thanks for helping me with this! here is the smitfraud fix log:
SmitFraudFix v2.309
Scan done at 15:34:37.07, Sun 03/30/2008
Run from C:\Documents and Settings\Robbie Pesek\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\WINDOWS\logo.gif Deleted
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{64CF959E-144F-47F8-BDE8-97C13D6A9777}: DhcpNameServer=68.87.68.162 68.87.74.162
HKLM\SYSTEM\CCS\Services\Tcpip\..\{F4E1655D-7A26-45ED-B1C4-C988EEE4190B}: DhcpNameServer=68.87.64.196 68.87.66.196
HKLM\SYSTEM\CS1\Services\Tcpip\..\{64CF959E-144F-47F8-BDE8-97C13D6A9777}: DhcpNameServer=68.87.68.162 68.87.74.162
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F4E1655D-7A26-45ED-B1C4-C988EEE4190B}: DhcpNameServer=68.87.64.196 68.87.66.196
HKLM\SYSTEM\CS2\Services\Tcpip\..\{64CF959E-144F-47F8-BDE8-97C13D6A9777}: DhcpNameServer=68.87.68.162 68.87.74.162
HKLM\SYSTEM\CS2\Services\Tcpip\..\{F4E1655D-7A26-45ED-B1C4-C988EEE4190B}: DhcpNameServer=68.87.64.196 68.87.66.196
HKLM\SYSTEM\CS3\Services\Tcpip\..\{64CF959E-144F-47F8-BDE8-97C13D6A9777}: DhcpNameServer=68.87.68.162 68.87.74.162
HKLM\SYSTEM\CS3\Services\Tcpip\..\{F4E1655D-7A26-45ED-B1C4-C988EEE4190B}: DhcpNameServer=68.87.64.196 68.87.66.196
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.87.68.162 68.87.74.162
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=68.87.68.162 68.87.74.162
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=68.87.68.162 68.87.74.162
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=68.87.68.162 68.87.74.162
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
Here are the logs from Dedkard System Scanner:
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel® Pentium® 4 CPU 2.00GHz
Percentage of Memory in Use: 55%
Physical Memory (total/avail): 766 MiB / 341.26 MiB
Pagefile Memory (total/avail): 1106.56 MiB / 780.94 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1937.59 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 74.5 GiB total, 24.89 GiB free.
D: is CDROM (No Media)
F: is Fixed (NTFS) - 233.76 GiB total, 22.18 GiB free.
\\.\PHYSICALDRIVE0 - WDC WD800JB-00JJC0 - 74.53 GiB - 2 partitions
\PARTITION0 - Unknown - 31.35 MiB
\PARTITION1 (bootable) - Installable File System - 74.5 GiB - C:
\\.\PHYSICALDRIVE1 - Maxtor 6 L250R0 USB Device - 233.76 GiB - 1 partition
\PARTITION0 - Installable File System - 233.76 GiB - F:
-- Security Center -------------------------------------------------------------
AUOptions is set to notify before download.
Windows Internal Firewall is disabled.
AntivirusOverride is set.
