I've pasted both files below. Thanks for the help!
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel® Pentium® 4 CPU 3.40GHz
CPU 1: Intel® Pentium® 4 CPU 3.40GHz
Percentage of Memory in Use: 58%
Physical Memory (total/avail): 511.43 MiB / 214.7 MiB
Pagefile Memory (total/avail): 1250.16 MiB / 852.05 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1926.39 MiB
C: is Fixed (NTFS) - 74.52 GiB total, 60.38 GiB free.
D: is CDROM (CDFS)
H: is Network (NTFS)
\\.\PHYSICALDRIVE0 - ST380013AS - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.52 GiB - C:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
FirstRunDisabled is set.
AV: Symantec AntiVirus Corporate Edition v10.0.1.1000 (Symantec Corporation)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\YEARGLEI\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=IRENE
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\YEARGLEI
LOGONSERVER=\\MMRNH01
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\ATI Technologies\ATI Control Panel
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\YEARGLEI\LOCALS~1\Temp
TMP=C:\DOCUME~1\YEARGLEI\LOCALS~1\Temp
USERDOMAIN=MMR
USERNAME=YEARGLEI
USERPROFILE=C:\Documents and Settings\YEARGLEI
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
YEARGLEI
(admin)Administrator
(admin)-- Add/Remove Programs ---------------------------------------------------------
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\system32\UninstIPP.isu
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{329899E1-CBBA-49BC-9FFE-199E94316727}\setup.exe" -l0x9 -removeonly
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
ArcSoft PhotoStudio 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.EXE" -l0x9
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Broadcom Management Programs --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2E086814-7392-4E0F-ADB8-54A81E47406C} /l1033
Canon CanoScan LiDE 70 User Registration --> C:\Program Files\Canon\IJEREG\CanoScan LiDE 70\UNINST.EXE
Canon CanoScan Toolbox 5.0 --> "C:\Program Files\Canon\CanoScan Toolbox Ver5.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\CanoScan Toolbox Ver5.0\uninst.ini
CanoScan LiDE 70 --> "C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2411\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2411 /L0x0009
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Form Fill (Windows Live Toolbar) --> MsiExec.exe /X{2CC0E02A-02CF-43E8-8EDF-6B7BB6BBE829}
GoToMyPC --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58F4D4FD-1814-4068-B316-C28FC776C6DD}\Setup.exe" -l0x9 AddRemovePrograms
HijackThis 2.0.2 --> "C:\Program Files\HIJACKTHIS\HijackThis.exe" /uninstall
HP Help and Support --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\SETUP.EXE" -l0x9
HP Safety and Comfort Guide --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AAC4426A-42CD-4B4E-8057-9738C96F2C8F}\SETUP.EXE" -l0x9
InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
LiveUpdate 2.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Microsoft Office Outlook 2003 --> MsiExec.exe /I{90E00409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Phishing Filter Add-in --> MsiExec.exe /X{7075B251-75E7-47C4-9E54-B7D2FEFD1DCE}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.12) --> C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
Presto! PageManager 7.15.14 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}\PMSetup.exe" -l0x9 anything -removeonly
Rhapsody Player Engine --> MsiExec.exe /I{30C2FCD0-FF7B-4FFA-8DDE-43A22E01A1E7}
ScanSoft OmniPage SE 4.0 --> MsiExec.exe /I{C1E693A4-B1D5-4DCD-B68D-2087835B7184}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.EXE"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Symantec AntiVirus --> MsiExec.exe /I{3248E093-5288-4CA9-B3AB-11A675FEA1F9}
Tabbed Browsing (Windows Live Toolbar) --> MsiExec.exe /X{7DED5635-B47C-4B0F-9AD0-8765D15FD94F}
Twain --> "C:\Program Files\Twain\Twain.exe" -uninstall
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Outlook Toolbar (Windows Live Toolbar) --> MsiExec.exe /X{6AA2FEF1-50F6-4CF9-942C-2F30759E7BF7}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live Toolbar --> C:\Program Files\Windows Live Toolbar\UnInstall.exe {73B1C023-4490-4A57-A7E1-F20268ECBE52}
Windows Live Toolbar --> MsiExec.exe /X{73B1C023-4490-4A57-A7E1-F20268ECBE52}
Windows Live Toolbar Feed Detector (Windows Live Toolbar) --> MsiExec.exe /X{62B8EDCD-D259-4281-8ECD-42029FBC9958}
Windows Live Toolbar MSN Extension (Windows Live Toolbar) --> MsiExec.exe /X{9E7E97D2-3F83-460D-9348-CE40A21E2CA6}
WinZip --> C:\PROGRA~1\WinZip\winzip32.exe /uninstall
-- Application Event Log -------------------------------------------------------
Event Record #/Type24131 / Warning
Event Submitted/Written: 04/17/2008 05:17:47 PM
Event ID/Source: 6 / Symantec AntiVirus
Event Description:
Could not scan 1 files inside C:\Program Files\Intuit\QuickBooks 2005\Atom\OESetup.exe due to extraction errors encountered by the Decomposer Engines.
Event Record #/Type24130 / Warning
Event Submitted/Written: 04/17/2008 05:14:52 PM
Event ID/Source: 6 / Symantec AntiVirus
Event Description:
Could not scan 1 files inside C:\I386\SOFTBAR.IN_ due to extraction errors encountered by the Decomposer Engines.
Event Record #/Type24129 / Warning
Event Submitted/Written: 04/17/2008 05:10:49 PM
Event ID/Source: 6 / Symantec AntiVirus
Event Description:
Could not scan 2 files inside C:\Documents and Settings\YEARGLEI\Application Data\Thunderbird\Profiles\9cg62kdw.default\Mail\Local Folders\Trash due to extraction errors encountered by the Decomposer Engines.
Event Record #/Type24128 / Warning
Event Submitted/Written: 04/17/2008 05:02:50 PM
Event ID/Source: 6 / Symantec AntiVirus
Event Description:
Could not scan 2 files inside C:\Documents and Settings\YEARGLEI\Application Data\Thunderbird\Profiles\9cg62kdw.default\Mail\Local Folders\Inbox due to extraction errors encountered by the Decomposer Engines.
Event Record #/Type24127 / Warning
Event Submitted/Written: 04/17/2008 04:55:54 PM
Event ID/Source: 6 / Symantec AntiVirus
Event Description:
Could not scan 35 files inside C:\Documents and Settings\YEARGLEI\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 04-17-2008 - 14-10-01.SBU due to extraction errors encountered by the Decomposer Engines.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type52651 / Warning
Event Submitted/Written: 04/17/2008 03:04:39 PM
Event ID/Source: 3 / Print
Event Description:
Printer GoToMyPC Printer was deleted.
Event Record #/Type52650 / Warning
Event Submitted/Written: 04/17/2008 03:04:37 PM
Event ID/Source: 4 / Print
Event Description:
Printer GoToMyPC Printer is pending deletion.
Event Record #/Type52649 / Warning
Event Submitted/Written: 04/17/2008 03:04:37 PM
Event ID/Source: 8 / Print
Event Description:
Printer GoToMyPC Printer was purged.
Event Record #/Type52648 / Error
Event Submitted/Written: 04/17/2008 02:14:19 PM
Event ID/Source: 28 / W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are accessible.
NtpClient has no source of accurate time.
Event Record #/Type52647 / Warning
Event Submitted/Written: 04/17/2008 02:14:19 PM
Event ID/Source: 13 / W32Time
Event Description:
Time Provider NtpClient: This machine is configured to use the domain hierarchy to
determine its time source, but the computer is joined to a
Windows NT 4.0 domain. Windows NT 4.0 domain controllers do not have
a time service and do not support domain hierarchy as a time source.
NtpClient will attempt to use an alternate configured external time
source if available. If an external time source is not configured
or used for this computer, you may choose to disable the NtpClient.
-- End of Deckard's System Scanner: finished at 2008-04-17 19:57:02 ------------
Deckard's System Scanner v20071014.68
Run by YEARGLEI on 2008-04-17 19:55:46
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
88: 2008-04-17 23:55:53 UTC - RP897 - Deckard's System Scanner Restore Point
87: 2008-04-17 17:42:07 UTC - RP896 - Installed SUPERAntiSpyware Free Edition
86: 2008-04-16 19:41:12 UTC - RP895 - System Checkpoint
85: 2008-04-15 17:54:53 UTC - RP894 - Installed AVG 8.0
84: 2008-04-15 17:54:04 UTC - RP893 - Removed AVG 8.0
-- First Restore Point --
1: 2008-04-15 15:30:30 UTC - RP810 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as YEARGLEI.exe) --------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:56, on 2008-04-17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\AntiSpywareMaster\asm.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Twain\Twain.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Citrix\GoToMyPC\g2mainh.exe
C:\Program Files\Citrix\GoToMyPC\g2host.exe
C:\Program Files\Citrix\GoToMyPC\g2printh.exe
C:\Program Files\Citrix\GoToMyPC\g2audioh.exe
C:\Documents and Settings\YEARGLEI\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\YEARGLEI.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://securityrespo...r/fix_homepage/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {DC5E2B2E-E7E8-41CE-A01D-0B43E714DF44} - C:\WINDOWS\system32\urqopnll.dll (file missing)
O2 - BHO: (no name) - {FB422E7B-3D5E-4D9B-84C2-91B6C888CDE2} - C:\WINDOWS\system32\wvuustqn.dll (file missing)
O2 - BHO: {fbd9edb8-7eb6-0529-6ca4-c7d5de4f8fdf} - {fdf8f4ed-5d7c-4ac6-9250-6be78bde9dbf} - C:\WINDOWS\system32\ufsevrgo.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\Citrix\GoToMyPC\g2svc.exe -logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [7cf76210] rundll32.exe "C:\WINDOWS\system32\iuslhtof.dll",b
O4 - HKLM\..\Run: [AntiSpywareMaster] C:\Program Files\AntiSpywareMaster\asm.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Wkqvjc] "C:\Program Files\Common Files\?asks\e?plorer.exe"
O4 - HKCU\..\Run: [Twain] C:\Program Files\Twain\Twain.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?68938699831a4a699f10fb42bd072f75
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?68938699831a4a699f10fb42bd072f75
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {15D6A8EA-4B6B-43E3-A542-B664939E8837} (ActiveFormIDVR Control) -
http://68.15.38.73/ActiveIDVR.ocxO16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} (QuickBooks Online Edition Utilities Class v10) -
https://accounting.q...626/qboax10.cabO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: wvuustqn - wvuustqn.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: GoToMyPC - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToMyPC\g2svc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
--
End of file - 8186 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\HIJACK~1\backups\) --------------------
backup-20050728-144529-331 O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
backup-20080414-194026-927 O4 - HKLM\..\Run: [AntiSpywareMaster] C:\Program Files\AntiSpywareMaster\asm.exe
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
S3 catchme - c:\docume~1\yearglei\locals~1\temp\catchme.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
All services whitelisted.
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: PS/2 Compatible Mouse
Device ID: ACPI\PNP0F13\4&1117367&0
Manufacturer: Microsoft
Name: PS/2 Compatible Mouse
PNP Device ID: ACPI\PNP0F13\4&1117367&0
Service: i8042prt
-- Scheduled Tasks -------------------------------------------------------------
2008-04-17 19:44:00 362 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
-- Files created between 2008-03-17 and 2008-04-17 -----------------------------
2008-04-17 13:42:23 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-17 13:42:08 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-04-17 13:42:08 0 d-------- C:\Documents and Settings\YEARGLEI\Application Data\SUPERAntiSpyware.com
2008-04-17 11:51:11 2910 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-17 11:50:38 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-17 11:50:38 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-04-17 11:50:38 82432 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-04-17 11:50:37 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-04-17 11:50:37 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-04-17 11:50:37 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-17 11:50:36 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified;
http://www.beyondlogic.org; Command Line Process Utility>
2008-04-17 09:35:23 0 d-------- C:\Program Files\Twain
2008-04-17 09:31:50 0 d-------- C:\WINDOWS\system32\xcsDd01
2008-04-15 13:19:59 0 d--h----- C:\$AVG8.VAULT$
2008-04-15 11:50:54 0 d-------- C:\Documents and Settings\YEARGLEI\Application Data\AVGTOOLBAR
2008-04-15 11:50:36 0 d-------- C:\Program Files\AVG
2008-04-15 11:50:34 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-04-15 11:26:40 0 d-------- C:\VundoFix Backups
2008-04-15 11:11:21 68096 --a------ C:\WINDOWS\zip.exe
2008-04-15 11:11:21 49152 --a------ C:\WINDOWS\VFind.exe
2008-04-15 11:11:21 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-15 11:11:21 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-15 11:11:21 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-15 11:11:21 98816 --a------ C:\WINDOWS\sed.exe
2008-04-15 11:11:21 80412 --a------ C:\WINDOWS\grep.exe
2008-04-15 11:11:21 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-04-15 10:33:08 0 dr-h----- C:\Documents and Settings\YEARGLEI\Recent
2008-04-14 16:48:51 0 d-------- C:\Program Files\AntiSpywareMaster
2008-04-14 16:45:20 0 d-------- C:\WINDOWS\system32\bharebio01
2008-03-20 09:53:48 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-03-20 09:41:52 0 d-------- C:\Documents and Settings\YEARGLEI\Application Data\Thunderbird
2008-03-19 03:01:11 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-18 09:16:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-03-18 09:11:37 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-18 09:11:28 0 d-------- C:\Program Files\Windows Live
2008-03-18 09:11:20 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
-- Find3M Report ---------------------------------------------------------------
2008-04-17 13:41:00 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-17 12:30:05 0 d-------- C:\Program Files\Common Files
2008-04-15 10:32:10 0 d-------- C:\Program Files\Compaq
2008-03-18 09:17:43 0 d-------- C:\Documents and Settings\YEARGLEI\Application Data\Adobe
2008-03-18 09:16:39 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-18 09:14:34 3348 --a------ C:\WINDOWS\mozver.dat
2008-03-18 09:10:48 0 d-------- C:\Documents and Settings\YEARGLEI\Application Data\AdobeUM
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DC5E2B2E-E7E8-41CE-A01D-0B43E714DF44}]
C:\WINDOWS\system32\urqopnll.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FB422E7B-3D5E-4D9B-84C2-91B6C888CDE2}]
C:\WINDOWS\system32\wvuustqn.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fdf8f4ed-5d7c-4ac6-9250-6be78bde9dbf}]
C:\WINDOWS\system32\ufsevrgo.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-04-22 01:10]
"SetRefresh"="C:\Program Files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 14:01]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 09:21]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-06-23 19:27]
"GoToMyPC"="C:\Program Files\Citrix\GoToMyPC\g2svc.exe" [2007-01-12 18:45]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 13:16]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 12:45]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16]
"7cf76210"="C:\WINDOWS\system32\iuslhtof.dll" []
"AntiSpywareMaster"="C:\Program Files\AntiSpywareMaster\asm.exe" [2008-04-17 09:34]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
"Wkqvjc"="C:\Program Files\Common Files\?asks\e?plorer.exe" []
"Twain"="C:\Program Files\Twain\Twain.exe" [2008-04-17 09:35]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{FB422E7B-3D5E-4D9B-84C2-91B6C888CDE2}"= C:\WINDOWS\system32\wvuustqn.dll [ ]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToMyPC]
C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll 2007-01-12 18:45 10800 C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvuustqn]
wvuustqn.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
-- End of Deckard's System Scanner: finished at 2008-04-17 19:57:02 ------------
Sign In
Create Account
