Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Think I have company? [CLOSED]

Started by ScittS , Jul 29 2008 03:01 PM

Page 3 of 7
1
2
3
4
5

This topic is locked

#31
fenzodahl512

Posted 31 July 2008 - 01:03 PM

Malware Removal
9,863 posts

Hi.. I see some bad entries in Jordyn's Profile!.. Please log on into Jordyn's Profile from now on.. The DSS log looks like cut off.. Can you post the log again?.. Please find it inside C:\Deckard folder..

#32
ScittS

Posted 31 July 2008 - 01:19 PM

Member

Topic Starter
Member
65 posts

here is Jordyn's Log:

Deckard's System Scanner v20071014.68
Run by Jordyn on 2008-07-31 13:32:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Jordyn.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:32:41 PM, on 7/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\FCyberAlert\syslogin.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\FinePixViewerS\QuickDCF2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\noucouzipyz.exe
C:\Documents and Settings\Owner\My Documents\Software\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Jordyn.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [FamilyCyberAlert] C:\WINDOWS\system32\FCyberAlert\syslogin.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [fufokoo] C:\Documents and Settings\Jordyn\Application Data\Microsoft\noucouzipyz.exe
O4 - HKUS\S-1-5-21-746137067-839522115-725345543-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Owner')
O4 - HKUS\S-1-5-21-746137067-839522115-725345543-1003\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User 'Owner')
O4 - HKUS\S-1-5-21-746137067-839522115-725345543-1003\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'Owner')
O4 - HKUS\S-1-5-21-746137067-839522115-725345543-1003\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User 'Owner')
O4 - Global Startup: Exif Launcher S.lnk = C:\Program Files\FinePixViewerS\QuickDCF2.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1211585209718
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe

--
End of file - 11745 bytes

-- Files created between 2008-06-30 and 2008-07-31 -----------------------------

2008-07-31 13:32:43 142336 -ra------ C:\WINDOWS\system32\wennouwibas.exe
2008-07-31 01:03:29 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-07-31 01:03:29 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-07-31 01:03:29 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-07-31 01:03:29 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-07-31 01:03:29 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-07-31 01:03:29 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-07-31 01:03:29 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-07-31 01:03:29 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-07-31 01:03:29 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-07-31 01:03:29 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-07-31 01:03:29 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-07-31 01:03:29 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-07-31 01:03:29 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-07-31 01:03:29 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-07-30 22:06:33 68096 --a------ C:\WINDOWS\zip.exe
2008-07-30 22:06:33 49152 --a------ C:\WINDOWS\VFind.exe
2008-07-30 22:06:33 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-30 22:06:33 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-30 22:06:33 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-30 22:06:33 98816 --a------ C:\WINDOWS\sed.exe
2008-07-30 22:06:33 80412 --a------ C:\WINDOWS\grep.exe
2008-07-30 22:06:33 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-30 22:04:39 0 dr-hs---- C:\cmdcons
2008-07-30 22:04:38 0 d-------- C:\WINDOWS\setup.pss
2008-07-30 22:03:06 0 d-------- C:\WINDOWS\setupupd
2008-07-30 21:49:37 0 d-------- C:\Documents and Settings\Owner\Application Data\Windows Search
2008-07-29 22:12:47 0 d-------- C:\Program Files\Norton 360
2008-07-29 22:11:55 0 d-------- C:\Program Files\Symantec
2008-07-29 22:09:37 0 d-------- C:\Documents and Settings\Owner\Application Data\Symantec
2008-07-29 18:48:02 0 d-------- C:\Documents and Settings\Torey\Application Data\Windows Desktop Search
2008-07-29 18:46:47 0 d-------- C:\Documents and Settings\Tammy\Application Data\Windows Desktop Search
2008-07-29 15:30:32 0 d-------- C:\Program Files\Trend Micro
2008-07-28 21:46:23 0 d-------- C:\Documents and Settings\Jordyn\Application Data\Windows Desktop Search
2008-07-28 21:42:48 0 d-------- C:\Documents and Settings\Alyc\Application Data\SUPERAntiSpyware.com
2008-07-28 21:27:53 0 d-------- C:\Documents and Settings\Alyc\Application Data\Windows Desktop Search
2008-07-28 21:20:46 0 d-------- C:\Documents and Settings\Owner\Application Data\Windows Desktop Search
2008-07-28 21:20:27 0 d-------- C:\Program Files\Windows Desktop Search
2008-07-28 21:20:26 0 d-------- C:\WINDOWS\system32\GroupPolicy
2008-07-28 18:25:53 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-28 17:44:45 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-28 17:44:42 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-28 17:44:41 0 d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-07-28 17:44:23 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-28 17:40:35 0 d-------- C:\Program Files\SpywareBlaster
2008-07-28 15:24:42 0 d-------- C:\Documents and Settings\Owner\.housecall6.6
2008-07-28 11:31:58 0 d-------- C:\Documents and Settings\Torey\Application Data\Malwarebytes
2008-07-28 11:31:00 0 d-------- C:\Documents and Settings\Torey\Application Data\Mozilla
2008-07-28 11:06:42 0 d-------- C:\Documents and Settings\Jordyn\Application Data\Malwarebytes
2008-07-28 11:05:48 0 d-------- C:\Documents and Settings\Jordyn\Application Data\Mozilla
2008-07-27 22:05:39 142336 -ra------ C:\WINDOWS\system32\noucouzipyz.exe
2008-07-27 21:40:28 0 d-------- C:\Documents and Settings\Tammy\Application Data\Mozilla
2008-07-27 21:40:09 0 d-------- C:\Documents and Settings\Tammy\Application Data\Malwarebytes
2008-07-27 21:32:45 0 d-------- C:\Documents and Settings\Alyc\Application Data\Mozilla
2008-07-27 21:31:18 0 dr-h----- C:\Documents and Settings\Alyc\Recent
2008-07-27 21:15:30 0 d-------- C:\WINDOWS\pss
2008-07-27 20:53:48 0 d-------- C:\Documents and Settings\Alyc\Application Data\Malwarebytes
2008-07-27 19:58:35 0 dr-h----- C:\Documents and Settings\Owner\Recent
2008-07-27 18:11:35 0 d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-07-27 18:11:33 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-27 18:11:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-27 18:11:01 0 d-------- C:\Program Files\Common Files\Download Manager
2008-07-27 15:31:43 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-27 15:31:36 0 d-------- C:\Documents and Settings\Owner\Application Data\Mozilla
2008-07-26 12:36:48 0 d-------- C:\Documents and Settings\Jordyn\Application Data\FUJIFILM
2008-07-21 15:50:55 0 d-------- C:\Documents and Settings\Owner\Application Data\Uniblue
2008-07-21 14:24:07 0 d-------- C:\Documents and Settings\Owner\Application Data\HouseCall 6.6
2008-07-19 14:26:52 0 d-------- C:\Documents and Settings\Torey\Contacts
2008-07-18 15:23:40 0 d-------- C:\Documents and Settings\Alyc\Contacts
2008-07-18 11:02:58 0 d-------- C:\Documents and Settings\Owner\Contacts
2008-07-18 07:11:23 0 d-------- C:\Documents and Settings\Jordyn\Contacts
2008-07-17 10:13:45 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-17 10:13:41 0 d-------- C:\Program Files\Windows Live
2008-07-17 10:13:27 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-05 05:04:19 0 d-------- C:\Documents and Settings\Tammy\Application Data\Macromedia

-- Find3M Report ---------------------------------------------------------------

2008-07-31 13:30:07 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-07-31 13:26:13 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-30 22:08:01 0 d-------- C:\Program Files\Common Files
2008-07-19 18:08:32 0 d-------- C:\Program Files\Java
2008-06-24 20:33:35 0 --a------ C:\WINDOWS\PowerReg.dat
2008-06-24 20:31:47 0 d-------- C:\Program Files\Infogrames Interactive
2008-06-24 20:31:46 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-21 11:29:49 2528 --a------ C:\Documents and Settings\Jordyn\Application Data\$_hpcst$.hpc
2008-06-05 16:34:50 0 d-------- C:\Documents and Settings\Jordyn\Application Data\Sun
2008-06-05 04:50:36 0 d-------- C:\Program Files\Logitech
2008-06-05 04:49:27 0 d-------- C:\Program Files\Common Files\Logitech
2008-05-24 10:41:49 139264 --a------ C:\WINDOWS\system32\hpzjrd01.dll <Not Verified; Hewlett Packard; Hewlett Packard Rediscovery Library>
2008-05-24 10:38:12 89277 --a------ C:\WINDOWS\hpoins06.dat
2008-05-24 02:52:04 934607 --a------ C:\WINDOWS\system32\JGScreensaver_3.scr <Not Verified; Axialis Software; Axialis Screen Saver Producer>
2008-05-23 19:48:00 1076 --a------ C:\WINDOWS\checkip.dat
2008-05-23 14:26:04 22 --a------ C:\WINDOWS\FileName
2008-05-23 14:18:26 0 -rahs---- C:\MSDOS.SYS
2008-05-23 14:18:26 0 -rahs---- C:\IO.SYS
2008-05-23 14:18:26 0 --a------ C:\CONFIG.SYS
2008-05-23 14:18:26 0 --a------ C:\AUTOEXEC.BAT
2008-05-23 14:16:27 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-05-23 08:43:36 62 --ahs---- C:\Documents and Settings\Jordyn\Application Data\desktop.ini

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
06/30/2008 01:44 PM 349552 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
07/29/2008 10:13 PM 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll [06/30/2008 01:44 PM 349552]

[-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [11/14/2006 04:21 AM C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [05/16/2006 05:04 AM C:\WINDOWS\SkyTel.exe]
"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [10/30/2006 07:44 AM]
"JMB36X Configure"="C:\WINDOWS\system32\JMRaidSetup.exe" [10/30/2006 07:44 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [09/17/2007 01:07 AM]
"nwiz"="nwiz.exe" [09/17/2007 01:07 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [09/17/2007 01:07 AM]
"AsusStartupHelp"="C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe" [11/14/2006 01:25 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [03/15/2007 09:02 PM]
"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [05/07/2007 11:32 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/08/2007 04:24 PM]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [07/09/2002 09:45 PM]
"mxomssmenu"="C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [09/06/2007 02:53 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"FamilyCyberAlert"="C:\WINDOWS\system32\FCyberAlert\syslogin.exe" [04/22/2008 12:20 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [02/18/2008 02:37 PM]
"osCheck"="C:\Program Files\Norton 360\osCheck.exe" [02/26/2008 09:50 AM]
"fufokoo"="C:\WINDOWS\system32\noucouzipyz.exe" [07/20/2008 09:40 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [05/07/2007 11:40 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [10/18/2007 11:34 AM]
"fufokoo"="C:\Documents and Settings\Jordyn\Application Data\Microsoft\noucouzipyz.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"fufokoo"=C:\WINDOWS\system32\noucouzipyz.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Exif Launcher S.lnk - C:\Program Files\FinePixViewerS\QuickDCF2.exe [5/24/2008 11:07:32 AM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [5/11/2005 11:23:26 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 3:05:56 PM]
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [5/26/2008 10:19:14 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [05/26/2008 10:19 PM 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"

*Newly Created Service* - APPMGMT
*Newly Created Service* - COMHOST

-- End of Deckard's System Scanner: finished at 2008-07-31 13:33:28 ------------

Are we going to have to manipulate every user???

#33
fenzodahl512

Posted 31 July 2008 - 01:58 PM

Malware Removal
9,863 posts

Are we going to have to manipulate every user???

If we have to, yes.. Tends to be safe rather than sorry..

In Jordyn account..

Please save this instruction in a Notepad or MS-Word as we have to do the next step in Safe Mode..

Please disable your Norton 360 prior to our fix.. Please visit below websites if you do not know how.. Don't forget to re-enable them back when you restart into Normal Mode..
http://service1.syma...003071515220236
http://service1.syma...d/1997121131456

1. Please download The Avenger by Swandog46 to your Desktop.

Please reboot into Safe Mode
Once you are in Safe Mode,, right click on the Avenger.zip folder and select "Extract All..."
Follow the prompts and extract the avenger folder to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Begin copying here:
Files to delete:
C:\WINDOWS\system32\wennouwibas.exe
C:\WINDOWS\system32\noucouzipyz.exe

Registry values to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | fufokoo
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices | fufokoo

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, open the avenger folder and start The Avenger program by clicking on its icon.

Right click on the window under Input script here:, and select Paste.
You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
Click on Execute
Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh DSS log .

#34
ScittS

Posted 31 July 2008 - 02:22 PM

Member

Topic Starter
Member
65 posts

Ok ran avenger an dss. BTW I didn't need to redownload avenger did I? I just moved it to her desktop will that work?

Avenger log:

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\system32\wennouwibas.exe" deleted successfully.
File "C:\WINDOWS\system32\noucouzipyz.exe" deleted successfully.
Registry value "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|fufokoo" deleted successfully.
Registry value "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices|fufokoo" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

DSS Log:

Deckard's System Scanner v20071014.68
Run by Jordyn on 2008-07-31 15:15:42
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Jordyn.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:15:48 PM, on 7/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\FCyberAlert\syslogin.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\FinePixViewerS\QuickDCF2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\HPZinw12.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Owner\My Documents\Software\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Jordyn.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [FamilyCyberAlert] C:\WINDOWS\system32\FCyberAlert\syslogin.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [fufokoo] C:\Documents and Settings\Jordyn\Application Data\Microsoft\noucouzipyz.exe
O4 - Global Startup: Exif Launcher S.lnk = C:\Program Files\FinePixViewerS\QuickDCF2.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1211585209718
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Blue Coat K9 Web Protection (e96ctimjhi4euho) - Unknown owner - C:\WINDOWS\system32\wennouwibas.exe (file missing)
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe

--
End of file - 10820 bytes

-- Files created between 2008-06-30 and 2008-07-31 -----------------------------

2008-07-31 01:03:29 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-07-31 01:03:29 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-07-31 01:03:29 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-07-31 01:03:29 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-07-31 01:03:29 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-07-31 01:03:29 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-07-31 01:03:29 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-07-31 01:03:29 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-07-31 01:03:29 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-07-31 01:03:29 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-07-31 01:03:29 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-07-31 01:03:29 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-07-31 01:03:29 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-07-31 01:03:29 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-07-30 22:06:33 68096 --a------ C:\WINDOWS\zip.exe
2008-07-30 22:06:33 49152 --a------ C:\WINDOWS\VFind.exe
2008-07-30 22:06:33 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-30 22:06:33 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-30 22:06:33 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-30 22:06:33 98816 --a------ C:\WINDOWS\sed.exe
2008-07-30 22:06:33 80412 --a------ C:\WINDOWS\grep.exe
2008-07-30 22:06:33 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-30 22:04:39 0 dr-hs---- C:\cmdcons
2008-07-30 22:04:38 0 d-------- C:\WINDOWS\setup.pss
2008-07-30 22:03:06 0 d-------- C:\WINDOWS\setupupd
2008-07-30 21:49:37 0 d-------- C:\Documents and Settings\Owner\Application Data\Windows Search
2008-07-29 22:12:47 0 d-------- C:\Program Files\Norton 360
2008-07-29 22:11:55 0 d-------- C:\Program Files\Symantec
2008-07-29 22:09:37 0 d-------- C:\Documents and Settings\Owner\Application Data\Symantec
2008-07-29 18:48:02 0 d-------- C:\Documents and Settings\Torey\Application Data\Windows Desktop Search
2008-07-29 18:46:47 0 d-------- C:\Documents and Settings\Tammy\Application Data\Windows Desktop Search
2008-07-29 15:30:32 0 d-------- C:\Program Files\Trend Micro
2008-07-28 21:46:23 0 d-------- C:\Documents and Settings\Jordyn\Application Data\Windows Desktop Search
2008-07-28 21:42:48 0 d-------- C:\Documents and Settings\Alyc\Application Data\SUPERAntiSpyware.com
2008-07-28 21:27:53 0 d-------- C:\Documents and Settings\Alyc\Application Data\Windows Desktop Search
2008-07-28 21:20:46 0 d-------- C:\Documents and Settings\Owner\Application Data\Windows Desktop Search
2008-07-28 21:20:27 0 d-------- C:\Program Files\Windows Desktop Search
2008-07-28 21:20:26 0 d-------- C:\WINDOWS\system32\GroupPolicy
2008-07-28 18:25:53 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-28 17:44:45 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-28 17:44:42 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-28 17:44:41 0 d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-07-28 17:44:23 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-28 17:40:35 0 d-------- C:\Program Files\SpywareBlaster
2008-07-28 15:24:42 0 d-------- C:\Documents and Settings\Owner\.housecall6.6
2008-07-28 11:31:58 0 d-------- C:\Documents and Settings\Torey\Application Data\Malwarebytes
2008-07-28 11:31:00 0 d-------- C:\Documents and Settings\Torey\Application Data\Mozilla
2008-07-28 11:06:42 0 d-------- C:\Documents and Settings\Jordyn\Application Data\Malwarebytes
2008-07-28 11:05:48 0 d-------- C:\Documents and Settings\Jordyn\Application Data\Mozilla
2008-07-27 21:40:28 0 d-------- C:\Documents and Settings\Tammy\Application Data\Mozilla
2008-07-27 21:40:09 0 d-------- C:\Documents and Settings\Tammy\Application Data\Malwarebytes
2008-07-27 21:32:45 0 d-------- C:\Documents and Settings\Alyc\Application Data\Mozilla
2008-07-27 21:31:18 0 dr-h----- C:\Documents and Settings\Alyc\Recent
2008-07-27 21:15:30 0 d-------- C:\WINDOWS\pss
2008-07-27 20:53:48 0 d-------- C:\Documents and Settings\Alyc\Application Data\Malwarebytes
2008-07-27 19:58:35 0 dr-h----- C:\Documents and Settings\Owner\Recent
2008-07-27 18:11:35 0 d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-07-27 18:11:33 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-27 18:11:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-27 18:11:01 0 d-------- C:\Program Files\Common Files\Download Manager
2008-07-27 15:31:43 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-27 15:31:36 0 d-------- C:\Documents and Settings\Owner\Application Data\Mozilla
2008-07-26 12:36:48 0 d-------- C:\Documents and Settings\Jordyn\Application Data\FUJIFILM
2008-07-21 15:50:55 0 d-------- C:\Documents and Settings\Owner\Application Data\Uniblue
2008-07-21 14:24:07 0 d-------- C:\Documents and Settings\Owner\Application Data\HouseCall 6.6
2008-07-19 14:26:52 0 d-------- C:\Documents and Settings\Torey\Contacts
2008-07-18 15:23:40 0 d-------- C:\Documents and Settings\Alyc\Contacts
2008-07-18 11:02:58 0 d-------- C:\Documents and Settings\Owner\Contacts
2008-07-18 07:11:23 0 d-------- C:\Documents and Settings\Jordyn\Contacts
2008-07-17 10:13:45 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-17 10:13:41 0 d-------- C:\Program Files\Windows Live
2008-07-17 10:13:27 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-05 05:04:19 0 d-------- C:\Documents and Settings\Tammy\Application Data\Macromedia

-- Find3M Report ---------------------------------------------------------------

2008-07-31 15:11:24 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-31 13:30:07 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-07-30 22:08:01 0 d-------- C:\Program Files\Common Files
2008-07-19 18:08:32 0 d-------- C:\Program Files\Java
2008-06-24 20:33:35 0 --a------ C:\WINDOWS\PowerReg.dat
2008-06-24 20:31:47 0 d-------- C:\Program Files\Infogrames Interactive
2008-06-24 20:31:46 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-21 11:29:49 2528 --a------ C:\Documents and Settings\Jordyn\Application Data\$_hpcst$.hpc
2008-06-05 16:34:50 0 d-------- C:\Documents and Settings\Jordyn\Application Data\Sun
2008-06-05 04:50:36 0 d-------- C:\Program Files\Logitech
2008-06-05 04:49:27 0 d-------- C:\Program Files\Common Files\Logitech
2008-05-24 10:41:49 139264 --a------ C:\WINDOWS\system32\hpzjrd01.dll <Not Verified; Hewlett Packard; Hewlett Packard Rediscovery Library>
2008-05-24 10:38:12 89277 --a------ C:\WINDOWS\hpoins06.dat
2008-05-24 02:52:04 934607 --a------ C:\WINDOWS\system32\JGScreensaver_3.scr <Not Verified; Axialis Software; Axialis Screen Saver Producer>
2008-05-23 19:48:00 1076 --a------ C:\WINDOWS\checkip.dat
2008-05-23 14:26:04 22 --a------ C:\WINDOWS\FileName
2008-05-23 14:18:26 0 -rahs---- C:\MSDOS.SYS
2008-05-23 14:18:26 0 -rahs---- C:\IO.SYS
2008-05-23 14:18:26 0 --a------ C:\CONFIG.SYS
2008-05-23 14:18:26 0 --a------ C:\AUTOEXEC.BAT
2008-05-23 14:16:27 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-05-23 08:43:36 62 --ahs---- C:\Documents and Settings\Jordyn\Application Data\desktop.ini

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
06/30/2008 01:44 PM 349552 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
07/29/2008 10:13 PM 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll [06/30/2008 01:44 PM 349552]

[-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [11/14/2006 04:21 AM C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [05/16/2006 05:04 AM C:\WINDOWS\SkyTel.exe]
"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [10/30/2006 07:44 AM]
"JMB36X Configure"="C:\WINDOWS\system32\JMRaidSetup.exe" [10/30/2006 07:44 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [09/17/2007 01:07 AM]
"nwiz"="nwiz.exe" [09/17/2007 01:07 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [09/17/2007 01:07 AM]
"AsusStartupHelp"="C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe" [11/14/2006 01:25 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [03/15/2007 09:02 PM]
"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [05/07/2007 11:32 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/08/2007 04:24 PM]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [07/09/2002 09:45 PM]
"mxomssmenu"="C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [09/06/2007 02:53 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"FamilyCyberAlert"="C:\WINDOWS\system32\FCyberAlert\syslogin.exe" [04/22/2008 12:20 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [02/18/2008 02:37 PM]
"osCheck"="C:\Program Files\Norton 360\osCheck.exe" [02/26/2008 09:50 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [05/07/2007 11:40 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [10/18/2007 11:34 AM]
"fufokoo"="C:\Documents and Settings\Jordyn\Application Data\Microsoft\noucouzipyz.exe" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Exif Launcher S.lnk - C:\Program Files\FinePixViewerS\QuickDCF2.exe [5/24/2008 11:07:32 AM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [5/11/2005 11:23:26 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 3:05:56 PM]
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [5/26/2008 10:19:14 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [05/26/2008 10:19 PM 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"

*Newly Created Service* - COMHOST

-- End of Deckard's System Scanner: finished at 2008-07-31 15:16:09 ------------

(as ScittS crosses his fingers!!!!)

#35
fenzodahl512

Posted 31 July 2008 - 02:38 PM

Malware Removal
9,863 posts

Ok ran avenger an dss. BTW I didn't need to redownload avenger did I? I just moved it to her desktop will that work?

Yup.. that will be just fine

Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
[*]Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
[*]Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

[kill explorer]
C:\Documents and Settings\Jordyn\Application Data\Microsoft\noucouzipyz.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\fufokoo
EmptyTemp
purity
[start explorer]

[*] Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
[*]Click the red Moveit! button.
[*]A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
[*]Close OTMoveIt2
[/list]If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Post these logs in your next reply.. Each log in separate post..

1. OTMoveIt2
2. DSS from Jordyn account
2. DSS from next account if any

#36
ScittS

Posted 31 July 2008 - 03:17 PM

Member

Topic Starter
Member
65 posts

OK here are logs from jordyn's actions:

Move it
Explorer killed successfully
File/Folder C:\Documents and Settings\Jordyn\Application Data\Microsoft\noucouzipyz.exe not found.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\fufokoo >
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\fufokoo deleted successfully.
< EmptyTemp >
File delete failed. C:\DOCUME~1\Jordyn\LOCALS~1\Temp\hpodvd09.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Jordyn\LOCALS~1\Temp\~DFF90E.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\JET6764.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_698.dat scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07312008_155634

Files moved on Reboot...
C:\DOCUME~1\Jordyn\LOCALS~1\Temp\hpodvd09.log moved successfully.
C:\DOCUME~1\Jordyn\LOCALS~1\Temp\~DFF90E.tmp moved successfully.
File C:\WINDOWS\temp\JET6764.tmp not found!
File C:\WINDOWS\temp\Perflib_Perfdata_698.dat not found!

DSS:

Deckard's System Scanner v20071014.68
Run by Jordyn on 2008-07-31 16:09:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Jordyn.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:09:14 PM, on 7/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\notepad.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\FCyberAlert\syslogin.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\FinePixViewerS\QuickDCF2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\HPZinw12.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Owner\My Documents\Software\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Jordyn.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [FamilyCyberAlert] C:\WINDOWS\system32\FCyberAlert\syslogin.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Global Startup: Exif Launcher S.lnk = C:\Program Files\FinePixViewerS\QuickDCF2.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1211585209718
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Blue Coat K9 Web Protection (e96ctimjhi4euho) - Unknown owner - C:\WINDOWS\system32\wennouwibas.exe (file missing)
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe

--
End of file - 10660 bytes

-- Files created between 2008-06-30 and 2008-07-31 -----------------------------

2008-07-31 01:03:29 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-07-31 01:03:29 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-07-31 01:03:29 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-07-31 01:03:29 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-07-31 01:03:29 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-07-31 01:03:29 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-07-31 01:03:29 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-07-31 01:03:29 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-07-31 01:03:29 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-07-31 01:03:29 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-07-31 01:03:29 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-07-31 01:03:29 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-07-31 01:03:29 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-07-31 01:03:29 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-07-30 22:06:33 68096 --a------ C:\WINDOWS\zip.exe
2008-07-30 22:06:33 49152 --a------ C:\WINDOWS\VFind.exe
2008-07-30 22:06:33 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-30 22:06:33 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-30 22:06:33 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-30 22:06:33 98816 --a------ C:\WINDOWS\sed.exe
2008-07-30 22:06:33 80412 --a------ C:\WINDOWS\grep.exe
2008-07-30 22:06:33 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-30 22:04:39 0 dr-hs---- C:\cmdcons
2008-07-30 22:04:38 0 d-------- C:\WINDOWS\setup.pss
2008-07-30 22:03:06 0 d-------- C:\WINDOWS\setupupd
2008-07-30 21:49:37 0 d-------- C:\Documents and Settings\Owner\Application Data\Windows Search
2008-07-29 22:12:47 0 d-------- C:\Program Files\Norton 360
2008-07-29 22:11:55 0 d-------- C:\Program Files\Symantec
2008-07-29 22:09:37 0 d-------- C:\Documents and Settings\Owner\Application Data\Symantec
2008-07-29 18:48:02 0 d-------- C:\Documents and Settings\Torey\Application Data\Windows Desktop Search
2008-07-29 18:46:47 0 d-------- C:\Documents and Settings\Tammy\Application Data\Windows Desktop Search
2008-07-29 15:30:32 0 d-------- C:\Program Files\Trend Micro
2008-07-28 21:46:23 0 d-------- C:\Documents and Settings\Jordyn\Application Data\Windows Desktop Search
2008-07-28 21:42:48 0 d-------- C:\Documents and Settings\Alyc\Application Data\SUPERAntiSpyware.com
2008-07-28 21:27:53 0 d-------- C:\Documents and Settings\Alyc\Application Data\Windows Desktop Search
2008-07-28 21:20:46 0 d-------- C:\Documents and Settings\Owner\Application Data\Windows Desktop Search
2008-07-28 21:20:27 0 d-------- C:\Program Files\Windows Desktop Search
2008-07-28 21:20:26 0 d-------- C:\WINDOWS\system32\GroupPolicy
2008-07-28 18:25:53 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-28 17:44:45 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-28 17:44:42 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-28 17:44:41 0 d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-07-28 17:44:23 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-28 17:40:35 0 d-------- C:\Program Files\SpywareBlaster
2008-07-28 15:24:42 0 d-------- C:\Documents and Settings\Owner\.housecall6.6
2008-07-28 11:31:58 0 d-------- C:\Documents and Settings\Torey\Application Data\Malwarebytes
2008-07-28 11:31:00 0 d-------- C:\Documents and Settings\Torey\Application Data\Mozilla
2008-07-28 11:06:42 0 d-------- C:\Documents and Settings\Jordyn\Application Data\Malwarebytes
2008-07-28 11:05:48 0 d-------- C:\Documents and Settings\Jordyn\Application Data\Mozilla
2008-07-27 21:40:28 0 d-------- C:\Documents and Settings\Tammy\Application Data\Mozilla
2008-07-27 21:40:09 0 d-------- C:\Documents and Settings\Tammy\Application Data\Malwarebytes
2008-07-27 21:32:45 0 d-------- C:\Documents and Settings\Alyc\Application Data\Mozilla
2008-07-27 21:31:18 0 dr-h----- C:\Documents and Settings\Alyc\Recent
2008-07-27 21:15:30 0 d-------- C:\WINDOWS\pss
2008-07-27 20:53:48 0 d-------- C:\Documents and Settings\Alyc\Application Data\Malwarebytes
2008-07-27 19:58:35 0 dr-h----- C:\Documents and Settings\Owner\Recent
2008-07-27 18:11:35 0 d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-07-27 18:11:33 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-27 18:11:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-27 18:11:01 0 d-------- C:\Program Files\Common Files\Download Manager
2008-07-27 15:31:43 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-27 15:31:36 0 d-------- C:\Documents and Settings\Owner\Application Data\Mozilla
2008-07-26 12:36:48 0 d-------- C:\Documents and Settings\Jordyn\Application Data\FUJIFILM
2008-07-21 15:50:55 0 d-------- C:\Documents and Settings\Owner\Application Data\Uniblue
2008-07-21 14:24:07 0 d-------- C:\Documents and Settings\Owner\Application Data\HouseCall 6.6
2008-07-19 14:26:52 0 d-------- C:\Documents and Settings\Torey\Contacts
2008-07-18 15:23:40 0 d-------- C:\Documents and Settings\Alyc\Contacts
2008-07-18 11:02:58 0 d-------- C:\Documents and Settings\Owner\Contacts
2008-07-18 07:11:23 0 d-------- C:\Documents and Settings\Jordyn\Contacts
2008-07-17 10:13:45 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-17 10:13:41 0 d-------- C:\Program Files\Windows Live
2008-07-17 10:13:27 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-05 05:04:19 0 d-------- C:\Documents and Settings\Tammy\Application Data\Macromedia

-- Find3M Report ---------------------------------------------------------------

2008-07-31 16:03:39 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-31 13:30:07 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-07-30 22:08:01 0 d-------- C:\Program Files\Common Files
2008-07-19 18:08:32 0 d-------- C:\Program Files\Java
2008-06-24 20:33:35 0 --a------ C:\WINDOWS\PowerReg.dat
2008-06-24 20:31:47 0 d-------- C:\Program Files\Infogrames Interactive
2008-06-24 20:31:46 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-21 11:29:49 2528 --a------ C:\Documents and Settings\Jordyn\Application Data\$_hpcst$.hpc
2008-06-05 16:34:50 0 d-------- C:\Documents and Settings\Jordyn\Application Data\Sun
2008-06-05 04:50:36 0 d-------- C:\Program Files\Logitech
2008-06-05 04:49:27 0 d-------- C:\Program Files\Common Files\Logitech
2008-05-24 10:41:49 139264 --a------ C:\WINDOWS\system32\hpzjrd01.dll <Not Verified; Hewlett Packard; Hewlett Packard Rediscovery Library>
2008-05-24 10:38:12 89277 --a------ C:\WINDOWS\hpoins06.dat
2008-05-24 02:52:04 934607 --a------ C:\WINDOWS\system32\JGScreensaver_3.scr <Not Verified; Axialis Software; Axialis Screen Saver Producer>
2008-05-23 19:48:00 1076 --a------ C:\WINDOWS\checkip.dat
2008-05-23 14:26:04 22 --a------ C:\WINDOWS\FileName
2008-05-23 14:18:26 0 -rahs---- C:\MSDOS.SYS
2008-05-23 14:18:26 0 -rahs---- C:\IO.SYS
2008-05-23 14:18:26 0 --a------ C:\CONFIG.SYS
2008-05-23 14:18:26 0 --a------ C:\AUTOEXEC.BAT
2008-05-23 14:16:27 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-05-23 08:43:36 62 --ahs---- C:\Documents and Settings\Jordyn\Application Data\desktop.ini

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
06/30/2008 01:44 PM 349552 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
07/29/2008 10:13 PM 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll [06/30/2008 01:44 PM 349552]

[-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [11/14/2006 04:21 AM C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [05/16/2006 05:04 AM C:\WINDOWS\SkyTel.exe]
"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [10/30/2006 07:44 AM]
"JMB36X Configure"="C:\WINDOWS\system32\JMRaidSetup.exe" [10/30/2006 07:44 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [09/17/2007 01:07 AM]
"nwiz"="nwiz.exe" [09/17/2007 01:07 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [09/17/2007 01:07 AM]
"AsusStartupHelp"="C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe" [11/14/2006 01:25 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [03/15/2007 09:02 PM]
"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [05/07/2007 11:32 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/08/2007 04:24 PM]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [07/09/2002 09:45 PM]
"mxomssmenu"="C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [09/06/2007 02:53 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"FamilyCyberAlert"="C:\WINDOWS\system32\FCyberAlert\syslogin.exe" [04/22/2008 12:20 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [02/18/2008 02:37 PM]
"osCheck"="C:\Program Files\Norton 360\osCheck.exe" [02/26/2008 09:50 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [05/07/2007 11:40 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [10/18/2007 11:34 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Exif Launcher S.lnk - C:\Program Files\FinePixViewerS\QuickDCF2.exe [5/24/2008 11:07:32 AM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [5/11/2005 11:23:26 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 3:05:56 PM]
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [5/26/2008 10:19:14 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [05/26/2008 10:19 PM 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"

*Newly Created Service* - COMHOST

-- End of Deckard's System Scanner: finished at 2008-07-31 16:09:38 ------------

I have two questions....

1. What is this(it doesn't look farmiliar), do you know it? O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

2. Is sleeping an option for you? I think ever time i've checked you have been here.

If we need to take a break we can!!

Will log into another user and post DSS log in new reply.

#37
ScittS

Posted 31 July 2008 - 03:27 PM

Member

Topic Starter
Member
65 posts

Ok here is a DSS Log from my sons profile. Am I to be restarting between these scans? I hope not!

DSS Scan:

Deckard's System Scanner v20071014.68
Run by Alyc on 2008-07-31 16:21:17
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Alyc.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:21:19 PM, on 7/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\FCyberAlert\syslogin.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\FinePixViewerS\QuickDCF2.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\HPZinw12.exe
C:\Documents and Settings\Owner\My Documents\Software\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Alyc.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....k/?LinkId=74005
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [FamilyCyberAlert] C:\WINDOWS\system32\FCyberAlert\syslogin.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [fufokoo] C:\Documents and Settings\Alyc\Application Data\Microsoft\noucouzipyz.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-21-746137067-839522115-725345543-1006\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (User 'Jordyn')
O4 - HKUS\S-1-5-21-746137067-839522115-725345543-1006\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User 'Jordyn')
O4 - HKUS\S-1-5-21-746137067-839522115-725345543-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Jordyn')
O4 - HKUS\S-1-5-21-746137067-839522115-725345543-1006\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Jordyn')
O4 - Global Startup: Exif Launcher S.lnk = C:\Program Files\FinePixViewerS\QuickDCF2.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1211585209718
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Blue Coat K9 Web Protection (e96ctimjhi4euho) - Unknown owner - C:\WINDOWS\system32\wennouwibas.exe (file missing)
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe

--
End of file - 11598 bytes

-- Files created between 2008-06-30 and 2008-07-31 -----------------------------

2008-07-31 01:03:29 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-07-31 01:03:29 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-07-31 01:03:29 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-07-31 01:03:29 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-07-31 01:03:29 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-07-31 01:03:29 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-07-31 01:03:29 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-07-31 01:03:29 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-07-31 01:03:29 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-07-31 01:03:29 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-07-31 01:03:29 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-07-31 01:03:29 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-07-31 01:03:29 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-07-31 01:03:29 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-07-30 22:06:33 68096 --a------ C:\WINDOWS\zip.exe
2008-07-30 22:06:33 49152 --a------ C:\WINDOWS\VFind.exe
2008-07-30 22:06:33 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-30 22:06:33 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-30 22:06:33 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-30 22:06:33 98816 --a------ C:\WINDOWS\sed.exe
2008-07-30 22:06:33 80412 --a------ C:\WINDOWS\grep.exe
2008-07-30 22:06:33 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-30 22:04:39 0 dr-hs---- C:\cmdcons
2008-07-30 22:04:38 0 d-------- C:\WINDOWS\setup.pss
2008-07-30 22:03:06 0 d-------- C:\WINDOWS\setupupd
2008-07-30 21:49:37 0 d-------- C:\Documents and Settings\Owner\Application Data\Windows Search
2008-07-29 22:12:47 0 d-------- C:\Program Files\Norton 360
2008-07-29 22:11:55 0 d-------- C:\Program Files\Symantec
2008-07-29 22:09:37 0 d-------- C:\Documents and Settings\Owner\Application Data\Symantec
2008-07-29 18:48:02 0 d-------- C:\Documents and Settings\Torey\Application Data\Windows Desktop Search
2008-07-29 18:46:47 0 d-------- C:\Documents and Settings\Tammy\Application Data\Windows Desktop Search
2008-07-29 15:30:32 0 d-------- C:\Program Files\Trend Micro
2008-07-28 21:46:23 0 d-------- C:\Documents and Settings\Jordyn\Application Data\Windows Desktop Search
2008-07-28 21:42:48 0 d-------- C:\Documents and Settings\Alyc\Application Data\SUPERAntiSpyware.com
2008-07-28 21:27:53 0 d-------- C:\Documents and Settings\Alyc\Application Data\Windows Desktop Search
2008-07-28 21:20:46 0 d-------- C:\Documents and Settings\Owner\Application Data\Windows Desktop Search
2008-07-28 21:20:27 0 d-------- C:\Program Files\Windows Desktop Search
2008-07-28 21:20:26 0 d-------- C:\WINDOWS\system32\GroupPolicy
2008-07-28 18:25:53 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-28 17:44:45 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-28 17:44:42 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-28 17:44:41 0 d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-07-28 17:44:23 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-28 17:40:35 0 d-------- C:\Program Files\SpywareBlaster
2008-07-28 15:24:42 0 d-------- C:\Documents and Settings\Owner\.housecall6.6
2008-07-28 11:31:58 0 d-------- C:\Documents and Settings\Torey\Application Data\Malwarebytes
2008-07-28 11:31:00 0 d-------- C:\Documents and Settings\Torey\Application Data\Mozilla
2008-07-28 11:06:42 0 d-------- C:\Documents and Settings\Jordyn\Application Data\Malwarebytes
2008-07-28 11:05:48 0 d-------- C:\Documents and Settings\Jordyn\Application Data\Mozilla
2008-07-27 21:40:28 0 d-------- C:\Documents and Settings\Tammy\Application Data\Mozilla
2008-07-27 21:40:09 0 d-------- C:\Documents and Settings\Tammy\Application Data\Malwarebytes
2008-07-27 21:32:45 0 d-------- C:\Documents and Settings\Alyc\Application Data\Mozilla
2008-07-27 21:31:18 0 dr-h----- C:\Documents and Settings\Alyc\Recent
2008-07-27 21:15:30 0 d-------- C:\WINDOWS\pss
2008-07-27 20:53:48 0 d-------- C:\Documents and Settings\Alyc\Application Data\Malwarebytes
2008-07-27 19:58:35 0 dr-h----- C:\Documents and Settings\Owner\Recent
2008-07-27 18:11:35 0 d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-07-27 18:11:33 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-27 18:11:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-27 18:11:01 0 d-------- C:\Program Files\Common Files\Download Manager
2008-07-27 15:31:43 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-27 15:31:36 0 d-------- C:\Documents and Settings\Owner\Application Data\Mozilla
2008-07-26 12:36:48 0 d-------- C:\Documents and Settings\Jordyn\Application Data\FUJIFILM
2008-07-21 15:50:55 0 d-------- C:\Documents and Settings\Owner\Application Data\Uniblue
2008-07-21 14:24:07 0 d-------- C:\Documents and Settings\Owner\Application Data\HouseCall 6.6
2008-07-19 14:26:52 0 d-------- C:\Documents and Settings\Torey\Contacts
2008-07-18 15:23:40 0 d-------- C:\Documents and Settings\Alyc\Contacts
2008-07-18 11:02:58 0 d-------- C:\Documents and Settings\Owner\Contacts
2008-07-18 07:11:23 0 d-------- C:\Documents and Settings\Jordyn\Contacts
2008-07-17 10:13:45 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-17 10:13:41 0 d-------- C:\Program Files\Windows Live
2008-07-17 10:13:27 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-05 05:04:19 0 d-------- C:\Documents and Settings\Tammy\Application Data\Macromedia

-- Find3M Report ---------------------------------------------------------------

2008-07-31 16:03:39 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-31 13:30:07 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-07-30 22:08:01 0 d-------- C:\Program Files\Common Files
2008-07-19 18:08:32 0 d-------- C:\Program Files\Java
2008-06-24 20:33:35 0 --a------ C:\WINDOWS\PowerReg.dat
2008-06-24 20:31:47 0 d-------- C:\Program Files\Infogrames Interactive
2008-06-24 20:31:46 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-18 21:22:16 0 d-------- C:\Documents and Settings\Alyc\Application Data\Macromedia
2008-06-18 10:41:22 0 d-------- C:\Documents and Settings\Alyc\Application Data\Adobe
2008-06-06 19:49:26 0 d-------- C:\Documents and Settings\Alyc\Application Data\Symantec
2008-06-05 04:50:36 0 d-------- C:\Program Files\Logitech
2008-06-05 04:49:27 0 d-------- C:\Program Files\Common Files\Logitech
2008-05-24 10:41:49 139264 --a------ C:\WINDOWS\system32\hpzjrd01.dll <Not Verified; Hewlett Packard; Hewlett Packard Rediscovery Library>
2008-05-24 10:38:12 89277 --a------ C:\WINDOWS\hpoins06.dat
2008-05-24 02:52:04 934607 --a------ C:\WINDOWS\system32\JGScreensaver_3.scr <Not Verified; Axialis Software; Axialis Screen Saver Producer>
2008-05-23 19:48:00 1076 --a------ C:\WINDOWS\checkip.dat
2008-05-23 14:26:04 22 --a------ C:\WINDOWS\FileName
2008-05-23 14:18:26 0 -rahs---- C:\MSDOS.SYS
2008-05-23 14:18:26 0 -rahs---- C:\IO.SYS
2008-05-23 14:18:26 0 --a------ C:\CONFIG.SYS
2008-05-23 14:18:26 0 --a------ C:\AUTOEXEC.BAT
2008-05-23 14:16:27 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-05-23 08:43:36 62 --ahs---- C:\Documents and Settings\Alyc\Application Data\desktop.ini

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
06/30/2008 01:44 PM 349552 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
07/29/2008 10:13 PM 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll [06/30/2008 01:44 PM 349552]

[-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [11/14/2006 04:21 AM C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [05/16/2006 05:04 AM C:\WINDOWS\SkyTel.exe]
"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [10/30/2006 07:44 AM]
"JMB36X Configure"="C:\WINDOWS\system32\JMRaidSetup.exe" [10/30/2006 07:44 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [09/17/2007 01:07 AM]
"nwiz"="nwiz.exe" [09/17/2007 01:07 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [09/17/2007 01:07 AM]
"AsusStartupHelp"="C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe" [11/14/2006 01:25 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [03/15/2007 09:02 PM]
"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [05/07/2007 11:32 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/08/2007 04:24 PM]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [07/09/2002 09:45 PM]
"mxomssmenu"="C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [09/06/2007 02:53 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"FamilyCyberAlert"="C:\WINDOWS\system32\FCyberAlert\syslogin.exe" [04/22/2008 12:20 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [02/18/2008 02:37 PM]
"osCheck"="C:\Program Files\Norton 360\osCheck.exe" [02/26/2008 09:50 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [05/07/2007 11:40 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]
"fufokoo"="C:\Documents and Settings\Alyc\Application Data\Microsoft\noucouzipyz.exe" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Exif Launcher S.lnk - C:\Program Files\FinePixViewerS\QuickDCF2.exe [5/24/2008 11:07:32 AM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [5/11/2005 11:23:26 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 3:05:56 PM]
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [5/26/2008 10:19:14 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [05/26/2008 10:19 PM 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"

*Newly Created Service* - COMHOST

-- End of Deckard's System Scanner: finished at 2008-07-31 16:21:41 ------------

#38
fenzodahl512

Posted 31 July 2008 - 03:30 PM

Malware Removal
9,863 posts

Darn.. out of nowhere that bad service show his face.. lets nuke em for good.. Do this in Jordyn account. We'll deal with Alyc accounts later..

Please save this instruction in a Notepad or MS-Word as we have to do the next step in Safe Mode..

Please disable your Norton 360 prior to our fix.. Please visit below websites if you do not know how.. Don't forget to re-enable them back when you restart into Normal Mode..
http://service1.syma...003071515220236
http://service1.syma...d/1997121131456

Do below in Safe Mode..

1. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Begin copying here:
Drivers to disable:
e96ctimjhi4euho

Drivers to delete:
e96ctimjhi4euho

Files to delete:
C:\WINDOWS\system32\wennouwibas.exe
C:\WINDOWS\system32\noucouzipyz.exe

Registry values to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | fufokoo
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices | fufokoo

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Now, open the avenger folder and start The Avenger program by clicking on its icon.

Right click on the window under Input script here:, and select Paste.
You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
Click on Execute
Answer "Yes" twice when prompted.

3. The Avenger will automatically do the following:

It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

4. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh DSS log .

-------------

1. What is this(it doesn't look farmiliar), do you know it? O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

That's from Nvidia.. Do you use Nvidia based vga card or motherboard?

2. Is sleeping an option for you? I think ever time i've checked you have been here.

I do sleep.. I got bored today and have nothing else to do.. Well, I can study my physical chemistry but then after just one page I will sleep then

Edited by fenzodahl512, 31 July 2008 - 03:31 PM.

#39
ScittS

Posted 31 July 2008 - 03:41 PM

Member

Topic Starter
Member
65 posts

have instructions will do this when I get home. I have to go pick up my wife from work. thanks again.

#40
ScittS

Posted 31 July 2008 - 10:20 PM

Member

Topic Starter
Member
65 posts

Dude...sorry for the delay! The family required some quality time. But thats ok I am refreshed and ready to kick this thing in the AZZ.

OK anyway....... here are Jordyn's latest logs:

Avenger-

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Driver "e96ctimjhi4euho" disabled successfully.
Driver "e96ctimjhi4euho" deleted successfully.

Error: file "C:\WINDOWS\system32\wennouwibas.exe" not found!
Deletion of file "C:\WINDOWS\system32\wennouwibas.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "C:\WINDOWS\system32\noucouzipyz.exe" not found!
Deletion of file "C:\WINDOWS\system32\noucouzipyz.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: could not delete registry value "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|fufokoo"
Deletion of registry value "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|fufokoo" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: could not delete registry value "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices|fufokoo"
Deletion of registry value "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices|fufokoo" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Completed script processing.

*******************

Finished! Terminate.

DSS-

Deckard's System Scanner v20071014.68
Run by Jordyn on 2008-07-31 23:15:30
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Jordyn.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:15:44 PM, on 7/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\FCyberAlert\syslogin.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\FinePixViewerS\QuickDCF2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\My Documents\Software\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Jordyn.exe
C:\WINDOWS\system32\HPZinw12.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [FamilyCyberAlert] C:\WINDOWS\system32\FCyberAlert\syslogin.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Global Startup: Exif Launcher S.lnk = C:\Program Files\FinePixViewerS\QuickDCF2.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1211585209718
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe

--
End of file - 10618 bytes

-- Files created between 2008-06-30 and 2008-07-31 -----------------------------

2008-07-31 01:03:29 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-07-31 01:03:29 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-07-31 01:03:29 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-07-31 01:03:29 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-07-31 01:03:29 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-07-31 01:03:29 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-07-31 01:03:29 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-07-31 01:03:29 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-07-31 01:03:29 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-07-31 01:03:29 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-07-31 01:03:29 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-07-31 01:03:29 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-07-31 01:03:29 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-07-31 01:03:29 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-07-30 22:06:33 68096 --a------ C:\WINDOWS\zip.exe
2008-07-30 22:06:33 49152 --a------ C:\WINDOWS\VFind.exe
2008-07-30 22:06:33 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-30 22:06:33 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-30 22:06:33 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-30 22:06:33 98816 --a------ C:\WINDOWS\sed.exe
2008-07-30 22:06:33 80412 --a------ C:\WINDOWS\grep.exe
2008-07-30 22:06:33 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-30 22:04:39 0 dr-hs---- C:\cmdcons
2008-07-30 22:04:38 0 d-------- C:\WINDOWS\setup.pss
2008-07-30 22:03:06 0 d-------- C:\WINDOWS\setupupd
2008-07-30 21:49:37 0 d-------- C:\Documents and Settings\Owner\Application Data\Windows Search
2008-07-29 22:12:47 0 d-------- C:\Program Files\Norton 360
2008-07-29 22:11:55 0 d-------- C:\Program Files\Symantec
2008-07-29 22:09:37 0 d-------- C:\Documents and Settings\Owner\Application Data\Symantec
2008-07-29 18:48:02 0 d-------- C:\Documents and Settings\Torey\Application Data\Windows Desktop Search
2008-07-29 18:46:47 0 d-------- C:\Documents and Settings\Tammy\Application Data\Windows Desktop Search
2008-07-29 15:30:32 0 d-------- C:\Program Files\Trend Micro
2008-07-28 21:46:23 0 d-------- C:\Documents and Settings\Jordyn\Application Data\Windows Desktop Search
2008-07-28 21:42:48 0 d-------- C:\Documents and Settings\Alyc\Application Data\SUPERAntiSpyware.com
2008-07-28 21:27:53 0 d-------- C:\Documents and Settings\Alyc\Application Data\Windows Desktop Search
2008-07-28 21:20:46 0 d-------- C:\Documents and Settings\Owner\Application Data\Windows Desktop Search
2008-07-28 21:20:27 0 d-------- C:\Program Files\Windows Desktop Search
2008-07-28 21:20:26 0 d-------- C:\WINDOWS\system32\GroupPolicy
2008-07-28 18:25:53 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-28 17:44:45 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-28 17:44:42 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-28 17:44:41 0 d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-07-28 17:44:23 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-28 17:40:35 0 d-------- C:\Program Files\SpywareBlaster
2008-07-28 15:24:42 0 d-------- C:\Documents and Settings\Owner\.housecall6.6
2008-07-28 11:31:58 0 d-------- C:\Documents and Settings\Torey\Application Data\Malwarebytes
2008-07-28 11:31:00 0 d-------- C:\Documents and Settings\Torey\Application Data\Mozilla
2008-07-28 11:06:42 0 d-------- C:\Documents and Settings\Jordyn\Application Data\Malwarebytes
2008-07-28 11:05:48 0 d-------- C:\Documents and Settings\Jordyn\Application Data\Mozilla
2008-07-27 21:40:28 0 d-------- C:\Documents and Settings\Tammy\Application Data\Mozilla
2008-07-27 21:40:09 0 d-------- C:\Documents and Settings\Tammy\Application Data\Malwarebytes
2008-07-27 21:32:45 0 d-------- C:\Documents and Settings\Alyc\Application Data\Mozilla
2008-07-27 21:31:18 0 dr-h----- C:\Documents and Settings\Alyc\Recent
2008-07-27 21:15:30 0 d-------- C:\WINDOWS\pss
2008-07-27 20:53:48 0 d-------- C:\Documents and Settings\Alyc\Application Data\Malwarebytes
2008-07-27 19:58:35 0 dr-h----- C:\Documents and Settings\Owner\Recent
2008-07-27 18:11:35 0 d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-07-27 18:11:33 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-27 18:11:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-27 18:11:01 0 d-------- C:\Program Files\Common Files\Download Manager
2008-07-27 15:31:43 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-27 15:31:36 0 d-------- C:\Documents and Settings\Owner\Application Data\Mozilla
2008-07-26 12:36:48 0 d-------- C:\Documents and Settings\Jordyn\Application Data\FUJIFILM
2008-07-21 15:50:55 0 d-------- C:\Documents and Settings\Owner\Application Data\Uniblue
2008-07-21 14:24:07 0 d-------- C:\Documents and Settings\Owner\Application Data\HouseCall 6.6
2008-07-19 14:26:52 0 d-------- C:\Documents and Settings\Torey\Contacts
2008-07-18 15:23:40 0 d-------- C:\Documents and Settings\Alyc\Contacts
2008-07-18 11:02:58 0 d-------- C:\Documents and Settings\Owner\Contacts
2008-07-18 07:11:23 0 d-------- C:\Documents and Settings\Jordyn\Contacts
2008-07-17 10:13:45 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-17 10:13:41 0 d-------- C:\Program Files\Windows Live
2008-07-17 10:13:27 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-05 05:04:19 0 d-------- C:\Documents and Settings\Tammy\Application Data\Macromedia

-- Find3M Report ---------------------------------------------------------------

2008-07-31 23:14:20 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-31 13:30:07 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-07-30 22:08:01 0 d-------- C:\Program Files\Common Files
2008-07-19 18:08:32 0 d-------- C:\Program Files\Java
2008-06-24 20:33:35 0 --a------ C:\WINDOWS\PowerReg.dat
2008-06-24 20:31:47 0 d-------- C:\Program Files\Infogrames Interactive
2008-06-24 20:31:46 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-21 11:29:49 2528 --a------ C:\Documents and Settings\Jordyn\Application Data\$_hpcst$.hpc
2008-06-05 16:34:50 0 d-------- C:\Documents and Settings\Jordyn\Application Data\Sun
2008-06-05 04:50:36 0 d-------- C:\Program Files\Logitech
2008-06-05 04:49:27 0 d-------- C:\Program Files\Common Files\Logitech
2008-05-24 10:41:49 139264 --a------ C:\WINDOWS\system32\hpzjrd01.dll <Not Verified; Hewlett Packard; Hewlett Packard Rediscovery Library>
2008-05-24 10:38:12 89277 --a------ C:\WINDOWS\hpoins06.dat
2008-05-24 02:52:04 934607 --a------ C:\WINDOWS\system32\JGScreensaver_3.scr <Not Verified; Axialis Software; Axialis Screen Saver Producer>
2008-05-23 19:48:00 1076 --a------ C:\WINDOWS\checkip.dat
2008-05-23 14:26:04 22 --a------ C:\WINDOWS\FileName
2008-05-23 14:18:26 0 -rahs---- C:\MSDOS.SYS
2008-05-23 14:18:26 0 -rahs---- C:\IO.SYS
2008-05-23 14:18:26 0 --a------ C:\CONFIG.SYS
2008-05-23 14:18:26 0 --a------ C:\AUTOEXEC.BAT
2008-05-23 14:16:27 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-05-23 08:43:36 62 --ahs---- C:\Documents and Settings\Jordyn\Application Data\desktop.ini

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
06/30/2008 01:44 PM 349552 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
07/29/2008 10:13 PM 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll [06/30/2008 01:44 PM 349552]

[-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [11/14/2006 04:21 AM C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [05/16/2006 05:04 AM C:\WINDOWS\SkyTel.exe]
"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [10/30/2006 07:44 AM]
"JMB36X Configure"="C:\WINDOWS\system32\JMRaidSetup.exe" [10/30/2006 07:44 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [09/17/2007 01:07 AM]
"nwiz"="nwiz.exe" [09/17/2007 01:07 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [09/17/2007 01:07 AM]
"AsusStartupHelp"="C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe" [11/14/2006 01:25 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [03/15/2007 09:02 PM]
"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [05/07/2007 11:32 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/08/2007 04:24 PM]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [07/09/2002 09:45 PM]
"mxomssmenu"="C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [09/06/2007 02:53 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"FamilyCyberAlert"="C:\WINDOWS\system32\FCyberAlert\syslogin.exe" [04/22/2008 12:20 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [02/18/2008 02:37 PM]
"osCheck"="C:\Program Files\Norton 360\osCheck.exe" [02/26/2008 09:50 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [05/07/2007 11:40 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [10/18/2007 11:34 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Exif Launcher S.lnk - C:\Program Files\FinePixViewerS\QuickDCF2.exe [5/24/2008 11:07:32 AM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [5/11/2005 11:23:26 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 3:05:56 PM]
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [5/26/2008 10:19:14 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [05/26/2008 10:19 PM 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"

*Newly Created Service* - COMHOST

-- End of Deckard's System Scanner: finished at 2008-07-31 23:16:09 ------------

#41
fenzodahl512

Posted 31 July 2008 - 10:59 PM

Malware Removal
9,863 posts

Your Jordyn account looks good..

Now, do this in your son account..

Please save this instruction in a Notepad or MS-Word as we have to do the next step in Safe Mode..

Please disable your Norton 360 prior to our fix.. Please visit below websites if you do not know how.. Don't forget to re-enable them back when you restart into Normal Mode..
http://service1.syma...003071515220236
http://service1.syma...d/1997121131456

Do below in Safe Mode..

Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
[*]Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
[*]Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

[kill explorer]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\fufokoo
C:\Documents and Settings\Alyc\Application Data\Microsoft\noucouzipyz.exe
[start explorer]

[*] Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
[*]Click the red Moveit! button.
[*]A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
[*]Close OTMoveIt2
[/list]If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

NEXT

1. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Begin copying here:
Drivers to disable:
e96ctimjhi4euho

Drivers to delete:
e96ctimjhi4euho

Files to delete:
C:\WINDOWS\system32\wennouwibas.exe
C:\WINDOWS\system32\noucouzipyz.exe

Registry values to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | fufokoo
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices | fufokoo

Right click on the window under Input script here:, and select Paste.
You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
Click on Execute
Answer "Yes" twice when prompted.

3. The Avenger will automatically do the following:

It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

4. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh DSS log .

Post this log in your next reply.. Each log in separate post..

1. OTMoveIt2
2. The Avenger
3. DSS of your son account..

#42
ScittS

Posted 31 July 2008 - 11:29 PM

Member

Topic Starter
Member
65 posts

Thanks....... I have the latest logs complete:

move it log:

Explorer killed successfully
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\fufokoo >
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\fufokoo deleted successfully.
File/Folder C:\Documents and Settings\Alyc\Application Data\Microsoft\noucouzipyz.exe not found.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08012008_001842

avenger log:

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Error: could not open driver "e96ctimjhi4euho"
Disablement of driver "e96ctimjhi4euho" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\e96ctimjhi4euho" not found!
Deletion of driver "e96ctimjhi4euho" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "C:\WINDOWS\system32\wennouwibas.exe" not found!
Deletion of file "C:\WINDOWS\system32\wennouwibas.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "C:\WINDOWS\system32\noucouzipyz.exe" not found!
Deletion of file "C:\WINDOWS\system32\noucouzipyz.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: could not delete registry value "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|fufokoo"
Deletion of registry value "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|fufokoo" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: could not delete registry value "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices|fufokoo"
Deletion of registry value "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices|fufokoo" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Completed script processing.

*******************

Finished! Terminate.

I will post the DSS log in a new post...thats what you want by seperate logs right?

#43
ScittS

Posted 31 July 2008 - 11:32 PM

Member

Topic Starter
Member
65 posts

Finally here is the DSS log.....

Deckard's System Scanner v20071014.68
Run by Alyc on 2008-08-01 00:25:56
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Alyc.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:25:59 AM, on 8/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\FCyberAlert\syslogin.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\FinePixViewerS\QuickDCF2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\HPZinw12.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\My Documents\Software\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Alyc.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....k/?LinkId=74005
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [FamilyCyberAlert] C:\WINDOWS\system32\FCyberAlert\syslogin.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Exif Launcher S.lnk = C:\Program Files\FinePixViewerS\QuickDCF2.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1211585209718
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe

--
End of file - 10928 bytes

-- Files created between 2008-07-01 and 2008-08-01 -----------------------------

2008-07-31 01:03:29 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-07-31 01:03:29 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-07-31 01:03:29 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-07-31 01:03:29 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-07-31 01:03:29 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-07-31 01:03:29 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-07-31 01:03:29 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-07-31 01:03:29 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-07-31 01:03:29 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-07-31 01:03:29 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-07-31 01:03:29 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-07-31 01:03:29 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-07-31 01:03:29 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-07-31 01:03:29 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-07-30 22:06:33 68096 --a------ C:\WINDOWS\zip.exe
2008-07-30 22:06:33 49152 --a------ C:\WINDOWS\VFind.exe
2008-07-30 22:06:33 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-30 22:06:33 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-30 22:06:33 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-30 22:06:33 98816 --a------ C:\WINDOWS\sed.exe
2008-07-30 22:06:33 80412 --a------ C:\WINDOWS\grep.exe
2008-07-30 22:06:33 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-30 22:04:39 0 dr-hs---- C:\cmdcons
2008-07-30 22:04:38 0 d-------- C:\WINDOWS\setup.pss
2008-07-30 22:03:06 0 d-------- C:\WINDOWS\setupupd
2008-07-30 21:49:37 0 d-------- C:\Documents and Settings\Owner\Application Data\Windows Search
2008-07-29 22:12:47 0 d-------- C:\Program Files\Norton 360
2008-07-29 22:11:55 0 d-------- C:\Program Files\Symantec
2008-07-29 22:09:37 0 d-------- C:\Documents and Settings\Owner\Application Data\Symantec
2008-07-29 18:48:02 0 d-------- C:\Documents and Settings\Torey\Application Data\Windows Desktop Search
2008-07-29 18:46:47 0 d-------- C:\Documents and Settings\Tammy\Application Data\Windows Desktop Search
2008-07-29 15:30:32 0 d-------- C:\Program Files\Trend Micro
2008-07-28 21:46:23 0 d-------- C:\Documents and Settings\Jordyn\Application Data\Windows Desktop Search
2008-07-28 21:42:48 0 d-------- C:\Documents and Settings\Alyc\Application Data\SUPERAntiSpyware.com
2008-07-28 21:27:53 0 d-------- C:\Documents and Settings\Alyc\Application Data\Windows Desktop Search
2008-07-28 21:20:46 0 d-------- C:\Documents and Settings\Owner\Application Data\Windows Desktop Search
2008-07-28 21:20:27 0 d-------- C:\Program Files\Windows Desktop Search
2008-07-28 21:20:26 0 d-------- C:\WINDOWS\system32\GroupPolicy
2008-07-28 18:25:53 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-28 17:44:45 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-28 17:44:42 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-28 17:44:41 0 d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-07-28 17:44:23 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-28 17:40:35 0 d-------- C:\Program Files\SpywareBlaster
2008-07-28 15:24:42 0 d-------- C:\Documents and Settings\Owner\.housecall6.6
2008-07-28 11:31:58 0 d-------- C:\Documents and Settings\Torey\Application Data\Malwarebytes
2008-07-28 11:31:00 0 d-------- C:\Documents and Settings\Torey\Application Data\Mozilla
2008-07-28 11:06:42 0 d-------- C:\Documents and Settings\Jordyn\Application Data\Malwarebytes
2008-07-28 11:05:48 0 d-------- C:\Documents and Settings\Jordyn\Application Data\Mozilla
2008-07-27 21:40:28 0 d-------- C:\Documents and Settings\Tammy\Application Data\Mozilla
2008-07-27 21:40:09 0 d-------- C:\Documents and Settings\Tammy\Application Data\Malwarebytes
2008-07-27 21:32:45 0 d-------- C:\Documents and Settings\Alyc\Application Data\Mozilla
2008-07-27 21:31:18 0 dr-h----- C:\Documents and Settings\Alyc\Recent
2008-07-27 21:15:30 0 d-------- C:\WINDOWS\pss
2008-07-27 20:53:48 0 d-------- C:\Documents and Settings\Alyc\Application Data\Malwarebytes
2008-07-27 19:58:35 0 dr-h----- C:\Documents and Settings\Owner\Recent
2008-07-27 18:11:35 0 d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-07-27 18:11:33 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-27 18:11:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-27 18:11:01 0 d-------- C:\Program Files\Common Files\Download Manager
2008-07-27 15:31:43 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-27 15:31:36 0 d-------- C:\Documents and Settings\Owner\Application Data\Mozilla
2008-07-26 12:36:48 0 d-------- C:\Documents and Settings\Jordyn\Application Data\FUJIFILM
2008-07-21 15:50:55 0 d-------- C:\Documents and Settings\Owner\Application Data\Uniblue
2008-07-21 14:24:07 0 d-------- C:\Documents and Settings\Owner\Application Data\HouseCall 6.6
2008-07-19 14:26:52 0 d-------- C:\Documents and Settings\Torey\Contacts
2008-07-18 15:23:40 0 d-------- C:\Documents and Settings\Alyc\Contacts
2008-07-18 11:02:58 0 d-------- C:\Documents and Settings\Owner\Contacts
2008-07-18 07:11:23 0 d-------- C:\Documents and Settings\Jordyn\Contacts
2008-07-17 10:13:45 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-17 10:13:41 0 d-------- C:\Program Files\Windows Live
2008-07-17 10:13:27 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-05 05:04:19 0 d-------- C:\Documents and Settings\Tammy\Application Data\Macromedia

-- Find3M Report ---------------------------------------------------------------

2008-08-01 00:23:04 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-31 13:30:07 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-07-30 22:08:01 0 d-------- C:\Program Files\Common Files
2008-07-19 18:08:32 0 d-------- C:\Program Files\Java
2008-06-24 20:33:35 0 --a------ C:\WINDOWS\PowerReg.dat
2008-06-24 20:31:47 0 d-------- C:\Program Files\Infogrames Interactive
2008-06-24 20:31:46 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-18 21:22:16 0 d-------- C:\Documents and Settings\Alyc\Application Data\Macromedia
2008-06-18 10:41:22 0 d-------- C:\Documents and Settings\Alyc\Application Data\Adobe
2008-06-06 19:49:26 0 d-------- C:\Documents and Settings\Alyc\Application Data\Symantec
2008-06-05 04:50:36 0 d-------- C:\Program Files\Logitech
2008-06-05 04:49:27 0 d-------- C:\Program Files\Common Files\Logitech
2008-05-24 10:41:49 139264 --a------ C:\WINDOWS\system32\hpzjrd01.dll <Not Verified; Hewlett Packard; Hewlett Packard Rediscovery Library>
2008-05-24 10:38:12 89277 --a------ C:\WINDOWS\hpoins06.dat
2008-05-24 02:52:04 934607 --a------ C:\WINDOWS\system32\JGScreensaver_3.scr <Not Verified; Axialis Software; Axialis Screen Saver Producer>
2008-05-23 19:48:00 1076 --a------ C:\WINDOWS\checkip.dat
2008-05-23 14:26:04 22 --a------ C:\WINDOWS\FileName
2008-05-23 14:18:26 0 -rahs---- C:\MSDOS.SYS
2008-05-23 14:18:26 0 -rahs---- C:\IO.SYS
2008-05-23 14:18:26 0 --a------ C:\CONFIG.SYS
2008-05-23 14:18:26 0 --a------ C:\AUTOEXEC.BAT
2008-05-23 14:16:27 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-05-23 08:43:36 62 --ahs---- C:\Documents and Settings\Alyc\Application Data\desktop.ini

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
06/30/2008 01:44 PM 349552 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
07/29/2008 10:13 PM 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll [06/30/2008 01:44 PM 349552]

[-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [11/14/2006 04:21 AM C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [05/16/2006 05:04 AM C:\WINDOWS\SkyTel.exe]
"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [10/30/2006 07:44 AM]
"JMB36X Configure"="C:\WINDOWS\system32\JMRaidSetup.exe" [10/30/2006 07:44 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [09/17/2007 01:07 AM]
"nwiz"="nwiz.exe" [09/17/2007 01:07 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [09/17/2007 01:07 AM]
"AsusStartupHelp"="C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe" [11/14/2006 01:25 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [03/15/2007 09:02 PM]
"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [05/07/2007 11:32 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/08/2007 04:24 PM]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [07/09/2002 09:45 PM]
"mxomssmenu"="C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [09/06/2007 02:53 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"FamilyCyberAlert"="C:\WINDOWS\system32\FCyberAlert\syslogin.exe" [04/22/2008 12:20 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [02/18/2008 02:37 PM]
"osCheck"="C:\Program Files\Norton 360\osCheck.exe" [02/26/2008 09:50 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [05/07/2007 11:40 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Exif Launcher S.lnk - C:\Program Files\FinePixViewerS\QuickDCF2.exe [5/24/2008 11:07:32 AM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [5/11/2005 11:23:26 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 3:05:56 PM]
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [5/26/2008 10:19:14 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [05/26/2008 10:19 PM 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"

*Newly Created Service* - COMHOST

-- End of Deckard's System Scanner: finished at 2008-08-01 00:26:21 ------------

I noticed in safe mode that there is an admin login also that isnt on the login screen. Is that uncommon?

#44
fenzodahl512

Posted 01 August 2008 - 02:14 AM

Malware Removal
9,863 posts

I noticed in safe mode that there is an admin login also that isnt on the login screen. Is that uncommon?

That's normal.. When you first install Windows in your computer, Let say you put your username as "user", there will be two accounts created by Windows.. One is Administrator and another one is user.. Only "user" account will be available for Normal Mode, where the "Administrator" account only available in Safe Mode..

Log looks very good to me.. Do you have any other accounts? If yes, please log on to that account and post the fresh DSS here

#45
ScittS

Posted 01 August 2008 - 02:29 AM

Member

Topic Starter
Member
65 posts

Welcome Back fenzodahl512 !!

Here are the logs from my wifes acct. she doesn't use the computer at home much she's on one all day at work.

Deckard's System Scanner v20071014.68
Run by Tammy on 2008-08-01 03:20:20
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Tammy.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:20:21 AM, on 8/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\FCyberAlert\syslogin.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FinePixViewerS\QuickDCF2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\HPZinw12.exe
C:\Documents and Settings\Owner\My Documents\Software\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Tammy.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....k/?LinkId=74005
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [FamilyCyberAlert] C:\WINDOWS\system32\FCyberAlert\syslogin.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-746137067-839522115-725345543-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Owner')
O4 - HKUS\S-1-5-21-746137067-839522115-725345543-1003\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User 'Owner')
O4 - HKUS\S-1-5-21-746137067-839522115-725345543-1003\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'Owner')
O4 - HKUS\S-1-5-21-746137067-839522115-725345543-1003\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User 'Owner')
O4 - HKUS\S-1-5-21-746137067-839522115-725345543-1006\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (User 'Jordyn')
O4 - HKUS\S-1-5-21-746137067-839522115-725345543-1007\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (User 'Alyc')
O4 - Global Startup: Exif Launcher S.lnk = C:\Program Files\FinePixViewerS\QuickDCF2.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1211585209718
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe

--
End of file - 11583 bytes

-- Files created between 2008-07-01 and 2008-08-01 -----------------------------

2008-07-31 01:03:29 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-07-31 01:03:29 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-07-31 01:03:29 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-07-31 01:03:29 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-07-31 01:03:29 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-07-31 01:03:29 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-07-31 01:03:29 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-07-31 01:03:29 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-07-31 01:03:29 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-07-31 01:03:29 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-07-31 01:03:29 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-07-31 01:03:29 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-07-31 01:03:29 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-07-31 01:03:29 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-07-30 22:06:33 68096 --a------ C:\WINDOWS\zip.exe
2008-07-30 22:06:33 49152 --a------ C:\WINDOWS\VFind.exe
2008-07-30 22:06:33 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-30 22:06:33 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-30 22:06:33 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-30 22:06:33 98816 --a------ C:\WINDOWS\sed.exe
2008-07-30 22:06:33 80412 --a------ C:\WINDOWS\grep.exe
2008-07-30 22:06:33 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-30 22:04:39 0 dr-hs---- C:\cmdcons
2008-07-30 22:04:38 0 d-------- C:\WINDOWS\setup.pss
2008-07-30 22:03:06 0 d-------- C:\WINDOWS\setupupd
2008-07-30 21:49:37 0 d-------- C:\Documents and Settings\Owner\Application Data\Windows Search
2008-07-29 22:12:47 0 d-------- C:\Program Files\Norton 360
2008-07-29 22:11:55 0 d-------- C:\Program Files\Symantec
2008-07-29 22:09:37 0 d-------- C:\Documents and Settings\Owner\Application Data\Symantec
2008-07-29 18:48:02 0 d-------- C:\Documents and Settings\Torey\Application Data\Windows Desktop Search
2008-07-29 18:46:47 0 d-------- C:\Documents and Settings\Tammy\Application Data\Windows Desktop Search
2008-07-29 15:30:32 0 d-------- C:\Program Files\Trend Micro
2008-07-28 21:46:23 0 d-------- C:\Documents and Settings\Jordyn\Application Data\Windows Desktop Search
2008-07-28 21:42:48 0 d-------- C:\Documents and Settings\Alyc\Application Data\SUPERAntiSpyware.com
2008-07-28 21:27:53 0 d-------- C:\Documents and Settings\Alyc\Application Data\Windows Desktop Search
2008-07-28 21:20:46 0 d-------- C:\Documents and Settings\Owner\Application Data\Windows Desktop Search
2008-07-28 21:20:27 0 d-------- C:\Program Files\Windows Desktop Search
2008-07-28 21:20:26 0 d-------- C:\WINDOWS\system32\GroupPolicy
2008-07-28 18:25:53 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-28 17:44:45 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-28 17:44:42 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-28 17:44:41 0 d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-07-28 17:44:23 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-28 17:40:35 0 d-------- C:\Program Files\SpywareBlaster
2008-07-28 15:24:42 0 d-------- C:\Documents and Settings\Owner\.housecall6.6
2008-07-28 11:31:58 0 d-------- C:\Documents and Settings\Torey\Application Data\Malwarebytes
2008-07-28 11:31:00 0 d-------- C:\Documents and Settings\Torey\Application Data\Mozilla
2008-07-28 11:06:42 0 d-------- C:\Documents and Settings\Jordyn\Application Data\Malwarebytes
2008-07-28 11:05:48 0 d-------- C:\Documents and Settings\Jordyn\Application Data\Mozilla
2008-07-27 21:40:28 0 d-------- C:\Documents and Settings\Tammy\Application Data\Mozilla
2008-07-27 21:40:09 0 d-------- C:\Documents and Settings\Tammy\Application Data\Malwarebytes
2008-07-27 21:32:45 0 d-------- C:\Documents and Settings\Alyc\Application Data\Mozilla
2008-07-27 21:31:18 0 dr-h----- C:\Documents and Settings\Alyc\Recent
2008-07-27 21:15:30 0 d-------- C:\WINDOWS\pss
2008-07-27 20:53:48 0 d-------- C:\Documents and Settings\Alyc\Application Data\Malwarebytes
2008-07-27 19:58:35 0 dr-h----- C:\Documents and Settings\Owner\Recent
2008-07-27 18:11:35 0 d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-07-27 18:11:33 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-27 18:11:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-27 18:11:01 0 d-------- C:\Program Files\Common Files\Download Manager
2008-07-27 15:31:43 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-27 15:31:36 0 d-------- C:\Documents and Settings\Owner\Application Data\Mozilla
2008-07-26 12:36:48 0 d-------- C:\Documents and Settings\Jordyn\Application Data\FUJIFILM
2008-07-21 15:50:55 0 d-------- C:\Documents and Settings\Owner\Application Data\Uniblue
2008-07-21 14:24:07 0 d-------- C:\Documents and Settings\Owner\Application Data\HouseCall 6.6
2008-07-19 14:26:52 0 d-------- C:\Documents and Settings\Torey\Contacts
2008-07-18 15:23:40 0 d-------- C:\Documents and Settings\Alyc\Contacts
2008-07-18 11:02:58 0 d-------- C:\Documents and Settings\Owner\Contacts
2008-07-18 07:11:23 0 d-------- C:\Documents and Settings\Jordyn\Contacts
2008-07-17 10:13:45 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-17 10:13:41 0 d-------- C:\Program Files\Windows Live
2008-07-17 10:13:27 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-05 05:04:19 0 d-------- C:\Documents and Settings\Tammy\Application Data\Macromedia

-- Find3M Report ---------------------------------------------------------------

2008-08-01 00:23:04 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-31 13:30:07 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-07-30 22:08:01 0 d-------- C:\Program Files\Common Files
2008-07-19 18:08:32 0 d-------- C:\Program Files\Java
2008-06-24 20:33:35 0 --a------ C:\WINDOWS\PowerReg.dat
2008-06-24 20:31:47 0 d-------- C:\Program Files\Infogrames Interactive
2008-06-24 20:31:46 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-05 04:50:36 0 d-------- C:\Program Files\Logitech
2008-06-05 04:49:27 0 d-------- C:\Program Files\Common Files\Logitech
2008-05-24 10:41:49 139264 --a------ C:\WINDOWS\system32\hpzjrd01.dll <Not Verified; Hewlett Packard; Hewlett Packard Rediscovery Library>
2008-05-24 10:38:12 89277 --a------ C:\WINDOWS\hpoins06.dat
2008-05-24 02:52:04 934607 --a------ C:\WINDOWS\system32\JGScreensaver_3.scr <Not Verified; Axialis Software; Axialis Screen Saver Producer>
2008-05-23 19:48:00 1076 --a------ C:\WINDOWS\checkip.dat
2008-05-23 14:26:04 22 --a------ C:\WINDOWS\FileName
2008-05-23 14:18:26 0 -rahs---- C:\MSDOS.SYS
2008-05-23 14:18:26 0 -rahs---- C:\IO.SYS
2008-05-23 14:18:26 0 --a------ C:\CONFIG.SYS
2008-05-23 14:18:26 0 --a------ C:\AUTOEXEC.BAT
2008-05-23 14:16:27 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-05-23 08:43:36 62 --ahs---- C:\Documents and Settings\Tammy\Application Data\desktop.ini

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
06/30/2008 01:44 PM 349552 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
07/29/2008 10:13 PM 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll [06/30/2008 01:44 PM 349552]

[-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [11/14/2006 04:21 AM C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [05/16/2006 05:04 AM C:\WINDOWS\SkyTel.exe]
"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [10/30/2006 07:44 AM]
"JMB36X Configure"="C:\WINDOWS\system32\JMRaidSetup.exe" [10/30/2006 07:44 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [09/17/2007 01:07 AM]
"nwiz"="nwiz.exe" [09/17/2007 01:07 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [09/17/2007 01:07 AM]
"AsusStartupHelp"="C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe" [11/14/2006 01:25 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [03/15/2007 09:02 PM]
"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [05/07/2007 11:32 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/08/2007 04:24 PM]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [07/09/2002 09:45 PM]
"mxomssmenu"="C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [09/06/2007 02:53 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"FamilyCyberAlert"="C:\WINDOWS\system32\FCyberAlert\syslogin.exe" [04/22/2008 12:20 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [02/18/2008 02:37 PM]
"osCheck"="C:\Program Files\Norton 360\osCheck.exe" [02/26/2008 09:50 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [05/07/2007 11:40 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Exif Launcher S.lnk - C:\Program Files\FinePixViewerS\QuickDCF2.exe [5/24/2008 11:07:32 AM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [5/11/2005 11:23:26 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 3:05:56 PM]
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [5/26/2008 10:19:14 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [05/26/2008 10:19 PM 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"

*Newly Created Service* - COMHOST

-- End of Deckard's System Scanner: finished at 2008-08-01 03:20:41 ------------

Also..... I have been trying to learn to read the logs..... are these good entries?

2008-07-30 22:06:33 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-30 22:06:33 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-30 22:06:33 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>

And

2008-07-30 22:06:33 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >

sorry to ask so many questions....