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Disabled:Windows Messenger"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Robbie Pesek\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ENGAGEMENT2002
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Robbie Pesek
LOGONSERVER=\\ENGAGEMENT2002
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;"C:\Program Files\Norton SystemWorks\Norton Ghost\";C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0204
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ROBBIE~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ROBBIE~1\LOCALS~1\Temp
USERDOMAIN=ENGAGEMENT2002
USERNAME=Robbie Pesek
USERPROFILE=C:\Documents and Settings\Robbie Pesek
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Owner
(admin)Robbie Pesek
(admin)Gina Drobena
(admin)Administrator
(admin)-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\System32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> MsiExec.exe /I{C4CBAD7E-DF4A-4FEC-AC17-8BC709AFB844}
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Atmosphere Player for Acrobat and Adobe Reader --> C:\WINDOWS\atmoUn.exe
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\System32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Help Center 2.1 --> MsiExec.exe /I{25569723-DC5A-4467-A639-79535BF01B71}
Adobe Photoshop Elements 5.0 --> msiexec /I {A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}
Aimersoft DVD to iPhone Converter(Build 1.0.19) --> "C:\Program Files\Aimersoft\iPhone Converter Suite\DVD2iPhone\unins000.exe"
Aimersoft iPhone Converter Suite(Build 1.0.19) --> "C:\Program Files\Aimersoft\iPhone Converter Suite\unins000.exe"
Aimersoft iPhone Video Converter(Build 1.0.19) --> "C:\Program Files\Aimersoft\iPhone Converter Suite\iPhoneVideoConverter\unins000.exe"
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Decoder --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{EDE28287-D32C-415E-9C97-2BF9F9260150} /l1033
ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HYDRAVISION --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe"
ATI Multimedia Center 9.01 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{8988F5D0-C83F-41F4-B41B-86031F9B37F5} /l1033
Canon CanoScan Toolbox 4.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BCE46757-7674-4416-BEDB-68205A60409E}\Setup.exe" -l0x9 anything
Caymas Secure Connect R2.5.4-150510 --> C:\Program Files\Caymas\remove_csc.bat
DAO --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}
DirectShow Dump --> MsiExec.exe /I{C559CCD6-E2B8-4C7B-9791-AB68F382F9C2}
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Audio Extractor 4.3.0 --> "C:\Program Files\DVD Audio Extractor\unins000.exe"
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
DVDFab Platinum 3.1.0.8 --> "C:\Program Files\DVDFab Platinum 3\unins000.exe"
Elecard XMuxer Pro --> "C:\Program Files\Elecard\Elecard XMuxer Pro\Uninstall.exe" "C:\Program Files\Elecard\Elecard XMuxer Pro\install.log" -u
eMule --> "C:\eMule\Uninstall.exe"
EPSON ESPR220 Reference Guide --> C:\Program Files\epson\guide\spr220_e\uninstall.exe
EPSON Print CD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\setup.exe" -l0x9 -SYSTEM
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
Four Winds Mah Jong 1.0 for Pocket PC 2002 --> "C:\Program Files\Microsoft ActiveSync\4WindsPPC\4WPPC.exe" -uninstall
Hard Disk Scrubber v2.1 --> "C:\Program Files\HDSCRUB\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
iPAQ Web Registration --> MsiExec.exe /I{D37C6152-89DF-4D29-83CF-666200D5F398}
ISI ResearchSoft - Export Helper --> C:\PROGRA~1\COMMON~1\Risxtd\_UNINST.EXE
iTunes --> MsiExec.exe /I{7FF9CD9C-6E0C-4462-9670-F424DCB32DAF}
J2SE Runtime Environment 5.0 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000}
J2SE Runtime Environment 5.0 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
Java SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Linksys Wireless-G PCI Network Adapter with SpeedBooster --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EAE4A00B-D290-4B65-8287-B82A80FC0619}\setup.exe" -l0x9
Macromedia Shockwave Player --> C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\Install.log
Magic ISO Maker v4.9 (build 0151) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MEDITECH Workstation4.x --> "C:\Program Files\MEDITECH\MTAppDwn.exe" -uninstall "C:\Program Files\MEDITECH\Workstation4.x\Client.mtad"
Microsoft ActiveSync 4.0 --> MsiExec.exe /I{B208806F-A231-4FA0-AB3F-5C1B8979223E}
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Money 2005 --> C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
Microsoft Office XP Standard --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0050048383C9}
Mozilla Firefox (1.5.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\uninstall.exe /ua "1.5.0.12 (en-US)"
mpeg-vcr 3.14.4.1 (12/2007) --> C:\Program Files\Womble MPEG Editor\uninst.exe
MPEG Video Wizard 4.0.4 (12/2007) --> C:\Program Files\Womble Multimedia\MPEG Video Wizard\uninst.exe
Nero 8 --> MsiExec.exe /X{5FCCD531-1B38-4A94-924C-127F722F1033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nostalgia, an Intellivision Emulator --> "C:\WINDOWS\System32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\System32\SpoonUninstall-Nostalgia, an Intellivision Emulator.dat
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Reference Manager 11 --> MsiExec.exe /I{C0B0893D-6DA2-4F14-B1D0-3C0F1272B398}
Retoucher --> "C:\Program Files\AKVIS\Retoucher\Uninstall.exe" "C:\Program Files\AKVIS\Retoucher\install.log" -u
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Send to smugmug --> MsiExec.exe /I{536C8539-A8C2-4401-A4B0-C9906AEC2B09}
SmartSoft Video Converter --> "C:\Program Files\SmartSoftVideoConverter\unins000.exe"
Sonic UDF Reader --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
STOIK RedEye AutoFix --> MsiExec.exe /X{E9973764-69CF-4926-B976-519B15E7CF1F}
TiVo Desktop --> MsiExec.exe /X{4E839090-3B68-436A-B3CF-A2A08C38DD26}
TMPGEnc DVD Author 3 with DivX Authoring --> MsiExec.exe /I{3E9F2540-DD55-42FB-8EB6-5508EEC54013}
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VideoReDo/Plus Version 2.5.6.512 --> "C:\Program Files\VideoReDoPlus\unins000.exe"
VOB2MPG 2.5 --> MsiExec.exe /I{78EFA95D-3310-4035-815B-A46BA4D0C6FA}
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Installer Clean Up --> MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Wireless-B PCI Adapter WLAN Monitor --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C6956F3-B586-4674-BCD0-CCF7EC1DF766}\Setup.exe" -l0x9
XPSecurity 2004c --> "C:\Program Files\XPSecurity\unins000.exe"
XviD MPEG-4 Video Codec --> C:\Program Files\Aimersoft\iPhone Converter Suite\DVD2iPhone\unins000.exe
-- Application Event Log -------------------------------------------------------
Event Record #/Type115 / Success
Event Submitted/Written: 03/30/2008 03:39:18 PM
Event ID/Source: 2570 / Adobe Active File Monitor 5.0
Event Description:
Adobe Active File Monitor Service has Started.
Event Record #/Type112 / Error
Event Submitted/Written: 03/30/2008 03:12:16 PM
Event ID/Source: 1502 / Userenv
Event Description:
Windows cannot load the locally stored profile. Possible causes of this error include insufficient security rights or a corrupt local profile. If this problem persists, contact your network administrator.
DETAIL - The process cannot access the file because it is being used by another process.
Event Record #/Type111 / Error
Event Submitted/Written: 03/30/2008 03:12:16 PM
Event ID/Source: 1508 / Userenv
Event Description:
Windows was unable to load the registry. This is often caused by insufficient memory or insufficient security rights.
DETAIL - The process cannot access the file because it is being used by another process. for C:\Documents and Settings\Robbie Pesek\ntuser.dat
Event Record #/Type110 / Error
Event Submitted/Written: 03/30/2008 03:12:16 PM
Event ID/Source: 1502 / Userenv
Event Description:
Windows cannot load the locally stored profile. Possible causes of this error include insufficient security rights or a corrupt local profile. If this problem persists, contact your network administrator.
DETAIL - The process cannot access the file because it is being used by another process.
Event Record #/Type109 / Error
Event Submitted/Written: 03/30/2008 03:12:15 PM / 03/30/2008 03:12:16 PM
Event ID/Source: 1508 / Userenv
Event Description:
Windows was unable to load the registry. This is often caused by insufficient memory or insufficient security rights.
DETAIL - The process cannot access the file because it is being used by another process. for C:\Documents and Settings\Robbie Pesek\ntuser.dat
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type81587 / Warning
Event Submitted/Written: 03/30/2008 03:45:43 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%ENGAGEMENT200227 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %ENGAGEMENT200227 can't undo changes that you allow.
For more information please see the following:
%ENGAGEMENT2002275
Scan ID: {AED5F165-9A44-4D2C-AFF6-5F7A75ABF5E5}
User: ENGAGEMENT2002\Robbie Pesek
Name: %ENGAGEMENT2002271
ID: %ENGAGEMENT2002272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %ENGAGEMENT2002276
Alert Type: %ENGAGEMENT2002278
Detection Type: 1.1.1593.02
Event Record #/Type81586 / Warning
Event Submitted/Written: 03/30/2008 03:45:43 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%ENGAGEMENT200227 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %ENGAGEMENT200227 can't undo changes that you allow.
For more information please see the following:
%ENGAGEMENT2002275
Scan ID: {95F60D4D-817F-4F76-B9A0-CA55EBE10798}
User: ENGAGEMENT2002\Robbie Pesek
Name: %ENGAGEMENT2002271
ID: %ENGAGEMENT2002272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %ENGAGEMENT2002276
Alert Type: %ENGAGEMENT2002278
Detection Type: 1.1.1593.02
Event Record #/Type81585 / Warning
Event Submitted/Written: 03/30/2008 03:45:43 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%ENGAGEMENT200227 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %ENGAGEMENT200227 can't undo changes that you allow.
For more information please see the following:
%ENGAGEMENT2002275
Scan ID: {75987AD5-935E-4EC7-AFC9-49A37533697B}
User: ENGAGEMENT2002\Robbie Pesek
Name: %ENGAGEMENT2002271
ID: %ENGAGEMENT2002272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %ENGAGEMENT2002276
Alert Type: %ENGAGEMENT2002278
Detection Type: 1.1.1593.02
Event Record #/Type81584 / Warning
Event Submitted/Written: 03/30/2008 03:45:41 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%ENGAGEMENT200227 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %ENGAGEMENT200227 can't undo changes that you allow.
For more information please see the following:
%ENGAGEMENT2002275
Scan ID: {79086104-6C4C-42DA-BA8F-95C5C542BBDC}
User: ENGAGEMENT2002\Robbie Pesek
Name: %ENGAGEMENT2002271
ID: %ENGAGEMENT2002272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %ENGAGEMENT2002276
Alert Type: %ENGAGEMENT2002278
Detection Type: 1.1.1593.02
Event Record #/Type81583 / Warning
Event Submitted/Written: 03/30/2008 03:45:41 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%ENGAGEMENT200227 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %ENGAGEMENT200227 can't undo changes that you allow.
For more information please see the following:
%ENGAGEMENT2002275
Scan ID: {736F3F47-05D7-4B40-B6B3-CDE4FE198760}
User: ENGAGEMENT2002\Robbie Pesek
Name: %ENGAGEMENT2002271
ID: %ENGAGEMENT2002272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %ENGAGEMENT2002276
Alert Type: %ENGAGEMENT2002278
Detection Type: 1.1.1593.02
-- End of Deckard's System Scanner: finished at 2008-03-30 15:53:09 ------------
Deckard's System Scanner v20071014.68
Run by Robbie Pesek on 2008-03-30 15:41:05
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
System Restore is disabled; attempting to re-enable...success.
-- Last 1 Restore Point(s) --
1: 2008-03-30 21:41:06 UTC - RP1 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Robbie Pesek.exe) ----------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:44:44 PM, on 3/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\All Users\Application Data\xivedybi\lanelwbk.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\rajcpefa.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Exif Launcher\QuickDCF.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Linksys\WMP11 Config Utility\WMP11Cfg.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\System32\bgsvcgen.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\nprotect32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Linksys\WMP11 Config Utility\NICServ.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Robbie Pesek\Desktop\dss.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Robbie Pesek.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =
http://www.espn.com/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - Powered by Download Booster 5.0
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3D585EB0-96FE-419E-9BEB-7DB1557ACD13} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [dxsetqyd] C:\WINDOWS\system32\rajcpefa.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [fsLsTIMqMn] C:\Documents and Settings\All Users\Application Data\xivedybi\lanelwbk.exe
O4 - Startup: HotSync Manager.LNK = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Startup: Norton System Doctor.LNK = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\Exif Launcher\QuickDCF.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: Wireless-B PCI Adapter Utility.lnk = C:\Program Files\Linksys\WMP11 Config Utility\WMP11Cfg.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: DigiChat Applet -
http://host6.digicha...s/Client_IE.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) -
http://www.snapfish....fishActivia.cabO16 - DPF: {47F591A2-8783-11D2-8343-00A0C945A819} (RFXPlayer Class) -
http://www.greetingc...ad/twophase.cabO16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) -
http://public.mappin...ds/mgaxctrl.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.micros...b?1125424164234O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) -
http://216.249.24.14...tiveXImgCtl.CABO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.micros...b?1125424380593O16 - DPF: {8494B5D2-DA6A-4BB8-9C15-6C18A312387E} (Caymas Secure Tunnel) -
https://vpn2.uams.edu/ui/Axt.cabO16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) -
http://www.installen...gine/isetup.cabO16 - DPF: {B69F2A9C-E470-11D3-AFA3-525400DB7692} (Actimage Room Control) -
http://dar.armstrong...timage30717.cabO16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} -
http://us.dl1.yimg.c...ropper1_3us.cabO16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) -
http://f1.pg.photos....plorer1_9us.cabO16 - DPF: {E1FD0DCC-705B-4F61-B9EC-6E711F9B56FE} (Caymas Secure Connect) -
https://vpn2.uams.ed...scinstaller.dllO16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) -
http://tools.ebayimg...ol_v1-0-3-0.cabO16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) -
http://by1fd.bay1.ho...ex/HMAtchmt.ocxO16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) -
http://chat.msn.com/bin/msnchat45.cabO21 - SSODL: Bmpobtab - {C31AF9D4-DE12-4146-87C9-16B59F1A8649} - C:\WINDOWS\System32\sqlacsel.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\System32\bgsvcgen.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Protected Exchange (MainService) - Unknown owner - C:\WINDOWS\System32\nprotect32.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: NICSer_WMP11 - Unknown owner - C:\Program Files\Linksys\WMP11 Config Utility\NICServ.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
O23 - Service: WMP54GSSVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
--
End of file - 11840 bytes
-- File Associations -----------------------------------------------------------
.reg - regfile - shell\open\command - regedit.exe"%1" %*.scr - scrfile - shell\open\command - "%1" %*-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R1 cdrbsdrv - c:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD>
R1 GhPciScan (GhostPciScanner) - c:\program files\norton systemworks\norton ghost\ghpciscan.sys <Not Verified; Symantec Corporation; Symantec Ghost PCI Scanner>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
R2 enodpl - c:\windows\system32\drivers\enodpl.sys
R2 tandpl - c:\windows\system32\drivers\tandpl.sys
R3 CymsVa (Caymas Secure Connect Virtual Adapter) - c:\windows\system32\drivers\cymsva.sys <Not Verified; Caymas Systems, Inc.; Caymas Systems Virtual Network Adapter>
R3 GTNDIS5 (GTNDIS5 NDIS Protocol Driver) - c:\windows\system32\gtndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
R3 PCANDIS5 (PCANDIS5 Protocol Driver) - c:\windows\system32\pcandis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
S2 CINEMSUP (Software Cinemaster NT4.0 Driver) - c:\windows\system32\drivers\cinemsup.sys (file missing)
S3 ATI Remote Wonder II - c:\windows\system32\drivers\atirwvd.sys (file missing)
S3 basic2 - c:\windows\system32\drivers\basic2.sys (file missing)
S3 bvrp_pci - c:\windows\system32\drivers\bvrp_pci.sys
S3 CYMSPLG (Cyms DNE Plugin) - c:\program files\caymas\csc client\cymsplg\cymsplg.sys <Not Verified; Caymas Systems, Inc.; Caymas Systems Network Plugin>
S3 IPN2120 (Instant Wireless-B PCI Adapter Driver) - c:\windows\system32\drivers\lsipnds.sys <Not Verified; Inprocomm, Inc.; Driver for INPROCOMM IPN2120 Wireless LAN Cards>
S3 Rksample - c:\windows\system32\drivers\rksample.sys (file missing)
S3 winachsf - c:\windows\system32\drivers\hsf_cnxt.sys (file missing)
S3 xbreader (MaxDrive XBox Driver (xbreader.sys)) - c:\windows\system32\drivers\xbreader.sys <Not Verified; Thesycon GmbH, Germany; Universal USB Device Driver>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 AdobeActiveFileMonitor5.0 (Adobe Active File Monitor V5) - c:\program files\adobe\photoshop elements 5.0\photoshopelementsfileagent.exe
R2 MainService (Protected Exchange) - c:\windows\system32\nprotect32.exe
R2 NICSer_WMP11 - c:\program files\linksys\wmp11 config utility\nicserv.exe
R2 Speed Disk service - c:\progra~1\norton~1\speedd~1\nopdb.exe <Not Verified; Symantec Corporation; Norton Speed Disk>
S2 RoxLiveShare9 (LiveShare P2P Server 9) - "c:\program files\common files\roxio shared\9.0\sharedcom\roxliveshare9.exe" (file missing)
S3 GhostStartService - c:\progra~1\norton~1\norton~2\ghosts~2.exe <Not Verified; Symantec Corporation; Norton Ghost Start Service>
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2008-03-30 15:42:47 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-03-29 11:59:04 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-03-28 20:08:05 496 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job
2008-03-28 17:32:47 294 --a------ C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job
-- Files created between 2008-02-29 and 2008-03-30 -----------------------------
2008-03-30 15:34:48 2452 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-28 22:48:57 0 d-------- C:\Program Files\Trend Micro
2008-03-28 18:25:10 0 d-------- C:\Documents and Settings\Robbie Pesek\Application Data\Malwarebytes
2008-03-28 18:24:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-28 18:24:56 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-28 17:23:21 0 d-------- C:\Program Files\Windows Defender
2008-03-28 17:15:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-27 21:09:34 0 d-------- C:\Program Files\MSXML 4.0
2008-03-26 22:47:52 0 d-------- C:\Documents and Settings\All Users\Application Data\xivedybi
2008-03-26 22:47:39 98304 --a------ C:\WINDOWS\system32\rajcpefa.exe
2008-03-26 22:09:14 51 --a------ C:\xmp.bat
2008-03-26 20:48:39 0 d-------- C:\WINDOWS\Prefetch
2008-03-26 17:13:25 0 d-------- C:\Program Files\DVD Audio Extractor
2008-03-26 17:06:29 0 d-------- C:\Program Files\mp3DirectCut
2008-03-25 20:41:17 0 d-------- C:\Documents and Settings\Robbie Pesek\Application Data\Media Player Classic
2008-03-25 19:09:24 0 d-------- C:\Program Files\AoA Audio Extractor
2008-03-25 18:00:57 0 d-------- C:\Program Files\BadgerIT
2008-03-24 17:48:02 408576 --a------ C:\WINDOWS\system32\Smab.dll
2008-03-24 17:47:55 719872 --a------ C:\WINDOWS\system32\devil.dll <Not Verified; Abysmal Software; Developer's Image Library (DevIL)>
2008-03-24 17:47:52 318976 --a------ C:\WINDOWS\system32\avisynth.dll <Not Verified; The Public; Avisynth 2.5>
2008-03-24 17:47:39 66560 --a------ C:\WINDOWS\MOTA113.exe
2008-03-24 17:47:36 27648 --a------ C:\WINDOWS\system32\AVSredirect.dll
2008-03-24 17:47:33 70656 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2008-03-24 17:47:29 70656 --a------ C:\WINDOWS\system32\i420vfw.dll <Not Verified; www.helixcommunity.org; Helix I420 YUV Codec>
2008-03-24 17:47:20 217073 --a------ C:\WINDOWS\meta4.exe
2008-03-24 17:47:09 0 d-------- C:\Program Files\AviSynth 2.5
2008-03-23 20:10:44 0 d-------- C:\Program Files\Womble Multimedia
2008-03-15 10:40:02 0 d-------- C:\Program Files\Musclesoft
2008-03-13 19:03:40 0 d-------- C:\Program Files\All Media Fixer
2008-03-12 18:29:27 0 d-------- C:\Program Files\Womble MPEG Editor
2008-03-09 22:12:06 0 d-------- C:\Program Files\Common Files\Elecard
2008-03-09 22:11:41 0 d-------- C:\Program Files\Elecard
2008-03-09 20:18:06 0 d-------- C:\WINDOWS\C0B0893D6DA24F14B1D03C0F1272B398.TMP
-- Find3M Report ---------------------------------------------------------------
2008-03-30 13:54:14 0 d-------- C:\Program Files\EPSON Print CD
2008-03-28 17:15:59 0 d-------- C:\Program Files\Lavasoft
2008-03-28 17:12:45 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-28 07:09:48 0 d-------- C:\Program Files\Messenger
2008-03-26 18:00:32 0 d-------- C:\Program Files\Movie Maker
2008-03-25 20:22:01 0 d-------- C:\Documents and Settings\Robbie Pesek\Application Data\Apple Computer
2008-03-25 19:56:22 0 d-------- C:\Program Files\QuickTime
2008-03-25 18:49:26 0 d-------- C:\Documents and Settings\Robbie Pesek\Application Data\VideoReDoPlus
2008-03-14 16:54:06 0 d-------- C:\Documents and Settings\Robbie Pesek\Application Data\AdobeUM
2008-03-09 23:04:34 0 d-------- C:\Program Files\Common Files\Nero
2008-03-09 22:12:06 0 d-------- C:\Program Files\Common Files
2008-03-09 20:32:00 0 d-------- C:\Program Files\Sony
2008-03-09 20:30:48 0 d-------- C:\Program Files\SopCast
2008-03-09 20:30:41 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-03-09 20:24:53 0 d-------- C:\Program Files\Yahoo!
