Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Welcome me to the hijack club :( [RESOLVED]

Started by queen2b , Jun 20 2008 12:19 AM

  • This topic is locked This topic is locked

#1
queen2b
Posted 20 June 2008 - 12:19 AM

queen2b

    New Member

  • Member
  • Pip
  • 9 posts
I first ran the ATF-Cleaner which worked really great (said it cleaned out 71.555 MBS) and my computer went so much faster until I climbed back on the Info Super-Highway! Now when I try to open the program it says I have to run it again.

I wasn't sure at first that I was being misdirected to other sites. Thanks goodness for the detailed instructions in the "You Must read this first..." section. Of course, I caught it too late for the Malwarebytes and Panda site (Of course, I ran all of these programs, and all the logs came out clean)- probably everything I downloaded except the HJT - I hit the one from your site and then went to TrendMicro and downloaded the zip file instead. So, I have something from Panda Software on here. I did disable a couple of Active X add-on's so I could actually get to the right sites. Also, when I was going to save the HJT log, my page looked a little different than the instructions and I almost hit save as to my desktop, but thought I should see where that was really going to take me - another HJT folder under my Network places. Funny, I don't have any network places.

I think all of this started with my son's computer which after we get this one fixed will be the next project. Unbeknowst to me, he visits places I would never dream of going (he's 21). I thought he and I could share his computer over the summer while my husband was using ours to finish up his master's courses. While on my son's computer, I signed up for MSN Messenger. Then I noticed that all kinds of strange things were happening on his computer. I ran scans, downloaded programs drove myself half nuts!

Long story short (er), I gave up and took both computers to the repair shop and asked them to just save my data and do a complete system resinstall with updates (I have all the original disks). They told me there were no viruses, etc. So, what they did was backup my entire system onto something, do a system resinstall reloaded windows and set that up. And then they loaded my old systems back on in a file folder - and charged me $300.

So, thinking that since the computer repair people considered me to be insane, I might as well just jump right back in to the computer and start putting other things back on - I downloaded MSN Messenger to this computer (not my son's) and used the same logon and weird things started happening again. The most curious for me was that the wireless router would say that it was on and then a balloon would pop up and say that again that it was on, but this time unsecured. I called the repair guy back - he told me to call the phone company. Which I have done and I have a new wireless router to install after the computers are fixed. I've been scouring to try to find what to do - it's even confusing to try to find a forum and then be brave enough to ask for help.

So, now I'm broke, really tired, earlier I felt like crying, but now am feeling somewhat vindicated as I am pretty sure that the second opinion that I receive here will indeed confirm that I am not insane.

Thank you so much in advance for any help that I can receive. I await your instructions :)


Well, after much ado here is my log!



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:22:29 AM, on 6/20/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\rpcnet.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gateway.c...h...B&M=Gateway M685
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tds.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.c...h...B&M=Gateway M685
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Gateway Extended Warranty] "C:\Program Files\Gateway\GWCares\GWCares.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Lexmark 4200 Series] "C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe"
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1212510378069
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1212510495116
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 9569 bytes
  • 0

Advertisements

#2
Essexboy
Posted 20 June 2008 - 03:15 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there queen2b lets have a deeper look at your system shall we

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
queen2b
Posted 20 June 2008 - 09:40 PM

queen2b

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi and Thanks for the reply!

I got really concerned today when I noticed on the Recent Documents that the Windows Address Book had been accessed, so I called the phone company to ask if I should be concerned about spam being sent or something like that. They told me that for a very small fee they could clean both computers for me. I had them go ahead and do that.

They told me that they found a virus on the other computer and on this one just some cookies. I watched part of the cleaning process as they did it remotely and I noticed they cleaned off some stuff. The thing I don't understand is when I saw them going to the Add/Remove programs the notes next to the spyware that I had on there said that I hadn't accessed the program since the day I got my computers back. So there must have been something that attached itself to that as well as I had run numerous scans with AVG. They also added the PC Defender. I went ahead and did the dss scans and will post the logs here. I don't think there should be anything left.

However, at about 3:50 pm when they were almost finished cleaning and getting ready to put on the antivirus stuff, the connection was suddenly terminated. That was about the same time yesterday that I seemed to be connected to something else. At the end, we pretty much decided that something had taken over the wireless router connection - again, makes no sense to me as we live was out in the country. I did go in and change the router settings and this time the username and password stuck, but after I turned the wireless back on, and started to walk away with the computer, it said that it was connected (unsecure).

Of course, when I mentioned this to the last guy that I talked to and asked what it might be, he said he had no idea - he'd never seen that before. I've also been duly admonished as a 'normal computer user' that everything is fine, 'my computer is clean and there is no conspiracy' and that I should basically quit looking around in places where I don't belong and I should not mess with the router settings. I wanted 2b queen of my computer :) So, for right now, the wireless is off. Maybe I should go to another forum to ask for help on how to make sure I set it up correctly...but that will have to wait until tomorrow.

Anyway, here are the logs - I'm not sure what you'll see now - everything should be fine.

I do appreciate your help and taking the time to have a look-see. I sure would like to be unwired again! :)



-------

Main.txt
-------
Deckard's System Scanner v20071014.68
Run by Administrator on 2008-06-20 22:56:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
50: 2008-06-21 02:57:02 UTC - RP50 - Deckard's System Scanner Restore Point
49: 2008-06-20 20:21:22 UTC - RP49 - psc 7.03 build 110 Installation
48: 2008-06-20 19:34:41 UTC - RP48 - Installed AVG Free 8.0
47: 2008-06-20 19:34:20 UTC - RP47 - Removed AVG Free 8.0
46: 2008-06-20 00:25:01 UTC - RP46 - Installed SUPERAntiSpyware Free Edition


-- First Restore Point --
1: 2008-06-03 16:25:03 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 511 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-20 22:58:12
Platform: Windows XP Service Pack 3 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\PC Defender\Anti-Virus\fsgk32st.exe
C:\Program Files\PC Defender\Common\FSMA32.EXE
C:\Program Files\PC Defender\Anti-Virus\fsgk32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\PC Defender\Common\FSMB32.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\rpcnet.exe
C:\WINDOWS\explorer.exe
C:\Program Files\PC Defender\Common\FCH32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Defender\Common\FAMEH32.EXE
C:\Program Files\PC Defender\Anti-Virus\fsqh.exe
C:\Program Files\PC Defender\FSAUA\program\fsaua.exe
C:\Program Files\PC Defender\FWES\program\fsdfwd.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\PC Defender\Anti-Virus\fssm32.exe
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe
C:\Program Files\PC Defender\Common\FSM32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\PC Defender\FSGUI\fsguidll.exe
C:\Program Files\PC Defender\FSAUA\program\fsus.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\PC Defender\Anti-Virus\fsav32.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gateway.c...h...B&M=Gateway M685
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tds.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.c...h...B&M=Gateway M685
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)
O4 - HKLM\..\Run: [Gateway Extended Warranty] "C:\Program Files\Gateway\GWCares\GWCares.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Lexmark 4200 Series] "C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\PC Defender\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\PC Defender\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.ma...director/sw.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1212510378069
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1212510495116
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.ma...t/ultrashim.cab
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\PC Defender\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\PC Defender\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\PC Defender\FWES\program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\PC Defender\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe


--
End of file - 9146 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 FSFW (F-Secure Firewall Driver) - c:\windows\system32\drivers\fsdfw.sys <Not Verified; F-Secure Corporation; F-Secure Internet Shield>
R1 F-Secure HIPS - c:\program files\pc defender\hips\fshs.sys
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.5.3.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.5.3.0>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>

S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 RegSrvc (Intel® PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel® PROSet/Wireless Registry Service>
R2 rpcnet (Remote Procedure Call (RPC) Net) - c:\windows\system32\rpcnet.exe <Not Verified; Absolute Software Corp.; Installation/Management Application>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\81000EBBE0B806
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\81000EBBE0B806
Service: NIC1394


-- Scheduled Tasks -------------------------------------------------------------

2008-06-20 22:53:37 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-06-20 22:44:00 270 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job


-- Files created between 2008-05-20 and 2008-06-20 -----------------------------

2008-06-20 16:22:26 51072 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys <Not Verified; F-Secure Corporation; F-Secure Internet Shield>
2008-06-20 16:22:25 30016 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys <Not Verified; F-Secure Corporation; F-Secure Internet Shield>
2008-06-20 16:22:02 0 d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2008-06-20 16:21:23 0 d-------- C:\Program Files\PC Defender
2008-06-20 16:21:06 0 d-------- C:\Documents and Settings\All Users\Application Data\fssg
2008-06-20 15:34:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-06-20 14:54:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-20 12:58:06 0 d-------- C:\WINDOWS\BDOSCAN8
2008-06-20 12:54:42 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-06-20 12:53:21 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-06-20 11:40:05 0 d-------- C:\Documents and Settings\LocalService\Application Data\SUPERAntiSpyware.com
2008-06-20 11:20:45 0 d-------- C:\WINDOWS\CSC
2008-06-20 10:52:20 50688 --ah----- C:\ATFcleaner.exe <Not Verified; Atribune.org; ATF Cleaner>
2008-06-20 10:52:05 0 d--h----- C:\Documents and Settings\LocalService\NetHood
2008-06-20 10:51:29 0 d-------- C:\Program Files\Yahoo!
2008-06-20 10:51:16 0 d-------- C:\Program Files\CCleaner
2008-06-20 10:51:16 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-06-20 10:51:16 0 d-------- C:\Documents and Settings\LocalService\Desktop
2008-06-20 10:47:42 0 d-------- C:\WINDOWS\LMI1.tmp
2008-06-19 21:44:42 0 d-------- C:\Program Files\Panda Security
2008-06-19 20:25:18 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-19 20:25:02 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-19 20:25:02 0 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-06-19 19:58:10 0 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-06-19 19:55:51 0 d-------- C:\Program Files\Common Files\Download Manager
2008-06-19 19:38:22 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-19 19:38:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-19 16:49:13 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-19 16:36:12 0 d-------- C:\OldSys
2008-06-19 16:36:00 0 d-------- C:\Program Files\Lavasoft
2008-06-16 14:11:45 0 d-------- C:\Program Files\Lavasoft(2)
2008-06-11 12:27:07 0 d-------- C:\Program Files\Windows Live(2)
2008-06-11 08:24:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2008-06-11 08:24:15 0 d-------- C:\Program Files\Windows Live Toolbar
2008-06-11 08:03:38 0 d-------- C:\Program Files\Windows Live Safety Center
2008-06-10 21:02:47 0 d-------- C:\Program Files\Common Files\Adobe(2)
2008-06-10 20:47:08 0 d-------- C:\Cabs
2008-06-10 11:13:29 0 d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-06-10 11:13:16 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-06-05 11:18:22 0 d-------- C:\Documents and Settings\Administrator\Contacts
2008-06-05 11:02:33 0 d------c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-05 11:02:07 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-05 10:03:42 0 d-------- C:\Documents and Settings\Administrator\Application Data\4200Series
2008-06-04 16:00:27 0 d-------- C:\Documents and Settings\All Users\Application Data\4200Series
2008-06-04 16:00:19 1572864 --a------ C:\Documents and Settings\Administrator\NTUSER.DAT
2008-06-04 15:59:25 0 d-------- C:\Program Files\ABBYY FineReader 5.0 Sprint
2008-06-04 15:58:03 0 d-------- C:\Program Files\Lexmark 4200 Series
2008-06-04 15:56:32 299520 --a------ C:\WINDOWS\uninst.exe <Not Verified; InstallShield Corporation, Inc.; InstallShield unInstaller>
2008-06-04 15:45:21 0 d-------- C:\Program Files\Microsoft IntelliPoint
2008-06-04 11:39:38 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-06-03 17:03:01 0 d-------- C:\Documents and Settings\Administrator\Application Data\CyberLink
2008-06-03 17:00:07 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-06-03 16:32:16 0 d-------- C:\Program Files\Windows Defender
2008-06-03 16:25:59 0 d-------- C:\Program Files\EZBackitup
2008-06-03 16:10:28 0 d-------- C:\WINDOWS\Prefetch
2008-06-03 16:03:30 0 d-------- C:\WINDOWS\system32\scripting
2008-06-03 16:03:29 0 d-------- C:\WINDOWS\l2schemas
2008-06-03 16:03:28 0 d-------- C:\WINDOWS\system32\en
2008-06-03 16:03:28 0 d-------- C:\WINDOWS\system32\bits
2008-06-03 16:00:12 0 d-------- C:\WINDOWS\ServicePackFiles
2008-06-03 14:48:55 0 d-------- C:\WINDOWS\pss
2008-06-03 14:48:01 0 d-------- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
2008-06-03 14:47:55 0 d-------- C:\Documents and Settings\Administrator\Application Data\McAfee.com Personal Firewall
2008-06-03 14:22:29 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-06-03 14:19:29 0 d-------- C:\WINDOWS\system32\Adobe
2008-06-03 14:15:31 47104 --a------ C:\WINDOWS\system32\rpcnet.dll <Not Verified; Absolute Software Corp.; Installation/Management Application>
2008-06-03 14:14:58 0 d-------- C:\Documents and Settings\Administrator\Application Data\Google
2008-06-03 14:14:56 47104 --a------ C:\WINDOWS\system32\rpcnet.exe <Not Verified; Absolute Software Corp.; Installation/Management Application>
2008-06-03 14:13:27 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-06-03 14:09:19 0 d-------- C:\Program Files\Microsoft Silverlight
2008-06-03 14:09:13 0 d-------- C:\temp
2008-06-03 13:57:37 0 d-------- C:\WINDOWS\network diagnostic
2008-06-03 13:56:10 20480 --a------ C:\WINDOWS\system32\Marker32.exe <Not Verified; Gateway; Marker32>
2008-06-03 13:54:48 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-06-03 13:54:18 0 d-------- C:\Documents and Settings\Owner\Application Data
2008-06-03 13:54:18 0 d-------- C:\Documents and Settings\Owner\Application Data\Intel
2008-06-03 13:54:18 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Intel
2008-06-03 13:54:18 0 d-------- C:\Documents and Settings\LocalService\Application Data\Intel
2008-06-03 13:54:18 0 d-------- C:\Documents and Settings\Default User\Application Data\Intel
2008-06-03 13:54:18 0 d-------- C:\Documents and Settings\Administrator\Application Data\Intel
2008-06-03 13:54:14 21419 --a------ C:\WINDOWS\system32\drivers\AegisP.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.5.3.0>
2008-06-03 13:53:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Intel
2008-06-03 13:52:45 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
2008-06-03 13:50:47 0 d-------- C:\Program Files\Microsoft Streets and Trips
2008-06-03 13:50:45 0 d-------- C:\Documents and Settings\Administrator\Application Data\Leadertech
2008-06-03 13:50:35 743936 --a------ C:\WINDOWS\system32\GTW1.exe <Not Verified; Leader Technologies; PowerReg>
2008-06-03 13:49:25 23552 --a------ C:\WINDOWS\system32\jesterss.dll
2008-06-03 13:49:25 1239209 --a------ C:\WINDOWS\system32\gtw_logo.scr
2008-06-03 13:49:25 0 d-------- C:\Program Files\gtw_logo
2008-06-03 13:49:25 0 d-------- C:\Documents and Settings\Owner\Favorites
2008-06-03 13:47:57 0 d-------- C:\Program Files\Motorola
2008-06-03 13:47:32 1003520 --a------ C:\WINDOWS\system32\stlang.dll <Not Verified; SigmaTel, Inc.; C-Major Audio>
2008-06-03 13:47:32 282624 --a------ C:\WINDOWS\stsystra.exe <Not Verified; SigmaTel, Inc.; C-Major Audio>
2008-06-03 13:47:08 0 d-------- C:\Program Files\SigmaTel
2008-06-03 13:47:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Pure Networks
2008-06-03 13:46:56 368912 --a------ C:\WINDOWS\system32\vbar332.dll <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2008-06-03 13:46:56 102400 --a------ C:\WINDOWS\system32\SimpleRegistry.dll <Not Verified; 4Developers LLC; SimpleRegistry Control>
2008-06-03 13:46:56 10752 --a------ C:\WINDOWS\system32\aamd532.dll <Not Verified; Almeida & Andrade Ltda; MD5 Maker DLL>
2008-06-03 13:46:53 0 d-------- C:\WINDOWS\occache
2008-06-03 13:46:53 0 d-------- C:\Program Files\Pure Networks
2008-06-03 13:46:53 0 d-------- C:\Program Files\Learn2.com
2008-06-03 13:46:53 0 d-------- C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
2008-06-03 13:46:52 0 d-------- C:\Program Files\Viewpoint
2008-06-03 13:46:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-06-03 13:46:50 86016 --a------ C:\WINDOWS\unvise32qt.exe <Not Verified; MindVision; Installer VISE 2.8.3>
2008-06-03 13:46:45 0 d-------- C:\WINDOWS\system32\QuickTime
2008-06-03 13:46:45 0 d-------- C:\Program Files\QuickTime
2008-06-03 13:46:45 0 d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
2008-06-03 13:46:41 0 d-------- C:\Program Files\Common Files\Nullsoft
2008-06-03 13:46:37 8552 --a------ C:\WINDOWS\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
2008-06-03 13:46:37 0 d-------- C:\My Music
2008-06-03 13:46:34 0 d-------- C:\Program Files\Real
2008-06-03 13:46:34 0 d-------- C:\Program Files\Common Files\Real
2008-06-03 13:46:20 1044480 --a------ C:\WINDOWS\system32\roboex32.dll <Not Verified; eHelp Corporation.; RoboHELP for WinHelp 9>
2008-06-03 13:46:20 54784 --a------ C:\WINDOWS\system32\Inetwh32.dll <Not Verified; Blue Sky Software Corporation.; Blue Sky Software - INETWH32>
2008-06-03 13:46:01 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL
2008-06-03 13:45:53 0 d-------- C:\Program Files\Common Files\AOL
2008-06-03 13:45:52 335 --a------ C:\WINDOWS\nsreg.dat
2008-06-03 13:45:45 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-06-03 13:45:45 0 d-------- C:\Program Files\Texas Instruments Inc
2008-06-03 13:45:34 0 d-------- C:\Program Files\MSN Encarta Plus
2008-06-03 13:45:23 0 d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2008-06-03 13:45:16 0 d-------- C:\WINDOWS\nview
2008-06-03 13:44:51 0 d-------- C:\Program Files\Microsoft Money 2005
2008-06-03 13:44:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-06-03 13:44:22 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-06-03 13:44:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Napster
2008-06-03 13:44:12 0 d-------- C:\Program Files\Napster
2008-06-03 13:43:49 0 d-------- C:\Program Files\Windows Media Connect 2
2008-06-03 13:43:01 0 d-------- C:\Program Files\Intel
2008-06-03 13:41:37 0 d-------- C:\WINDOWS\SHELLNEW
2008-06-03 13:41:35 189952 --a------ C:\WINDOWS\system32\WISPTIS.EXE <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-03 13:41:34 40960 --a------ C:\WINDOWS\system32\VBAME.DLL <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2008-06-03 13:41:34 15872 --a------ C:\WINDOWS\system32\SCP32.DLL <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2008-06-03 13:41:34 151552 --a------ C:\WINDOWS\system32\RDOCURS.DLL <Not Verified; Microsoft Corporation; Microsoft RDO Client Cursor Library>
2008-06-03 13:41:34 94208 --a------ C:\WINDOWS\system32\MSSTKPRP.DLL <Not Verified; Microsoft Corporation; msprop32>
2008-06-03 13:41:34 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
2008-06-03 13:41:34 397312 --a------ C:\WINDOWS\system32\MSRDO20.DLL <Not Verified; Microsoft Corporation; Microsoft Corporation Remote Data Object>
2008-06-03 13:41:34 204800 --a------ C:\WINDOWS\system32\INKED.DLL <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-03 13:41:34 0 d-------- C:\Program Files\Microsoft.NET
2008-06-03 13:41:30 0 d-------- C:\WINDOWS\system32\LogFiles
2008-06-03 13:41:30 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-06-03 13:41:05 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-06-03 13:40:22 0 dr-h----- C:\MSOCache
2008-06-03 13:40:18 46433 --a------ C:\WINDOWS\WBODA34I.DLL <Not Verified; Wilson WindowWare, Inc.; WIL OLE DLL>
2008-06-03 13:40:18 351526 --a------ C:\WINDOWS\WBDDA34I.DLL <Not Verified; Wilson WindowWare, Inc.; WIL DLL>
2008-06-03 13:40:15 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-06-03 13:40:12 0 d-------- C:\Program Files\Synaptics
2008-06-03 13:40:10 94208 --a------ C:\WINDOWS\system32\bae.dll <Not Verified; Gateway Inc.; Browser Address Error Redirector>
2008-06-03 13:40:03 0 d-------- C:\Program Files\BigFix
2008-06-03 13:40:01 67072 --a------ C:\WINDOWS\POWERCFG.EXE <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-03 13:39:30 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-03 13:39:30 0 d-------- C:\Program Files\CyberLink
2008-06-03 13:39:25 0 d-------- C:\Program Files\Common Files\InstallShield
2008-06-03 13:39:18 2 --a------ C:\AUDIT_INSTALL_IN_PROGRESS
2008-06-03 13:39:15 17408 --a------ C:\WINDOWS\system32\rpcnetp.dll
2008-06-03 13:38:28 0 d-------- C:\Documents and Settings\Default User\WINDOWS
2008-06-03 13:38:28 0 d-------- C:\Documents and Settings\Default User\Application Data\Identities
2008-06-03 13:38:24 262144 --a------ C:\Documents and Settings\All Users\NTUSER.DAT
2008-06-03 13:38:22 518520 --a------ C:\WINDOWS\vidres.exe <Not Verified; ; resolution>
2008-06-03 13:34:17 0 d-------- C:\WINDOWS\Downloaded Installations
2008-06-03 13:34:17 0 d-------- C:\Program Files\Gateway
2008-06-03 13:32:05 0 d-------- C:\Program Files\Google
2008-06-03 13:31:41 0 d-------- C:\Program Files\Microsoft Picture It! 10
2008-06-03 13:31:23 0 d-------- C:\Program Files\Java
2008-06-03 13:31:22 0 d-------- C:\Program Files\Common Files\Java
2008-06-03 13:30:39 0 d-------- C:\Program Files\MSBuild
2008-06-03 13:29:11 2 -r-hs---- C:\USER
2008-06-03 13:29:11 0 --a------ C:\REQUEST_OEMRESET_ENDUSER
2008-06-03 13:27:53 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-06-03 13:27:20 0 d--hs---- C:\System Volume Information
2008-06-03 13:27:12 0 d-------- C:\Program Files\Reference Assemblies
2008-06-03 13:26:59 17408 --a------ C:\WINDOWS\system32\rpcnetp.exe
2008-06-03 13:26:16 60 --a------ C:\WINDOWS\system32\SYSDRV.DAT
2008-06-03 13:26:15 0 d-------- C:\WINDOWS\creator
2008-06-03 13:26:06 0 d-------- C:\WINDOWS\SMINST
2008-06-03 13:25:44 0 d-------- C:\609272de880ff4d868
2008-06-03 13:25:43 0 dr------- C:\Program Files
2008-06-03 13:25:30 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-06-03 13:25:30 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-06-03 13:25:30 0 d--h----- C:\Documents and Settings\Default User\Local Settings
2008-06-03 13:25:30 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-06-03 13:25:30 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-06-03 13:25:29 0 dr------- C:\Documents and Settings\All Users\Documents
2008-06-03 13:25:29 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-06-03 13:25:29 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-06-03 13:25:29 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-06-03 13:25:29 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-06-03 13:25:29 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-06-03 13:25:29 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-06-03 13:25:29 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-06-03 13:24:58 0 dr------- C:\WINDOWS\Offline Web Pages
2008-06-03 13:22:31 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-06-03 13:18:37 0 d-------- C:\Program Files\MSXML 6.0
2008-06-03 12:50:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-06-03 12:49:54 0 d-------- C:\WINDOWS\system32\PreInstall
2008-06-03 12:47:47 0 d-------- C:\Program Files\CDBurnerXP Pro 3
2008-06-03 12:27:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-03 12:26:49 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-03 12:26:47 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-06-03 12:26:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-06-03 12:26:01 0 d--hs---- C:\Documents and Settings\Administrator\UserData
2008-06-03 12:24:59 262144 --a------ C:\Documents and Settings\Owner\NTUSER.DAT
2008-06-03 12:24:56 0 d-------- C:\Documents and Settings\Default User\Application Data\You've Got Pictures Screensaver
2008-06-03 12:24:56 0 d-------- C:\Documents and Settings\Default User\Application Data\SampleView
2008-06-03 12:24:56 0 d-------- C:\Documents and Settings\Default User\Application Data\Leadertech
2008-05-22 11:17:50 23040 --a------ C:\WINDOWS\system32\instg32.exe <Not Verified; Absolute Software Corp.; instm32>
2008-05-22 11:16:58 3584 --a------ C:\WINDOWS\system32\wceprv.dll
2008-05-22 11:16:57 32256 --a------ C:\WINDOWS\system32\identprv.dll <Not Verified; Absolute Software Corporation; Installation/Management Application>


-- Find3M Report ---------------------------------------------------------------

2008-06-20 16:25:39 0 d-------- C:\Program Files\Common Files
2008-06-03 16:03:59 0 d-------- C:\Program Files\Messenger
2008-06-03 16:03:28 0 d-------- C:\Program Files\Movie Maker
2008-06-03 15:59:54 0 d-------- C:\Program Files\Windows NT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gateway Extended Warranty"="C:\Program Files\Gateway\GWCares\GWCares.exe" [02/08/2004 07:30 PM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [01/12/2005 06:01 AM]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [11/05/2004 12:47 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [11/05/2004 12:47 PM]
"Reminder"="%WINDIR%\Creator\Remind_XP.exe" []
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [08/02/2006 03:38 AM]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [08/02/2006 03:32 AM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 06:20 PM]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [03/23/2005 07:26 PM]
"Lexmark 4200 Series"="C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe" [01/16/2004 06:04 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [07/20/2006 09:58 PM]
"F-Secure Manager"="C:\Program Files\PC Defender\Common\FSM32.exe" [02/13/2008 06:38 AM]
"F-Secure TNB"="C:\Program Files\PC Defender\FSGUI\TNBUtil.exe" [02/13/2008 06:38 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 08:12 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [05/28/2008 10:33 AM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McafWelcome]
c:\PROGRA~1\mcafee.com\agent\mcwelcom.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McRegWiz]
c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
c:\PROGRA~1\mcafee.com\agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet /nodetect

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
C:\Program Files\McAfee.com\VSO\oasclnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
NA

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
"C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)
"CiSvc"=3 (0x3)
"avg8emc"=2 (0x2)
"AOL ACS"=2 (0x2)
"aawservice"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- End of Deckard's System Scanner: finished at 2008-06-20 23:01:23 ------------


-----
extra.txt
-----

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: Genuine Intel® CPU T2400 @ 1.83GHz
Percentage of Memory in Use: 60%
Physical Memory (total/avail): 510.04 MiB / 199.79 MiB
Pagefile Memory (total/avail): 2011.61 MiB / 1499.21 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1858.91 MiB

C: is Fixed (NTFS) - 68.66 GiB total, 49.64 GiB free.
D: is Fixed (FAT32) - 5.85 GiB total, 1.49 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - FUJITSU MHV2080BH - 74.53 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 68.66 GiB - C:
\PARTITION1 - Unknown - 5.86 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=YOUR-FD471686E2
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator
LOGONSERVER=\\YOUR-FD471686E2
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0e08
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
USERDOMAIN=YOUR-FD471686E2
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\PC Defender\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware Scanner"
--> "C:\Program Files\PC Defender\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware"
--> "C:\Program Files\PC Defender\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus Client Security Installer"
--> "C:\Program Files\PC Defender\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus"
--> "C:\Program Files\PC Defender\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Automatic Update Agent"
--> "C:\Program Files\PC Defender\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure DAAS"
--> "C:\Program Files\PC Defender\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Diagnostics"
--> "C:\Program Files\PC Defender\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure E-mail Scanning"
--> "C:\Program Files\PC Defender\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure FWES"
--> "C:\Program Files\PC Defender\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GateKeeper Interface"
--> "C:\Program Files\PC Defender\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Gemini"
--> "C:\Program Files\PC Defender\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GUI"
--> "C:\Program Files\PC Defender\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Help"
--> "C:\Program Files\PC Defender\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure HIPS"
--> "C:\Program Files\PC Defender\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Internet Shield"
--> "C:\Program Files\PC Defender\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Localization API"
--> "C:\Program Files\PC Defender\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent"
--> "C:\Program Files\PC Defender\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Pegasus Engine"
--> "C:\Program Files\PC Defender\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Protocol Scanner"
--> "C:\Program Files\PC Defender\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Control"
--> "C:\Program Files\PC Defender\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Scanner"
--> "C:\Program Files\PC Defender\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure TNB"
--> "C:\Program Files\PC Defender\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Uninstall"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 5.0 Sprint Plus --> MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
Ad-Aware 2007 --> MsiExec.exe /X{E31C348B-63A9-4CBF-8D7F-D932ABB63244}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
Adobe Shockwave Player 11 --> C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CDBurnerXP Pro 3 --> MsiExec.exe /I{896D642C-7125-44F0-AC49-A23ABF82209C}
DVD Solution --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
EZBack-it-up 2.0.1 --> "C:\Program Files\EZBackitup\unins000.exe"
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
gtw_logo --> C:\WINDOWS\system32\gtw_logo.scr /UNINSTALL "C:\WINDOWS\system32\gtw_logo.log"
GWCares --> MsiExec.exe /I{82EF8297-C8B2-4CA8-9430-FF2BC8C40414}
HijackThis 2.0.2 --> "C:\Documents and Settings\Administrator\Desktop\HiJackThis\HijackThis.exe" /uninstall
Intel® PRO Network Connections Drivers --> Prounstl.exe
Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
Java 2 Runtime Environment, SE v1.4.2 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
Lexmark 4200 Series --> C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBMUN5C.EXE -dLexmark 4200 Series
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver --> MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
mDrWiFi --> MsiExec.exe /I{90CC4231-94AC-45CD-991A-0253BFAC0650}
mHelp --> MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Money 2005 --> C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Microsoft Picture It! Premium 10 --> "C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=PREM
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Streets and Trips 2005 --> MsiExec.exe /I{67E4EE98-59F4-4210-89A6-A20AF5BEC689}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Motorola SM56 Data Fax Modem --> rundll32.exe sm56coin.dll,SM56UnInstaller
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Napster --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBBCAE4B-B416-4182-A6F2-438180894A81}\setup.exe" -l0x9
Napster Burn Engine --> MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
PC Defender --> "C:\Program Files\PC Defender\FSGUI\PostInstall.exe" /tUnInstall
Power2Go 4.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Security Update for Step By Step Interactive Training (KB898458) -->
SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Fil
  • 0

#4
Essexboy
Posted 21 June 2008 - 06:12 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi again, just one to remove so far. With regards to the network, once I have finished with you I will send you to the network experts

So to start

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 6...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Read the License Agreement and then check the box that says: "Accept License Agreement". The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u6-windows-i586-p.exe to install the newest version.

THEN

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\WINDOWS\system32\jesterss.dll
Purity
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

FINALLY FOR NOW

Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

Logs required : OTMoveit and Combofix
  • 0

#5
queen2b
Posted 21 June 2008 - 08:12 PM

queen2b

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi again! And thanks for the continued assistance - I unloaded the PC Defender, now I can't seem to open it from the start programs file - there are too many folders for me to figure which ones to open in the Program Files on the C drive - won't get back on internet on this computer until I see a reply checking from the other one - however, it may be the darn thing didn't even work after they installed it.

I also keep hearing the little dings you hear when you attach or remove hardware :)

Looking forward to your next reply! :)

Following are the requested logs:


------
OTMoveit
------

DllUnregisterServer procedure not found in C:\WINDOWS\system32\jesterss.dll
C:\WINDOWS\system32\jesterss.dll NOT unregistered.
C:\WINDOWS\system32\jesterss.dll moved successfully.
< Purity >

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06212008_175957

------
Combofix
------

ComboFix 08-06-20.4 - Administrator 2008-06-21 20:59:25.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.187 [GMT -4:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-05-22 to 2008-06-22 )))))))))))))))))))))))))))))))
.

2008-06-21 17:59 . 2008-06-21 17:59 <DIR> d-------- C:\_OTMoveIt
2008-06-20 22:56 . 2008-06-20 22:56 <DIR> d-------- C:\Deckard
2008-06-20 16:22 . 2008-06-20 16:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2008-06-20 16:22 . 2008-06-20 21:59 51,072 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2008-06-20 16:22 . 2008-06-20 21:59 30,016 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2008-06-20 16:21 . 2008-06-20 22:51 <DIR> d-------- C:\Program Files\PC Defender
2008-06-20 16:21 . 2008-06-20 16:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\fssg
2008-06-20 15:34 . 2008-06-20 15:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-06-20 15:31 . 2008-06-20 15:31 4 --a------ C:\WINDOWS\msoffice.ini
2008-06-20 14:54 . 2008-06-20 14:54 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-20 14:54 . 2008-06-20 15:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-20 12:58 . 2008-06-20 13:54 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-06-20 11:40 . 2008-06-20 11:40 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SUPERAntiSpyware.com
2008-06-20 11:18 . 2008-06-20 11:18 412 --a------ C:\temp.file.delete.bat
2008-06-20 11:17 . 2008-06-20 11:17 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\SUPERAntiSpyware.com
2008-06-20 10:52 . 2008-01-18 12:38 50,688 --ah----- C:\ATFcleaner.exe
2008-06-20 10:51 . 2008-06-20 10:51 <DIR> d-------- C:\Program Files\Yahoo!
2008-06-20 10:51 . 2008-06-20 10:51 <DIR> d-------- C:\Program Files\CCleaner
2008-06-20 10:47 . 2008-06-20 21:49 <DIR> d-------- C:\WINDOWS\LMI1.tmp
2008-06-19 21:44 . 2008-06-20 15:37 <DIR> d-------- C:\Program Files\Panda Security
2008-06-19 20:25 . 2008-06-19 20:25 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-06-19 20:25 . 2008-06-19 20:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-19 20:25 . 2008-06-19 20:25 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-06-19 19:58 . 2008-06-19 19:58 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-06-19 19:58 . 2008-06-19 17:48 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-19 19:58 . 2008-06-19 17:47 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-19 19:55 . 2008-06-19 19:55 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-06-19 19:38 . 2008-06-19 20:05 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-19 19:38 . 2008-06-19 19:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-19 16:49 . 2008-06-20 15:33 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-06-19 16:36 . 2008-06-19 16:36 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-19 16:36 . 2008-06-19 16:36 <DIR> d-------- C:\OldSys
2008-06-19 15:30 . 2008-06-13 07:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-16 14:11 . 2008-06-16 14:11 <DIR> d-------- C:\Program Files\Lavasoft(2)
2008-06-11 12:27 . 2008-06-19 16:48 <DIR> d-------- C:\Program Files\Windows Live(2)
2008-06-11 08:24 . 2008-06-19 16:49 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2008-06-11 08:24 . 2008-06-11 08:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2008-06-11 08:03 . 2008-06-19 16:49 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-06-10 21:02 . 2008-06-19 16:49 <DIR> d-------- C:\Program Files\Common Files\Adobe(2)
2008-06-10 20:47 . 2008-06-10 21:16 <DIR> d-------- C:\Cabs
2008-06-10 15:31 . 2008-05-08 10:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-10 11:13 . 2008-06-10 11:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-06-05 11:18 . 2008-06-19 16:49 <DIR> d-------- C:\Documents and Settings\Administrator\Contacts
2008-06-05 11:02 . 2008-06-19 16:49 <DIR> d----c--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-05 11:02 . 2008-06-11 12:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-05 10:03 . 2008-06-05 10:03 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\4200Series
2008-06-04 16:00 . 2008-06-04 16:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\4200Series
2008-06-04 16:00 . 2003-03-11 18:26 98,304 -ra------ C:\WINDOWS\system32\IM31XPNG.DEL
2008-06-04 16:00 . 2003-03-11 18:26 69,632 -ra------ C:\WINDOWS\system32\IM31XTIF.DEL
2008-06-04 16:00 . 2003-03-11 18:26 49,152 -ra------ C:\WINDOWS\system32\IM31IMG.DIL
2008-06-04 15:59 . 2008-06-04 15:59 <DIR> d-------- C:\Program Files\ABBYY FineReader 5.0 Sprint
2008-06-04 15:59 . 2008-06-21 20:38 439 --a------ C:\WINDOWS\lexstat.ini
2008-06-04 15:58 . 2008-06-04 16:00 <DIR> d-------- C:\Program Files\Lexmark 4200 Series
2008-06-04 15:57 . 2008-04-13 14:45 32,128 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-06-04 15:57 . 2008-04-13 14:45 32,128 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-06-04 15:57 . 2008-04-13 14:47 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-06-04 15:57 . 2008-04-13 14:47 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-06-04 15:46 . 2008-04-13 20:11 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-06-04 15:46 . 2008-04-13 20:11 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-06-04 15:45 . 2008-06-04 15:45 <DIR> d-------- C:\Program Files\Microsoft IntelliPoint
2008-06-04 11:43 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-04 10:50 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-06-04 10:50 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-06-04 10:50 . 2008-04-13 14:45 10,368 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-06-04 10:50 . 2008-04-13 14:45 10,368 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-06-03 17:24 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-06-03 17:24 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-06-03 17:03 . 2008-06-08 19:36 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\CyberLink
2008-06-03 17:00 . 2008-06-03 17:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-06-03 16:32 . 2008-06-03 16:32 <DIR> d-------- C:\Program Files\Windows Defender
2008-06-03 16:25 . 2008-06-03 16:26 <DIR> d-------- C:\Program Files\EZBackitup
2008-06-03 16:03 . 2008-06-03 16:03 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-06-03 16:03 . 2008-06-03 16:03 <DIR> d-------- C:\WINDOWS\system32\en
2008-06-03 16:03 . 2008-06-03 16:03 <DIR> d-------- C:\WINDOWS\system32\bits
2008-06-03 16:03 . 2008-06-03 16:03 <DIR> d-------- C:\WINDOWS\l2schemas
2008-06-03 16:00 . 2008-06-03 16:00 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-06-03 15:47 . 2008-04-13 20:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2008-06-03 14:48 . 2008-06-03 14:48 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
2008-06-03 14:47 . 2008-06-03 14:47 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\McAfee.com Personal Firewall
2008-06-03 14:19 . 2008-06-03 14:20 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-06-03 14:15 . 2008-06-21 17:51 47,104 --a------ C:\WINDOWS\system32\rpcnet.dll
2008-06-03 14:14 . 2008-06-03 14:15 47,104 --a------ C:\WINDOWS\system32\rpcnet.exe
2008-06-03 14:09 . 2008-06-03 14:09 <DIR> d-------- C:\temp\ext18866
2008-06-03 14:09 . 2008-06-03 14:09 <DIR> d-------- C:\temp
2008-06-03 14:09 . 2008-06-03 14:09 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-06-03 14:02 . 2008-06-03 14:02 0 --a------ C:\WINDOWS\system32\Gateway_GatewayM685_Rev.1_0036593371.MRK
2008-06-03 14:01 . 2008-06-03 14:01 333 --a------ C:\WINDOWS\system32\$ncsp$.inf
2008-06-03 14:00 . 2008-06-04 09:12 34,400 --a------ C:\WINDOWS\system32\Status.MPF
2008-06-03 13:57 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-06-03 13:56 . 2004-09-03 19:07 20,480 --a------ C:\WINDOWS\system32\Marker32.exe
2008-06-03 13:54 . 2008-06-03 13:54 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Intel
2008-06-03 13:54 . 2008-06-03 13:54 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Intel
2008-06-03 13:54 . 2008-06-03 13:54 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Intel
2008-06-03 13:54 . 2008-06-03 13:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-06-03 13:54 . 2008-06-03 13:54 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Intel
2008-06-03 13:54 . 2008-06-03 13:54 21,419 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-06-03 13:53 . 2008-06-03 13:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Intel
2008-06-03 13:52 . 2008-06-03 14:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
2008-06-03 13:50 . 2008-06-03 13:52 <DIR> d-------- C:\Program Files\Microsoft Streets and Trips
2008-06-03 13:50 . 2008-06-03 13:50 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Leadertech
2008-06-03 13:50 . 2006-04-04 16:38 743,936 --a------ C:\WINDOWS\system32\GTW1.exe
2008-06-03 13:49 . 2008-06-03 13:49 <DIR> d-------- C:\Program Files\gtw_logo
2008-06-03 13:49 . 2008-06-03 12:24 <DIR> d-------- C:\Documents and Settings\Owner
2008-06-03 13:49 . 2006-02-06 15:24 1,239,209 --a------ C:\WINDOWS\system32\gtw_logo.scr
2008-06-03 13:49 . 2005-01-11 09:09 51,656 --a------ C:\WINDOWS\system32\OEMLOGO.bmp
2008-06-03 13:49 . 2006-04-21 12:50 1,150 --a------ C:\WINDOWS\system32\gtw.ico
2008-06-03 13:48 . 2008-04-13 15:17 83,072 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2008-06-03 13:48 . 2008-04-13 14:45 52,864 --a------ C:\WINDOWS\system32\drivers\dmusic.sys
2008-06-03 13:48 . 2008-04-13 14:45 6,272 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2008-06-03 13:47 . 2008-06-03 13:47 <DIR> d-------- C:\Program Files\SigmaTel
2008-06-03 13:47 . 2008-06-03 13:47 <DIR> d-------- C:\Program Files\Motorola
2008-06-03 13:47 . 2008-06-03 13:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Pure Networks
2008-06-03 13:46 . 2008-06-03 13:46 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2008-06-03 13:46 . 2008-06-03 13:46 <DIR> d-------- C:\Program Files\Viewpoint
2008-06-03 13:46 . 2008-06-03 13:46 <DIR> d-------- C:\Program Files\Real
2008-06-03 13:46 . 2008-06-03 13:46 <DIR> d-------- C:\Program Files\QuickTime
2008-06-03 13:46 . 2008-06-20 16:25 <DIR> d-------- C:\Program Files\Pure Networks
2008-06-03 13:46 . 2008-06-03 13:46 <DIR> d-------- C:\Program Files\Learn2.com
2008-06-03 13:46 . 2008-06-03 13:46 <DIR> d-------- C:\Program Files\Common Files\Real
2008-06-03 13:46 . 2008-06-03 13:46 <DIR> d-------- C:\Program Files\Common Files\Nullsoft
2008-06-03 13:46 . 2008-06-03 13:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-06-03 13:46 . 2008-06-03 13:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
2008-06-03 13:46 . 2008-06-20 15:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL
2008-06-03 13:46 . 2008-06-03 13:46 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
2008-06-03 13:45 . 2008-06-11 08:22 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-21 21:51 17,408 ----a-w C:\WINDOWS\system32\rpcnetp.exe
2008-06-13 11:05 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-03 17:46 8,552 ----a-w C:\WINDOWS\system32\drivers\asctrm.sys
2008-06-03 16:31 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-06-03 16:31 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2008-06-03 16:31 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-14 09:42 985,088 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 09:42 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-14 09:41 423,936 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-14 00:25 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 00:16 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 00:13 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 00:13 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 00:13 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 00:11 997,376 ----a-w C:\WINDOWS\system32\msgina.dll
2008-04-14 00:10 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 00:10 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-13 19:30 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-13 19:24 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-13 18:43 9,728 ------w C:\WINDOWS\system32\comsdupd.exe
2008-04-13 18:43 12,800 ----a-w C:\WINDOWS\system32\spiisupd.exe
2008-04-13 18:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
2008-04-13 18:31 2,023,936 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-13 18:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 18:14 76,800 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-04-13 17:39 438,784 ----a-w C:\WINDOWS\system32\xpob2res.dll
2008-04-13 17:39 2,897,920 ----a-w C:\WINDOWS\system32\xpsp2res.dll
2008-04-13 17:39 187,392 ----a-w C:\WINDOWS\system32\xpsp1res.dll
2008-04-13 17:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll
2008-04-13 17:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
2008-04-13 17:27 79,872 ----a-w C:\WINDOWS\system32\msxml6r.dll
2008-04-13 17:26 94,208 ----a-w C:\WINDOWS\system32\odbcint.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll
2008-04-13 17:24 20,480 ----a-w C:\WINDOWS\system32\msorc32r.dll
2008-04-13 17:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll
2008-04-13 17:09 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-13 17:03 63,488 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-13 17:03 549,376 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-13 16:48 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
2008-04-13 16:45 216,064 ----a-w C:\WINDOWS\system32\moricons.dll
2008-04-13 16:23 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll
2008-04-13 16:22 48,128 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-13 15:39 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gateway Extended Warranty"="C:\Program Files\Gateway\GWCares\GWCares.exe" [2004-02-08 19:30 73728]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 06:01 32768]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 12:47 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-05 12:47 688218]
"Reminder"="C:\WINDOWS\Creator\Remind_XP.exe" [2005-02-25 20:24 966656]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 01:42 212992]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 03:38 802816]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 03:32 696320]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2005-03-23 19:26 217088]
"Lexmark 4200 Series"="C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe" [2004-01-16 06:04 57344]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-20 21:58 7581696]
"F-Secure Manager"="C:\Program Files\PC Defender\Common\FSM32.EXE" [2008-02-13 06:38 184800]
"F-Secure TNB"="C:\Program Files\PC Defender\FSGUI\TNBUtil.exe" [2008-02-13 06:38 741800]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McafWelcome]
c:\PROGRA~1\mcafee.com\agent\mcwelcom.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McRegWiz]
c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
c:\PROGRA~1\mcafee.com\agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-13 20:12 1695232 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-07-20 21:58 7581696 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-07-20 21:58 1519616 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
C:\Program Files\McAfee.com\VSO\oasclnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a------ 2006-02-13 19:23 282624 C:\WINDOWS\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
--a------ 2006-09-14 16:00 577536 C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-06-19 18:03 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)
"CiSvc"=3 (0x3)
"avg8emc"=2 (0x2)
"AOL ACS"=2 (0x2)
"aawservice"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2008-06-20 21:59]
R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\PC Defender\HIPS\fshs.sys [2008-06-20 21:58]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\PC Defender\Anti-Virus\minifilter\fsgk.sys [2008-02-13 06:38]
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\PC Defender\Anti-Virus\Win2K\FSfilter.sys [2008-02-13 06:38]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\PC Defender\Anti-Virus\Win2K\FSrec.sys [2008-02-13 06:38]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-22 00:44:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-06-21 21:54:06 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-21 21:01:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-21 21:02:20
ComboFix-quarantined-files.txt 2008-06-22 01:02:06

Pre-Run: 53,197,037,568 bytes free
Post-Run: 53,284,753,408 bytes free

303 --- E O F --- 2008-06-19 22:09:19


------
HijackThis
------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:56:47 PM, on 6/21/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\PC Defender\Anti-Virus\fsgk32st.exe
C:\Program Files\PC Defender\Common\FSMA32.EXE
C:\Program Files\PC Defender\Anti-Virus\FSGK32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\rpcnet.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Defender\Anti-Virus\fssm32.exe
C:\Program Files\PC Defender\FWES\Program\fsdfwd.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\PC Defender\Common\FSLAUNCH.EXE
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tds.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [Gateway Extended Warranty] "C:\Program Files\Gateway\GWCares\GWCares.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Lexmark 4200 Series] "C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\PC Defender\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\PC Defender\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1212510378069
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1212510495116
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\PC Defender\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\PC Defender\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\PC Defender\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\PC Defender\Common\FSMA32.EXE
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 7478 bytes
  • 0

#6
Essexboy
Posted 22 June 2008 - 04:47 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi again. Well everything looks ok on those reports. Apart from the network thing are you experiencing any other problems ?

Defender is at this location C:\Program Files\PC Defender
  • 0

#7
queen2b
Posted 22 June 2008 - 08:11 AM

queen2b

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
One thing I noticed when I loaded the Recovery Console was an error message that said:

"The option to upgrade will not be available at this time because setup was unable to load the file E:\I386\WINNTUPG\NETUPGRD.DLL. The system cannot fine the file specified." But then it ran through the connection to Microsoft anyway. Does this mean that I need to do something to the Recovery Console?

Also, the random hardware dinging noises when I was online and plugged into the network seemed rather odd, as I had not connected anything.

I havent' tried to connect again wirelessly yet.

Thanks again for looking at all this stuff. I really appreciate your time, effort and patience.
  • 0

#8
Essexboy
Posted 22 June 2008 - 10:03 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
NETUPGRD.DLL is not really relevant as that is only required to upgrade from XP Home to Pro

Also, the random hardware dinging noises when I was online and plugged into the network seemed rather odd, as I had not connected anything.

That is the standard MS ding.wav and is used for a variety of alerts within windows, I would imagine that it was set during your re-install

To cure this go to control panel > Sounds
Then select each item in turn that has a loudspeaker alongside it and see which have ding.wav associated with it
If you do not want it then just select none in the drop down box

[attachment=21638:Untitled.jpg]

Could you try your wireless again and see what the result is :)
  • 0

#9
queen2b
Posted 24 June 2008 - 08:28 AM

queen2b

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi again! Sorry it's taken me so long to reply...

The only ding.wav files were set to default beep. The sound that I was hearing was the Device Connect (insert.wav) or Device Disconnect (remove.wav) - weird!

Wireless is working correctly! Thanks so much for whatever worked!

A couple more questions, then I should be finished with this computer!!

I was going to put some files on the DVD before I replied the last time, and then decided not to. The next time I booted the computer, a pop up said "You have files waiting to be written to the CD. To view these files, click this balloon." I clicked the balloon and nothing happened. I hate that.

Now that the computer is clean, is it okay to copy the old system to disks (I don't think I need it, but I guess it can't hurt) and then delete it? How do I make sure that it goes away completely? Are there any other next steps that I should take or articles I should read here and follow?

Also, on which forum should I ask for help with the other computer now that the phone company cleaned off the virus? Should I just follow the steps for removing old Java Runtime version and installing the new version? Plus I need to clean the old system off that one as well.

Again, thank you so much for all of your advice and help! :) I'm so glad that I came to this website! :)
  • 0

#10
Essexboy
Posted 24 June 2008 - 11:46 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
After the clean up instructions I would recommend backing up your files..you may never need them but....

Also, on which forum should I ask for help with the other computer now that the phone company cleaned off the virus? Should I just follow the steps for removing old Java Runtime version and installing the new version? Plus I need to clean the old system off that one as well.

Depends on the problem - what is it ? Yes replace the Java and ensure that all the old versions are gone.

Now the best part of the day ----- Your log now appears clean :)

Double click OTMoveIt2 once again and you should see a CleanUp! button, press that button, you may get prompted by your firewall that OTMoveIt2 wants to contact the internet, allow this, a cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will delete all the tools you have downloaded plus itself

Now to get you off to a good start we will re-set your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your your restore point but this is my method:

1. Select Start > All Programs > Accessories > System tools > System Restore.
2. On the dialogue box that appears select Create a Restore Point
3. Click NEXT
4. Enter a name e.g. Clean
5. Click CREATE

You now have a clean restore point, to get rid of the bad ones:

1. Select Start > All Programs > Accessories > System tools > Disk Cleanup.
2. In the Drop down box that appears select your main drive e.g. C
3. Click OK
4. The System will do some calculation and the display a dialogue box with TABS
5. Select the More Options Tab.
6. At the bottom will be a system restore box with a CLEANUP button click this
7. Accept the Warning and select OK again, the program will close and you are done



Now that you are clean, to help protect your computer in the future I recommend that you get the following free program: It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?


Keep safe :)
  • 0

Advertisements

#11
queen2b
Posted 24 June 2008 - 01:19 PM

queen2b

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
I'm a little :) Will the OTMoveIt2 automatically remove the ATF cleaner and the SuperAntiSpyware tools as well? I like the ATF cleaner and I would just have to download the SuperAntiSpyware again.

My PCDefender has real-time scanning setup for virus and spyware - the phone company set it up and I don't want to mess with the settings. Won't Spyware Blaster interfere with that?

When I took my computers to the repair shop, they backed up the old system and then reformatted and then put the old system back on in a folder. They told me I could save my files and then just delete the folder. I should delete that before setting the new restore point - right? That way it will be completely gone - right?

Sorry to be so dense about this, I just want to understand what I'm doing.

On the other computer, the wireless will only connect at 48Mbps and sometimes it will drop down to 24Mbps and I've even seen 1Mbps, even when I'm sitting right next to the router. Surfing on the internet is really slow as well. Those are the only things I've noticed since they cleaned off whatever virus was on there.

Thanks!
  • 0

#12
Essexboy
Posted 24 June 2008 - 02:05 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

I'm a little Will the OTMoveIt2 automatically remove the ATF cleaner and the SuperAntiSpyware tools as well? I like the ATF cleaner and I would just have to download the SuperAntiSpyware again

No, it will leave those

My PCDefender has real-time scanning setup for virus and spyware - the phone company set it up and I don't want to mess with the settings. Won't Spyware Blaster interfere with that?

No, Spywareblaster protects part of your registry passively and will not conflict

When I took my computers to the repair shop, they backed up the old system and then reformatted and then put the old system back on in a folder. They told me I could save my files and then just delete the folder. I should delete that before setting the new restore point - right? That way it will be completely gone - right?

Correct

On the other computer, the wireless will only connect at 48Mbps and sometimes it will drop down to 24Mbps and I've even seen 1Mbps, even when I'm sitting right next to the router. Surfing on the internet is really slow as well. Those are the only things I've noticed since they cleaned off whatever virus was on there.

If you are sure you are virus free then ask in the networking forum.. If you are not sure the I could take a look at it

:)
  • 0

#13
queen2b
Posted 24 June 2008 - 02:23 PM

queen2b

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Awesome!! Thanks for all that. I'll take care of all that on this computer this evening.

One more question that I'm sure is strange - I use a webmail program and when I receive an email that says it has both secure and unsecure content (usually pictures) I now have to click on that button twice to make it open.

I'm pretty sure the viruses are gone on the other computer, but I'd be really happy if you looked at everything to make sure. What are my next steps for the other one?

Also, I clicked on your PayPal button - I'm not sure how to make a donation in pounds...
  • 0

#14
Essexboy
Posted 24 June 2008 - 02:32 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

I use a webmail program and when I receive an email that says it has both secure and unsecure content (usually pictures) I now have to click on that button twice to make it open.

That is for your security - as when you select the pictures a request is sent to the site where the e-mail originated from. If it was spam they now know that your e-mail address is active..

For the second system we will start with a DSS log

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#15
queen2b
Posted 24 June 2008 - 03:48 PM

queen2b

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

That is for your security - as when you select the pictures a request is sent to the site where the e-mail originated from. If it was spam they now know that your e-mail address is active..

But I've never had to click it twice to make it go away.

Here are the dss logs for second computer:

-------
Main Log
-------
Deckard's System Scanner v20071014.68
Run by Connie on 2008-06-24 17:33:06
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
39: 2008-06-24 21:33:13 UTC - RP39 - Deckard's System Scanner Restore Point
38: 2008-06-24 19:10:42 UTC - RP38 - Software Distribution Service 3.0
37: 2008-06-23 16:41:20 UTC - RP37 - System Checkpoint
36: 2008-06-20 20:29:59 UTC - RP36 - Software Distribution Service 3.0
35: 2008-06-20 20:19:06 UTC - RP35 - psc 7.03 build 110 Installation


-- First Restore Point --
1: 2008-06-02 21:44:05 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Connie.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:34:36 PM, on 6/24/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\PC Defender\Anti-Virus\fsgk32st.exe
C:\Program Files\PC Defender\Anti-Virus\FSGK32.EXE
C:\Program Files\PC Defender\Common\FSMA32.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\PC Defender\Common\FSMB32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Defender\Common\FCH32.EXE
C:\Program Files\PC Defender\Common\FAMEH32.EXE
C:\Program Files\PC Defender\Anti-Virus\fsqh.exe
C:\Program Files\PC Defender\FSAUA\program\fsaua.exe
C:\Program Files\PC Defender\Anti-Virus\fssm32.exe
C:\Program Files\PC Defender\FWES\Program\fsdfwd.exe
C:\Program Files\PC Defender\FSAUA\program\fsus.exe
C:\Program Files\PC Defender\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe
C:\Program Files\PC Defender\Common\FSM32.EXE
C:\WINDOWS\system32\lexpps.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC Defender\FSGUI\fsguidll.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe
C:\Documents and Settings\Connie\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Connie.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tds.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Lexmark 4200 Series] "C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer4_in_1] "C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\PC Defender\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\PC Defender\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-4116397356-663753673-1668833520-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Sam')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1212443387825
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\PC Defender\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\PC Defender\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\PC Defender\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\PC Defender\Common\FSMA32.EXE
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 6922 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 FSFW (F-Secure Firewall Driver) - c:\windows\system32\drivers\fsdfw.sys <Not Verified; F-Secure Corporation; F-Secure Internet Shield>
R1 F-Secure HIPS - c:\program files\pc defender\hips\fshs.sys

S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-23 10:58:34 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job


-- Files created between 2008-05-24 and 2008-06-24 -----------------------------

2008-06-24 17:34:09 0 d-------- C:\Program Files\Trend Micro
2008-06-23 13:42:31 0 d-------- C:\Documents and Settings\Sam\Application Data\Mozilla
2008-06-20 21:25:10 0 d--hs---- C:\Documents and Settings\Sam\Cookies
2008-06-20 18:26:20 0 d-------- C:\Documents and Settings\Connie\Application Data\SUPERAntiSpyware.com
2008-06-20 17:39:31 0 d-------- C:\Documents and Settings\Connie\Application Data\F-Secure
2008-06-20 16:20:10 30016 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys <Not Verified; F-Secure Corporation; F-Secure Internet Shield>
2008-06-20 16:20:10 51072 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys <Not Verified; F-Secure Corporation; F-Secure Internet Shield>
2008-06-20 16:19:52 0 d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2008-06-20 16:19:08 0 d-------- C:\Program Files\PC Defender
2008-06-20 16:18:47 0 d-------- C:\Documents and Settings\All Users\Application Data\fssg
2008-06-20 15:35:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-06-20 12:29:38 0 d-------- C:\WINDOWS\BDOSCAN8
2008-06-20 12:29:15 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-06-20 12:28:57 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-06-20 12:25:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-20 11:20:57 0 d-------- C:\WINDOWS\CSC
2008-06-20 11:18:42 0 d-------- C:\Documents and Settings\LocalService\Application Data\SUPERAntiSpyware.com
2008-06-20 11:18:42 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-20 11:18:16 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-20 11:14:31 0 d-------- C:\WINDOWS\pss
2008-06-20 11:01:51 0 d--h----- C:\Documents and Settings\LocalService\NetHood
2008-06-20 10:57:08 50688 --ah----- C:\ATFcleaner.exe <Not Verified; Atribune.org; ATF Cleaner>
2008-06-20 10:56:22 0 d-------- C:\Program Files\Yahoo!
2008-06-20 10:56:10 0 d-------- C:\Program Files\CCleaner
2008-06-20 10:56:10 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-06-20 10:56:10 0 d-------- C:\Documents and Settings\LocalService\Desktop
2008-06-20 10:54:28 0 d-------- C:\WINDOWS\LMI3.tmp
2008-06-16 22:21:40 0 d-------- C:\HyperCD
2008-06-16 22:20:02 0 d-------- C:\EPSONREG
2008-06-16 16:34:18 0 d-------- C:\Documents and Settings\Connie\Application Data\4200Series
2008-06-11 20:26:44 0 d-------- C:\Documents and Settings\Sam\Application Data\4200Series
2008-06-09 15:39:52 20480 --a------ C:\WINDOWS\system32\LXBRPMUI.DLL
2008-06-09 15:39:52 32768 --a------ C:\WINDOWS\system32\LXBRPMON.DLL
2008-06-09 15:39:32 12288 --a------ C:\WINDOWS\system32\LXBRPMRC.DLL <Not Verified; Lexmark International, Inc.; Lexmark Fax Solutions Software Print Monitor>
2008-06-09 15:39:32 98345 -ra------ C:\WINDOWS\system32\IMHOST32.DLL <Not Verified; Data Techniques, Inc.; ImageMan Image Processing Toolkit>
2008-06-09 15:39:32 339968 -ra------ C:\WINDOWS\system32\IMGMAN32.DLL <Not Verified; Data Techniques, Inc.; ImageMan Image Processing Toolkit>
2008-06-09 15:39:20 0 d-------- C:\Documents and Settings\All Users\Application Data\4200Series
2008-06-09 15:38:09 0 d-------- C:\Program Files\ABBYY FineReader 5.0 Sprint
2008-06-09 15:36:42 0 d-------- C:\Program Files\Lexmark 4200 Series
2008-06-09 15:36:23 299520 --a------ C:\WINDOWS\uninst.exe <Not Verified; InstallShield Corporation, Inc.; InstallShield unInstaller>
2008-06-04 15:49:44 0 d-------- C:\Program Files\Microsoft IntelliPoint
2008-06-03 15:06:02 0 d-------- C:\Documents and Settings\Sam\Application Data\Macromedia
2008-06-03 15:05:26 0 d-------- C:\Documents and Settings\Sam\Application Data\Adobe
2008-06-03 15:02:04 0 d-------- C:\Documents and Settings\Sam\Application Data\Identities
2008-06-03 15:02:03 0 d-------- C:\Documents and Settings\Sam\WINDOWS
2008-06-03 15:02:03 0 d--h----- C:\Documents and Settings\Sam\Templates
2008-06-03 15:02:03 0 dr------- C:\Documents and Settings\Sam\Start Menu
2008-06-03 15:02:03 0 dr-h----- C:\Documents and Settings\Sam\SendTo
2008-06-03 15:02:03 0 dr-h----- C:\Documents and Settings\Sam\Recent
2008-06-03 15:02:03 0 d--h----- C:\Documents and Settings\Sam\PrintHood
2008-06-03 15:02:03 1048576 --a------ C:\Documents and Settings\Sam\NTUSER.DAT
2008-06-03 15:02:03 0 d--h----- C:\Documents and Settings\Sam\NetHood
2008-06-03 15:02:03 0 dr------- C:\Documents and Settings\Sam\My Documents
2008-06-03 15:02:03 0 d--h----- C:\Documents and Settings\Sam\Local Settings
2008-06-03 15:02:03 0 dr------- C:\Documents and Settings\Sam\Favorites
2008-06-03 15:02:03 0 d-------- C:\Documents and Settings\Sam\Desktop
2008-06-03 15:02:03 0 dr-h----- C:\Documents and Settings\Sam\Application Data
2008-06-03 15:02:03 0 d-------- C:\Documents and Settings\Sam\Application Data\SampleView
2008-06-03 15:02:03 0 d---s---- C:\Documents and Settings\Sam\Application Data\Microsoft
2008-06-03 14:31:53 0 d-------- C:\Documents and Settings\Connie\Application Data\Macromedia
2008-06-03 14:20:13 0 d-------- C:\Documents and Settings\Connie\Application Data\Adobe
2008-06-03 14:14:40 0 d-------- C:\Documents and Settings\Connie\WINDOWS
2008-06-03 14:14:40 0 d--h----- C:\Documents and Settings\Connie\Templates
2008-06-03 14:14:40 0 dr------- C:\Documents and Settings\Connie\Start Menu
2008-06-03 14:14:40 0 dr-h----- C:\Documents and Settings\Connie\SendTo
2008-06-03 14:14:40 0 dr-h----- C:\Documents and Settings\Connie\Recent
2008-06-03 14:14:40 0 d--h----- C:\Documents and Settings\Connie\PrintHood
2008-06-03 14:14:40 1835008 --a------ C:\Documents and Settings\Connie\NTUSER.DAT
2008-06-03 14:14:40 0 d--h----- C:\Documents and Settings\Connie\NetHood
2008-06-03 14:14:40 0 dr------- C:\Documents and Settings\Connie\My Documents
2008-06-03 14:14:40 0 d--h----- C:\Documents and Settings\Connie\Local Settings
2008-06-03 14:14:40 0 dr------- C:\Documents and Settings\Connie\Favorites
2008-06-03 14:14:40 0 d-------- C:\Documents and Settings\Connie\Desktop
2008-06-03 14:14:40 0 d--hs---- C:\Documents and Settings\Connie\Cookies
2008-06-03 14:14:40 0 dr-h----- C:\Documents and Settings\Connie\Application Data
2008-06-03 14:14:40 0 d-------- C:\Documents and Settings\Connie\Application Data\SampleView
2008-06-03 14:14:40 0 d-------- C:\Documents and Settings\Connie\Application Data\Identities
2008-06-03 12:56:58 0 d-------- C:\Documents and Settings\Administrator\Application Data\CyberLink
2008-06-03 12:46:59 0 d-------- C:\WINDOWS\system32\appmgmt
2008-06-03 12:05:18 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-06-03 12:04:08 0 d-------- C:\WINDOWS\system32\Adobe
2008-06-03 11:51:24 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-03 11:51:14 0 d-------- C:\WINDOWS\SxsCaPendDel
2008-06-03 11:46:14 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-06-03 11:44:53 0 d-------- C:\Program Files\Windows Defender
2008-06-03 11:40:17 0 d-------- C:\Program Files\CDBurnerXP Pro 3
2008-06-03 11:39:28 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-06-03 11:18:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-06-03 11:15:20 0 d-------- C:\Program Files\Lavasoft
2008-06-03 11:15:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-03 11:14:56 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-03 10:35:53 0 d-------- C:\OldSys
2008-06-03 09:55:24 0 d-------- C:\Program Files\Microsoft Silverlight
2008-06-03 09:44:48 0 d-------- C:\Program Files\Windows Media Connect 2
2008-06-03 09:43:06 0 d-------- C:\WINDOWS\system32\LogFiles
2008-06-03 09:43:06 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-06-03 09:36:16 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-06-03 09:33:45 0 d-------- C:\Program Files\EZBackitup
2008-06-03 09:14:55 0 d-------- C:\WINDOWS\Prefetch
2008-06-03 09:07:58 0 d-------- C:\WINDOWS\system32\scripting
2008-06-03 09:07:57 0 d-------- C:\WINDOWS\l2schemas
2008-06-03 09:07:56 0 d-------- C:\WINDOWS\system32\en
2008-06-03 09:07:56 0 d-------- C:\WINDOWS\system32\bits
2008-06-03 09:05:05 0 d-------- C:\WINDOWS\ServicePackFiles
2008-06-03 09:01:58 0 d-------- C:\WINDOWS\network diagnostic
2008-06-02 20:20:52 20480 --a------ C:\WINDOWS\system32\Marker32.exe <Not Verified; Gateway; Marker32>
2008-06-02 20:20:34 0 d-------- C:\WINDOWS\SHELLNEW
2008-06-02 20:20:30 189952 --a------ C:\WINDOWS\system32\WISPTIS.EXE <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-02 20:20:30 40960 --a------ C:\WINDOWS\system32\VBAME.DLL <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2008-06-02 20:20:30 15872 --a------ C:\WINDOWS\system32\SCP32.DLL <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2008-06-02 20:20:30 151552 --a------ C:\WINDOWS\system32\RDOCURS.DLL <Not Verified; Microsoft Corporation; Microsoft RDO Client Cursor Library>
2008-06-02 20:20:30 94208 --a------ C:\WINDOWS\system32\MSSTKPRP.DLL <Not Verified; Microsoft Corporation; msprop32>
2008-06-02 20:20:30 397312 --a------ C:\WINDOWS\system32\MSRDO20.DLL <Not Verified; Microsoft Corporation; Microsoft Corporation Remote Data Object>
2008-06-02 20:20:29 204800 --a------ C:\WINDOWS\system32\INKED.DLL <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-02 20:20:29 0 d-------- C:\Program Files\Microsoft.NET
2008-06-02 20:19:54 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-06-02 20:19:01 0 dr-h----- C:\MSOCache
2008-06-02 20:16:54 0 d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2008-06-02 20:15:29 0 d-------- C:\Program Files\ATI Technologies
2008-06-02 20:14:30 0 d-------- C:\WINDOWS\RegisteredPackages
2008-06-02 20:14:18 0 d-------- C:\Program Files\CyberLink
2008-06-02 20:14:16 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-06-02 20:14:15 0 d-------- C:\Program Files\Gateway
2008-06-02 20:11:42 0 d-------- C:\WINDOWS\tiinst
2008-06-02 20:11:27 46433 --a------ C:\WINDOWS\WBODA34I.DLL <Not Verified; Wilson WindowWare, Inc.; WIL OLE DLL>
2008-06-02 20:11:27 351526 --a------ C:\WINDOWS\WBDDA34I.DLL <Not Verified; Wilson WindowWare, Inc.; WIL DLL>
2008-06-02 20:11:17 0 d-------- C:\Program Files\Synaptics
2008-06-02 20:11:11 471298 --a------ C:\WINDOWS\wallpg.exe <Not Verified; ; wallpg>
2008-06-02 20:11:07 53248 --a------ C:\WINDOWS\system32\NeroCo.dll <Not Verified; Ahead Software AG
im Stoeckmaedle 18
76307 Karlsbad, Germany
Fax: ++49-7248-911-888
e-mail: [email protected]; Nero Burning Rom>
2008-06-02 20:10:18 106496 --a------ C:\WINDOWS\system32\TwnLib20.dll <Not Verified; Pegasus Software; TWNLIB20>
2008-06-02 20:10:17 38912 --a------ C:\WINDOWS\system32\picn20.dll <Not Verified; Pegasus Imaging Corp.; PEGASUS>
2008-06-02 20:10:16 544768 --a------ C:\WINDOWS\system32\imagx5.dll <Not Verified; Pegasus Software, LLC; ImagXpress>
2008-06-02 20:10:16 569344 --a------ C:\WINDOWS\system32\imagr5.dll <Not Verified; Pegasus Software,LLC; ImagXpress>
2008-06-02 20:10:14 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe <Not Verified; Ahead Software Gmbh; Ahead Software Gmbh NeroCheck>
2008-06-02 20:10:14 0 d-------- C:\Program Files\Common Files\Ahead
2008-06-02 20:10:10 0 d-------- C:\Program Files\Ahead
2008-06-02 20:10:05 67072 --a------ C:\WINDOWS\POWERCFG.EXE <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-02 20:08:54 0 d-------- C:\Documents and Settings\Default User\WINDOWS
2008-06-02 20:08:54 0 d-------- C:\Documents and Settings\Default User\Application Data\Identities
2008-06-02 20:08:49 262144 --a------ C:\Documents and Settings\All Users\NTUSER.DAT
2008-06-02 20:08:46 518520 --a------ C:\WINDOWS\vidres.exe <Not Verified; ; resolution>
2008-06-02 20:06:23 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-06-02 20:04:13 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-06-02 20:04:00 0 d-------- C:\Program Files\Intel
2008-06-02 20:03:30 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-06-02 20:03:29 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-02 20:03:27 0 d-------- C:\Program Files\Common Files\InstallShield
2008-06-02 20:03:12 17956 --a------ C:\WINDOWS\BigFixClientOverride.dll <Not Verified; BigFix, Inc.; BigFix>
2008-06-02 20:03:11 0 d-------- C:\Program Files\BigFix
2008-06-02 20:03:04 86016 --a------ C:\WINDOWS\unvise32qt.exe <Not Verified; MindVision; Installer VISE 2.8.3>
2008-06-02 20:02:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Pure Networks
2008-06-02 20:02:53 368912 --a------ C:\WINDOWS\system32\vbar332.dll <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2008-06-02 20:02:53 102400 --a------ C:\WINDOWS\system32\SimpleRegistry.dll <Not Verified; 4Developers LLC; SimpleRegistry Control>
2008-06-02 20:02:53 118784 --a------ C:\WINDOWS\system32\Msstdfmt.dll <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
2008-06-02 20:02:53 10752 --a------ C:\WINDOWS\system32\aamd532.dll <Not Verified; Almeida & Andrade Ltda; MD5 Maker DLL>
2008-06-02 20:02:51 0 d-------- C:\WINDOWS\occache
2008-06-02 20:02:51 0 d-------- C:\Program Files\Pure Networks
2008-06-02 20:02:51 0 d-------- C:\Program Files\Learn2.com
2008-06-02 20:02:50 0 d-------- C:\Program Files\Viewpoint
2008-06-02 20:02:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-06-02 20:00:56 0 d-------- C:\WINDOWS\system32\QuickTime
2008-06-02 20:00:56 0 d-------- C:\Program Files\QuickTime
2008-06-02 20:00:56 0 d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
2008-06-02 20:00:52 0 d-------- C:\Program Files\Common Files\Nullsoft
2008-06-02 20:00:48 8552 --a------ C:\WINDOWS\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
2008-06-02 20:00:48 0 d-------- C:\My Music
2008-06-02 20:00:46 0 d-------- C:\Program Files\Real
2008-06-02 20:00:46 0 d-------- C:\Program Files\Common Files\Real
2008-06-02 20:00:26 1044480 --a------ C:\WINDOWS\system32\roboex32.dll <Not Verified; eHelp Corporation.; RoboHELP for WinHelp 9>
2008-06-02 20:00:26 54784 --a------ C:\WINDOWS\system32\Inetwh32.dll <Not Verified; Blue Sky Software Corporation.; Blue Sky Software - INETWH32>
2008-06-02 20:00:09 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL
2008-06-02 19:58:00 0 d-------- C:\Program Files\Common Files\AOL
2008-06-02 19:57:59 335 --a------ C:\WINDOWS\nsreg.dat
2008-06-02 19:57:44 0 d-------- C:\Program Files\Java
2008-06-02 19:57:44 0 d-------- C:\Program Files\Common Files\Java
2008-06-02 19:55:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Prism Deploy
2008-06-02 19:55:33 0 d-------- C:\Program Files\Common Files\New Boundary
2008-06-02 19:50:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-02 19:49:43 0 d-------- C:\WINDOWS\system32\URTTemp
2008-06-02 19:49:38 2 -r-hs---- C:\USER
2008-06-02 19:48:51 1654784 --a------ C:\WINDOWS\system32\W29MLRES.dll <Not Verified; Intel Corporation; Intel® PRO/Wireless 2915ABG Network Connection>
2008-06-02 19:48:35 0 d-------- C:\Program Files\CONEXANT
2008-06-02 19:46:55 0 d--hs---- C:\System Volume Information
2008-06-02 19:44:37 60 --a------ C:\WINDOWS\system32\SYSDRV.DAT
2008-06-02 19:44:36 0 d-------- C:\WINDOWS\creator
2008-06-02 19:44:26 0 d-------- C:\WINDOWS\SMINST
2008-06-02 19:44:03 0 dr------- C:\Program Files
2008-06-02 19:43:54 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-06-02 19:43:54 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-06-02 19:43:54 0 d--h----- C:\Documents and Settings\Default User\Local Settings
2008-06-02 19:43:54 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-06-02 19:43:54 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-06-02 19:43:54 0 dr------- C:\Documents and Settings\All Users\Documents
2008-06-02 19:43:54 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-06-02 19:43:54 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-06-02 19:43:54 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-06-02 19:43:54 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-06-02 19:43:54 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-06-02 19:43:53 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-06-02 19:43:53 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-06-02 19:43:40 0 dr------- C:\WINDOWS\Offline Web Pages
2008-06-02 19:41:26 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-06-02 17:58:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-06-02 17:57:42 0 d-------- C:\WINDOWS\system32\PreInstall
2008-06-02 17:57:40 0 d--h----- C:\WINDOWS\$hf_mig$
2008-06-02 17:47:13 0 d--hs---- C:\Documents and Settings\Administrator\UserData
2008-06-02 17:43:53 0 d-------- C:\Documents and Settings\Default User\Application Data\SampleView
2008-06-02 17:42:09 0 d-------- C:\WINDOWS\system32\SoftwareDistribution


-- Find3M Report ---------------------------------------------------------------

2008-06-20 16:23:13 0 d-------- C:\Program Files\Common Files
2008-06-03 09:14:15 0 d-------- C:\Program Files\Messenger
2008-06-03 09:07:56 0 d-------- C:\Program Files\Movie Maker
2008-06-03 09:04:41 0 d-------- C:\Program Files\Windows NT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 02:50 PM]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [11/04/2004 07:47 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [11/04/2004 07:47 PM]
"Reminder"="%WINDIR%\Creator\Remind_XP.exe" []
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [10/31/2003 10:42 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [02/02/2005 12:05 AM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 06:20 PM]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [03/23/2005 07:26 PM]
"Lexmark 4200 Series"="C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe" [01/16/2004 06:04 AM]
"FaxCenterServer4_in_1"="C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" [01/22/2004 10:59 AM]
"F-Secure Manager"="C:\Program Files\PC Defender\Common\FSM32.exe" [02/13/2008 06:38 AM]
"F-Secure TNB"="C:\Program Files\PC Defender\FSGUI\TNBUtil.exe" [02/13/2008 06:38 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 08:12 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
C:\PROGRA~1\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CiSvc"=3 (0x3)
"avg8emc"=2 (0x2)
"AOL ACS"=2 (0x2)
"aawservice"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- End of Deckard's System Scanner: finished at 2008-06-24 17:37:29 ------------




-------
Extra Log
-------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® M processor 2.00GHz
Percentage of Memory in Use: 40%
Physical Memory (total/avail): 1022.48 MiB / 608.39 MiB
Pagefile Memory (total/avail): 3994.21 MiB / 3572.41 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1852.38 MiB

C: is Fixed (NTFS) - 87.29 GiB total, 36.44 GiB free.
D: is Fixed (FAT32) - 5.85 GiB total, 3.37 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - HTS541010G9AT00 - 93.16 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 87.29 GiB - C:
\PARTITION1 - Unknown - 5.86 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Connie\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=YOUR-3D630848A5
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Connie
LOGONSERVER=\\YOUR-3D630848A5
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d08
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Connie\LOCALS~1\Temp
TMP=C:\DOCUME~1\Connie\LOCALS~1\Temp
USERDOMAIN=YOUR-3D630848A5
USERNAME=Connie
USERPROFILE=C:\Documents and Settings\Connie
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Connie (admin)
Sam
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\PC Defender\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware Scanner"
--> "C:\Program Files\PC Defender\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware"
--> "C:\Program Files\PC Defender\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus Client Security Installer"
--> "C:\Program Files\PC Defender\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus"
--> "C:\Program Files\PC Defender\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Automatic Update Agent"
--> "C:\Program Files\PC Defender\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure DAAS"
--> "C:\Program Files\PC Defender\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Diagnostics"
--> "C:\Program Files\PC Defender\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure E-mail Scanning"
--> "C:\Program Files\PC Defender\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure FWES"
--> "C:\Program Files\PC Defender\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GateKeeper Interface"
--> "C:\Program Files\PC Defender\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Gemini"
--> "C:\Program Files\PC Defender\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GUI"
--> "C:\Program Files\PC Defender\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Help"
--> "C:\Program Files\PC Defender\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure HIPS"
--> "C:\Program Files\PC Defender\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Internet Shield"
--> "C:\Program Files\PC Defender\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Localization API"
--> "C:\Program Files\PC Defender\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent"
--> "C:\Program Files\PC Defender\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Pegasus Engine"
--> "C:\Program Files\PC Defender\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Protocol Scanner"
--> "C:\Program Files\PC Defender\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Control"
--> "C:\Program Files\PC Defender\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Scanner"
--> "C:\Program Files\PC Defender\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure TNB"
--> "C:\Program Files\PC Defender\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Uninstall"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 5.0 Sprint Plus --> MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
Ad-Aware 2007 --> MsiExec.exe /X{E31C348B-63A9-4CBF-8D7F-D932ABB63244}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player 11 --> C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CDBurnerXP Pro 3 --> MsiExec.exe /I{896D642C-7125-44F0-AC49-A23ABF82209C}
Conexant AC-Link Audio --> CIAunwdm.exe
EZBack-it-up 2.0.1 --> "C:\Program Files\EZBackitup\unins000.exe"
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2 --> "C:\WINDOWS\LMI3.tmp\Script_2\HijackThis.exe" /uninstall
InCD EasyWrite Reader --> C:\WINDOWS\unmrw.exe /UNINSTALL
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
Java 2 Runtime Environment, SE v1.4.2 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
Lexmark 4200 Series --> C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBMUN5C.EXE -dLexmark 4200 Series
Lexmark 4200 Series Fax Solutions --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\8\INTEL3~1\IDriver.exe /M{C439D065-5B64-4563-A6B9-1AA202633E13} /l1033 /z/U
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Nero BurnRights --> C:\WINDOWS\UNNeroBurnRights.exe /UNINSTALL
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
PC Defender --> "C:\Program Files\PC Defender\FSGUI\PostInstall.exe" /tUnInstall
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SoftV92 Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_266D&SUBSYS_0460107B\HXFSETUP.EXE -U -Iqta04605.inf
Spelling Dictionaries Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515 drivers. --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{8E50332B-772C-4AEA-BF56-94DE6A1D5F10} /l1033
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type320 / Warning
Event Submitted/Written: 06/24/2008 05:24:56 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type319 / Error
Event Submitted/Written: 06/24/2008 05:23:22 PM
Event ID/Source: 103 / F-Secure Anti-Virus
Event Description:
2 2008-06-24 17:23:21-04:00 your-3d630848a5 YOUR-3D630848A5\Connie F-Secure Anti-Virus
Scanning of \DEVICE\HARDDISKVOLUME1\WINDOWS\TEMP\TMP000000CE4F41B6A3F7EF229A was aborted due to exceeded scanning time limit. The file may be in use or reading it was too slow (e.g. network connection was under stress).

Event Record #/Type317 / Error
Event Submitted/Written: 06/24/2008 03:11:00 PM
Event ID/Source: 5000 / MPSampleSubmission
Event Description:
EventType mptelemetry, P1 80508007, P2 updatedefinitions, P3 unspecified, P4 1.1.2960.0, P5 mpsigstub.exe, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Event Record #/Type316 / Error
Event Submitted/Written: 06/23/2008 00:07:51 PM
Event ID/Source: 103 / F-Secure Anti-Virus
Event Description:
1 2008-06-23 12:07:49-04:00 your-3d630848a5 YOUR-3D630848A5\Connie F-Secure Anti-Virus
Scanning of \DEVICE\HARDDISKVOLUME1\PROGRAM FILES\LEXMARK 4200 SERIES\LXBMBMON.EXE was aborted due to exceeded scanning time limit. The file may be in use or reading it was too slow (e.g. network connection was under stress).

Event Record #/Type315 / Warning
Event Submitted/Written: 06/23/2008 00:06:46 PM
Event ID/Source: 4356 / EventSystem
Event Description:
The COM+ Event System failed to create an instance of the subscriber partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{58FC39EB-9DBD-4EA7-B7B4-9404CC6ACFAB}. CoGetObject returned HRESULT 8000401A.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type1465 / Warning
Event Submitted/Written: 06/24/2008 05:34:54 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%YOUR-3D630848A527 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %YOUR-3D630848A527 can't undo changes that you allow.

For more information please see the following:
%YOUR-3D630848A5275

Scan ID: {5DCBACAE-7A96-444E-A086-7B9B80B60898}

User: YOUR-3D630848A5\Connie

Name: %YOUR-3D630848A5271

ID: %YOUR-3D630848A5272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %YOUR-3D630848A5276

Alert Type: %YOUR-3D630848A5278

Detection Type: 1.1.1593.02

Event Record #/Type1464 / Warning
Event Submitted/Written: 06/24/2008 05:34:54 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%YOUR-3D630848A527 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %YOUR-3D630848A527 can't undo changes that you allow.

For more information please see the following:
%YOUR-3D630848A5275

Scan ID: {3947E130-2CD6-4928-A9B3-4762D8133E48}

User: YOUR-3D630848A5\Connie

Name: %YOUR-3D630848A5271

ID: %YOUR-3D630848A5272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %YOUR-3D630848A5276

Alert Type: %YOUR-3D630848A5278

Detection Type: 1.1.1593.02

Event Record #/Type1461 / Warning
Event Submitted/Written: 06/24/2008 05:22:36 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0013CE27E6F9. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type1460 / Warning
Event Submitted/Written: 06/24/2008 05:22:35 PM / 06/24/2008 05:22:36 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0013CE27E6F9. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type1455 / Warning
Event Submitted/Written: 06/24/2008 05:04:13 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0013CE27E6F9. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.



-- End of Deckard's System Scanner: finished at 2008-06-24 17:37:29 ------------
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP