Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

But I can't run HijackThis!?! [RESOLVED]

Started by d_Oregon , Apr 09 2008 04:35 PM

  • This topic is locked This topic is locked

#1
d_Oregon
Posted 09 April 2008 - 04:35 PM

d_Oregon

    Member

  • Member
  • PipPip
  • 29 posts
I think it's worm-bagle were dealing with here. But if I try to run the latest HJT, I get a message that it's not a "valid win32 application." I've tried one older version, but no success. Interesting, if I have the little dynamite icon in view, it changes every few seconds to a generic app icon. Then back again.

So, I'm not sure where to begin. But I've seen others get help from geekstogo when they, too, had a problem running HJT. Help me, please?

David

Edited by d_Oregon, 09 April 2008 - 04:36 PM.

  • 0

Advertisements

#2
d_Oregon
Posted 09 April 2008 - 05:43 PM

d_Oregon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
I ran an HJT clone that I found on this site: Deckard's System Scan. Here is the log:

Deckard's System Scanner v20071014.68
Run by Mr. Admin on 2008-04-09 15:46:46
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
45: 2008-04-09 22:49:03 UTC - RP591 - Deckard's System Scanner Restore Point
44: 2008-04-08 18:00:41 UTC - RP590 - Printer Driver PDF-XChange 3.0 Installed
43: 2008-04-06 20:30:13 UTC - RP589 - System Checkpoint
42: 2008-04-04 02:02:47 UTC - RP588 - Removed Before You Know It
41: 2008-04-01 02:56:17 UTC - RP587 - System Checkpoint


-- First Restore Point --
1: 2008-01-10 04:33:16 UTC - RP547 - Software Distribution Service 3.0


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 6.64 GiB (less than 15%) free.


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-09 16:00:31
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\SYSTEM32\services.exe
C:\WINDOWS\SYSTEM32\lsass.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\LOGI_MWX.EXE
C:\WINDOWS\SM1bg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\SYSTEM\wcdvtray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\SYSTEM32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\SYSTEM32\spoolsv.exe
C:\Program Files\Apoint\ApntEx.exe
C:\Program Files\SmartDraw 2008\Messages\SDNotify.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\SYSTEM32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\Tablet.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe
C:\WINDOWS\SYSTEM32\Tablet.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
E:\dss.exe
C:\Program Files\Webroot\Spy Sweeper\ssu.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.law.uoregon.edu/students/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = htp://www.law.uoregon.edu/students/
O1 - Hosts: 192.168.0.66 HP000D9D23724F
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: (no name) - {9A0844DB-84CF-4440-BDB1-1F4F7C4F7FB0} - (no file)
O3 - Toolbar: LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - C:\Program Files\Power Translator 11\Applications\LEC IE Translation Extension.dll
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [OWCWebCamDV] C:\WINDOWS\system\wcdvtray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: SysTray.lnk = ?
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe
O8 - Extra context menu item: Add to &Teleport - C:\Program Files\Teleport Pro\teleport.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MasterCook: Select Image - C:\Program Files\MasterCook 9\Web\MCIEContext.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: MasterCook Web Import Bar - {E6EF5071-7647-4E85-9785-87B6CF5CB561} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: C:\WINDOWS\SYSTEM32\nwprovau.dll
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.micros...ontent/opuc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - AppInit_DLLs: wbsys.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: AtiExtEvent - C:\WINDOWS\system32\Ati2evxx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\SYSTEM32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\SYSTEM32\BAsfIpM.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\hpbpro.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\hpboid.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Program Files\Power Translator 11\LogoMedia TranslateDotNet Server.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\HPZipm12.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\SYSTEM32\RadClock.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\SYSTEM32\Tablet.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\SYSTEM32\WLTRYSVC.EXE


--
End of file - 11148 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 PenClass (Pen Class) - c:\windows\system32\drivers\penclass.sys <Not Verified; Wacom Technology Corporation; Wacom Pen Class Driver>
R0 snapman (Acronis Snapshots Manager) - c:\windows\system32\drivers\snapman.sys <Not Verified; Acronis; Acronis Snapshot API>
R0 SSFS0509 (Spy Sweeper File System Filer Driver: 0509) - c:\windows\system32\drivers\ssfs0509.sys <Not Verified; Webroot Software Inc (www.webroot.com); Spy Sweeper SDK>
R0 SSHRMD (Spy Sweeper Hookrack MiniDriver) - c:\windows\system32\drivers\sshrmd.sys <Not Verified; Webroot Software Inc (www.webroot.com); Spy Sweeper SDK>
R0 SSIDRV (Spy Sweeper Interdiction Driver) - c:\windows\system32\drivers\ssidrv.sys <Not Verified; Webroot Software Inc (www.webroot.com); Spy Sweeper SDK>
R0 timounter (Acronis TrueImage Backup Archive Explorer) - c:\windows\system32\drivers\timntr.sys <Not Verified; Acronis; Acronis True Image>
R1 PCLEPCI - c:\windows\system32\drivers\pclepci.sys <Not Verified; Pinnacle Systems GmbH; PCLEPCI>
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R2 Haspnt - c:\windows\system32\drivers\haspnt.sys <Not Verified; Aladdin Knowledge Systems; Windows NT HASP Kernel Device Driver>
R2 io.sys (IO.DLL Driver) - c:\windows\system32\drivers\io.sys
R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.7) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.9>
R2 mdmxsdk - c:\windows\system32\drivers\mdmxsdk.sys <Not Verified; Conexant; Diagnostic Interface>
R2 tifsfilter (Acronis TrueImage FS Filter) - c:\windows\system32\drivers\tifsfilt.sys <Not Verified; Acronis; TrueImage>
R2 WebCamDV (WebCamDV DV to Webcam Converter) - c:\windows\system32\drivers\webcamdv.sys <Not Verified; OrangeWare, Inc.; WebCamDV Capture Driver>
R3 ApfiltrService (Alps Touch Pad Filter Driver for Windows 2000/XP) - c:\windows\system32\drivers\apfiltr.sys <Not Verified; Alps Electric Co., Ltd.; Alps Touch Pad Driver for Windows 2000/XP>
R3 HSF_DP - c:\windows\system32\drivers\hsf_dp.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
R3 HSFHWICH - c:\windows\system32\drivers\hsfhwich.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
R3 O2SCBUS (O2Micro SmartCardBus Reader) - c:\windows\system32\drivers\ozscr.sys <Not Verified; O2Micro; O2Micro © SmartCardBus Reader>
R3 RadProbe (Radeon Probe Driver) - c:\windows\system32\drivers\radprobe.sys <Not Verified; ; RadProbe>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
R3 SSKBFD (Webroot Spy Sweeper Keylogger Shield Keyboard Filter) - c:\windows\system32\drivers\sskbfd.sys <Not Verified; Webroot Software Inc (www.webroot.com); Spy Sweeper SDK>
R3 STAC97 (Audio Driver (WDM) - SigmaTel CODEC) - c:\windows\system32\drivers\stac97.sys <Not Verified; SigmaTel, Inc.; AC'97 Audio Controller with SigmaTel CODEC device driver.>
R3 WCDV_Aud (WevCamDV WDM Virtual Audio Device) - c:\windows\system32\drivers\wcdvaud.sys <Not Verified; OrangeWare, Inc.; WebCamDV Audio Driver>
R3 winachsf - c:\windows\system32\drivers\hsf_cnxt.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>

S1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Inc; OMCI Driver>
S3 MarvinBus (Pinnacle Marvin Bus) - c:\windows\system32\drivers\marvinbus.sys <Not Verified; Pinnacle Systems GmbH; Pinnacle Marvin Discrete>
S3 PalmUSBD - c:\windows\system32\drivers\palmusbd.sys (file missing)
S3 SABProcEnum - c:\progra~1\mozill~1\sabprocenum.sys (file missing)
S3 SQTECH905C (ViviCam 35) - c:\windows\system32\drivers\capt905c.sys <Not Verified; Service & Quality Technology.; SQ905c>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AcrSch2Svc (Acronis Scheduler2 Service) - "c:\program files\common files\acronis\schedule2\schedul2.exe" <Not Verified; Acronis; Acronis Scheduler 2>
R2 AdobeActiveFileMonitor (Adobe Active File Monitor) - c:\program files\adobe\photoshop elements 3.0\photoshopelementsfileagent.exe
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>

S2 PhotoshopElementsDeviceConnect (Photoshop Elements Device Connect) - c:\program files\adobe\photoshop elements 3.0\photoshopelementsdeviceconnect.exe
S2 RadClock - c:\windows\system32\radclock.exe <Not Verified; ; RadClock Module>
S3 Autodesk Licensing Service - "c:\program files\common files\autodesk shared\service\adskscsrv.exe" <Not Verified; Autodesk; Autodesk Licensing Service>
S3 HP Port Resolver - c:\windows\system32\hpbpro.exe <Not Verified; Hewlett-Packard Company; PortResolver Module>
S3 HP Status Server - c:\windows\system32\hpboid.exe <Not Verified; Hewlett-Packard Company; HP Status Server>
S3 LEC TranslateDotNet Server - "c:\program files\power translator 11\logomedia translatedotnet server.exe" <Not Verified; Language Engineering Corporation, LLC; LogoMedia TranslateDotNet Server.exe>
S4 BAsfIpM (Broadcom ASF IP monitoring service v6.0.3) - c:\windows\system32\basfipm.exe <Not Verified; Broadcom Corp.; Broadcom ASF IP monitoring service>
S4 Iap - c:\program files\dell\openmanage\client\iap.exe <Not Verified; Dell Computer Corporation; OpenManage Client Instrumentation>
S4 McAfeeFramework (McAfee Framework Service) - c:\program files\network associates\common framework\frameworkservice.exe /servicestart <Not Verified; Network Associates, Inc.; McAfee Common Framework>
S4 McTaskManager (Network Associates Task Manager) - "c:\program files\network associates\virusscan\vstskmgr.exe" <Not Verified; Network Associates, Inc.; VirusScan Enterprise>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-09 15:30:17 372 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
2008-04-09 15:26:51 470 --a------ C:\WINDOWS\Tasks\SDMsgUpdate (TE).job
2008-04-08 18:00:08 1288 --a------ C:\WINDOWS\Tasks\wrSpySweeper_7132DF3BC14B43AC9A43E4E550871101.job
2008-03-20 16:39:08 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-03-09 and 2008-04-09 -----------------------------

2008-04-09 09:19:01 0 d-------- C:\Program Files\Trend Micro
2008-04-08 16:34:09 0 d-------- C:\Documents and Settings\Mr. Admin\.housecall6.6
2008-04-08 13:57:54 0 d-------- C:\Program Files\TimeLine Maker
2008-04-08 11:34:48 0 d-------- C:\Documents and Settings\Mr. Admin\System
2008-04-08 11:34:48 0 d-------- C:\Documents and Settings\Mr. Admin\Application Data\SmartDraw
2008-04-08 11:25:30 0 d-------- C:\Program Files\SmartDraw 2008
2008-04-08 11:17:56 0 d-------- C:\Documents and Settings\Mr. Admin\Application Data\Progeny
2008-04-08 11:00:26 20569 --a------ C:\WINDOWS\system32\pxc25pm.dll <Not Verified; Tracker Software; PDF-XChange Port Monitor>
2008-04-08 11:00:17 0 d-------- C:\Program Files\Common Files\Progeny
2008-04-08 10:58:23 952 --ahs---- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
2008-04-08 10:58:23 88 -r-hs---- C:\Documents and Settings\All Users\Application Data\16D83DFFEA.sys
2008-04-05 16:03:31 0 d-------- C:\Program Files\iPod
2008-04-05 16:02:51 0 d-------- C:\Program Files\iTunes
2008-03-30 14:13:57 0 d-------- C:\Program Files\Smead Viewables
2008-03-29 07:57:33 0 d-------- C:\Documents and Settings\Mr. Admin\Application Data\HP
2008-03-29 07:24:38 117655 --a------ C:\WINDOWS\hpoins11.dat
2008-03-29 06:38:51 0 d-------- C:\Documents and Settings\LocalService\Application Data\Kinko's
2008-03-22 11:57:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-22 08:38:01 6144 --a------ C:\WINDOWS\system32\DVKSPA01.dll <Not Verified; David C. Olsson; Created by MSKLC 1.4>
2008-03-22 08:14:51 6144 --a------ C:\WINDOWS\system32\DVKSWE01.dll <Not Verified; David C. Olsson; Created by MSKLC 1.4>
2008-03-22 07:54:48 0 d-------- C:\Program Files\Microsoft Keyboard Layout Creator 1.4
2008-03-20 15:23:39 0 d-------- C:\Program Files\CandleWorks
2008-03-20 13:37:17 0 d-------- C:\Program Files\Gecko Software
2008-03-20 13:37:17 0 d-------- C:\Documents and Settings\All Users\Application Data\TNT-HF
2008-03-18 08:15:34 38160 --a------ C:\WINDOWS\system32\LMRTREND.dll <Not Verified; Microsoft Corporation; Microsoft® Windows™ Operating System>
2008-03-18 08:15:26 182032 --a------ C:\WINDOWS\system32\dxtmsft3.dll <Not Verified; Microsoft Corporation; Microsoft® Windows™ Operating System>
2008-03-18 08:15:16 63488 --a------ C:\WINDOWS\system32\unam4ie.exe <Not Verified; Microsoft Corporation; DirectShow>
2008-03-18 08:15:08 10240 --a------ C:\WINDOWS\system32\vidx16.dll
2008-03-18 08:15:07 194320 --a------ C:\WINDOWS\system32\qcut.dll <Not Verified; Microsoft Corporation; DirectShow>
2008-03-18 08:15:02 4608 --a------ C:\WINDOWS\system32\w95inf32.dll <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95>
2008-03-18 08:15:02 2272 --a------ C:\WINDOWS\system32\w95inf16.dll <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95>
2008-03-18 07:34:27 0 d-------- C:\Program Files\Auralog
2008-03-15 13:44:36 0 d-------- C:\Program Files\Common Files\xing shared
2008-03-15 08:08:25 0 d-------- C:\Program Files\Power Translator 11
2008-03-14 21:18:45 0 d-------- C:\Program Files\Power Translator 11 Professional Multilanguage
2008-03-14 13:18:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Transparent


-- Find3M Report ---------------------------------------------------------------

2008-04-09 15:29:13 0 d-------- C:\Documents and Settings\Mr. Admin\Application Data\WTablet
2008-04-08 13:57:43 0 d-------- C:\Program Files\TLKGAMES
2008-04-08 11:00:17 0 d-------- C:\Program Files\Common Files
2008-04-08 10:59:54 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-06 12:26:22 1324 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-05 15:59:30 0 d-------- C:\Program Files\QuickTime
2008-03-29 07:45:52 0 d-------- C:\Program Files\HP
2008-03-27 08:26:52 73 --a----c- C:\WINDOWS\system32\ssprs.dll
2008-03-27 08:26:51 205 --a----c- C:\WINDOWS\system32\lsprst7.dll
2008-03-22 11:57:56 0 d-------- C:\Program Files\Lavasoft
2008-03-22 11:56:30 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-22 11:53:57 0 d-------- C:\Documents and Settings\Mr. Admin\Application Data\Lavasoft
2008-03-16 09:18:59 1 --a------ C:\Documents and Settings\Mr. Admin\Application Data\FrontEndCD.ini
2008-03-15 13:44:24 0 d-------- C:\Program Files\Common Files\Real
2008-03-15 13:26:55 0 d-------- C:\Program Files\TeLLmeMore
2008-03-15 08:29:03 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-03-14 13:18:24 0 d-------- C:\Program Files\Transparent
2008-03-02 10:54:17 0 d-------- C:\Program Files\thriXXX
2008-02-22 16:54:42 0 d-------- C:\Documents and Settings\Mr. Admin\Application Data\Adobe
2008-02-21 16:25:16 0 d-------- C:\Program Files\Bonjour
2008-02-21 16:20:10 0 d-------- C:\Program Files\Common Files\Apple
2008-01-20 20:57:26 50 --a------ C:\WINDOWS\mscpt.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [02/02/2004 01:32 PM]
"Logitech Utility"="Logi_MwX.Exe" [06/30/2003 02:50 AM C:\WINDOWS\LOGI_MWX.EXE]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"AtiPTA"="atiptaxx.exe" [11/30/2004 06:10 PM C:\WINDOWS\SYSTEM32\atiptaxx.exe]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe" [06/25/2004 05:32 PM]
"SM1BG"="C:\WINDOWS\SM1BG.EXE" [08/27/2003 02:20 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/19/2006 02:41 AM]
"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe" [11/28/2005 02:02 PM]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [11/28/2005 02:02 PM]
"OWCWebCamDV"="C:\WINDOWS\system\wcdvtray.exe" [05/20/2004 09:59 AM]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 01:50 PM]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [04/09/2008 03:28 PM]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [04/09/2008 03:28 PM]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [08/03/2006 09:02 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 02:11 AM]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [03/15/2008 08:29 AM]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [05/26/2006 02:01 AM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 04:45 PM]

C:\Documents and Settings\Mr. Admin\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [10/4/2004 1:12:18 AM]
DESKTOP.INI [3/20/2004 10:58:38 AM]
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [10/20/2005 1:04:08 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [10/4/2004 1:12:18 AM]
DESKTOP.INI [3/20/2004 10:58:38 AM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2/19/2006 4:21:22 AM]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [12/17/2002 5:23:32 PM]
SysTray.lnk - C:\WINDOWS\Installer\{8F156C85-23F2-4F13-89A6-B0B286D1B4CD}\NewShortcut1_5221CCAB553E4E63B6FD56674A376D04_1.exe [10/13/2005 11:51:23 AM]
TabUserW.exe.lnk - C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe [11/22/2007 11:15:40 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{35B2861B-2B26-4691-9FF0-09083722C736}"= C:\WINDOWS\system32\RadExe.dll [02/02/2005 05:58 AM 212992]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [01/20/2007 10:19 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 04/30/2007 07:40 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 11/02/2007 12:47 PM 120056 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 relog_ap

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{29abb456-7977-11db-9ecc-009096b94607}]
AutoRun\command- E:\nideiect.com
explore\Command- E:\nideiect.com
open\Command- E:\nideiect.com




-- Hosts -----------------------------------------------------------------------

192.168.0.66 HP000D9D23724F


-- End of Deckard's System Scanner: finished at 2008-04-09 16:22:24 ------------



I hope someone will help based on that scan. My symptoms:

CPU running at near full usage.
Network connections down.
Cannot run some software (e.g. HijackThis)
SpySweeper found and quarantined worm-bagle trojan horse.

Thanks,
D
  • 0

#3
RatHat
Posted 10 April 2008 - 08:21 AM

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Hi there,

Welcome to GeeksToGo. My name is RatHat, and I will help you get through the process of cleaning the malware from your computer. I must warn you however, that if this does turn out to be bagle, it can be very difficult to remove, so be prepared for having to work at this for a while.


OK firstly, I need you to print out each post I make so that you can refer to it while we fix your computer. This is because there will be times when you are unable to be online to read my instructions, and I will want you to do everything very carefully. I also need you to follow my instructions in the order that they are given. If however, you cannot carry out one of them, please continue on with the next and let me know what you were unsuccessful with. Please ensure you turn off word wrap in Notepad. To do this, open Notepad, choose Format, then Un-check Word Wrap. (Word Wrap makes reading your log difficult).

Next, I would like to make sure that you can view hidden files and folders;
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Under the Hidden files and folders heading SELECT Show hidden files and folders.
  • UNCHECK the Hide protected operating system files (recommended) option.
  • UNCHECK the Hide extensions for known file types option.
  • Click Yes to confirm.
  • Click OK.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Please read this Combofix tutorial before continuing, then follow the instructions below.

Download ComboFix from Here, Here or Here to your Desktop. (If you already have ComboFix, please delete it and download this new version).

  • If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".
  • During the download, rename Combofix to Combo-Fix as follows:

    Posted Image

    Posted Image

  • It is important you rename Combofix during the download, but not after.
  • Please do not rename Combofix to other names, but only to the one indicated.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it shall produce a log for you. Save this log to your desktop as Combofix.txt and post it in your next reply along with a fresh DSS log..
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Additionally, you should have another log from DSS named Extra.txt

Could you locate that in your root drive, usually C:\Deckard\System Scanner\ and post it here for me too.

Regards,
RatHat
  • 0

#4
d_Oregon
Posted 10 April 2008 - 12:08 PM

d_Oregon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
RatHat,
Thanks so much for your help. I'll begin by reiterating that I have no Internet or Network connection on the infected laptop. So, I am using another computer for DLs and this forum. Then I am installing programs like ComboFix using a thumb drive.

Okay, I first installed the Recovery Console using a WinXP Pro disk. I turned off wordwrap in Notepad.

I disabled SpySweeper and (I thought) SuperAntiSpyware (I had no instructions for the latter and it run on restart during the ComboFix scan but I think that turned out okay). I turned off Windows Firewall.

I changed the view folder settings, except I had no apparent Hidden Files and Folders section. I confirmed where it should be by looking on another machine, but it's missing from the menu on the infected machine.

I DLd and ran ComboFix. The log:

ComboFix 08-04-09.9 - Mr. Admin 2008-04-10 10:07:52.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.188 [GMT -7:00]
Running from: E:\Combo-Fix.exe
* Created a new restore point
.
TimedOut: progfile.dat

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\lsprst7.dll
C:\WINDOWS\system32\ssprs.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SROSA


((((((((((((((((((((((((( Files Created from 2008-03-10 to 2008-04-10 )))))))))))))))))))))))))))))))
.

2008-04-09 15:44 . 2008-04-09 15:44 <DIR> d-------- C:\Deckard
2008-04-09 09:19 . 2008-04-09 14:09 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-08 16:34 . 2008-04-09 10:06 <DIR> d-------- C:\Documents and Settings\Mr. Admin\.housecall6.6
2008-04-08 13:57 . 2008-04-08 14:07 <DIR> d-------- C:\Program Files\TimeLine Maker
2008-04-08 13:54 . 2006-05-26 02:01 688,128 --ah----- C:\WINDOWS\SYSTEM32\DRIVERS\mdelk.exe
2008-04-08 13:49 . 2008-04-08 13:49 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRIVERS\downld
2008-04-08 11:34 . 2008-04-08 11:34 <DIR> d-------- C:\Documents and Settings\Mr. Admin\System
2008-04-08 11:34 . 2008-04-08 11:39 <DIR> d-------- C:\Documents and Settings\Mr. Admin\Application Data\SmartDraw
2008-04-08 11:25 . 2008-04-08 11:34 <DIR> d-------- C:\Program Files\SmartDraw 2008
2008-04-08 11:18 . 2008-04-08 11:21 2,286 --a------ C:\WINDOWS\TLMPRO.INI
2008-04-08 11:17 . 2008-04-08 11:17 <DIR> d-------- C:\Documents and Settings\Mr. Admin\Application Data\Progeny
2008-04-08 11:17 . 2008-04-08 11:21 933 --a------ C:\WINDOWS\SSCE.INI
2008-04-08 11:00 . 2008-04-08 11:00 <DIR> d-------- C:\Program Files\Common Files\Progeny
2008-04-08 11:00 . 2002-12-28 09:26 20,569 --a------ C:\WINDOWS\SYSTEM32\pxc25pm.dll
2008-04-08 10:58 . 2008-04-08 13:47 952 --ahs---- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
2008-04-08 10:58 . 2008-04-08 13:47 88 -r-hs---- C:\Documents and Settings\All Users\Application Data\16D83DFFEA.sys
2008-04-05 16:05 . 2008-04-10 10:16 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-05 16:05 . 2008-04-05 16:05 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-05 16:03 . 2008-04-05 16:03 <DIR> d-------- C:\Program Files\iPod
2008-04-05 16:02 . 2008-04-05 16:03 <DIR> d-------- C:\Program Files\iTunes
2008-03-30 14:13 . 2008-04-01 20:00 <DIR> d-------- C:\Program Files\Smead Viewables
2008-03-29 07:57 . 2008-03-29 08:29 <DIR> d-------- C:\Documents and Settings\Mr. Admin\Application Data\HP
2008-03-29 07:28 . 2006-03-03 21:03 282,680 --a------ C:\WINDOWS\SYSTEM32\HPZidr12.1
2008-03-29 07:28 . 2006-03-03 21:02 204,800 --a------ C:\WINDOWS\SYSTEM32\HPZipr12.1
2008-03-29 07:24 . 2008-03-29 08:03 117,655 --a------ C:\WINDOWS\hpoins11.dat
2008-03-29 06:58 . 2008-03-29 06:37 117,482 --------- C:\WINDOWS\hpoins11.dat.temp
2008-03-29 06:58 . 2006-05-05 03:20 11,634 --------- C:\WINDOWS\hpomdl11.dat.temp
2008-03-29 06:34 . 2006-04-12 03:04 49,664 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\HPZid412.sys
2008-03-29 06:34 . 2006-04-12 03:04 16,496 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\HPZipr12.sys
2008-03-29 06:33 . 2006-01-03 10:12 77,824 -ra------ C:\WINDOWS\SYSTEM32\HPZIDS01.dll
2008-03-29 06:33 . 2006-04-10 14:03 48,128 --a------ C:\WINDOWS\SYSTEM32\hpzll054.dll
2008-03-29 06:33 . 2006-04-12 03:04 21,568 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\HPZius12.sys
2008-03-29 06:32 . 2006-04-12 03:02 659,456 -ra------ C:\WINDOWS\SYSTEM32\hpowiax2.dll
2008-03-29 06:32 . 2006-04-12 03:02 598,016 -ra------ C:\WINDOWS\SYSTEM32\hpotscl2.dll
2008-03-29 06:32 . 2006-04-12 03:02 254,026 -ra------ C:\WINDOWS\SYSTEM32\hpovst09.dll
2008-03-29 06:30 . 2004-08-03 22:08 31,616 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbccgp.sys
2008-03-29 06:30 . 2004-08-03 22:08 31,616 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\usbccgp.sys
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\SYSTEM32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\SYSTEM32\QuickTime.qts
2008-03-23 11:00 . 2008-03-23 11:00 76 --a------ C:\WINDOWS\VUI.pref
2008-03-22 11:57 . 2008-03-22 11:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-22 08:38 . 2008-03-22 08:38 6,144 --a------ C:\WINDOWS\SYSTEM32\DVKSPA01.dll
2008-03-22 08:14 . 2008-03-22 08:14 6,144 --a------ C:\WINDOWS\SYSTEM32\DVKSWE01.dll
2008-03-22 07:54 . 2008-03-22 07:55 <DIR> d-------- C:\Program Files\Microsoft Keyboard Layout Creator 1.4
2008-03-20 15:23 . 2008-03-20 15:23 <DIR> d-------- C:\Program Files\CandleWorks
2008-03-20 13:37 . 2008-03-20 13:37 <DIR> d-------- C:\Program Files\Gecko Software
2008-03-20 13:37 . 2008-03-20 16:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TNT-HF
2008-03-18 08:15 . 1998-09-02 01:02 194,320 --a------ C:\WINDOWS\SYSTEM32\qcut.dll
2008-03-18 08:15 . 1998-08-26 21:51 182,032 --a------ C:\WINDOWS\SYSTEM32\dxtmsft3.dll
2008-03-18 08:15 . 1998-08-20 04:02 140,800 --a------ C:\WINDOWS\SYSTEM32\tm20dec.ax
2008-03-18 08:15 . 1998-09-02 01:28 63,488 --a------ C:\WINDOWS\SYSTEM32\unam4ie.exe
2008-03-18 08:15 . 1998-09-02 01:28 38,160 --a------ C:\WINDOWS\SYSTEM32\LMRTREND.dll
2008-03-18 08:15 . 1998-08-17 02:21 11,776 --a------ C:\WINDOWS\SYSTEM32\mciqtz.drv
2008-03-18 08:15 . 1998-08-17 02:21 10,240 --a------ C:\WINDOWS\SYSTEM32\vidx16.dll
2008-03-18 08:15 . 1998-08-17 02:21 5,672 --a------ C:\WINDOWS\SYSTEM32\quartz.vxd
2008-03-18 08:15 . 2008-03-18 08:15 4,608 --a------ C:\WINDOWS\SYSTEM32\w95inf32.dll
2008-03-18 08:15 . 2008-03-18 08:15 2,272 --a------ C:\WINDOWS\SYSTEM32\w95inf16.dll
2008-03-18 08:14 . 2008-03-19 14:52 11 --a------ C:\trace.ini
2008-03-18 07:34 . 2008-03-18 08:14 <DIR> d-------- C:\Program Files\Auralog
2008-03-15 13:44 . 2008-03-15 13:44 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-03-15 08:08 . 2008-03-15 08:14 <DIR> d-------- C:\Program Files\Power Translator 11
2008-03-14 21:18 . 2008-03-15 07:39 <DIR> d-------- C:\Program Files\Power Translator 11 Professional Multilanguage
2008-03-14 13:18 . 2008-03-14 13:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Transparent

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-10 17:13 --------- d-----w C:\Documents and Settings\Mr. Admin\Application Data\WTablet
2008-04-08 20:57 --------- d-----w C:\Program Files\TLKGAMES
2008-04-08 17:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-05 22:59 --------- d-----w C:\Program Files\QuickTime
2008-03-29 14:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-03-29 14:45 --------- d-----w C:\Program Files\HP
2008-03-22 18:57 --------- d-----w C:\Program Files\Lavasoft
2008-03-22 18:56 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-22 18:53 --------- d-----w C:\Documents and Settings\Mr. Admin\Application Data\Lavasoft
2008-03-15 20:44 --------- d-----w C:\Program Files\Common Files\Real
2008-03-15 20:26 --------- d-----w C:\Program Files\TeLLmeMore
2008-03-15 15:29 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-03-14 20:18 --------- d-----w C:\Program Files\Transparent
2008-03-02 17:54 --------- d-----w C:\Program Files\thriXXX
2008-02-21 23:25 --------- d-----w C:\Program Files\Bonjour
2008-02-21 23:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-21 23:20 --------- d-----w C:\Program Files\Common Files\Apple
2003-08-27 21:19 36,963 ----a-r C:\Program Files\Common Files\SM1updtr.dll
2005-12-29 18:37 8,456 -csha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys
2006-01-02 23:05 979 -csh--w C:\WINDOWS\SYSTEM32\msbasm.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-03-15 08:29 1481968]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-05-26 02:01 688128]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-02-02 13:32 155648]
"Logitech Utility"="Logi_MwX.Exe" [2003-06-30 02:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"AtiPTA"="atiptaxx.exe" [2004-11-30 18:10 344064 C:\WINDOWS\SYSTEM32\atiptaxx.exe]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2004-06-25 17:32 172032]
"SM1BG"="C:\WINDOWS\SM1BG.EXE" [2003-08-27 14:20 94208]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe" [2005-11-28 14:02 988701]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2005-11-28 14:02 118784]
"OWCWebCamDV"="C:\WINDOWS\system\wcdvtray.exe" [2004-05-20 09:59 1056768]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 13:50 155648]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2008-04-10 10:10 81990]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2008-04-10 10:10 135224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

C:\Documents and Settings\Mr. Admin\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-04 01:12:18 113664]
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 13:04:08 38912]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-04 01:12:18 113664]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 17:23:32 74308]
SysTray.lnk - C:\WINDOWS\Installer\{8F156C85-23F2-4F13-89A6-B0B286D1B4CD}\NewShortcut1_5221CCAB553E4E63B6FD56674A376D04_1.exe [2005-10-13 11:51:23 212992]
TabUserW.exe.lnk - C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe [2007-11-22 11:15:40 132656]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{35B2861B-2B26-4691-9FF0-09083722C736}"= C:\WINDOWS\system32\RadExe.dll [2005-02-02 05:58 212992]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2007-01-20 10:19 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2007-04-30 19:40 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 2007-11-02 12:47 120056 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\WINDOWS\\SYSTEM32\\msiexec.exe"=
"C:\\Program Files\\Kinko's\\FPFK\\FPKMain.exe"=
"C:\\Program Files\\Kinko's\\FPFK\\Kinkos.Jupiter.GUI.SysTray.exe"=
"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe"=
"C:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"=
"C:\\Program Files\\Clusterball\\Clusterball.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"C:\\WINDOWS\\SYSTEM32\\rundll32.exe"=
"C:\\Program Files\\WordBanker ML\\English\\wordbanker.exe"=
"C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\java.exe"=
"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R2 AdobeActiveFileMonitor;Adobe Active File Monitor;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-04 04:47]
R2 io.sys;IO.DLL Driver;C:\WINDOWS\system32\drivers\io.sys [2005-07-31 08:54]
R2 MSSQL$INVENTORCONTENT;MSSQL$INVENTORCONTENT;C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe [2002-12-17 17:26]
R2 WebCamDV;WebCamDV DV to Webcam Converter;C:\WINDOWS\system32\DRIVERS\WebCamDV.sys [2004-05-11 07:27]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 12:12]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 11:30]
R3 WCDV_Aud;WevCamDV WDM Virtual Audio Device;C:\WINDOWS\system32\drivers\wcdvaud.sys [2004-01-30 14:08]
S1 srosa;Megadrv3;C:\WINDOWS\system32\drivers\srosa.sys []
S2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-04 03:40]
S3 SQLAgent$INVENTORCONTENT;SQLAgent$INVENTORCONTENT;C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlagent.EXE [2002-12-17 17:23]

.
Contents of the 'Scheduled Tasks' folder
"2008-03-20 23:39:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-10 17:19:12 C:\WINDOWS\Tasks\SDMsgUpdate (TE).job"
- C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exeW-PTE -V900 -SSDU.ini -A -Mhttp://www.smartdraw.com/msgs/messagecheck.aspx -D0 -T -N -X
"2008-04-10 02:30:30 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
"2008-04-10 01:00:07 C:\WINDOWS\Tasks\wrSpySweeper_7132DF3BC14B43AC9A43E4E550871101.job"
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe=/ScheduleSweep=wrSpySweeper_7132DF3BC14B43AC9A43E4E550871101
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.ex
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-10 10:16:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Apoint\ApntEx.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\SYSTEM32\locator.exe
C:\WINDOWS\SYSTEM32\Tablet.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\SYSTEM32\Tablet.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\WINDOWS\SYSTEM32\wscntfy.exe
C:\WINDOWS\SYSTEM32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-04-10 10:25:52 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-10 17:25:40
Pre-Run: 7,025,754,112 bytes free
Post-Run: 6,902,505,472 bytes free
.
2008-03-14 19:59:33 --- E O F ---


Then I reran DSS. When I tried to save the log, though, I got a Blue Screen of Death. I rebooted and ran DSS again.
The Log:

Deckard's System Scanner v20071014.68
Run by Mr. Admin on 2008-04-10 11:00:20
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 6.44 GiB (less than 15%) free.


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-10 11:01:31
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\SYSTEM32\services.exe
C:\WINDOWS\SYSTEM32\lsass.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\LOGI_MWX.EXE
C:\WINDOWS\SM1bg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\SYSTEM\wcdvtray.exe
C:\WINDOWS\SYSTEM32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\SYSTEM32\spoolsv.exe
C:\Program Files\Apoint\ApntEx.exe
C:\Program Files\SmartDraw 2008\Messages\SDNotify.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\Tablet.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\SYSTEM32\Tablet.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
E:\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = htp://www.law.uoregon.edu/students/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: (no name) - {9A0844DB-84CF-4440-BDB1-1F4F7C4F7FB0} - (no file)
O3 - Toolbar: LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - C:\Program Files\Power Translator 11\Applications\LEC IE Translation Extension.dll
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [OWCWebCamDV] C:\WINDOWS\system\wcdvtray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: SysTray.lnk = ?
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe
O8 - Extra context menu item: Add to &Teleport - C:\Program Files\Teleport Pro\teleport.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MasterCook: Select Image - C:\Program Files\MasterCook 9\Web\MCIEContext.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: MasterCook Web Import Bar - {E6EF5071-7647-4E85-9785-87B6CF5CB561} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: C:\WINDOWS\SYSTEM32\nwprovau.dll
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.micros...ontent/opuc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - AppInit_DLLs: wbsys.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: AtiExtEvent - C:\WINDOWS\system32\Ati2evxx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\SYSTEM32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\SYSTEM32\BAsfIpM.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\hpbpro.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\hpboid.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Program Files\Power Translator 11\LogoMedia TranslateDotNet Server.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\HPZipm12.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\SYSTEM32\RadClock.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\SYSTEM32\Tablet.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\SYSTEM32\WLTRYSVC.EXE


--
End of file - 10852 bytes

-- Files created between 2008-03-10 and 2008-04-10 -----------------------------

2008-04-10 10:55:25 0 d-------- C:\New Folder
2008-04-10 10:06:32 68096 --a------ C:\WINDOWS\zip.exe
2008-04-10 10:06:32 49152 --a------ C:\WINDOWS\VFind.exe
2008-04-10 10:06:32 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-10 10:06:32 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-10 10:06:32 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-10 10:06:32 98816 --a------ C:\WINDOWS\sed.exe
2008-04-10 10:06:32 80412 --a------ C:\WINDOWS\grep.exe
2008-04-10 10:06:32 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-04-10 09:16:47 0 dr-hs---- C:\cmdcons
2008-04-10 09:01:08 0 d-------- C:\WINDOWS\setup.pss
2008-04-09 09:19:01 0 d-------- C:\Program Files\Trend Micro
2008-04-08 16:34:09 0 d-------- C:\Documents and Settings\Mr. Admin\.housecall6.6
2008-04-08 13:57:54 0 d-------- C:\Program Files\TimeLine Maker
2008-04-08 11:34:48 0 d-------- C:\Documents and Settings\Mr. Admin\System
2008-04-08 11:34:48 0 d-------- C:\Documents and Settings\Mr. Admin\Application Data\SmartDraw
2008-04-08 11:25:30 0 d-------- C:\Program Files\SmartDraw 2008
2008-04-08 11:17:56 0 d-------- C:\Documents and Settings\Mr. Admin\Application Data\Progeny
2008-04-08 11:00:26 20569 --a------ C:\WINDOWS\system32\pxc25pm.dll <Not Verified; Tracker Software; PDF-XChange Port Monitor>
2008-04-08 11:00:17 0 d-------- C:\Program Files\Common Files\Progeny
2008-04-08 10:58:23 952 --ahs---- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
2008-04-08 10:58:23 88 -r-hs---- C:\Documents and Settings\All Users\Application Data\16D83DFFEA.sys
2008-04-05 16:03:31 0 d-------- C:\Program Files\iPod
2008-04-05 16:02:51 0 d-------- C:\Program Files\iTunes
2008-03-30 14:13:57 0 d-------- C:\Program Files\Smead Viewables
2008-03-29 07:57:33 0 d-------- C:\Documents and Settings\Mr. Admin\Application Data\HP
2008-03-29 07:24:38 117655 --a------ C:\WINDOWS\hpoins11.dat
2008-03-29 06:38:51 0 d-------- C:\Documents and Settings\LocalService\Application Data\Kinko's
2008-03-22 11:57:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-22 08:38:01 6144 --a------ C:\WINDOWS\system32\DVKSPA01.dll <Not Verified; David C. Olsson; Created by MSKLC 1.4>
2008-03-22 08:14:51 6144 --a------ C:\WINDOWS\system32\DVKSWE01.dll <Not Verified; David C. Olsson; Created by MSKLC 1.4>
2008-03-22 07:54:48 0 d-------- C:\Program Files\Microsoft Keyboard Layout Creator 1.4
2008-03-20 15:23:39 0 d-------- C:\Program Files\CandleWorks
2008-03-20 13:37:17 0 d-------- C:\Program Files\Gecko Software
2008-03-20 13:37:17 0 d-------- C:\Documents and Settings\All Users\Application Data\TNT-HF
2008-03-18 08:15:34 38160 --a------ C:\WINDOWS\system32\LMRTREND.dll <Not Verified; Microsoft Corporation; Microsoft® Windows™ Operating System>
2008-03-18 08:15:26 182032 --a------ C:\WINDOWS\system32\dxtmsft3.dll <Not Verified; Microsoft Corporation; Microsoft® Windows™ Operating System>
2008-03-18 08:15:16 63488 --a------ C:\WINDOWS\system32\unam4ie.exe <Not Verified; Microsoft Corporation; DirectShow>
2008-03-18 08:15:08 10240 --a------ C:\WINDOWS\system32\vidx16.dll
2008-03-18 08:15:07 194320 --a------ C:\WINDOWS\system32\qcut.dll <Not Verified; Microsoft Corporation; DirectShow>
2008-03-18 08:15:02 4608 --a------ C:\WINDOWS\system32\w95inf32.dll <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95>
2008-03-18 08:15:02 2272 --a------ C:\WINDOWS\system32\w95inf16.dll <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95>
2008-03-18 07:34:27 0 d-------- C:\Program Files\Auralog
2008-03-15 13:44:36 0 d-------- C:\Program Files\Common Files\xing shared
2008-03-15 08:08:25 0 d-------- C:\Program Files\Power Translator 11
2008-03-14 21:18:45 0 d-------- C:\Program Files\Power Translator 11 Professional Multilanguage
2008-03-14 13:18:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Transparent


-- Find3M Report ---------------------------------------------------------------

2008-04-10 10:49:15 0 d-------- C:\Documents and Settings\Mr. Admin\Application Data\WTablet
2008-04-08 13:57:43 0 d-------- C:\Program Files\TLKGAMES
2008-04-08 11:00:17 0 d-------- C:\Program Files\Common Files
2008-04-08 10:59:54 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-06 12:26:22 1324 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-05 15:59:30 0 d-------- C:\Program Files\QuickTime
2008-03-29 07:45:52 0 d-------- C:\Program Files\HP
2008-03-22 11:57:56 0 d-------- C:\Program Files\Lavasoft
2008-03-22 11:56:30 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-22 11:53:57 0 d-------- C:\Documents and Settings\Mr. Admin\Application Data\Lavasoft
2008-03-16 09:18:59 1 --a------ C:\Documents and Settings\Mr. Admin\Application Data\FrontEndCD.ini
2008-03-15 13:44:24 0 d-------- C:\Program Files\Common Files\Real
2008-03-15 13:26:55 0 d-------- C:\Program Files\TeLLmeMore
2008-03-15 08:29:03 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-03-14 13:18:24 0 d-------- C:\Program Files\Transparent
2008-03-02 10:54:17 0 d-------- C:\Program Files\thriXXX
2008-02-22 16:54:42 0 d-------- C:\Documents and Settings\Mr. Admin\Application Data\Adobe
2008-02-21 16:25:16 0 d-------- C:\Program Files\Bonjour
2008-02-21 16:20:10 0 d-------- C:\Program Files\Common Files\Apple
2008-01-20 20:57:26 50 --a------ C:\WINDOWS\mscpt.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [02/02/2004 01:32 PM]
"Logitech Utility"="Logi_MwX.Exe" [06/30/2003 02:50 AM C:\WINDOWS\LOGI_MWX.EXE]
"AtiPTA"="atiptaxx.exe" [11/30/2004 06:10 PM C:\WINDOWS\SYSTEM32\atiptaxx.exe]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe" [06/25/2004 05:32 PM]
"SM1BG"="C:\WINDOWS\SM1BG.EXE" [08/27/2003 02:20 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/19/2006 02:41 AM]
"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe" [11/28/2005 02:02 PM]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [11/28/2005 02:02 PM]
"OWCWebCamDV"="C:\WINDOWS\system\wcdvtray.exe" [05/20/2004 09:59 AM]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 01:50 PM]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [04/10/2008 10:10 AM]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [04/10/2008 10:10 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 02:11 AM]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [03/15/2008 08:29 AM]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [05/26/2006 02:01 AM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 04:45 PM]

C:\Documents and Settings\Mr. Admin\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [10/4/2004 1:12:18 AM]
DESKTOP.INI [3/20/2004 10:58:38 AM]
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [10/20/2005 1:04:08 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [10/4/2004 1:12:18 AM]
DESKTOP.INI [3/20/2004 10:58:38 AM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2/19/2006 4:21:22 AM]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [12/17/2002 5:23:32 PM]
SysTray.lnk - C:\WINDOWS\Installer\{8F156C85-23F2-4F13-89A6-B0B286D1B4CD}\NewShortcut1_5221CCAB553E4E63B6FD56674A376D04_1.exe [10/13/2005 11:51:23 AM]
TabUserW.exe.lnk - C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe [11/22/2007 11:15:40 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
"EnableLUA"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{35B2861B-2B26-4691-9FF0-09083722C736}"= C:\WINDOWS\system32\RadExe.dll [02/02/2005 05:58 AM 212992]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [01/20/2007 10:19 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 04/30/2007 07:40 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 11/02/2007 12:47 PM 120056 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 relog_ap

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{29abb456-7977-11db-9ecc-009096b94607}]
AutoRun\command- E:\nideiect.com
explore\Command- E:\nideiect.com
open\Command- E:\nideiect.com

*Newly Created Service* - SROSA



-- End of Deckard's System Scanner: finished at 2008-04-10 11:01:59 ------------



I can't find any new "extra" log and I've searched the entire disk. I am attaching the original one, because I can't tell from your post if maybe that's what you want. Remember, the "extra" log attached is from before I ran ComboFix. DSS does not appear to create one now.

Thanks for your help and please advise about the next step.

D

Attached Files


Edited by d_Oregon, 10 April 2008 - 02:37 PM.

  • 0

#5
RatHat
Posted 10 April 2008 - 04:03 PM

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Well, it's definately bagle.

1. Download Flash_Disinfector.exe and save it to your desktop.

Now close any open browsers (Internet Explorer, FireFox etc.)

Next close/disable all anti virus and anti malware programs so they do not interfere with the fixes below.

Insert your flash drives, or whatever is typically your E:\ drive

Now double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
After it has rebooted, double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you. Please post the C:\ComboFix.txt along with a new DSS log, in your next reply.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.

Regards,
RatHat
  • 0

#6
d_Oregon
Posted 10 April 2008 - 06:46 PM

d_Oregon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
I did as you requested and saw that my adaware and spysweeper programs were still resident, though turned off. I decided to uninstall my anti-adware/anti-spyware programs for now. I want to start from scratch when we're done. So I did so, then ran ComboFix and DSS again.

CF Log:

ComboFix 08-04-09.9 - Mr. Admin 2008-04-10 17:27:02.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.208 [GMT -7:00]
Running from: C:\Documents and Settings\Mr. Admin\Desktop\Combo-Fix.exe
.
TimedOut: progfile.dat

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SROSA
-------\Service_srosa


((((((((((((((((((((((((( Files Created from 2008-03-11 to 2008-04-11 )))))))))))))))))))))))))))))))
.

2008-04-10 14:14 . 2008-04-10 14:14 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-04-10 10:55 . 2008-04-10 10:55 <DIR> d-------- C:\New Folder
2008-04-09 15:44 . 2008-04-10 10:57 <DIR> d-------- C:\Deckard
2008-04-09 09:19 . 2008-04-09 14:09 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-08 16:34 . 2008-04-09 10:06 <DIR> d-------- C:\Documents and Settings\Mr. Admin\.housecall6.6
2008-04-08 13:57 . 2008-04-08 14:07 <DIR> d-------- C:\Program Files\TimeLine Maker
2008-04-08 13:54 . 2006-05-26 02:01 688,128 --ah----- C:\WINDOWS\SYSTEM32\DRIVERS\mdelk.exe
2008-04-08 13:49 . 2008-04-08 13:49 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRIVERS\downld
2008-04-08 11:34 . 2008-04-08 11:34 <DIR> d-------- C:\Documents and Settings\Mr. Admin\System
2008-04-08 11:34 . 2008-04-08 11:39 <DIR> d-------- C:\Documents and Settings\Mr. Admin\Application Data\SmartDraw
2008-04-08 11:25 . 2008-04-08 11:34 <DIR> d-------- C:\Program Files\SmartDraw 2008
2008-04-08 11:18 . 2008-04-08 11:21 2,286 --a------ C:\WINDOWS\TLMPRO.INI
2008-04-08 11:17 . 2008-04-08 11:17 <DIR> d-------- C:\Documents and Settings\Mr. Admin\Application Data\Progeny
2008-04-08 11:17 . 2008-04-08 11:21 933 --a------ C:\WINDOWS\SSCE.INI
2008-04-08 11:00 . 2008-04-08 11:00 <DIR> d-------- C:\Program Files\Common Files\Progeny
2008-04-08 11:00 . 2002-12-28 09:26 20,569 --a------ C:\WINDOWS\SYSTEM32\pxc25pm.dll
2008-04-08 10:58 . 2008-04-08 13:47 952 --ahs---- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
2008-04-08 10:58 . 2008-04-08 13:47 88 -r-hs---- C:\Documents and Settings\All Users\Application Data\16D83DFFEA.sys
2008-04-05 16:05 . 2008-04-10 17:33 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-05 16:05 . 2008-04-05 16:05 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-05 16:03 . 2008-04-05 16:03 <DIR> d-------- C:\Program Files\iPod
2008-04-05 16:02 . 2008-04-05 16:03 <DIR> d-------- C:\Program Files\iTunes
2008-03-30 14:13 . 2008-04-01 20:00 <DIR> d-------- C:\Program Files\Smead Viewables
2008-03-29 07:57 . 2008-03-29 08:29 <DIR> d-------- C:\Documents and Settings\Mr. Admin\Application Data\HP
2008-03-29 07:28 . 2006-03-03 21:03 282,680 --a------ C:\WINDOWS\SYSTEM32\HPZidr12.1
2008-03-29 07:28 . 2006-03-03 21:02 204,800 --a------ C:\WINDOWS\SYSTEM32\HPZipr12.1
2008-03-29 07:24 . 2008-03-29 08:03 117,655 --a------ C:\WINDOWS\hpoins11.dat
2008-03-29 06:58 . 2008-03-29 06:37 117,482 --------- C:\WINDOWS\hpoins11.dat.temp
2008-03-29 06:58 . 2006-05-05 03:20 11,634 --------- C:\WINDOWS\hpomdl11.dat.temp
2008-03-29 06:34 . 2006-04-12 03:04 49,664 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\HPZid412.sys
2008-03-29 06:34 . 2006-04-12 03:04 16,496 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\HPZipr12.sys
2008-03-29 06:33 . 2006-01-03 10:12 77,824 -ra------ C:\WINDOWS\SYSTEM32\HPZIDS01.dll
2008-03-29 06:33 . 2006-04-10 14:03 48,128 --a------ C:\WINDOWS\SYSTEM32\hpzll054.dll
2008-03-29 06:33 . 2006-04-12 03:04 21,568 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\HPZius12.sys
2008-03-29 06:32 . 2006-04-12 03:02 659,456 -ra------ C:\WINDOWS\SYSTEM32\hpowiax2.dll
2008-03-29 06:32 . 2006-04-12 03:02 598,016 -ra------ C:\WINDOWS\SYSTEM32\hpotscl2.dll
2008-03-29 06:32 . 2006-04-12 03:02 254,026 -ra------ C:\WINDOWS\SYSTEM32\hpovst09.dll
2008-03-29 06:30 . 2004-08-03 22:08 31,616 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbccgp.sys
2008-03-29 06:30 . 2004-08-03 22:08 31,616 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\usbccgp.sys
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\SYSTEM32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\SYSTEM32\QuickTime.qts
2008-03-23 11:00 . 2008-03-23 11:00 76 --a------ C:\WINDOWS\VUI.pref
2008-03-22 11:57 . 2008-03-22 11:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-22 08:38 . 2008-03-22 08:38 6,144 --a------ C:\WINDOWS\SYSTEM32\DVKSPA01.dll
2008-03-22 08:14 . 2008-03-22 08:14 6,144 --a------ C:\WINDOWS\SYSTEM32\DVKSWE01.dll
2008-03-22 07:54 . 2008-03-22 07:55 <DIR> d-------- C:\Program Files\Microsoft Keyboard Layout Creator 1.4
2008-03-20 15:23 . 2008-03-20 15:23 <DIR> d-------- C:\Program Files\CandleWorks
2008-03-20 13:37 . 2008-03-20 13:37 <DIR> d-------- C:\Program Files\Gecko Software
2008-03-20 13:37 . 2008-03-20 16:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TNT-HF
2008-03-18 08:15 . 1998-09-02 01:02 194,320 --a------ C:\WINDOWS\SYSTEM32\qcut.dll
2008-03-18 08:15 . 1998-08-26 21:51 182,032 --a------ C:\WINDOWS\SYSTEM32\dxtmsft3.dll
2008-03-18 08:15 . 1998-08-20 04:02 140,800 --a------ C:\WINDOWS\SYSTEM32\tm20dec.ax
2008-03-18 08:15 . 1998-09-02 01:28 63,488 --a------ C:\WINDOWS\SYSTEM32\unam4ie.exe
2008-03-18 08:15 . 1998-09-02 01:28 38,160 --a------ C:\WINDOWS\SYSTEM32\LMRTREND.dll
2008-03-18 08:15 . 1998-08-17 02:21 11,776 --a------ C:\WINDOWS\SYSTEM32\mciqtz.drv
2008-03-18 08:15 . 1998-08-17 02:21 10,240 --a------ C:\WINDOWS\SYSTEM32\vidx16.dll
2008-03-18 08:15 . 1998-08-17 02:21 5,672 --a------ C:\WINDOWS\SYSTEM32\quartz.vxd
2008-03-18 08:15 . 2008-03-18 08:15 4,608 --a------ C:\WINDOWS\SYSTEM32\w95inf32.dll
2008-03-18 08:15 . 2008-03-18 08:15 2,272 --a------ C:\WINDOWS\SYSTEM32\w95inf16.dll
2008-03-18 08:14 . 2008-03-19 14:52 11 --a------ C:\trace.ini
2008-03-18 07:34 . 2008-03-18 08:14 <DIR> d-------- C:\Program Files\Auralog
2008-03-15 13:44 . 2008-03-15 13:44 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-03-15 08:08 . 2008-03-15 08:14 <DIR> d-------- C:\Program Files\Power Translator 11
2008-03-14 21:18 . 2008-03-15 07:39 <DIR> d-------- C:\Program Files\Power Translator 11 Professional Multilanguage
2008-03-14 13:18 . 2008-03-14 13:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Transparent

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-11 00:31 --------- d-----w C:\Documents and Settings\Mr. Admin\Application Data\WTablet
2008-04-11 00:20 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-11 00:19 --------- d-----w C:\Program Files\Lavasoft
2008-04-10 21:01 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-04-10 21:01 --------- d-----w C:\Documents and Settings\Mr. Admin\Application Data\SUPERAntiSpyware.com
2008-04-08 20:57 --------- d-----w C:\Program Files\TLKGAMES
2008-04-08 17:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-05 22:59 --------- d-----w C:\Program Files\QuickTime
2008-03-29 14:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-03-29 14:45 --------- d-----w C:\Program Files\HP
2008-03-22 18:53 --------- d-----w C:\Documents and Settings\Mr. Admin\Application Data\Lavasoft
2008-03-15 20:44 --------- d-----w C:\Program Files\Common Files\Real
2008-03-15 20:26 --------- d-----w C:\Program Files\TeLLmeMore
2008-03-14 20:18 --------- d-----w C:\Program Files\Transparent
2008-03-02 17:54 --------- d-----w C:\Program Files\thriXXX
2008-02-21 23:25 --------- d-----w C:\Program Files\Bonjour
2008-02-21 23:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-21 23:20 --------- d-----w C:\Program Files\Common Files\Apple
2003-08-27 21:19 36,963 ----a-r C:\Program Files\Common Files\SM1updtr.dll
2005-12-29 18:37 8,456 -csha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys
2006-01-02 23:05 979 -csh--w C:\WINDOWS\SYSTEM32\msbasm.dat
.

((((((((((((((((((((((((((((( snapshot@2008-04-10_10.21.07.77 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-10 17:16:22 53,248 ----a-w C:\WINDOWS\PSEXESVC.EXE
+ 2008-04-11 00:33:01 53,248 ----a-w C:\WINDOWS\PSEXESVC.EXE
- 2008-04-09 21:33:28 95,100 ----a-w C:\WINDOWS\SYSTEM32\PERFC009.DAT
+ 2008-04-11 00:30:46 95,100 ----a-w C:\WINDOWS\SYSTEM32\PERFC009.DAT
- 2008-04-09 21:33:29 477,198 ----a-w C:\WINDOWS\SYSTEM32\PERFH009.DAT
+ 2008-04-11 00:30:46 477,198 ----a-w C:\WINDOWS\SYSTEM32\PERFH009.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-05-26 02:01 688128]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-02-02 13:32 155648]
"Logitech Utility"="Logi_MwX.Exe" [2003-06-30 02:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"AtiPTA"="atiptaxx.exe" [2004-11-30 18:10 344064 C:\WINDOWS\SYSTEM32\atiptaxx.exe]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2004-06-25 17:32 172032]
"SM1BG"="C:\WINDOWS\SM1BG.EXE" [2003-08-27 14:20 94208]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe" [2005-11-28 14:02 988701]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2005-11-28 14:02 118784]
"OWCWebCamDV"="C:\WINDOWS\system\wcdvtray.exe" [2004-05-20 09:59 1056768]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 13:50 155648]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2008-04-10 16:48 81990]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2008-04-10 16:48 135224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

C:\Documents and Settings\Mr. Admin\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-04 01:12:18 113664]
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 13:04:08 38912]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-04 01:12:18 113664]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 17:23:32 74308]
SysTray.lnk - C:\WINDOWS\Installer\{8F156C85-23F2-4F13-89A6-B0B286D1B4CD}\NewShortcut1_5221CCAB553E4E63B6FD56674A376D04_1.exe [2005-10-13 11:51:23 212992]
TabUserW.exe.lnk - C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe [2007-11-22 11:15:40 132656]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{35B2861B-2B26-4691-9FF0-09083722C736}"= C:\WINDOWS\system32\RadExe.dll [2005-02-02 05:58 212992]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\WINDOWS\\SYSTEM32\\msiexec.exe"=
"C:\\Program Files\\Kinko's\\FPFK\\FPKMain.exe"=
"C:\\Program Files\\Kinko's\\FPFK\\Kinkos.Jupiter.GUI.SysTray.exe"=
"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe"=
"C:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"=
"C:\\Program Files\\Clusterball\\Clusterball.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"C:\\WINDOWS\\SYSTEM32\\rundll32.exe"=
"C:\\Program Files\\WordBanker ML\\English\\wordbanker.exe"=
"C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\java.exe"=
"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R2 AdobeActiveFileMonitor;Adobe Active File Monitor;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-04 04:47]
R2 io.sys;IO.DLL Driver;C:\WINDOWS\system32\drivers\io.sys [2005-07-31 08:54]
R2 MSSQL$INVENTORCONTENT;MSSQL$INVENTORCONTENT;C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe [2002-12-17 17:26]
R2 WebCamDV;WebCamDV DV to Webcam Converter;C:\WINDOWS\system32\DRIVERS\WebCamDV.sys [2004-05-11 07:27]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 12:12]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 11:30]
R3 WCDV_Aud;WevCamDV WDM Virtual Audio Device;C:\WINDOWS\system32\drivers\wcdvaud.sys [2004-01-30 14:08]
S2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-04 03:40]
S3 SQLAgent$INVENTORCONTENT;SQLAgent$INVENTORCONTENT;C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlagent.EXE [2002-12-17 17:23]

.
Contents of the 'Scheduled Tasks' folder
"2008-04-10 23:39:55 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-11 00:35:37 C:\WINDOWS\Tasks\SDMsgUpdate (TE).job"
- C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exeW-PTE -V900 -SSDU.ini -A -Mhttp://www.smartdraw.com/msgs/messagecheck.aspx -D0 -T -N -X
"2008-04-10 22:29:44 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-10 17:33:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Apoint\ApntEx.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\SYSTEM32\locator.exe
C:\WINDOWS\SYSTEM32\Tablet.exe
C:\WINDOWS\SYSTEM32\Tablet.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\WINDOWS\SYSTEM32\wscntfy.exe
C:\WINDOWS\SYSTEM32\HPZinw12.exe
.
**************************************************************************
.
Completion time: 2008-04-10 17:37:57 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-11 00:37:46
ComboFix2.txt 2008-04-11 00:10:39
ComboFix3.txt 2008-04-10 17:25:53
Pre-Run: 7,133,839,360 bytes free
Post-Run: 7,114,788,864 bytes free
.
2008-03-14 19:59:33 --- E O F ---


DSS Log:

Deckard's System Scanner v20071014.68
Run by Mr. Admin on 2008-04-10 17:39:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 6.64 GiB (less than 15%) free.


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-10 17:40:06
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\SYSTEM32\services.exe
C:\WINDOWS\SYSTEM32\lsass.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\spoolsv.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\LOGI_MWX.EXE
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb12.exe
C:\WINDOWS\SM1bg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\SYSTEM\wcdvtray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\SYSTEM32\ctfmon.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Apoint\ApntEx.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\Tablet.exe
C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe
C:\WINDOWS\SYSTEM32\Tablet.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\WINDOWS\SYSTEM32\wuauclt.exe
C:\WINDOWS\SYSTEM32\wscntfy.exe
C:\WINDOWS\SYSTEM32\HPZinw12.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Mr. Admin\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = htp://www.law.uoregon.edu/students/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: (no name) - {9A0844DB-84CF-4440-BDB1-1F4F7C4F7FB0} - (no file)
O3 - Toolbar: LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - C:\Program Files\Power Translator 11\Applications\LEC IE Translation Extension.dll
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [OWCWebCamDV] C:\WINDOWS\system\wcdvtray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: SysTray.lnk = ?
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe
O8 - Extra context menu item: Add to &Teleport - C:\Program Files\Teleport Pro\teleport.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MasterCook: Select Image - C:\Program Files\MasterCook 9\Web\MCIEContext.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: MasterCook Web Import Bar - {E6EF5071-7647-4E85-9785-87B6CF5CB561} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: C:\WINDOWS\SYSTEM32\nwprovau.dll
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.micros...ontent/opuc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: AtiExtEvent - C:\WINDOWS\system32\Ati2evxx.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\system32\WRLogonNTF.dll (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\SYSTEM32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\SYSTEM32\BAsfIpM.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\hpbpro.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\hpboid.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Program Files\Power Translator 11\LogoMedia TranslateDotNet Server.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\HPZipm12.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\SYSTEM32\RadClock.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\SYSTEM32\Tablet.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\SYSTEM32\WLTRYSVC.EXE


--
End of file - 10631 bytes

-- Files created between 2008-03-10 and 2008-04-10 -----------------------------

2008-04-10 16:35:29 0 drahs---- C:\autorun.inf
2008-04-10 14:14:33 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-04-10 10:55:25 0 d-------- C:\New Folder
2008-04-10 10:06:32 68096 --a------ C:\WINDOWS\zip.exe
2008-04-10 10:06:32 49152 --a------ C:\WINDOWS\VFind.exe
2008-04-10 10:06:32 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-10 10:06:32 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-10 10:06:32 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-10 10:06:32 98816 --a------ C:\WINDOWS\sed.exe
2008-04-10 10:06:32 80412 --a------ C:\WINDOWS\grep.exe
2008-04-10 10:06:32 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-04-10 09:16:47 0 dr-hs---- C:\cmdcons
2008-04-10 09:01:08 0 d-------- C:\WINDOWS\setup.pss
2008-04-09 09:19:01 0 d-------- C:\Program Files\Trend Micro
2008-04-08 16:34:09 0 d-------- C:\Documents and Settings\Mr. Admin\.housecall6.6 <HOUSEC~1.6>
2008-04-08 13:57:54 0 d-------- C:\Program Files\TimeLine Maker
2008-04-08 13:54:49 688128 --ah----- C:\WINDOWS\system32\drivers\mdelk.exe
2008-04-08 13:49:13 0 d-------- C:\WINDOWS\system32\drivers\downld
2008-04-08 11:34:48 0 d-------- C:\Documents and Settings\Mr. Admin\System
2008-04-08 11:34:48 0 d-------- C:\Documents and Settings\Mr. Admin\Application Data\SmartDraw
2008-04-08 11:25:30 0 d-------- C:\Program Files\SmartDraw 2008
2008-04-08 11:17:56 0 d-------- C:\Documents and Settings\Mr. Admin\Application Data\Progeny
2008-04-08 11:00:26 20569 --a------ C:\WINDOWS\system32\pxc25pm.dll <Not Verified; Tracker Software; PDF-XChange Port Monitor>
2008-04-08 11:00:17 0 d-------- C:\Program Files\Common Files\Progeny
2008-04-08 10:58:23 952 --ahs---- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
2008-04-08 10:58:23 88 -r-hs---- C:\Documents and Settings\All Users\Application Data\16D83DFFEA.sys
2008-04-05 16:03:31 0 d-------- C:\Program Files\iPod
2008-04-05 16:02:51 0 d-------- C:\Program Files\iTunes
2008-03-30 14:13:57 0 d-------- C:\Program Files\Smead Viewables
2008-03-29 07:57:33 0 d-------- C:\Documents and Settings\Mr. Admin\Application Data\HP
2008-03-29 07:24:38 117655 --a------ C:\WINDOWS\hpoins11.dat
2008-03-29 06:38:51 0 d-------- C:\Documents and Settings\LocalService\Application Data\Kinko's
2008-03-22 11:57:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-22 08:38:01 6144 --a------ C:\WINDOWS\system32\DVKSPA01.dll <Not Verified; David C. Olsson; Created by MSKLC 1.4>
2008-03-22 08:14:51 6144 --a------ C:\WINDOWS\system32\DVKSWE01.dll <Not Verified; David C. Olsson; Created by MSKLC 1.4>
2008-03-22 07:54:48 0 d-------- C:\Program Files\Microsoft Keyboard Layout Creator 1.4
2008-03-20 15:23:39 0 d-------- C:\Program Files\CandleWorks
2008-03-20 13:37:17 0 d-------- C:\Program Files\Gecko Software
2008-03-20 13:37:17 0 d-------- C:\Documents and Settings\All Users\Application Data\TNT-HF
2008-03-18 08:15:34 38160 --a------ C:\WINDOWS\system32\LMRTREND.dll <Not Verified; Microsoft Corporation; Microsoft® Windows™ Operating System>
2008-03-18 08:15:26 182032 --a------ C:\WINDOWS\system32\dxtmsft3.dll <Not Verified; Microsoft Corporation; Microsoft® Windows™ Operating System>
2008-03-18 08:15:16 63488 --a------ C:\WINDOWS\system32\unam4ie.exe <Not Verified; Microsoft Corporation; DirectShow>
2008-03-18 08:15:08 10240 --a------ C:\WINDOWS\system32\vidx16.dll
2008-03-18 08:15:07 194320 --a------ C:\WINDOWS\system32\qcut.dll <Not Verified; Microsoft Corporation; DirectShow>
2008-03-18 08:15:02 4608 --a------ C:\WINDOWS\system32\w95inf32.dll <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95>
2008-03-18 08:15:02 2272 --a------ C:\WINDOWS\system32\w95inf16.dll <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95>
2008-03-18 07:34:27 0 d-------- C:\Program Files\Auralog
2008-03-15 13:44:36 0 d-------- C:\Program Files\Common Files\xing shared
2008-03-15 08:08:25 0 d-------- C:\Program Files\Power Translator 11
2008-03-14 21:18:45 0 d-------- C:\Program Files\Power Translator 11 Professional Multilanguage
2008-03-14 13:18:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Transparent


-- Find3M Report ---------------------------------------------------------------

2008-04-10 17:35:13 0 d-------- C:\Documents and Settings\Mr. Admin\Application Data\WTablet
2008-04-10 17:20:00 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-10 17:19:54 0 d-------- C:\Program Files\Lavasoft
2008-04-10 14:01:59 0 d-------- C:\Documents and Settings\Mr. Admin\Application Data\SUPERAntiSpyware.com
2008-04-10 14:01:12 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-04-08 13:57:43 0 d-------- C:\Program Files\TLKGAMES
2008-04-08 11:00:17 0 d-------- C:\Program Files\Common Files
2008-04-08 10:59:54 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-06 12:26:22 1324 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-05 15:59:30 0 d-------- C:\Program Files\QuickTime
2008-03-29 07:45:52 0 d-------- C:\Program Files\HP
2008-03-22 11:53:57 0 d-------- C:\Documents and Settings\Mr. Admin\Application Data\Lavasoft
2008-03-16 09:18:59 1 --a------ C:\Documents and Settings\Mr. Admin\Application Data\FrontEndCD.ini
2008-03-15 13:44:24 0 d-------- C:\Program Files\Common Files\Real
2008-03-15 13:26:55 0 d-------- C:\Program Files\TeLLmeMore
2008-03-14 13:18:24 0 d-------- C:\Program Files\Transparent
2008-03-02 10:54:17 0 d-------- C:\Program Files\thriXXX
2008-02-22 16:54:42 0 d-------- C:\Documents and Settings\Mr. Admin\Application Data\Adobe
2008-02-21 16:25:16 0 d-------- C:\Program Files\Bonjour
2008-02-21 16:20:10 0 d-------- C:\Program Files\Common Files\Apple
2008-01-20 20:57:26 50 --a------ C:\WINDOWS\mscpt.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [02/02/2004 01:32 PM]
"Logitech Utility"="Logi_MwX.Exe" [06/30/2003 02:50 AM C:\WINDOWS\LOGI_MWX.EXE]
"AtiPTA"="atiptaxx.exe" [11/30/2004 06:10 PM C:\WINDOWS\SYSTEM32\atiptaxx.exe]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe" [06/25/2004 05:32 PM]
"SM1BG"="C:\WINDOWS\SM1BG.EXE" [08/27/2003 02:20 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/19/2006 02:41 AM]
"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe" [11/28/2005 02:02 PM]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [11/28/2005 02:02 PM]
"OWCWebCamDV"="C:\WINDOWS\system\wcdvtray.exe" [05/20/2004 09:59 AM]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 01:50 PM]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [04/10/2008 04:48 PM]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [04/10/2008 04:48 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 02:11 AM]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [05/26/2006 02:01 AM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 04:45 PM]

C:\Documents and Settings\Mr. Admin\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [10/4/2004 1:12:18 AM]
DESKTOP.INI [3/20/2004 10:58:38 AM]
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [10/20/2005 1:04:08 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [10/4/2004 1:12:18 AM]
DESKTOP.INI [3/20/2004 10:58:38 AM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2/19/2006 4:21:22 AM]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [12/17/2002 5:23:32 PM]
SysTray.lnk - C:\WINDOWS\Installer\{8F156C85-23F2-4F13-89A6-B0B286D1B4CD}\NewShortcut1_5221CCAB553E4E63B6FD56674A376D04_1.exe [10/13/2005 11:51:23 AM]
TabUserW.exe.lnk - C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe [11/22/2007 11:15:40 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{35B2861B-2B26-4691-9FF0-09083722C736}"= C:\WINDOWS\system32\RadExe.dll [02/02/2005 05:58 AM 212992]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2008-04-10 17:40:32 ------------
  • 0

#7
d_Oregon
Posted 10 April 2008 - 07:44 PM

d_Oregon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Oh, %$^#!!! The trojan/worm/virus/rootkit/whatever seems to have jumped via the thumb drive to my other computer! And it's my work computer (law practice) on which all my business data resides. I have data backups, but I NEED that computer every day. I can't believe I broke the NO. 1 rule: don't ever mix and match business and personal computers.

So now I can't DL programs to fix either of those computers. I am now using a second personal computer, but I don't want to do the same d___ thing with the thumb drive and infect this one too.

I don't know what to do, now. Continue disinfecting the first machine, switch to the work machine (which is WAY more important) or what. And I don't know how to continue with either, given the fact that the thumb drive can carry the infection.

<freaking out>

d
  • 0

#8
RatHat
Posted 10 April 2008 - 07:53 PM

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Well as you can see, srosa, the main sign of bagle is coming back in but as yet I haven't been able to see what is respawning it, so I would like you to run two powerful scans so that I can have a deep look inside the computer.

Firstly though, lets clean out all your temp files:

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

For Technical Support, double-click the e-mail address located at the bottom of each menu.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Scan Number 1:

Download to your Desktop:- ISeeYouXP by ShadowPuterDude

Double-click ISeeYouXP.exe, ISeeYouXp will be extracted to C:\ISeeYouXP.

Using Windows Explorer (right click the Start button and select Explore to open Windows Explorer) navigate to C:\ISeeYouXP and locate: ISeeYouXP.bat

Double-click to run the script. When complete attach the log in your next reply.

Possible Error Messages
  • If your ISeeYouXP.txt log appears to be empty or semi-empty or you get an error message similar to the below when running ISeeYouXP.bat and you are running Windows XP or Windows 2000, follow the steps further down that relate to your OS
    C:\WINDOWS\SYSTEM32\AUTOEXEC.NT. The system file is not suitable for running MS-DOS and Microsoft Window applications.

    To fix the above error message, choose the download below which is appropriate for your system
    • For Windows XP Pro: download and run: XPproFix
    • For Windows XP Home: download and run: XPHomeFix
    • For Windows 2000: download and run: W2KFix
    Then run ISeeYouXP.bat again and attach the log.
  • A possible second type of error message may occur as shown in the quote box below! If you get either of these two messages, perform the Resolution steps given in this: Virtual Device Driver Error Message in 16-Bit MS-DOS Subsystem
16 bit MS-DOS Subsystem
drive:\program path
XXXX. An installable Virtual Device Driver failed DLL initialization. Choose 'Close' to terminate the application.

-or-

16 bit MS-DOS Subsystem
drive:\program path
SYSTEM\CurrentControlSet\Control\VirtualDeviceDrivers. VDD. Virtual Device Driver format in the registry is invalid. Choose 'Close' to terminate the application.

After attempting to fix the above errors, run ISeeYouXP.bat and attach the log in your next reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Scan Number 2:

Download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program.
  • Check the box that says Scan All User Accounts
  • Check the box that says Include MD5
  • Check the Radio buttons for Files/Folders Created Within 90 Days and Files/Folders Modified Within 90 Days
  • Check the Radio button under Drivers for Non Microsoft
  • Check the radio button under Rootkit Search for Yes
  • Under Additional Scans check the following:
    • Reg - Approved Shell Extensions
    • Reg - BotCheck
    • Reg - File Associations
    • Reg - Safeboot Options
    • Reg - Shell Spawning
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Please attach both logs in your next post.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

Now if either of these two files are too big to attach, please zip the file then try to attach it.

Regards,
RatHat
  • 0

#9
RatHat
Posted 10 April 2008 - 07:58 PM

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Do you have the renamed Combo-fix on the work computer?

If so, run it now and post me the log.

Regards,
RatHat
  • 0

#10
d_Oregon
Posted 10 April 2008 - 08:02 PM

d_Oregon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
I do and I can run it, but I don't know how to post it. The infection took down my internet connection and I disconnected the machine physically from the network so that the infection goes no further. So, once I run the scan, I can't upload it to geekstogo.

Any suggestion?
  • 0

Advertisements

#11
RatHat
Posted 10 April 2008 - 08:06 PM

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Do you have a CD RW disk that you can burn the log to?

If so burn the log onto it, then use that to transfer it across to the other computer, but do right click on the CD drive when you put it in and check it with you AV.
  • 0

#12
d_Oregon
Posted 10 April 2008 - 08:22 PM

d_Oregon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
OK, will do. And I'll run DSS as well. But should we start a separate thread for this second machine, to avoid confusion about which machine we're dealing with?

UPDATE: I think ComboFix is hung. On restart, I got prompts for my DELL Resource CD for some reason. I used it but the app did not seem to get what it wanted.

I realized that I never did the recovery console process on this second machine. Maybe I need to do that and then run ComboFix again? I have not yet closed the CF DOS window, but I think I'll need to.

Edited by d_Oregon, 10 April 2008 - 08:30 PM.

  • 0

#13
RatHat
Posted 10 April 2008 - 08:31 PM

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
No lets keep it in this thread, and just deal with the work computer to start with.

Also run the two scans, ISeeYouXP and OTScanIt as I outlined earlier, and attach those logs.

Now is there another computer you can use for work until we get this fixed? Explain to your firm, that bagle is an email worm, that is extremely difficult to remove, but that you are having the machine looked at. If we are lucky, we will catch this one before it gets too deeply rooted and clean it quite fast (fingers crossed).
  • 0

#14
d_Oregon
Posted 10 April 2008 - 08:36 PM

d_Oregon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Work Machine: ComboFix did finish. I'm now running DSS and will post both logs after I burn a disk. Regarding those new scans, do you mean that want me to run those on the work PC? I'm going to DL the new apps and burn them to a CD.

Edited by d_Oregon, 10 April 2008 - 08:40 PM.

  • 0

#15
d_Oregon
Posted 10 April 2008 - 08:45 PM

d_Oregon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Okay, from my work PC:

CF Log:

ComboFix 08-04-09.9 - David Olsson 2008-04-10 19:06:11.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.584 [GMT -7:00]
Running from: F:\Combo-Fix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
TimedOut: progfile.dat

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\cfx32.ocx
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\regsvr.exe

----- BITS: Possible infected sites -----

hxxp://slashdot.org
hxxp://images.slashdot.org
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SROSA
-------\Service_m_hook


((((((((((((((((((((((((( Files Created from 2008-03-11 to 2008-04-11 )))))))))))))))))))))))))))))))
.

2008-04-10 18:09 . 2006-05-26 02:01 688,128 --ah----- C:\WINDOWS\system32\drivers\mdelk.exe
2008-04-10 17:44 . 2008-04-10 17:44 <DIR> d-------- C:\WINDOWS\system32\drivers\downld
2008-04-08 08:25 . 2008-04-08 08:25 <DIR> d-------- C:\Documents and Settings\David Olsson\Application Data\Runaware
2008-04-08 08:25 . 2008-04-08 08:25 <DIR> d-------- C:\Documents and Settings\David Olsson\Application Data\ICAClient
2008-03-27 14:07 . 2008-03-27 14:08 96,577 --a------ C:\WINDOWS\hpqins16.dat
2008-03-27 10:15 . 2008-03-27 11:49 <DIR> d-------- C:\Documents and Settings\David Olsson\Application Data\Download Manager
2008-03-26 15:04 . 2008-03-26 15:04 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-26 15:04 . 2008-03-26 15:04 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-26 11:29 . 2008-03-26 11:29 <DIR> d-------- C:\Program Files\Common Files\Vbox
2008-03-26 11:28 . 2003-11-11 19:55 9,856 --a------ C:\WINDOWS\system32\drivers\pfc.sys
2008-03-26 11:15 . 2008-03-26 11:16 <DIR> d-------- C:\Program Files\Astonsoft
2008-03-26 11:15 . 2008-03-26 11:16 <DIR> d-------- C:\Documents and Settings\David Olsson\Application Data\DeepBurner
2008-03-24 16:06 . 2008-03-24 16:07 <DIR> d-------- C:\Program Files\Common Files\HP
2008-03-24 16:04 . 2008-03-24 16:05 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-03-24 16:03 . 2004-10-01 08:01 139,345 --a------ C:\WINDOWS\system32\hpzlnt12.dll
2008-03-24 16:02 . 2008-03-24 16:02 687 --a------ C:\WINDOWS\hpntwksetup.ini
2008-03-24 15:53 . 2008-03-24 16:09 68,937 --a------ C:\WINDOWS\hpoins05.dat
2008-03-24 15:53 . 2004-12-15 00:39 19,696 --------- C:\WINDOWS\hpomdl05.dat
2008-03-24 14:17 . 2007-03-10 10:11 2,680,320 --a------ C:\WINDOWS\system32\ImageEnXlibrary.ocx
2008-03-24 13:41 . 2008-03-24 15:52 <DIR> d-------- C:\TEMP\HP_WebRelease

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-11 02:22 --------- d-----w C:\Program Files\IDrive
2008-04-11 01:35 --------- d-----w C:\Program Files\Password Safe
2008-04-11 01:15 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-04-09 16:56 --------- d-----w C:\Program Files\Hijack This
2008-03-27 22:30 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-27 21:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-24 23:05 --------- d-----w C:\Program Files\HP
2008-03-17 20:00 --------- d-----w C:\Program Files\pdf995
2008-03-17 19:42 --------- d-----w C:\Program Files\Timeslips by Sage 2007 Trial Version
2008-03-09 19:02 --------- d-----w C:\Program Files\Java
2008-03-04 19:47 --------- d-----w C:\Program Files\Intuit
2008-01-17 20:09 1,788 ----a-w C:\WINDOWS\Fonts\HVCDO___.PFM
2008-01-17 20:09 1,780 ----a-w C:\WINDOWS\Fonts\HVC_____.PFM
2007-10-07 20:19 34,368 ----a-w C:\Program Files\MCj04244600000[1].wmf
2006-10-07 01:27 8 --sha-r C:\WINDOWS\system32\D2178F15B2.sys
2006-10-21 03:08 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2006-07-16 19:29 389120]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2006-05-26 02:01 688128]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2006-12-06 14:40 1294336]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24 1694208]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]
"IDriveE Startup"="C:\Program Files\IDrive\IDrvieEStartup.exe" [2007-11-29 18:02 194000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2006-05-03 03:12 98304]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 08:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 08:44 81920]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 03:20 122940]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2008-04-10 19:08 81990]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2008-04-10 19:08 135224]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-10-07 06:53 185784]
"SigmatelSysTrayApp"="stsystra.exe" [2006-08-15 07:38 282624 C:\WINDOWS\stsystra.exe]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 13:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 13:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 13:22 86016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 10:19 15872]
"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe" [2005-11-28 15:02 988701]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2005-11-28 15:02 118784]
"Comodo Firewall"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-02-07 10:24 1115728]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-14 15:03 155648]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 16:49 49152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 03:00 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-04 01:12:18 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 20:28:24 258048]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 20:50:52 53248]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-01-22 12:21:00 815104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-09-28 12:22 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2006-10-19 10:12 258048 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R2 AdobeActiveFileMonitor;Adobe Active File Monitor;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-04 04:47]
R2 IDriveE Service;IDriveE Service;"C:\Program Files\IDrive\IDriveE Service.exe" [2007-12-19 15:41]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-04 03:40]
R2 TSScheduleBackup;TimeslipsBackup;C:\WINDOWS\system32\TSSchBkpService.exe [2006-02-02 16:42]
S1 srosa;Megadrv3;C:\WINDOWS\system32\drivers\srosa.sys []
S3 DarkSpy;DarkSpy;C:\WINDOWS\system32\DarkSpyKernel.sys []
S3 f6cB5;f6cB5;C:\DOCUME~1\DAVIDO~1\LOCALS~1\Temp\f6cB5.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{08cde423-53d9-11db-8655-806d6172696f}]
\Shell\AutoRun\command - D:\autoRcd.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-04-10 17:00:00 C:\WINDOWS\Tasks\ABF OB backup.job"
- C:\Program Files\ABF Outlook Backup\abfOutlookBackup.exe|b
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-10 19:21:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Unlocker\UnlockerHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\IDrive\ClsIdle.exe
C:\Program Files\IDrive\IDriveETray.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Password Safe\pwsafe.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\IDrive\IDriveEBackground.exe
C:\WINDOWS\system32\HPZinw12.exe
.
**************************************************************************
.
Completion time: 2008-04-10 19:32:17 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-11 02:32:12
Pre-Run: 43,379,298,304 bytes free
Post-Run: 44,975,431,680 bytes free


DSS Main Log:

Deckard's System Scanner v20071014.68
Run by David Olsson on 2008-04-10 19:33:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
78: 2008-04-11 02:33:48 UTC - RP418 - Deckard's System Scanner Restore Point
77: 2008-04-11 02:05:37 UTC - RP417 - ComboFix created restore point
76: 2008-04-10 16:41:56 UTC - RP416 - System Checkpoint
75: 2008-04-09 15:45:14 UTC - RP415 - System Checkpoint
74: 2008-04-08 15:25:14 UTC - RP414 - Installed TestDrive Client.


-- First Restore Point --
1: 2008-01-14 23:33:16 UTC - RP341 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-10 19:35:09
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\IDrive\IDriveE Service.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\TSSchBkpService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Comodo\Firewall\cpf.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\IDrive\ClsIdle.exe
C:\Program Files\IDrive\IDriveETray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Password Safe\pwsafe.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\IDrive\IDriveEBackground.exe
C:\WINDOWS\system32\HPZinw12.exe
C:\WINDOWS\explorer.exe
F:\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.goappeals.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0060921
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: DeskBandHelper Class - {9E0B5480-4FF0-4FEE-818B-D4DB0F220D64} - C:\Program Files\LexisNexis\PClaw\PLIETool.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O3 - Toolbar: (no name) - - (no file)
O3 - Toolbar: PCLaw Web Timer - {0E1230F8-EA50-42A9-983C-D22ABC2EED4B} - C:\Program Files\LexisNexis\PClaw\PLIETool.dll
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Comodo Firewall] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [IDriveE Startup] "C:\Program Files\IDrive\IDrvieEStartup.exe" Hide
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: E-mail.lnk = ?
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: Password Safe.lnk = C:\Program Files\Password Safe\pwsafe.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {91d9cee5-3906-40f7-b51a-9b013b59c826} - C:\Program Files\LexisNexis\PClaw\PLIETool.dll
O9 - Extra 'Tools' menuitem: PCLaw Web Timer Help - {91d9cee5-3906-40f7-b51a-9b013b59c826} - C:\Program Files\LexisNexis\PClaw\PLIETool.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {9d2169e0-0775-4080-9b4e-90fce9945b4a} - C:\Program Files\LexisNexis\PClaw\PLIETool.dll
O9 - Extra 'Tools' menuitem: PCLaw Web Timer - {9d2169e0-0775-4080-9b4e-90fce9945b4a} - C:\Program Files\LexisNexis\PClaw\PLIETool.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www3.valic.com (HKCU)
O16 - DPF: PLUpdate () - http://www.pclaw.com/PLUpdate.cab
O16 - DPF: Web-Based Email Tools () - http://email.secures...et/Download.CAB
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.micros...tes/ieawsdc.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} () - http://h30155.www3.h...llMgr_v01_5.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1168112709250
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} () - http://h20270.www2.h...ctDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1168112702734
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://thomsonelite...bex/ieatgpc.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.aka...vex-2.2.1.6.cab
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IDriveE Service - Pro Softnet Corporation - C:\Program Files\IDrive\IDriveE Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: QuickBooksDB - Intuit, Inc. - C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe
O23 - Service: TimeslipsBackup (TSScheduleBackup) - Unknown owner - C:\WINDOWS\system32\TSSchBkpService.exe


--
End of file - 13310 bytes

-- HijackThis Fixed Entries (C:\Program Files\Hijack This\backups\) ------------

backup-20070109-133419-254 O4 - HKCU\..\Run: [hldrrr] C:\WINDOWS\system32\hldrrr.exe
backup-20070109-133419-399 O4 - HKLM\..\Run: [hldrrr] C:\WINDOWS\system32\hldrrr.exe

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 snapman (Acronis Snapshots Manager) - c:\windows\system32\drivers\snapman.sys <Not Verified; Acronis; Acronis Snapshot API>
R0 timounter (Acronis TrueImage Backup Archive Explorer) - c:\windows\system32\drivers\timntr.sys <Not Verified; Acronis; Acronis True Image>
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R2 tifsfilter (Acronis TrueImage FS Filter) - c:\windows\system32\drivers\tifsfilt.sys <Not Verified; Acronis; TrueImage>
R3 catchme - c:\docume~1\davido~1\locals~1\temp\catchme.sys (file missing)
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S0 cercsr6 - c:\windows\system32\drivers\cercsr6.sys <Not Verified; Adaptec, Inc.; Dell RAID Controller>
S0 Inspect (Comodo Network Engine) - c:\windows\system32\drivers\inspect.sys (file missing)
S1 srosa (Megadrv3) - c:\windows\system32\drivers\srosa.sys (file missing)
S3 DarkSpy - c:\windows\system32\darkspykernel.sys (file missing)
S3 DSproct - c:\program files\dell support\gtaction\triggers\dsproct.sys <Not Verified; GTek Technologies Ltd.; processt>
S3 f6cB5 - c:\docume~1\davido~1\locals~1\temp\f6cb5.sys (file missing)
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AcrSch2Svc (Acronis Scheduler2 Service) - "c:\program files\common files\acronis\schedule2\schedul2.exe" <Not Verified; Acronis; Acronis Scheduler 2>
R2 AdobeActiveFileMonitor (Adobe Active File Monitor) - c:\program files\adobe\photoshop elements 3.0\photoshopelementsfileagent.exe
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 PhotoshopElementsDeviceConnect (Photoshop Elements Device Connect) - c:\program files\adobe\photoshop elements 3.0\photoshopelementsdeviceconnect.exe
R2 QuickBooksDB - c:\progra~1\intuit\quickb~1\qbdbmgrn.exe -hvquickbooksdb <Not Verified; Intuit, Inc.; QuickBooks Database Manager>
R2 TSScheduleBackup (TimeslipsBackup) - c:\windows\system32\tsschbkpservice.exe

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S4 McAfeeFramework (McAfee Framework Service) - c:\program files\network associates\common framework\frameworkservice.exe /servicestart <Not Verified; Network Associates, Inc.; McAfee Common Framework>
S4 McTaskManager (Network Associates Task Manager) - "c:\program files\network associates\virusscan\vstskmgr.exe" <Not Verified; Network Associates, Inc.; VirusScan Enterprise>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-10 10:00:00 602 --a------ C:\WINDOWS\Tasks\ABF OB backup.job


-- Files created between 2008-03-10 and 2008-04-10 -----------------------------

2008-04-10 19:24:35 0 d-------- C:\WINDOWS\system32\vmm32
2008-04-10 19:04:21 68096 --a------ C:\WINDOWS\zip.exe
2008-04-10 19:04:21 49152 --a------ C:\WINDOWS\VFind.exe
2008-04-10 19:04:21 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-10 19:04:21 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-10 19:04:21 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-10 19:04:21 98816 --a------ C:\WINDOWS\sed.exe
2008-04-10 19:04:21 80412 --a------ C:\WINDOWS\grep.exe
2008-04-10 19:04:21 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-04-10 18:09:35 688128 --ah----- C:\WINDOWS\system32\drivers\mdelk.exe
2008-04-10 17:44:33 0 d-------- C:\WINDOWS\system32\drivers\downld
2008-04-08 08:25:23 0 d-------- C:\Documents and Settings\David Olsson\Application Data\ICAClient
2008-04-08 08:25:16 0 d-------- C:\Documents and Settings\David Olsson\Application Data\Runaware
2008-03-27 14:07:54 96577 --a------ C:\WINDOWS\hpqins16.dat
2008-03-27 10:15:41 0 d-------- C:\Documents and Settings\David Olsson\Application Data\Download Manager
2008-03-26 11:29:10 0 d-------- C:\Program Files\Common Files\Vbox
2008-03-26 11:28:51 9856 --a------ C:\WINDOWS\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
2008-03-26 11:15:46 0 d-------- C:\Documents and Settings\David Olsson\Application Data\DeepBurner
2008-03-26 11:15:00 0 d-------- C:\Program Files\Astonsoft
2008-03-24 16:06:38 0 d-------- C:\Program Files\Common Files\HP
2008-03-24 16:04:41 0 d-------- C:\Program Files\Hewlett-Packard
2008-03-24 15:53:06 19696 -----n--- C:\WINDOWS\hpomdl05.dat
2008-03-24 15:53:06 68937 --a------ C:\WINDOWS\hpoins05.dat
2008-03-17 15:26:26 0 d-------- C:\WINDOWS\pss


-- Find3M Report ---------------------------------------------------------------

2008-04-10 19:23:38 0 d-------- C:\Program Files\Dell
2008-04-10 19:22:30 0 d-------- C:\Program Files\Password Safe
2008-04-10 19:22:01 0 d-------- C:\Program Files\IDrive
2008-04-10 18:15:05 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-04-09 09:56:38 0 d-------- C:\Program Files\Hijack This
2008-03-27 15:30:01 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-27 15:28:03 0 d-------- C:\Documents and Settings\David Olsson\Application Data\Adobe
2008-03-27 14:27:11 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-26 11:29:10 0 d-------- C:\Program Files\Common Files
2008-03-24 16:05:05 0 d-------- C:\Program Files\HP
2008-03-17 13:00:27 0 d-------- C:\Program Files\pdf995
2008-03-17 12:42:41 0 d-------- C:\Program Files\Timeslips by Sage 2007 Trial Version
2008-03-09 12:02:05 0 d-------- C:\Program Files\Java
2008-03-04 12:47:39 0 d-------- C:\Program Files\Intuit


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [05/03/2006 03:12 AM]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [06/10/2005 08:44 AM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [06/10/2005 08:44 AM]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [09/08/2005 03:20 AM]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [04/10/2008 07:08 PM]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [04/10/2008 07:08 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [10/07/2006 06:53 AM]
"SigmatelSysTrayApp"="stsystra.exe" [08/15/2006 07:38 AM C:\WINDOWS\stsystra.exe]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/22/2006 01:22 PM]
"nwiz"="nwiz.exe" [10/22/2006 01:22 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [10/22/2006 01:22 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 05:25 AM]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [09/07/2006 10:19 AM]
"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe" [11/28/2005 03:02 PM]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [11/28/2005 03:02 PM]
"Comodo Firewall"="C:\Program Files\Comodo\Firewall\CPF.exe" [02/07/2007 10:24 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [12/14/2007 03:03 PM]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [09/13/2004 04:49 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [07/16/2006 07:29 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:00 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [05/26/2006 02:01 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [12/06/2006 02:40 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 09:24 AM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 05:45 PM]
"IDriveE Startup"="C:\Program Files\IDrive\IDrvieEStartup.exe" [11/29/2007 06:02 PM]

C:\Documents and Settings\David Olsson\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [10/4/2004 1:12:18 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [09/28/2006 12:22 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 10/19/2006 10:12 AM 258048 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 relog_ap


-- End of Deckard's System Scanner: finished at 2008-04-10 19:35:28 ------------


DSS Extra Log:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 Processor 3200+
Percentage of Memory in Use: 46%
Physical Memory (total/avail): 958.42 MiB / 509.91 MiB
Pagefile Memory (total/avail): 2314.11 MiB / 1988.75 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1939.56 MiB

C: is Fixed (NTFS) - 71.26 GiB total, 41.86 GiB free.
D: is CDROM (CDFS)
F: is Removable (FAT)

\\.\PHYSICALDRIVE0 - WDC WD800JD-75MSA3 - 74.5 GiB - 3 partitions
\PARTITION0 - Unknown - 39.19 MiB
\PARTITION1 (bootable) - Installable File System - 71.26 GiB - C:
\PARTITION2 - Unknown - 3.19 GiB

\\.\PHYSICALDRIVE1 - Simple Flash Disk 2.0 USB Device - 988.37 MiB - 1 partition
\PARTITION0 (bootable) - MS-DOS V4 Huge - 994.98 MiB - F:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: COMODO Firewall Pro v2.3.035 (COMODO)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"="C:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe:*:Enabled:QuickBooks 2006 Data Manager"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Disabled:HP Digital Imaging Monitor"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Disabled:HP AiO Fax Manager"
"C:\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"="C:\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe:*:Enabled:Dreamweaver MX"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:HP CUE-Scanning Flow Component"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\David Olsson\Application Data
ASLOGDIR=C:\Program Files\Intuit\QuickBooks 2006\
CLASSPATH=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=GOAPPEALSDCO
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\David Olsson
LOGONSERVER=\\GOAPPEALSDCO
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Common Files\Adobe\AGL
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 79 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4f02
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\DAVIDO~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\DAVIDO~1\LOCALS~1\Temp
USERDOMAIN=GOAPPEALSDCO
USERNAME=David Olsson
USERPROFILE=C:\Documents and Settings\David Olsson
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

David Olsson (admin)
QBDataServiceUser
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> MsiExec.exe /I{5B782FFA-6A95-480D-8E0A-0954A14693D6}
--> MsiExec.exe /I{688A3383-3CE7-4094-9188-9C39D1E4FCB6}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABF Outlook Backup --> "C:\Program Files\ABF Outlook Backup\Uninstall.exe" "C:\Program Files\ABF Outlook Backup\install.log"
Able2Extract v4.0 --> C:\Program Files\PDF Converter\Uninstal.exe
Acronis True Image --> MsiExec.exe /X{CA83357B-931E-44DC-AD43-9996FEEB8116}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge 1.0 --> MsiExec.exe /I{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color Common Settings --> C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings --> MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5102}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Encore DVD 2.0 --> msiexec /I {2ECE7ECE-D15B-4999-8B8D-01C998F489D5}
Adobe ExtendScript Toolkit 2 --> C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{77D2A9D3-5800-43E3-B274-87841BC87DB2}
Adobe Flash CS3 --> MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash CS3 Professional --> C:\Program Files\Common Files\Adobe\Installers\c3c7fe8b09d497ab2b3fd91c9353390\Setup.exe
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
Adobe Flash Player 9 Plugin --> MsiExec.exe /X{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}
Adobe Flash Video Encoder --> MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Center 2.1 --> MsiExec.exe /I{25569723-DC5A-4467-A639-79535BF01B71}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe InDesign CS2 --> msiexec /I{7F4C8163-F259-49A0-A018-2857A90578BC}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop Elements 3.0 --> MsiExec.exe /I{851C67EF-068A-4060-9EF5-2E3DDCD68382}
Adobe Premiere Pro CS3 --> C:\Program Files\Common Files\Adobe\Installers\32fdd767b4383606e8168e834af5d90\Setup.exe
Adobe Premiere Pro CS3 --> MsiExec.exe /I{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}
Adobe Premiere Pro CS3 Functional Content --> MsiExec.exe /I{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Setup --> MsiExec.exe /I{2274624C-5B38-41AD-AD27-CEC0924EB628}
Adobe Setup --> MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup --> MsiExec.exe /I{8AE03988-8C8C-40EE-BDC7-76781BEF1B1D}
Adobe Setup --> MsiExec.exe /I{BB81360F-041C-4CF7-B15E-71380D154244}
Adobe Setup --> MsiExec.exe /I{FFC1ADE3-944B-4231-894E-3903C37271D2}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1437-443D-B06E-79A00FE45110}
Adobe Stock Photos CS3 --> C:\Program Files\Common Files\Adobe\Installers\cbb2ea61da9c780bd7e47a5230a9ed7\Setup.exe
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP DVA Panels CS3 --> MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
Adobe XMP Panels CS3 --> MsiExec.exe /I{D5A31AB1-345D-47C7-A87B-036A669F6DF1}
AOLIcon --> MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Broadcom Management Programs --> MsiExec.exe /I{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Comodo Firewall --> C:\Program Files\Comodo\Firewall\fwconfig.exe -uninstalln
Corel Photo Album 6 --> MsiExec.exe /X{8A9B8148-DDD7-448F-BD6C-358386D32354}
Dell CinePlayer --> MsiExec.exe /I{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}
Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Game Console --> "C:\Program Files\WildTangent\Apps\Dell Game Console\Uninstall.exe"
Dell Resource CD --> MsiExec.exe /X{FCD9CD52-7222-4672-94A0-A722BA702FD0}
Dell Support 3.2 --> MsiExec.exe /X{3846E811-639D-4DE1-844B-30491C0A6C0C}
Digital Content Portal --> MsiExec.exe /I{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}
Documentation & Support Launcher --> MsiExec.exe /X{B0DF58A2-40DF-4465-AA56-38623EC9938C}
EarthLink setup files --> MsiExec.exe /X{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}
EducateU --> MsiExec.exe /I{A683A2C0-821C-486F-858C-FA634DB5E864}
ELIcon --> MsiExec.exe /I{4667B940-BB01-428B-986E-A0CC46497BF7}
ERUNT 1.1j --> "C:\Program Files\ERUNT\unins000.exe"
Excel to QIF Converter --> C:\WINDOWS\Excel to QIF Converter Uninstaller.exe
Games, Music, & Photos Launcher --> MsiExec.exe /X{B6884A07-0305-47AE-9969-8F26FADC17DE}
Get High Speed Internet! --> MsiExec.exe /I{7A3F0566-5E05-4919-9C98-456F6B5CF831}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
HijackThis 1.99.1 --> C:\Program Files\Hijack This\HijackThis.exe /uninstall
HP Image Zone 4.7 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 4.7 --> "C:\Program Files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup\hpzscr01.exe" -datfile hposcr05.dat
HP Software Update --> MsiExec.exe /X{64FC0C98-B035-4530-B15D-3D30610B6DF1}
IDrive version 2.0.9 January 05 2007 --> "C:\Program Files\IDrive\unins000.exe"
InBooklet for InDesign CS2 --> C:\WINDOWS\un

Edited by d_Oregon, 10 April 2008 - 08:57 PM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP