-04 01:36:17 UTC - RP195 - System Checkpoint
-- First Restore Point --
1: 2008-02-07 09:27:10 UTC - RP169 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
Total Physical Memory: 510 MiB (512 MiB recommended).
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-03-06 12:10:56
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\windows\system32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\windows\system32\tlntsvr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
C:\windows\explorer.exe
C:\windows\system32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Symantec\Ghost\ngctw32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgemc.exe
C:\Program Files\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
\\t64k\H\DSS anti virus removal\dss.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.usouthal.edu/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.usouthal.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NGClient] C:\Program Files\SYMANTEC\Ghost\ngctw32.exe
O4 - HKLM\..\Run: [C2K] C:\WINDOWS\Cyb2k.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\windows\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\windows\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.www.telerad.usouthal.emed.net (HKCU)
O15 - Trusted Zone: http://dashboard.usouthal.edu (HKCU)
O15 - Trusted Zone: https://healthgate.usouthal.edu (HKCU)
O15 - Trusted Zone: http://hos.usouthal.edu (HKCU)
O15 - Trusted Zone: https://magicweb.usouthal.edu (HKCU)
O15 - Trusted Zone: *.netaccess.usouthal.edu (HKCU)
O15 - Trusted Zone: http://oasgp.usouthal.edu (HKCU)
O15 - Trusted Zone: http://oasgt.usouthal.edu (HKCU)
O15 - Trusted Zone: http://sisformssrv.usouthal.edu (HKCU)
O15 - Trusted Zone: *.testnetaccess.usouthal.edu (HKCU)
O15 - Trusted IP Range: http://192.168.14.81 (HKCU)
O15 - Trusted IP Range: http://192.168.14.83 (HKCU)
O15 - Trusted IP Range: http://192.168.14.100 (HKCU)
O15 - Trusted IP Range: http://192.168.14.101 (HKCU)
O15 - Trusted IP Range: http://192.168.14.60 (HKCU)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} () - http://ak.exe.imgfar...p1.0.0.15-3.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish...fishActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1096558951296
O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} (GameHouse Games Player) - http://www.gamehouse...se/ghplayer.cab
O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} (SpinTop Games Launcher) - http://aolsvc.aol.co...mesLauncher.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} () - http://v4.windowsupd...8040.2959837963
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoe...ggPublisher.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://www.gamehouse...zylomplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.gamehouse...opcaploader.cab
O17 - HKLM\Software\..\Telephony: DomainName = usadir.usa.usouthal.edu
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{CFAEC9F4-8EDE-406A-AEBF-3891BAEDD8BC}: Domain = usadir.usa.usouthal.edu
O17 - HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: Domain = usadir.usa.usouthal.edu
O17 - HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: SearchList = usouthal.edu,usadir.usa.usouthal.edu
O17 - HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: Domain = usadir.usa.usouthal.edu
O17 - HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: SearchList = usouthal.edu,usadir.usa.usouthal.edu
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: Domain = usadir.usa.usouthal.edu
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: SearchList = usouthal.edu,usadir.usa.usouthal.edu
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: DfLogon - C:\WINDOWS\system32\LogonDll.dll
O21 - SSODL: RunOnceBoot - {8062718d-6386-42e0-94f7-79ca0fd6723d} - C:\WINDOWS\Installer\{8062718d-6386-42e0-94f7-79ca0fd6723d}\RunOnceBoot.dll (file missing)
O21 - SSODL: zip - {9fee46eb-d2f7-4340-9a3c-110837d9af2a} - C:\WINDOWS\Installer\{9fee46eb-d2f7-4340-9a3c-110837d9af2a}\zip.dll (file missing)
O21 - SSODL: ComponentAlrt - {4418ba09-c2b7-4871-8f81-50f3c1403e69} - C:\WINDOWS\Installer\{4418ba09-c2b7-4871-8f81-50f3c1403e69}\ComponentAlrt.dll (file missing)
O21 - SSODL: BootKernel - {ad1f7375-e0a8-4ae8-beb6-0f4758c98c73} - C:\WINDOWS\Installer\{ad1f7375-e0a8-4ae8-beb6-0f4758c98c73}\BootKernel.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DF5Serv - Faronics Corporation - C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Symantec Ghost Client Agent (NGClient) - Symantec Corporation - C:\Program Files\Symantec\Ghost\ngctw32.exe
O23 - Service: SavRoam - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
--
End of file - 12143 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 agp440 (Intel AGP Bus Filter) - c:\windows\\systemroot\system32\drivers\agp440.sys (file missing)
R0 DeepFrz - c:\windows\system32\drivers\deepfrz.sys <Not Verified; Faronics Corporation; Deep Freeze 5>
R1 ATMDLC (Attachmate DLC Protocol) - c:\windows\system32\drivers\atmdlc.sys <Not Verified; Attachmate Corporation; myEXTRA! Enterprise>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R2 AsfAlrt - c:\windows\system32\drivers\asfalrt.sys <Not Verified; Intel Corporation; Intel Alert on LAN® 2>
S0 GhPostConfig (Ghost Post-Configuration Driver) - c:\windows\system32\drivers\ghpcw2k.sys <Not Verified; Symantec Corporation; Ghost Enterprise client>
S2 GhPostConfig_Auto (GhostPostConfig - Auto Phase Driver) - c:\windows\system32\drivers\ghpcw2k.sys <Not Verified; Symantec Corporation; Ghost Enterprise client>
S3 iAimTV2 - c:\windows\system32\drivers\watv03nt.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 ASFAgent (ASF Agent) - c:\program files\intel\asf agent\asfagent.exe <Not Verified; Intel Corporation; Intel® PRO Alerting Suite ASF 1.0 and ASF 2.0 Compatible>
R2 DF5Serv - c:\program files\faronics\deep freeze\install c-0\df5serv.exe <Not Verified; Faronics Corporation; Deep Freeze 5>
R2 Iap - c:\program files\dell\openmanage\client\iap.exe <Not Verified; Dell Computer Corporation; OpenManage Client Instrumentation>
R2 NGClient (Symantec Ghost Client Agent) - c:\program files\symantec\ghost\ngctw32.exe <Not Verified; Symantec Corporation; Symantec Ghost Enterprise>
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2008-02-29 08:28:03 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
-- Files created between 2008-02-06 and 2008-03-06 -----------------------------
2008-03-06 11:52:09 0 dr-h----- C:\$VAULT$.AVG
2008-03-06 10:51:05 0 d-------- C:\Documents and Settings\Administrator.T12A\Application Data\AVG7
2008-03-06 10:50:11 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-06 08:37:06 0 d-------- C:\Documents and Settings\Administrator.T12A\Application Data\Macromedia
2008-03-05 15:22:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-03-05 07:39:24 691545 --a------ C:\WINDOWS\unins000.exe
2008-03-05 07:39:23 2542 --a------ C:\WINDOWS\unins000.dat
2008-03-04 13:32:40 0 d-------- C:\Documents and Settings\hisadmin.USADIR\Application Data\Macromedia
2008-03-04 11:27:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-04 10:52:33 0 d-------- C:\Program Files\Lavasoft
2008-03-04 10:52:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-04 10:51:44 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-04 10:09:30 0 d-------- C:\Documents and Settings\hisadmin.USADIR\Application Data\alot
2008-03-04 04:24:53 0 d-------- C:\Documents and Settings\LocalService\Application Data\alot
2008-03-03 19:15:23 0 d-------- C:\Program Files\XP Antivirus
2008-02-15 13:27:20 159744 --a------ C:\WINDOWS\system32\LexLog.dll <Not Verified; Lexmark International; Uninstall Log Interface DLL>
2008-02-15 13:27:20 0 d-------- C:\Program Files\Lexmark
-- Find3M Report ---------------------------------------------------------------
2008-03-06 08:51:32 0 d-------- C:\Program Files\Symantec AntiVirus
2008-03-04 10:51:44 0 d-------- C:\Program Files\Common Files
2008-03-04 10:40:35 0 d-------- C:\Program Files\Coupons
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [04/07/2003 05:19 AM]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [04/07/2003 05:07 AM]
"NGClient"="C:\Program Files\SYMANTEC\Ghost\ngctw32.exe" [12/01/2001 11:01 AM]
"C2K"="C:\WINDOWS\Cyb2k.exe" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [02/29/2004 03:44 PM]
"vptray"="C:\PROGRA~1\SYMANT~2\VPTray.exe" [03/12/2004 02:18 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [03/04/2008 12:11 PM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [03/06/2008 10:49 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 11:56 PM]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"RunOnceBoot"= {8062718d-6386-42e0-94f7-79ca0fd6723d} - C:\WINDOWS\Installer\{8062718d-6386-42e0-94f7-79ca0fd6723d}\RunOnceBoot.dll [ ]
"zip"= {9fee46eb-d2f7-4340-9a3c-110837d9af2a} - C:\WINDOWS\Installer\{9fee46eb-d2f7-4340-9a3c-110837d9af2a}\zip.dll [ ]
"ComponentAlrt"= {4418ba09-c2b7-4871-8f81-50f3c1403e69} - C:\WINDOWS\Installer\{4418ba09-c2b7-4871-8f81-50f3c1403e69}\ComponentAlrt.dll [ ]
"BootKernel"= {ad1f7375-e0a8-4ae8-beb6-0f4758c98c73} - C:\WINDOWS\Installer\{ad1f7375-e0a8-4ae8-beb6-0f4758c98c73}\BootKernel.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DfLogon]
LogonDll.dll 07/07/2005 04:12 AM 49152 C:\windows\system32\LogonDll.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Shortcut to SSS.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to SSS.lnk
backup=C:\WINDOWS\pss\Shortcut to SSS.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\antiviirus]
C:\Program Files\antiviirus.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{72615ab1-2922-11d9-bc36-806d6172696f}]
AutoRun\command- E:\Programs\nu2menu\nu2menu.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a063fc19-1d58-11d9-8009-806d6172696f}]
AutoRun\command- D:\Programs\nu2menu\nu2menu.exe
*Newly Created Service* - AVG7ALRT
*Newly Created Service* - AVG7CORE
*Newly Created Service* - AVG7RSXP
*Newly Created Service* - AVG7UPDSVC
*Newly Created Service* - AVGCLEAN
*Newly Created Service* - AVGEMS
*Newly Created Service* - AVGTDI
-- Hosts -----------------------------------------------------------------------
127.0.0.1 coolwwwsearch.com
127.0.0.1 coolwebsearch.com
127.0.0.1 hi.studioaperto.net
127.0.0.1 www.webbrowser.tv
127.0.0.1 www.wazzupnet.com
127.0.0.1 gueb.com
127.0.0.1 kabex.com
127.0.0.1 www.hityou.com
127.0.0.1 miosearch.com
127.0.0.1 wazzupnet.com
8039 more entries in hosts file.
-- End of Deckard's System Scanner: finished at 2008-03-06 12:12:13 ------------
Your help would be greatly appreciated.