Hey KoKo - I'm jumping for joy!!! Thanks for the much needed help! Let's fix this baby~
Here is the malwarebytes log:Malwarebytes' Anti-Malware 1.12
Database version: 762
Scan type: Quick Scan
Objects scanned: 60010
Time elapsed: 12 minute(s), 48 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 4
Registry Keys Infected: 80
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 20
Files Infected: 30
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
c:\program files\common files\CPUSH\cpush.dll (Adware.Sogou) -> Unloaded module successfully.
C:\WINDOWS\system32\9ca1.dll (Adware.BHO) -> Unloaded module successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_2026.dll (Adware.Agent) -> Unloaded module successfully.
C:\WINDOWS\system32\sysloader.dll (Trojan.Agent) -> Unloaded module successfully.
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{11f09afd-75ad-4e51-ab43-e09e9351ce16} (Adware.Sogou) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11f09afd-75ad-4e51-ab43-e09e9351ce16} (Adware.Sogou) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{34a12a06-48c0-420d-8f11-73552ee9631a} (Adware.Sogou) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cde9eb54-a08e-4570-b748-13f5ddb5781c} (Adware.Sogou) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{48ab4355-243e-45d6-8e95-8623a8bd8503} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{50796047-4be9-4d51-ae4d-647bc2b24ddc} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\iehpr.invoke (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{77929b3f-50eb-449b-9982-cad99180ec0f} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77929b3f-50eb-449b-9982-cad99180ec0f} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\iehpr.invoke.1 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{7dbc6adb-5788-4fb9-aec3-b40a58ac11df} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{7dbc6adb-5788-4fb9-aec3-b40a58ac11df} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d3342887-aab1-428c-90c6-642be0b6cffe} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e6bec792-a39d-4512-aa44-41627908dc2e} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\webbrowser.browser (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{986488af-13d5-9ddf-4fef-9fb88698cfc1} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{986488af-13d5-9ddf-4fef-9fb88698cfc1} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\webbrowser.browser.1 (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ffb3d068-f8da-4370-a71e-83b1c959cdd6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1003154e-bc6e-42e6-b92b-d7db20195a81} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{134b9dcf-255b-44b5-ba77-93a185d8b159} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{06926b30-424e-4f1c-8ee3-543cd96573dc} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{ee60714f-ac17-427e-861a-fd60cbdf119a} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0ad3ab16-6d0e-4f04-8660-fb1f36bc2dc0} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2f685b36-c53a-4653-9231-1dae5736de45} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{50c4cdd9-22d7-49ff-ac6d-7d4d528a3ab2} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{de2267bd-b163-407f-9e8d-6adec771e7ab} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\newcocomediaspop.popcoco (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\newcocomediaspop.popcoco.1 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\newcocomediazpop.popcoco (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\newcocomediazpop.popcoco.1 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\newadpopup.toolbardetector (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\newadpopup.toolbardetector.1 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\nevzpuopopzad.allogc (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\nevzpuopopzad.allogc.1 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\nevzpuopupzad.amlogc (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\nevzpuopupzad.amlogc.1 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\newadspushor.bslogic (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\newadspushor.bslogic.1 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\newadvertpup.bvlogic (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\newadvertpup.bvlogic.1 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\newadvspup.btlogic (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\newadvspup.btlogic.1 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\newdpoupopsad.aologc (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\newdpoupopsad.aologc.1 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\newsadvpusher.brlogic (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\newsadvpusher.brlogic.1 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\newzpoupopsad.ajlogc (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\newzpoupopsad.ajlogc.1 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f9ba1aa9-cad4-4c14-bde6-922dff5f6f38} (Adware.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\contentmatch (Adware.CPush) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\apcdli (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ntptdb (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NewAdPopup.ToolbarDetector (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NewAdPopup.ToolbarDetector.1 (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NewCocoMediazPop.PopCoco (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NewCocoMediazPop.PopCoco.1 (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NewdPoupopsAd.AOLogc (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NewdPoupopsAd.AOLogc.1 (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Webbrowser.browser (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Webbrowser.browser.1 (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Yiqilai (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\apcdli (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\apcdli (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBI0S (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\NetBI0S (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\newpush (Adware.CPush) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\cpush (Adware.CPush) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MicroPlugins (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ntptdb (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ntptdb (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{7dbc6adb-5788-4fb9-aec3-b40a58ac11df} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{06926b30-424e-4f1c-8ee3-543cd96573dc} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{ee60714f-ac17-427e-861a-fd60cbdf119a} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\CPUSH (Adware.CPush) -> Delete on reboot.
