Here are the final logs from the laptop:
DrWeb:
PopCapPluginInstaller.exe;C:\Documents and Settings\Mr. Admin\Desktop;Program.PopcapLoader.origin;Incurable.Deleted.;
A0084980.dll;C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP525;Program.PopcapLoader.origin;Incurable.Deleted.;
A0084982.exe;C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP525;Program.PopcapLoader.origin;Deleted.;
DSS main:
Deckard's System Scanner v20071014.68
Run by Mr. Admin on 2008-04-13 14:33:15
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
9: 2008-04-13 21:33:32 UTC - RP529 - Deckard's System Scanner Restore Point
8: 2008-04-13 17:14:17 UTC - RP528 - Software Distribution Service 3.0
7: 2008-04-13 16:35:57 UTC - RP527 - Removed QuickBooks
6: 2008-04-13 16:33:15 UTC - RP526 - Configured psa128max
5: 2008-04-13 16:31:44 UTC - RP525 - Removed Business Plan Pro 2005 Sample Plans
-- First Restore Point --
1: 2008-04-13 16:08:15 UTC - RP521 - Removed Autodesk Inventor 10
Backed up registry hives.
Performed disk cleanup.
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-13 14:36:24
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\SYSTEM32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\SYSTEM32\services.exe
C:\WINDOWS\SYSTEM32\lsass.exe
C:\WINDOWS\SYSTEM32\ati2evxx.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\spoolsv.exe
C:\WINDOWS\SYSTEM32\ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\LOGI_MWX.EXE
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb12.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\SM1bg.exe
C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\SYSTEM\wcdvtray.exe
C:\Program Files\Network Associates\VirusScan\shstat.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\SYSTEM32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Sony\SonicStage\SSAAD.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Palo Alto Software\8.0\PAS8_Update.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe
C:\Program Files\Apoint\ApntEx.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\SYSTEM32\cisvc.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\Tablet.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\SYSTEM32\Tablet.exe
C:\WINDOWS\SYSTEM32\fxssvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\ssu.exe
C:\WINDOWS\SYSTEM32\wuauclt.exe
C:\WINDOWS\SYSTEM32\HPZipm12.exe
C:\Documents and Settings\Mr. Admin\Desktop\dss.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dell.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.dell.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.law.uoregon.edu/students/R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = htp://www.law.uoregon.edu/students/
O1 - Hosts: 192.168.0.66 HP000D9D23724F
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: (no name) - {9A0844DB-84CF-4440-BDB1-1F4F7C4F7FB0} - (no file)
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [OWCWebCamDV] C:\WINDOWS\system\wcdvtray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = ?
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Palo Alto Software Update Manager 8.0.lnk = C:\Program Files\Common Files\Palo Alto Software\8.0\PAS8_Update.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: SysTray.lnk = ?
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe
O8 - Extra context menu item: Add to &Teleport - C:\Program Files\Teleport Pro\teleport.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MasterCook: Select Image - C:\Program Files\MasterCook 9\Web\MCIEContext.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: MasterCook Web Import Bar - {E6EF5071-7647-4E85-9785-87B6CF5CB561} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: C:\WINDOWS\SYSTEM32\nwprovau.dll
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) -
http://office.micros...ontent/opuc.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://download.macr...ash/swflash.cabO18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: AtiExtEvent - C:\WINDOWS\system32\Ati2evxx.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\SYSTEM32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\SYSTEM32\BAsfIpM.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\hpbpro.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\hpboid.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\HPZipm12.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\SYSTEM32\RadClock.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\SYSTEM32\Tablet.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\SYSTEM32\WLTRYSVC.EXE
--
End of file - 11813 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 PenClass (Pen Class) - c:\windows\system32\drivers\penclass.sys <Not Verified; Wacom Technology Corporation; Wacom Pen Class Driver>
R0 snapman (Acronis Snapshots Manager) - c:\windows\system32\drivers\snapman.sys <Not Verified; Acronis; Acronis Snapshot API>
R0 SSFS0509 (Spy Sweeper File System Filer Driver: 0509) - c:\windows\system32\drivers\ssfs0509.sys <Not Verified; Webroot Software Inc (www.webroot.com); Spy Sweeper SDK>
R0 SSHRMD (Spy Sweeper Hookrack MiniDriver) - c:\windows\system32\drivers\sshrmd.sys <Not Verified; Webroot Software Inc (www.webroot.com); Spy Sweeper SDK>
R0 SSIDRV (Spy Sweeper Interdiction Driver) - c:\windows\system32\drivers\ssidrv.sys <Not Verified; Webroot Software Inc (www.webroot.com); Spy Sweeper SDK>
R0 timounter (Acronis TrueImage Backup Archive Explorer) - c:\windows\system32\drivers\timntr.sys <Not Verified; Acronis; Acronis True Image>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Inc; OMCI Driver>
R1 PCLEPCI - c:\windows\system32\drivers\pclepci.sys <Not Verified; Pinnacle Systems GmbH; PCLEPCI>
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R2 Haspnt - c:\windows\system32\drivers\haspnt.sys <Not Verified; Aladdin Knowledge Systems; Windows NT HASP Kernel Device Driver>
R2 io.sys (IO.DLL Driver) - c:\windows\system32\drivers\io.sys
R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.7) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.9>
R2 mdmxsdk - c:\windows\system32\drivers\mdmxsdk.sys <Not Verified; Conexant; Diagnostic Interface>
R2 tifsfilter (Acronis TrueImage FS Filter) - c:\windows\system32\drivers\tifsfilt.sys <Not Verified; Acronis; TrueImage>
R2 WebCamDV (WebCamDV DV to Webcam Converter) - c:\windows\system32\drivers\webcamdv.sys <Not Verified; OrangeWare, Inc.; WebCamDV Capture Driver>
R3 ApfiltrService (Alps Touch Pad Filter Driver for Windows 2000/XP) - c:\windows\system32\drivers\apfiltr.sys <Not Verified; Alps Electric Co., Ltd.; Alps Touch Pad Driver for Windows 2000/XP>
R3 HSF_DP - c:\windows\system32\drivers\hsf_dp.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
R3 HSFHWICH - c:\windows\system32\drivers\hsfhwich.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
R3 MarvinBus (Pinnacle Marvin Bus) - c:\windows\system32\drivers\marvinbus.sys <Not Verified; Pinnacle Systems GmbH; Pinnacle Marvin Discrete>
R3 O2SCBUS (O2Micro SmartCardBus Reader) - c:\windows\system32\drivers\ozscr.sys <Not Verified; O2Micro; O2Micro © SmartCardBus Reader>
R3 RadProbe (Radeon Probe Driver) - c:\windows\system32\drivers\radprobe.sys <Not Verified; ; RadProbe>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
R3 SSKBFD (Webroot Spy Sweeper Keylogger Shield Keyboard Filter) - c:\windows\system32\drivers\sskbfd.sys <Not Verified; Webroot Software Inc (www.webroot.com); Spy Sweeper SDK>
R3 STAC97 (Audio Driver (WDM) - SigmaTel CODEC) - c:\windows\system32\drivers\stac97.sys <Not Verified; SigmaTel, Inc.; AC'97 Audio Controller with SigmaTel CODEC device driver.>
R3 WCDV_Aud (WevCamDV WDM Virtual Audio Device) - c:\windows\system32\drivers\wcdvaud.sys <Not Verified; OrangeWare, Inc.; WebCamDV Audio Driver>
R3 winachsf - c:\windows\system32\drivers\hsf_cnxt.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
S3 PalmUSBD - c:\windows\system32\drivers\palmusbd.sys (file missing)
S3 SABProcEnum - c:\progra~1\mozill~1\sabprocenum.sys (file missing)
S3 SQTECH905C (ViviCam 35) - c:\windows\system32\drivers\capt905c.sys <Not Verified; Service & Quality Technology.; SQ905c>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 AcrSch2Svc (Acronis Scheduler2 Service) - "c:\program files\common files\acronis\schedule2\schedul2.exe" <Not Verified; Acronis; Acronis Scheduler 2>
R2 AdobeActiveFileMonitor (Adobe Active File Monitor) - c:\program files\adobe\photoshop elements 3.0\photoshopelementsfileagent.exe
R2 McAfeeFramework (McAfee Framework Service) - c:\program files\network associates\common framework\frameworkservice.exe /servicestart <Not Verified; Network Associates, Inc.; McAfee Common Framework>
R2 McTaskManager (Network Associates Task Manager) - "c:\program files\network associates\virusscan\vstskmgr.exe" <Not Verified; Network Associates, Inc.; VirusScan Enterprise>
R2 PhotoshopElementsDeviceConnect (Photoshop Elements Device Connect) - c:\program files\adobe\photoshop elements 3.0\photoshopelementsdeviceconnect.exe
S2 RadClock - c:\windows\system32\radclock.exe <Not Verified; ; RadClock Module>
S3 Autodesk Licensing Service - "c:\program files\common files\autodesk shared\service\adskscsrv.exe" <Not Verified; Autodesk; Autodesk Licensing Service>
S3 HP Port Resolver - c:\windows\system32\hpbpro.exe <Not Verified; Hewlett-Packard Company; PortResolver Module>
S3 HP Status Server - c:\windows\system32\hpboid.exe <Not Verified; Hewlett-Packard Company; HP Status Server>
S4 BAsfIpM (Broadcom ASF IP monitoring service v6.0.3) - c:\windows\system32\basfipm.exe <Not Verified; Broadcom Corp.; Broadcom ASF IP monitoring service>
S4 Iap - c:\program files\dell\openmanage\client\iap.exe <Not Verified; Dell Computer Corporation; OpenManage Client Instrumentation>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom 570x Gigabit Integrated Controller
Device ID: PCI\VEN_14E4&DEV_165D&SUBSYS_865D1028&REV_01\4&39A85202&0&00F0
Manufacturer: Broadcom
Name: Broadcom 570x Gigabit Integrated Controller
PNP Device ID: PCI\VEN_14E4&DEV_165D&SUBSYS_865D1028&REV_01\4&39A85202&0&00F0
Service: b57w2k
-- Scheduled Tasks -------------------------------------------------------------
2008-01-01 08:42:15 372 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
2007-12-30 19:00:06 1288 --a------ C:\WINDOWS\Tasks\wrSpySweeper_7132DF3BC14B43AC9A43E4E550871101.job
2007-12-20 17:39:04 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
-- Files created between 2008-03-13 and 2008-04-13 -----------------------------
2008-04-13 10:56:52 0 d-------- C:\Documents and Settings\Mr. Admin\DoctorWeb <DOCTOR~1>
2008-04-13 10:45:43 0 dr-h----- C:\Documents and Settings\Mr. Admin\Recent
-- Find3M Report ---------------------------------------------------------------
2008-04-13 14:29:39 0 d-------- C:\Documents and Settings\Mr. Admin\Application Data\WTablet
2008-04-13 09:49:52 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-04-13 09:38:00 0 d-------- C:\Program Files\Common Files\Intuit
2008-04-13 09:36:41 0 d-------- C:\Program Files\Common Files
2008-04-13 09:33:30 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-13 09:30:04 0 d-------- C:\Program Files\IGC
2008-04-13 09:29:41 0 d-------- C:\Program Files\Biggly Exercise and Diet Journal
2008-04-13 09:11:16 0 d-------- C:\Program Files\Common Files\Autodesk Shared
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [02/02/2004 01:32 PM]
"Logitech Utility"="Logi_MwX.Exe" [06/30/2003 02:50 AM C:\WINDOWS\LOGI_MWX.EXE]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"AtiPTA"="atiptaxx.exe" [11/30/2004 06:10 PM C:\WINDOWS\SYSTEM32\atiptaxx.exe]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe" [06/25/2004 05:32 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [05/14/2005 12:20 AM]
"SM1BG"="C:\WINDOWS\SM1BG.EXE" [08/27/2003 02:20 PM]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [02/16/2005 11:11 PM]
"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe" [11/28/2005 02:02 PM]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [11/28/2005 02:02 PM]
"OWCWebCamDV"="C:\WINDOWS\system\wcdvtray.exe" [05/20/2004 09:59 AM]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 01:50 PM]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [09/29/2003 07:10 AM]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [04/07/2004 03:12 AM]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [08/03/2006 09:02 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [03/14/2007 03:43 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/16/2007 10:54 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [04/13/2008 09:49 AM]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [05/08/2006 05:17 AM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 04:45 PM]
C:\Documents and Settings\Mr. Admin\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [10/4/2004 1:12:18 AM]
DESKTOP.INI [3/20/2004 10:58:38 AM]
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [10/20/2005 1:04:08 PM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [10/4/2004 1:12:18 AM]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
DESKTOP.INI [3/20/2004 10:58:38 AM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [11/4/2004 7:28:24 PM]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [11/4/2004 8:50:52 PM]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2/25/2005 11:54:49 AM]
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [8/6/2003 1:23:32 PM]
Palo Alto Software Update Manager 8.0.lnk - C:\Program Files\Common Files\Palo Alto Software\8.0\PAS8_Update.exe [2/9/2005 2:50:36 PM]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [4/17/2006 2:53:20 AM]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [7/29/2003 10:49:48 PM]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [12/17/2002 5:23:32 PM]
SysTray.lnk - C:\WINDOWS\Installer\{8F156C85-23F2-4F13-89A6-B0B286D1B4CD}\NewShortcut1_5221CCAB553E4E63B6FD56674A376D04_1.exe [10/13/2005 11:51:23 AM]
TabUserW.exe.lnk - C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe [11/22/2007 11:15:40 AM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{35B2861B-2B26-4691-9FF0-09083722C736}"= C:\WINDOWS\system32\RadExe.dll [02/02/2005 05:58 AM 212992]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [01/20/2007 10:19 AM 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 04/30/2007 07:40 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 relog_ap
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
-- Hosts -----------------------------------------------------------------------
192.168.0.66 HP000D9D23724F
-- End of Deckard's System Scanner: finished at 2008-04-13 14:38:05 ------------
DSS extra attached.
Again, thank you for your help. I'll watch for final suggestions here, then you can close the thread. I plan to do frequent scans for the next few days. Once I am satisfied that the systems are stable, I'll do fresh backups of each hard drive.
D