2008-03-07 22:42:21 120 --a------ C:\Documents and Settings\Robbie Pesek\Application Data\FixVTS.ini
2008-02-22 18:23:02 0 d-------- C:\Program Files\Norton SystemWorks
2008-02-16 22:50:59 0 d-------- C:\Documents and Settings\Robbie Pesek\Application Data\Adobe
2008-02-15 22:51:35 0 d-------- C:\Documents and Settings\Robbie Pesek\Application Data\uTorrent
2008-02-05 22:53:16 120 --a------ C:\drmHeader.bin
2008-01-15 17:28:32 25 --a------ C:\WINDOWS\°®`version
2008-01-13 13:06:14 292864 --a------ C:\WINDOWS\system32\jobasbi.dll
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3D585EB0-96FE-419E-9BEB-7DB1557ACD13}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [08/24/2004 02:57 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [09/14/2007 10:00 AM]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" []
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [09/14/2006 07:55 AM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [08/25/2006 11:11 AM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [08/25/2006 11:11 AM]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [03/01/2007 02:57 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:56 AM]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [11/15/2005 06:44 PM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [12/13/2007 07:10 PM]
"dxsetqyd"="C:\WINDOWS\system32\rajcpefa.exe" [03/26/2008 10:47 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]
C:\Documents and Settings\Robbie Pesek\Start Menu\Programs\Startup\
DESKTOP.INI [8/31/2001 9:50:56 AM]
HotSync Manager.LNK - C:\Program Files\Sony Handheld\HOTSYNC.EXE [10/10/2002 7:13:33 PM]
Norton System Doctor.LNK - C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE [1/28/2004 4:39:56 PM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [8/31/2001 9:50:56 AM]
Exif Launcher.lnk - C:\Program Files\Exif Launcher\QuickDCF.exe [10/3/2002 7:09:29 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 12:01:04 AM]
NkvMon.exe.lnk - C:\Program Files\Nikon\NkView6\NkvMon.exe [1/23/2004 12:22:13 PM]
Wireless-B PCI Adapter Utility.lnk - C:\Program Files\Linksys\WMP11 Config Utility\WMP11Cfg.exe [9/21/2005 7:23:15 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"fsLsTIMqMn"=C:\Documents and Settings\All Users\Application Data\xivedybi\lanelwbk.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ClearRecentDocsOnExit"=0 (0x0)
"NoChangeStartMenu"=0 (0x0)
"NoClose"=0 (0x0)
"NoLogOff"=0 (0x0)
"NoRun"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"Bmpobtab"= {C31AF9D4-DE12-4146-87C9-16B59F1A8649} - C:\WINDOWS\System32\sqlacsel.dll [07/05/2006 04:46 AM 847872]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli scecli
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAZAA]
C:\Program Files\KaZaA\kazaa.exe /SYSTRAY
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KaZaA Media Desktop]
C:\Program Files\KaZaA\kazaa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XupiterStartup]
C:\Program Files\Xupiter\XupiterStartup2003.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{88946e02-be48-11d8-860f-806d6172696f}]
play\command- "C:\Program Files\iTunes\iTunes.exe" /playCD "%L"
*Newly Created Service* - GTNDIS5
-- End of Deckard's System Scanner: finished at 2008-03-30 15:53:09 ------------