C:\Program Files\Yiqilai (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\foobar (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\html (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\lib (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\realplayer (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\Temp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\tools (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\t (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\t\ad (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\t\ad\d11148f4ab (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\t\ad\d3a97f257ff (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\t\ad\d682de4ab (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\t\ad\ddef2388a (Trojan.Agent) -> Quarantined and deleted successfully.
Files Infected:
c:\program files\common files\CPUSH\cpush.dll (Adware.Sogou) -> Delete on reboot.
C:\WINDOWS\system32\9ca1.dll (Adware.BHO) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_2026.dll (Adware.Agent) -> Delete on reboot.
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Internet Explorer\msimg32.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\CPUSH\Uninst.exe (Adware.CPush) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\foobar\foo_vis_yqllyrics.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\lib\YQL_Lyrics_Common.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\realplayer\real_vis_yqllyrics.rpv (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\Temp\foo_vis_yqllyrics.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\Temp\gen_yqllyrics.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\Temp\vis_yqllyrics.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\tools\YiqilaiLyrics.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\t\a1710.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\t\b1710.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\t\k1710.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\t\p1710.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\t\r1710.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Microsoft Office\SYSTEM\apcdli.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysloader.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\tempaq (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\euiibm89.dllmmc.pkm (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system\LVL (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lori\Favorites\Ò»ÆðÀ´ÒôÀÖÉçÇø.url (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\SYSTEM\ntptdb.sys (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\2026.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\svchost.dat (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
Here is the superantispyware log:SUPERAntiSpyware Scan Log
http://www.superantispyware.comGenerated 05/18/2008 at 02:22 PM
Application Version : 4.0.1154
Core Rules Database Version : 3463
Trace Rules Database Version: 1454
Scan type : Complete Scan
Total Scan Time : 00:52:34
Memory items scanned : 673
Memory threats detected : 1
Registry items scanned : 6131
Registry threats detected : 8
File items scanned : 74787
File threats detected : 9
Trojan.Unclassified/VCPlay
C:\WINDOWS\SYSTEM32\VCPLAY.EXE
C:\WINDOWS\SYSTEM32\VCPLAY.EXE
Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{C86488AF-13D5-4FEF-9DDF-9FB88698CFC1}
HKCR\CLSID\{C86488AF-13D5-4FEF-9DDF-9FB88698CFC1}
HKCR\CLSID\{C86488AF-13D5-4FEF-9DDF-9FB88698CFC1}\ProgID
HKCR\CLSID\{C86488AF-13D5-4FEF-9DDF-9FB88698CFC1}\Programmable
HKCR\CLSID\{C86488AF-13D5-4FEF-9DDF-9FB88698CFC1}\TypeLib
HKCR\CLSID\{C86488AF-13D5-4FEF-9DDF-9FB88698CFC1}\VersionIndependentProgID
Adware.MyWebSearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks#{00A6FAF6-072E-44cf-8957-5838F569A31D}
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks#{00A6FAF6-072E-44cf-8957-5838F569A31D}
Trojan.Unclassified/QQLogin-A
C:\WINDOWS\SYSTEM32\BNUJMV.DLL
C:\WINDOWS\SYSTEM32\BZOTEJ.DLL
C:\WINDOWS\SYSTEM32\EGAQXX.DLL
C:\WINDOWS\SYSTEM32\JHNHML.DLL
C:\WINDOWS\SYSTEM32\OIAOMH.DLL
C:\WINDOWS\SYSTEM32\RVTVJG.DLL
C:\WINDOWS\SYSTEM32\THKVWO.DLL
C:\WINDOWS\SYSTEM32\XNXQVO.DLL
Finally here are the DSS logs:
Main.txt:Deckard's System Scanner v20071014.68
Run by Lori on 2008-05-18 14:34:14
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
6: 2008-05-18 19:34:23 UTC - RP6 - Deckard's System Scanner Restore Point
5: 2008-05-18 18:25:53 UTC - RP5 - Installed SUPERAntiSpyware Free Edition
4: 2008-05-18 18:22:07 UTC - RP4 - Software Distribution Service 3.0
3: 2008-05-18 01:45:35 UTC - RP3 - System Checkpoint
2: 2008-05-17 01:21:40 UTC - RP2 - System Checkpoint
-- First Restore Point --
1: 2008-05-16 01:13:53 UTC - RP1 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Lori.exe) ------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:35:54 PM, on 5/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\system32\cac81.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\DOCUME~1\Lori\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\YFC7JU0M\dss[1].exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TSC.EXE
C:\PROGRA~1\TRENDM~1\HIJACK~1\Lori.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://7255.com/?gO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Invoke Class - {77929B3F-50EB-449b-9982-CAD99180EC0F} - C:\WINDOWS\system32\9ca1.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ad-Aware] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe" +c
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKLM\..\Policies\Explorer\Run: [oa6b] rundll32 "C:\WINDOWS\Downlo~1\oa6b.dll",start
O4 - HKLM\..\Policies\Explorer\Run: [d86a] C:\WINDOWS\system32\d86a.exe
O4 - HKLM\..\Policies\Explorer\Run: [b71] rundll32 C:\WINDOWS\system32\291.dll,Always
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ò×Ȥ¹ºÎï - C:\Program Files\AD4All\link1\ebaylink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=58813O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) -
http://go.microsoft....k/?LinkId=82580O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} -
http://atv.disney.go...y/OTOYAX29b.cabO16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) -
http://a532.g.akamai...l/installer.exeO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: 2D9FF877 - Unknown owner - C:\WINDOWS\system32\DFE31251.EXE (file missing)
O23 - Service: 959AE - Unknown owner - C:\WINDOWS\system32\959AE.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: FEE5B96 - Unknown owner - C:\WINDOWS\system32\82856473.EXE (file missing)
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServicevcHelp - Unknown owner - C:\WINDOWS\system32\vcplay.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: System Event loader (sysloader) - Unknown owner - C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\sysloader.exe (file missing)
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 11366 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 0z9m (0z9) - c:\windows\system32\drivers\0z9m.sys
R0 euiibm89 (euiibm8) - c:\windows\system32\drivers\euiibm89.sys
R1 tmtdi (Trend Micro TDI Driver) - c:\windows\system32\drivers\tmtdi.sys <Not Verified; Trend Micro Inc.; Trend Micro Network Security Component 1.0>
R2 mxdispdr - c:\windows\system32\drivers\mxdispdr.sys
R2 tm_cfw (Common Firewall Driver) - c:\windows\system32\drivers\tm_cfw.sys <Not Verified; Trend Micro Inc.; Trend Network Security Component 1.0>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
S0 cercsr6 - c:\windows\system32\drivers\cercsr6.sys <Not Verified; Adaptec, Inc.; Dell RAID Controller>
S0 n1d8tmvsz - c:\windows\system32\drivers\n1d8tmvsz.sys
S1 OMCI - c:\windows\system32\drivers\omci.sys (file missing)
S3 bvrp_pci - c:\windows\system32\drivers\bvrp_pci.sys
S3 DSproct - c:\program files\dell support\gtaction\triggers\dsproct.sys <Not Verified; GTek Technologies Ltd.; processt>
S3 SDDMI2 - c:\windows\system32\ddmi2.sys <Not Verified; Gteko Ltd.; DDMI>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 GEARSecurity - c:\windows\system32\gearsec.exe <Not Verified; GEAR Software; gearsec>
R2 NetBI0S - c:\windows\system32\cac81.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 PcCtlCom (Trend Micro Central Control Component) - c:\progra~1\trendm~1\intern~1\pcctlcom.exe <Not Verified; Trend Micro Incorporated.; Trend Micro Internet Security>
R2 Tmntsrv (Trend Micro Real-time Service) - c:\progra~1\trendm~1\intern~1\tmntsrv.exe <Not Verified; Trend Micro Incorporated.; Trend Micro Internet Security>
R2 TmPfw (Trend Micro Personal Firewall) - c:\progra~1\trendm~1\intern~1\tmpfw.exe <Not Verified; Trend Micro Inc.; Trend Network Security Component 1.0>
R2 tmproxy (Trend Micro Proxy Service) - c:\progra~1\trendm~1\intern~1\tmproxy.exe <Not Verified; Trend Micro Inc.; Trend Micro Network Security Components 1.0>
R2 UserAccess7 (SecuROM User Access Service (V7)) - c:\windows\system32\uaservice7.exe
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>
S2 2D9FF877 - c:\windows\system32\dfe31251.exe -k (file missing)
S2 959AE - c:\windows\system32\959ae.exe
S2 FEE5B96 - c:\windows\system32\82856473.exe -g (file missing)
S2 ServicevcHelp - c:\windows\system32\vcplay.exe (file missing)
S2 sysloader (System Event loader) - "c:\documents and settings\all users\application data\microsoft\office\system\sysloader.exe" (file missing)
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2008-05-18 13:27:47 244 --a------ C:\WINDOWS\Tasks\b71.job
2008-05-18 10:10:09 208 --a------ C:\WINDOWS\Tasks\740.job
2008-05-17 10:05:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-05-16 20:00:00 406 --a------ C:\WINDOWS\Tasks\Norton Security Scan.job
-- Files created between 2008-04-18 and 2008-05-18 -----------------------------
2008-05-18 14:28:31 0 d-------- C:\WINDOWS\LastGood
2008-05-18 14:28:13 0 dr-h----- C:\Documents and Settings\Lori\Recent
2008-05-18 13:27:52 0 d-------- C:\Documents and Settings\All Users\Application Data\t
2008-05-18 13:27:42 53248 -ra------ C:\WINDOWS\system32\9ca1.dll <Not Verified; ; DLL Module>
2008-05-18 13:26:25 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-18 13:25:54 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-05-18 13:25:54 0 d-------- C:\Documents and Settings\Lori\Application Data\SUPERAntiSpyware.com
2008-05-18 13:24:41 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-18 10:03:15 0 d-------- C:\Documents and Settings\Lori\Application Data\Malwarebytes
2008-05-18 10:03:06 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-18 10:03:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-15 20:15:46 47616 -----n--- C:\WINDOWS\system32\cac81.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-15 20:06:33 0 d-------- C:\WINDOWS\Prefetch
2008-05-15 18:54:13 0 d-------- C:\Program Files\CCleaner
2008-05-13 18:12:31 0 d-------- C:\Documents and Settings\Lori\.housecall6.6
2008-05-13 17:59:02 53248 -ra------ C:\WINDOWS\0b71.exe <Not Verified; ; DLL Module>
2008-05-13 17:58:44 860160 -r------- C:\WINDOWS\system32\291.dll <Not Verified; ; Player ?????>
2008-05-12 19:11:52 0 d-------- C:\Documents and Settings\Lori\Application Data\Lavasoft
2008-05-12 19:11:41 0 d-------- C:\Program Files\Lavasoft
2008-05-07 12:54:54 0 d-------- C:\Program Files\Common Files\PC Tools
2008-05-07 12:54:47 0 d-------- C:\Documents and Settings\Lori\Application Data\PC Tools
2008-05-07 12:54:47 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-05-07 12:54:46 0 d-------- C:\Program Files\Spyware Doctor
2008-05-05 20:21:58 0 d-------- C:\Documents and Settings\Lori\Application Data\Talkback
2008-05-05 20:21:28 0 d-------- C:\Documents and Settings\Lori\Application Data\Mozilla
2008-05-05 18:56:21 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-05-05 18:55:49 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google
2008-05-04 16:14:42 0 d-------- C:\Program Files\Picasa2
2008-05-04 16:13:35 0 d-------- C:\WINDOWS\system32\runtime
2008-05-04 16:12:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-05-04 15:41:06 0 d-------- C:\Documents and Settings\Lori\Application Data\Uniblue
2008-05-04 15:41:01 0 d-------- C:\Program Files\Uniblue
2008-05-01 12:56:09 0 d-------- C:\WINDOWS\pss
2008-04-30 16:26:12 0 d-------- C:\WINDOWS\system32\appmgmt
2008-04-30 14:13:04 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-04-28 20:10:13 0 d-------- C:\Program Files\Windows Defender
2008-04-28 19:43:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
-- Find3M Report ---------------------------------------------------------------
2008-05-18 14:27:38 94208 ---h----- C:\WINDOWS\system32\AF86F.exe
2008-05-18 14:27:18 29 --a------ C:\WINDOWS\system32\22101-6132
2008-05-18 14:25:33 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-18 13:24:41 0 d-------- C:\Program Files\Common Files
2008-05-16 18:00:00 0 d-------- C:\Program Files\Norton Security Scan
2008-05-16 13:36:51 0 d-------- C:\Program Files\Trend Micro
2008-05-15 19:52:01 34344 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-05-15 19:10:31 69 --a------ C:\WINDOWS\system32\RYFLSZGMT.DLL
2008-05-15 19:08:10 40 --a------ C:\WINDOWS\system32\GMTAJQWDJQWDJQW.DLL
2008-05-13 17:57:57 1279 --a------ C:\WINDOWS\system32\iFF1ugX7.dll
2008-05-07 10:11:09 81 --a------ C:\WINDOWS\-19101-6132
2008-05-05 18:41:21 0 d-------- C:\Program Files\Google
2008-05-04 16:22:07 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-30 06:59:34 131072 -ra------ C:\WINDOWS\system32\d86a.exe
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77929B3F-50EB-449b-9982-CAD99180EC0F}]
05/16/2008 07:43 PM 53248 -ra------ C:\WINDOWS\system32\9ca1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/05/2005 02:56 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [06/16/2006 11:39 AM]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [11/07/2005 06:20 AM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [07/27/2004 05:50 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [07/27/2004 05:50 PM]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [11/01/2005 04:12 AM]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" [08/22/2005 10:21 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [12/13/2004 04:30 PM]
"Norton Ghost 10.0"="C:\Program Files\Norton Ghost\Agent\GhostTray.exe" [09/09/2005 08:09 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [09/13/2004 04:49 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [11/10/2005 02:03 PM]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [05/04/2008 04:13 PM]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe" [03/09/2005 08:10 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [11/15/2007 12:43 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11/15/2007 02:11 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"Ad-Aware"="C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe" [09/17/2004 02:51 AM]
"SigmatelSysTrayApp"="stsystra.exe" [03/20/2006 05:00 PM C:\WINDOWS\stsystra.exe]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [07/16/2006 10:29 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/18/2007 10:31 AM]
"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [04/23/2008 11:19 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/29/2008 04:03 PM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [5/4/2008 4:12:22 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [11/4/2004 8:28:24 PM]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [11/4/2004 8:50:52 PM]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [5/3/2005 11:07:32 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"oa6b"=rundll32 "C:\WINDOWS\Downlo~1\oa6b.dll",start
"d86a"=C:\WINDOWS\system32\d86a.exe
"b71"=rundll32 C:\WINDOWS\system32\291.dll,Always
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 12:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MSIServer"=3 (0x3)
-- Hosts -----------------------------------------------------------------------
192.168.1.4 HP000D9D11B876
-- End of Deckard's System Scanner: finished at 2008-05-18 14:36:34 ------------
Extra.txt:Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: AMD Athlon 64 Processor 3500+
Percentage of Memory in Use: 70%
Physical Memory (total/avail): 1022.42 MiB / 304.48 MiB
Pagefile Memory (total/avail): 2460.79 MiB / 1880.57 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1934.54 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 107.08 GiB total, 89.08 GiB free.
D: is Fixed (Unformatted) - 0 GiB total, 0 GiB free.
E: is Fixed (NTFS) - 37.24 GiB total, 0.33 GiB free.
F: is CDROM (No Media)
\\.\PHYSICALDRIVE1 - SAMSUNG HD160JJ/P - 149.01 GiB - 1 partition
\PARTITION0 - Installable File System - 149 GiB - D:
\\.\PHYSICALDRIVE0 - WDC WD1600JS-75NCB2 - 149.01 GiB - 4 partitions
\PARTITION0 - Unknown - 54.88 MiB
\PARTITION1 (bootable) - Installable File System - 107.08 GiB - C:
\PARTITION2 - Extended w/Extended Int 13 - 37.24 GiB - E:
\PARTITION3 - Unknown - 4.64 GiB
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
FirstRunDisabled is set.
FW: Trend Micro PC-cillin Internet Security (Firewall) v12 (Trend Micro, Inc.)
AV: Spyware Doctor with AntiVirus v (PC Tools)
DisabledAV: Trend Micro PC-cillin Internet Security v12.7.1019 (Trend Micro, Inc.)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:HP Digital Imaging Monitor"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Lori\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=RICHARD-6CA2A79
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Lori
LOGONSERVER=\\RICHARD-6CA2A79
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 79 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4f02
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Lori\LOCALS~1\Temp
TMP=C:\DOCUME~1\Lori\LOCALS~1\Temp
USERDOMAIN=RICHARD-6CA2A79
USERNAME=Lori
USERPROFILE=C:\Documents and Settings\Lori
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI
-- User Profiles ---------------------------------------------------------------
Kaitlyn
(admin)Jessica
(admin)Jake
(admin)Rick
Lori
(admin)Eric
Administrator
(admin)-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> MsiExec.exe /I{95D9B4D8-B091-4fab-80EA-313EB4B82FD6}
--> MsiExec.exe /I{EB997E90-5EB0-4eb5-90D0-90B1D2F0CA03}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Professional --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Battlefield 1942 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}\setup.exe" -l0x9
Battlefield 1942: Secret Weapons of WWII --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B73B4A99-4173-4747-BBEC-0F05E966F9D2}\setup.exe" -l0x9
Battlefield 1942: The Road To Rome --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}\setup.exe" -l0x9
Battlefield Vietnam --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E35B3C63-E958-4E31-A178-95D22024109A}\setup.exe" -l0x9
Battlefield Vietnam: WW2 Mod --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F989306B-9287-444F-AE73-E30C7E4AF0F5}\setup.exe" -l0x9
Bejeweled 2 Deluxe --> "C:\Program Files\Dell Games\Bejeweled 2 Deluxe\Uninstall.exe"
Blasterball 2 Holidays (Free with Dell Game Console) --> "C:\Program Files\Dell Games\Blasterball 2 Holidays\Uninstall.exe"
Broadcom 440x 10/100 Integrated Controller --> MsiExec.exe /X{9C9D0F85-5658-4A5E-95A9-65F7DB2916EE}
Cake Mania --> "C:\Program Files\MSN Games\Cake Mania\Uninstall.exe" "C:\Program Files\MSN Games\Cake Mania\install.log"
Carmen Sandiego Math Detective --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Carmen Math Detective\DeIsL1.isu"
Carrie the Caregiver --> "C:\Program Files\MSN Games\Carrie the Caregiver\Uninstall.exe" "C:\Program Files\MSN Games\Carrie the Caregiver\install.log"
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Conexant D850 56K V.9x DFVc Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Cradle of Rome --> "C:\Program Files\MSN Games\Cradle of Rome\Uninstall.exe" "C:\Program Files\MSN Games\Cradle of Rome\install.log"
Dell CinePlayer --> MsiExec.exe /I{43CAC9A1-1993-4
Edited by chickneedshelp, 18 May 2008 - 01:42 PM.