HI
Thanks for the response, I have run scan and pasted the contents below, although at first I did try and paste both scans, the second one did not copy all of the text in my reply so it is attached, hope this is ok
thanks for your help
Wilma
Deckard's System Scanner v20071014.68
Run by Wilma Montgomery on 2008-05-14 07:27:49
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
37: 2008-05-14 06:27:55 UTC - RP926 - Deckard's System Scanner Restore Point
36: 2008-05-13 21:14:18 UTC - RP925 - System Checkpoint
35: 2008-05-12 21:08:30 UTC - RP924 - System Checkpoint
34: 2008-05-11 20:34:55 UTC - RP923 - Removed Windows Live Messenger
33: 2008-05-11 20:29:14 UTC - RP922 - Installed Windows Live Messenger
-- First Restore Point --
1: 2008-04-19 17:15:06 UTC - RP890 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Wilma Montgomery.exe) ------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:30:26, on 14/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\F-SECU~1\backweb\1245240\Program\SERVIC~1.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\backweb\1245240\program\fsbwsys.exe
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Advanced Registry Doctor\RegManServ.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsrw.exe
C:\Program Files\F-Secure Internet Security\FSPC\fspc.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\Program Files\TalkTalk\bin\sprtcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\GalleryPlayer\Player\GPClientMonitor.exe
C:\Program Files\GalleryPlayer\Player\GPDownloadManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\F-Secure Internet Security\FSPC\fshttps\fshttps.exe
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\PROGRA~1\F-SECU~1\ANTI-S~1\fsaw.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\F-Secure Internet Security\backweb\1245240\Program\fspex.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Wilma Montgomery\Local Settings\Temporary Internet Files\Content.IE5\9UZJCYEK\dss[1].exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Wilma Montgomery.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.msn.co.uk/R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.msn.co.uk/O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0C18666D-5ABD-4C46-B8FB-CF3E58FB1093} - C:\WINDOWS\system32\qoMcccCT.dll (file missing)
O2 - BHO: Anonymizer Proxy - {0DB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\Program Files\Hide Real IP\ProxyNew.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: Popup Killer - {2D58DD23-2759-4C7B-9351-D68AF7D0D868} - C:\PROGRA~1\POPUPR~1\popup.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [ibmmessages] rem C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] rem "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [TalkTalk] "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P26 "EPSON Stylus DX4800 Series" /O6 "USB002" /M "Stylus DX4800"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [GPClientMonitor] C:\Program Files\GalleryPlayer\Player\GPClientMonitor.exe
O4 - HKLM\..\Run: [GPDownloadManager] C:\Program Files\GalleryPlayer\Player\GPDownloadManager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] rem "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P35 "EPSON Stylus DX4800 Series (Copy 1)" /O6 "USB003" /M "Stylus DX4800"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Anti Trojan Elite] C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ibmmessages] rem C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [crhaxskk] C:\WINDOWS\system32\fcvotkpg.exe
O4 - HKCU\..\Run: [zonxytcj] C:\WINDOWS\system32\fkdejmpo.exe
O4 - HKCU\..\Run: [palwgjvb] C:\WINDOWS\system32\jopsdmju.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKLM\..\Policies\Explorer\Run: [q9ctH6xjpj] C:\Documents and Settings\All Users\Application Data\zkbwpafu\fczgfklg.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: F-Secure 2006 OEM.lnk = C:\Program Files\F-Secure Internet Security\backweb\1245240\Program\fspex.exe
O4 - Global Startup: Image Transfer.lnk = ?
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) -
http://acs.pandasoft...s/as2stubie.cabO16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) -
http://www.superadbl...ivex/sabspx.cabO16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) -
http://support.f-sec...m/ols/fscax.cabO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: wvULFvsr - wvULFvsr.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: F-Secure 2006 OEM (BackWeb Plug-in - 1245240) - F-Secure Internet Security 2005 - C:\PROGRA~1\F-SECU~1\backweb\1245240\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Internet Security\backweb\1245240\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSPC\fshttps\fshttps.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Registry Management Service (RegManServ) - Unknown owner - C:\Program Files\Advanced Registry Doctor\RegManServ.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
--
End of file - 11269 bytes
-- File Associations -----------------------------------------------------------
.reg - regfile - shell\open\command - regedit.exe "%1" %*.scr - scrfile - shell\open\command - "%1" %*-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 ANCSQ - c:\windows\system32\drivers\ancsq.sys <Not Verified; IBM Corp.; IBM Rescue and Recovery>
R0 FSFW (F-Secure Firewall Driver) - c:\windows\system32\drivers\fsdfw.sys <Not Verified; F-Secure Corporation; F-Secure Anti-Virus Internet Shield>
R1 PCLEPCI - c:\windows\system32\drivers\pclepci.sys <Not Verified; Pinnacle Systems GmbH; PCLEPCI>
R2 EGATHDRV (IBM Access Support) - c:\windows\system32\egathdrv.sys <Not Verified; IBM Corporation; IBM eGatherer>
R2 F-Secure Filter (F-Secure File System Filter) - c:\program files\f-secure internet security\anti-virus\win2k\fsfilter.sys
R2 F-Secure Gatekeeper - c:\program files\f-secure internet security\anti-virus\win2k\fsgk.sys
R2 F-Secure Recognizer (F-Secure File System Recognizer) - c:\program files\f-secure internet security\anti-virus\win2k\fsrec.sys
R2 IBMFilter - c:\windows\system32\drivers\ibmfilter.sys <Not Verified; IBM; FFE and RRU>
R2 MASPINT - c:\windows\system32\drivers\maspint.sys <Not Verified; MicroStaff Co.,Ltd.; Aspi32 Driver for WinNT>
R2 PMEM - c:\windows\system32\drivers\pmemnt.sys <Not Verified; Microsoft Corporation; Microsoft® Windows NT Operating System>
R3 ASAPIW2K - c:\windows\system32\drivers\asapiw2k.sys <Not Verified; VOB Computersysteme GmbH; asapi>
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
S1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
S3 adiusbaw (USB ADSL WAN Adapter) - c:\windows\system32\drivers\adiusbaw.sys (file missing)
S3 ATE_PROCMON - c:\program files\anti trojan elite\atepmon.sys (file missing)
S3 iadusb (MT882) - c:\windows\system32\drivers\glauiad.sys (file missing)
S3 NPF (Netgroup Packet Filter) - c:\windows\system32\drivers\npf.sys <Not Verified; CACE Technologies; WinPcap Netgroup Packet Filter Driver>
S3 PcdrNdisuio (PCDRNDISUIO Usermode I/O Protocol) - c:\windows\system32\drivers\pcdrndisuio.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
S3 psadd (IBM PSA Access Driver) - c:\windows\system32\drivers\psadd.sys <Not Verified; IBM Corporation; SMI Driver>
S3 SABProcEnum - c:\program files\internet explorer\sabprocenum.sys (file missing)
S3 SQTECH905C (DualCamera) - c:\windows\system32\drivers\capt905c.sys <Not Verified; Service & Quality Technology.; SQ905c>
S3 usbsermpt (Motorola USB Modem Driver for MPT) - c:\windows\system32\drivers\usbsermpt.sys <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 BackWeb Plug-in - 1245240 (F-Secure 2006 OEM) - c:\progra~1\f-secu~1\backweb\1245240\program\servic~1.exe <Not Verified; F-Secure Internet Security 2005; RunnerEXE Application>
R2 fsbwsys - "c:\program files\f-secure internet security\backweb\1245240\program\fsbwsys.exe" <Not Verified; F-Secure Corp.; F-Secure BackWeb>
R2 F-Secure Gatekeeper Handler Starter (FSGKHS) - "c:\program files\f-secure internet security\anti-virus\fsgk32st.exe" <Not Verified; F-Secure Corporation; F-Secure Corp. Startup service>
R2 FSMA - "c:\program files\f-secure internet security\common\fsma32.exe" <Not Verified; F-Secure Corporation; F-Secure Management Agent>
R2 IBM Rapid Restore Ultra Service - "c:\program files\ibm\ibm rapid restore ultra\rrpcsb.exe" <Not Verified; ; rrpcsb Module>
R2 RegManServ (Registry Management Service) - c:\program files\advanced registry doctor\regmanserv.exe
R3 FSDFWD (F-Secure Anti-Virus Firewall Daemon) - "c:\program files\f-secure internet security\fwes\program\fsdfwd.exe" <Not Verified; F-Secure Corporation; F-Secure Anti-Virus Internet Shield>
R3 fshttps (F-Secure HTTP Server) - "c:\program files\f-secure internet security\fspc\fshttps\fshttps.exe" <Not Verified; F-Secure Corporation; F-Secure Parental Control>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Packet Scheduler Miniport
Device ID: ROOT\MS_PSCHEDMP\0003
Manufacturer: Microsoft
Name: MT882 #2 - Packet Scheduler Miniport
PNP Device ID: ROOT\MS_PSCHEDMP\0003
Service: PSched
-- Scheduled Tasks -------------------------------------------------------------
2008-05-14 01:00:56 544 --a----c- C:\WINDOWS\Tasks\Scheduled scanning task.job
-- Files created between 2008-04-14 and 2008-05-14 -----------------------------
2008-05-13 18:43:30 0 d-------- C:\VideoOutput
2008-05-13 18:41:27 28672 --a------ C:\WINDOWS\system32\AVEQT.dll
2008-05-13 18:41:25 0 d-------- C:\Program Files\Ultra QuickTime Converter
2008-05-10 14:26:22 0 d-------- C:\Documents and Settings\Paul\Application Data\Malwarebytes
2008-05-09 15:54:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-05-09 15:54:48 0 d-------- C:\Program Files\Google
2008-05-09 14:04:12 0 d-------- C:\Documents and Settings\Wilma Montgomery\.SunDownloadManager
2008-05-09 13:54:02 0 d-------- C:\fsaua.data
2008-05-08 20:52:17 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-08 20:52:11 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-05-08 20:52:11 0 d-------- C:\Documents and Settings\Wilma Montgomery\Application Data\SUPERAntiSpyware.com
2008-05-08 20:40:38 0 d-------- C:\Documents and Settings\Wilma Montgomery\Application Data\Malwarebytes
2008-05-08 20:40:32 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-08 20:40:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-08 20:40:19 0 d-------- C:\Program Files\Common Files\Download Manager
2008-05-08 20:25:26 0 d-------- C:\Program Files\Trend Micro
2008-04-29 20:47:04 0 d-------- C:\Program Files\Anti Trojan Elite
2008-04-21 18:06:32 0 d-------- C:\Documents and Settings\Paul\Application Data\Sun
2008-04-20 17:38:38 0 d-------- C:\Program Files\Panda Security
2008-04-20 15:49:09 0 d-------- C:\Documents and Settings\Wilma Montgomery\Application Data\PC Tools
2008-04-20 14:16:47 186197 --ahs---- C:\WINDOWS\system32\TCcccMoq.ini2
2008-04-20 14:11:18 262144 --a------ C:\Documents and Settings\Paul\ntuser.dat
2008-04-20 13:39:12 5278 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-19 18:37:22 0 d-------- C:\RegBackup
2008-04-19 18:18:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-04-19 17:36:09 0 d-------- C:\Program Files\Enigma Software Group
2008-04-19 17:19:44 0 d-------- C:\Documents and Settings\Wilma Montgomery\.housecall6.6
2008-04-19 17:00:47 0 d-------- C:\SMCLpav
2008-04-19 15:18:00 0 d-------- C:\Documents and Settings\Wilma Montgomery\Application Data\TmpRecentIcons
2008-04-19 13:50:56 180721 --ahs---- C:\WINDOWS\system32\oXaadccf.ini2
2008-04-19 13:45:11 0 d-------- C:\Documents and Settings\All Users\Application Data\zkbwpafu
2008-04-15 19:08:36 0 d-------- C:\Documents and Settings\Paul\Application Data\WinRAR
-- Find3M Report ---------------------------------------------------------------
2008-11-26 20:21:00 0 d-------- C:\Program Files\Advanced Registry Doctor
2008-05-11 22:10:44 40580 --a----c- C:\Documents and Settings\Wilma Montgomery\Application Data\wklnhst.dat
2008-05-11 21:34:59 0 d-------- C:\Program Files\MSN Messenger
2008-05-10 14:25:21 0 d-------- C:\Program Files\Business Planner v3
2008-05-09 15:55:58 0 d-------- C:\Program Files\Spyware Doctor
2008-05-08 20:51:38 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-08 20:40:19 0 d-------- C:\Program Files\Common Files
2008-04-20 17:59:14 0 d-------- C:\Documents and Settings\Wilma Montgomery\Application Data\Azureus
2008-04-20 16:49:08 0 d-------- C:\Documents and Settings\Wilma Montgomery\Application Data\Adobe
2008-04-19 15:09:20 0 d-------- C:\Program Files\PC-Doctor for Windows
2008-04-13 14:47:23 0 d-------- C:\Program Files\MSN Games
2008-04-13 12:43:38 0 d-------- C:\Program Files\MT882
2008-04-13 12:43:33 0 d-------- C:\Program Files\MT882(2)
2008-04-13 11:48:25 0 d-------- C:\Program Files\EarthLink TotalAccess
2008-04-13 11:10:41 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-13 07:37:32 0 d-------- C:\Program Files\STOPzilla!
2008-04-05 16:31:08 0 d-------- C:\Program Files\IncrediMail
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C18666D-5ABD-4C46-B8FB-CF3E58FB1093}]
C:\WINDOWS\system32\qoMcccCT.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ibmmessages"="rem C:\Program Files\IBM\Messages By IBM\ibmmessages.exe" []
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [02/09/2004 09:05]
"UpdateManager"="rem c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" []
"IBMPRC"="C:\IBMTOOLS\UTILS\ibmprc.exe" [27/04/2005 17:53]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [23/02/2005 00:37]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [23/02/2005 00:34]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [12/08/2005 22:43]
"F-Secure Manager"="C:\Program Files\F-Secure Internet Security\Common\FSM32.exe" [02/06/2005 23:37]
"F-Secure TNB"="C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" [18/07/2005 15:51]
"F-Secure Startup Wizard"="C:\Program Files\F-Secure Internet Security\FSGUI\FSSW.exe" [23/08/2005 14:38]
"TalkTalk"="C:\Program Files\TalkTalk\bin\sprtcmd.exe" [16/08/2005 08:12]
"@"="" []
"PinnacleDriverCheck"="C:\WINDOWS\system32\\PSDrvCheck.exe" [11/03/2004 00:26]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [24/04/2007 16:45]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [09/03/2007 11:09]
"EPSON Stylus DX4800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.exe" [02/02/2005 05:00]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [24/08/2007 08:00]
"GPClientMonitor"="C:\Program Files\GalleryPlayer\Player\GPClientMonitor.exe" [06/08/2007 10:59]
"GPDownloadManager"="C:\Program Files\GalleryPlayer\Player\GPDownloadManager.exe" [06/08/2007 10:59]
"SunJavaUpdateSched"="rem C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" []
"EPSON Stylus DX4800 Series (Copy 1)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.exe" [02/02/2005 05:00]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 23:16]
"Anti Trojan Elite"="C:\Program Files\Anti Trojan Elite\TJEnder.exe" []
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [10/04/2008 15:14]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ibmmessages"="rem C:\Program Files\IBM\Messages By IBM\ibmmessages.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 13:00]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [18/10/2006 21:05]
"crhaxskk"="C:\WINDOWS\system32\fcvotkpg.exe" []
"zonxytcj"="C:\WINDOWS\system32\fkdejmpo.exe" []
"palwgjvb"="C:\WINDOWS\system32\jopsdmju.exe" []
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [10/05/2008 12:07]
C:\Documents and Settings\Wilma Montgomery\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [24/08/2007 05:45:42]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
F-Secure 2006 OEM.lnk - C:\Program Files\F-Secure Internet Security\backweb\1245240\Program\fspex.exe [06/04/2006 16:55:16]
Image Transfer.lnk - C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe [07/03/2007 07:06:21]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"q9ctH6xjpj"=C:\Documents and Settings\All Users\Application Data\zkbwpafu\fczgfklg.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"=1 (0x1)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 10/05/2008 12:07 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvULFvsr]
wvULFvsr.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\qoMcccCT
"Notification Packages"= scecli pwdmon
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78fb1d66-35ee-11da-90cd-806d6172696f}]
AutoRun\command- E:\sysprep.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2e14c31-368b-11da-a2cd-806d6172696f}]
AutoRun\command- D:\sysprep.bat
-- End of Deckard's System Scanner: finished at 2008-05-14 07:31:39 -----------
Deckard.doc 70KB
69 downloads
Edited by wcmont72, 14 May 2008 - 12:54 AM.