Hi,
Thanks very much for getting back to me. Sorry for the breach in protocol by replying to myself.
I seem to still be infected with something. Norton is telling me that it is intercepting Trojan Zlob, and Spysweeper quarantined something called EncLoad.
Here are the DSS reports:
Deckard's System Scanner v20071014.68
Run by Lance Bodnar on 2008-04-24 23:57:59
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
40: 2008-04-25 06:58:08 UTC - RP552 - Deckard's System Scanner Restore Point
39: 2008-04-21 00:48:31 UTC - RP551 - System Checkpoint
38: 2008-04-19 19:59:43 UTC - RP550 - System Checkpoint
37: 2008-04-12 22:58:28 UTC - RP549 - Software Distribution Service 3.0
36: 2008-04-12 18:30:52 UTC - RP548 - Installed SUPERAntiSpyware Free Edition
-- First Restore Point --
1: 2008-04-10 04:24:56 UTC - RP513 - Software Distribution Service 3.0
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Lance Bodnar.exe) ----------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:59:25 PM, on 4/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\WINDOWS\system32\PROMon.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\GWMDMMSG.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\system32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MEDIC\bin\sprtcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RhinoSoft.com\Serv-U\ServUTray.exe
C:\Program Files\Softissimo\Lexibase Standard\exe\L-Express.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Softissimo\Lexibase Standard\exe\lexibase.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Documents and Settings\Lance Bodnar\Local Settings\Temporary Internet Files\Content.IE5\APMHI5LS\MediaTubeCodec_ver1.1210.0[1].exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Lance Bodnar\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Lance Bodnar.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.comR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Road Runner High Speed Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINDOWS\GWMDMpi.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] "C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [MEDIC] "C:\Program Files\MEDIC\bin\sprtcmd.exe" /P MEDIC
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Window Washer] "C:\Program Files\Webroot\Washer\wwDisp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ServUTrayIcon] "C:\Program Files\RhinoSoft.com\Serv-U\ServUTray.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\DOCUME~1\LANCEB~1\LOCALS~1\Temp\SSUPDATE.EXE" Software\SUPERAntiSpyware.com\SUPERAntiSpyware
O4 - HKCU\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Lance Bodnar"
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Lexibase Express.lnk = C:\Program Files\Softissimo\Lexibase Standard\exe\L-Express.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) -
http://www.activatio...ads/tgctlcm.cabO16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) -
http://acs.pandasoft...s/as2stubie.cabO16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) -
http://lads.myspace....ploader1005.cabO16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -
http://cdn.scan.onec...lscbase4009.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.mi...b?1189905789468O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) -
http://www.crucial.c.../cpcScanner.cabO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: khfDtRIY - khfDtRIY.dll (file missing)
O21 - SSODL: WinSetup - {f06a233a-e948-4469-b57a-456296ef951f} - C:\WINDOWS\Resources\WinSetup.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe
--
End of file - 11885 bytes
-- File Associations -----------------------------------------------------------
.reg - regfile - shell\open\command - regedit.exe "%1" %*.scr - scrfile - shell\open\command - "%1" %*-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R3 NMSCFG (NIC Management Service Configuration Driver) - c:\windows\system32\drivers\nmscfg.sys <Not Verified; Intel Corporation; Intel® NMSCFG Driver>
S3 PCDRDRV (Pcdr Helper Driver) - c:\progra~1\pc-doc~1\diagno~1\pcdrdrv.sys (file missing)
S3 PcdrNt - c:\windows\system32\drivers\pcdrnt.sys <Not Verified; PC-Doctor Inc.; PC-Doctor NT 3.0>
S3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 NMSSvc (Intel® NMS) - c:\windows\system32\nmssvc.exe <Not Verified; Intel Corporation; NMS>
S3 PictureTaker - c:\windows\system32\pctkrnt.sys <Not Verified; LANovation; PictureTaker Software Family>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\5000C14123C00
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\5000C14123C00
Service: NIC1394
Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&3A2C8C4B&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&3A2C8C4B&0
Service: i8042prt
-- Scheduled Tasks -------------------------------------------------------------
2008-04-19 10:22:12 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-03-29 10:37:01 544 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Lance Bodnar.job
-- Files created between 2008-03-24 and 2008-04-24 -----------------------------
2008-04-24 23:51:14 0 d-------- C:\WINDOWS\system32\382077
2008-04-19 10:39:20 0 d-------- C:\Program Files\iTunes
2008-04-19 10:34:46 0 d-------- C:\Program Files\QuickTime
2008-04-13 08:44:43 0 d-------- C:\VundoFix Backups
2008-04-12 11:31:11 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-12 11:30:54 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-04-12 11:30:53 0 d-------- C:\Documents and Settings\Lance Bodnar\Application Data\SUPERAntiSpyware.com
2008-04-12 11:25:01 0 d-------- C:\Documents and Settings\Lance Bodnar\Application Data\Malwarebytes
2008-04-12 11:16:05 0 d-------- C:\Program Files\Panda Security
2008-04-12 11:13:21 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-04-12 11:04:47 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-12 10:39:29 0 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-04-12 10:39:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-12 10:39:22 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-12 10:38:35 0 d-------- C:\Program Files\Common Files\Download Manager
2008-04-09 22:06:21 0 d-------- C:\Program Files\Trend Micro
2008-04-09 22:05:53 0 d-------- C:\Documents and Settings\Administrator\Application Data\Share-to-Web Upload Folder
2008-04-08 11:38:28 0 d-------- C:\Documents and Settings\Administrator\Application Data\Webroot
2008-04-08 11:30:22 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-04-08 11:30:22 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-04-08 11:30:22 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-04-08 11:30:22 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-04-08 11:30:22 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-04-08 11:30:22 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-04-08 11:30:22 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-04-08 11:30:22 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-04-08 11:30:22 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-04-08 11:30:22 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-04-08 11:30:22 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-04-08 11:30:22 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-04-08 11:30:22 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-04-08 11:30:21 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-04-08 11:30:00 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-04-07 19:12:00 0 d-------- C:\Documents and Settings\Lance Bodnar\Application Data\TmpRecentIcons
2008-04-07 16:39:04 4096 --a------ C:\WINDOWS\userconfig9x.dll
2008-04-07 16:39:04 4096 --a------ C:\WINDOWS\system32winlogonpc.exe
2008-04-07 16:39:04 4096 --a------ C:\WINDOWS\FVProtect.exe
2008-04-07 16:39:02 4096 --a------ C:\WINDOWS\system32taack.exe
2008-04-07 16:39:02 4096 --a------ C:\WINDOWS\system32taack.dat
2008-04-07 16:39:02 4096 --a------ C:\WINDOWS\system32sncntr.exe
2008-04-07 16:39:02 4096 --a------ C:\WINDOWS\system32mwin32.exe
2008-04-07 16:39:02 4096 --a------ C:\WINDOWS\system32hxiwlgpm.exe
2008-04-07 16:39:02 4096 --a------ C:\WINDOWS\system32hxiwlgpm.dat
2008-04-07 16:39:02 4096 --a------ C:\WINDOWS\system32hoproxy.dll
2008-04-07 16:39:02 4096 --a------ C:\WINDOWS\a.bat
2008-04-07 16:39:01 4096 --a------ C:\WINDOWS\system32psoft1.exe
2008-04-07 16:39:01 4096 --a------ C:\WINDOWS\system32psof1.exe
2008-04-07 16:39:01 4096 --a------ C:\WINDOWS\system32ps1.exe
2008-04-07 16:39:01 4096 --a------ C:\WINDOWS\system32bsva-egihsg52.exe
2008-04-07 16:39:00 4096 --a------ C:\WINDOWS\system32ssurf022.dll
2008-04-07 16:39:00 4096 --a------ C:\WINDOWS\system32netode.exe
2008-04-07 16:39:00 4096 --a------ C:\WINDOWS\system32mtr2.exe
2008-04-07 16:39:00 4096 --a------ C:\WINDOWS\system32msnbho.dll
2008-04-07 16:39:00 4096 --a------ C:\WINDOWS\system32msgp.exe
2008-04-07 16:39:00 4096 --a------ C:\WINDOWS\system32medup020.dll
2008-04-07 16:39:00 4096 --a------ C:\WINDOWS\system32medup012.dll
2008-04-07 16:38:45 4096 --a------ C:\WINDOWS\system32thun32.dll
2008-04-07 16:38:45 4096 --a------ C:\WINDOWS\system32temp#01.exe
2008-04-07 16:38:45 4096 --a------ C:\WINDOWS\system32ssvchost.exe
2008-04-07 16:38:45 4096 --a------ C:\WINDOWS\system32ssvchost.com
2008-04-07 16:38:45 4096 --a------ C:\WINDOWS\system32regm64.dll
2008-04-07 16:38:45 4096 --a------ C:\WINDOWS\system32regc64.dll
2008-04-07 16:38:45 4096 --a------ C:\WINDOWS\system32msvchost.exe
2008-04-07 16:38:45 4096 --a------ C:\WINDOWS\system32h@tkeysh@@k.dll
2008-04-07 16:38:45 4096 --a------ C:\WINDOWS\system32dpcproxy.exe
2008-04-07 16:38:45 4096 --a------ C:\Documents and Settings\Lance Bodnar\Desktopfilemanagerclient.exe
2008-04-07 16:38:44 4096 --a------ C:\WINDOWS\system32thun.dll
2008-04-07 16:38:44 4096 --a------ C:\WINDOWS\system32Rundl1.exe
2008-04-07 16:38:44 4096 --a------ C:\Documents and Settings\Lance Bodnar\DesktopFWebdEditor.exe
2008-04-07 16:38:44 4096 --a------ C:\Documents and Settings\Lance Bodnar\Desktopfwebd.exe
2008-04-07 16:37:49 4096 --a------ C:\WINDOWS\winsystem.exe
2008-04-07 16:37:49 4096 --a------ C:\WINDOWS\system32winsystem.exe
2008-04-07 16:37:49 4096 --a------ C:\WINDOWS\system32vcatchpi.dll
2008-04-07 16:37:49 4096 --a------ C:\WINDOWS\system32newsd32.exe
2008-04-07 16:37:49 4096 --a------ C:\WINDOWS\system32emesx.dll
2008-04-07 16:37:49 4096 --a------ C:\WINDOWS\system32anticipator.dll
2008-04-07 16:37:49 4096 --a------ C:\WINDOWS\system32akttzn.exe
2008-04-07 16:37:48 4096 --a------ C:\WINDOWS\system32WINWGPX.EXE
2008-04-07 16:37:48 4096 --a------ C:\WINDOWS\system32sysreq.exe
2008-04-07 16:37:48 4096 --a------ C:\WINDOWS\system32mssecu.exe
2008-04-07 16:37:48 4096 --a------ C:\WINDOWS\system32bdn.com
2008-04-07 16:37:48 4096 --a------ C:\WINDOWS\system32awtoolb.dll
2008-04-07 16:37:47 4096 --a------ C:\WINDOWS\system32vbsys2.dll
2008-04-07 16:37:10 0 d-------- C:\Documents and Settings\All Users\Application Data\nmbidgje
-- Find3M Report ---------------------------------------------------------------
2008-04-24 18:58:47 24 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000002-00000000-0000000D-00001102-00000004-00581102}.dat
2008-04-24 18:58:47 24 --a------ C:\WINDOWS\system32\DVCState-{00000002-00000000-0000000D-00001102-00000004-00581102}.dat
2008-04-24 16:35:52 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-19 10:39:43 0 d-------- C:\Program Files\iPod
2008-04-19 10:22:08 0 d-------- C:\Program Files\Apple Software Update
2008-04-12 13:55:23 0 d-------- C:\Documents and Settings\Lance Bodnar\Application Data\Share-to-Web Upload Folder
2008-04-12 10:38:35 0 d-------- C:\Program Files\Common Files
2008-03-22 09:39:53 0 d-------- C:\Documents and Settings\Lance Bodnar\Application Data\Adobe
2008-03-08 19:18:10 0 d-------- C:\Program Files\Unity
2008-03-02 14:19:15 0 d-------- C:\Documents and Settings\Lance Bodnar\Application Data\Intuit
2008-03-02 14:11:52 0 d-------- C:\Program Files\Common Files\AnswerWorks 4.0
2008-03-02 14:11:50 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-02 14:03:47 0 d-------- C:\Program Files\TurboTax
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PROMon.exe"="PROMon.exe" [04/18/2002 06:32 PM C:\WINDOWS\system32\PROMon.exe]
"CTHelper"="CTHELPER.EXE" [10/01/2005 06:58 PM C:\WINDOWS\system32\cthelper.exe]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 01:00 AM]
"Jet Detection"="C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" [10/04/2001 01:00 AM]
"GWMDMMSG"="GWMDMMSG.exe" [10/01/2005 06:58 PM C:\WINDOWS\GWMDMMSG.exe]
"GWMDMpi"="C:\WINDOWS\GWMDMpi.exe" [10/01/2005 06:58 PM]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe" [05/24/2002 05:46 AM]
"HPHmon04"="C:\WINDOWS\system32\hphmon04.exe" [06/20/2002 12:06 PM]
"HPHUPD04"="C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" [05/24/2002 05:47 AM]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [04/17/2002 10:42 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/22/2007 10:19 PM]
"MEDIC"="C:\Program Files\MEDIC\bin\sprtcmd.exe" [07/06/2006 08:45 AM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [03/12/2007 06:30 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [01/04/2008 09:56 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [10/13/2004 09:24 AM]
"Window Washer"="C:\Program Files\Webroot\Washer\wwDisp.exe" [09/05/2007 03:43 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"ServUTrayIcon"="C:\Program Files\RhinoSoft.com\Serv-U\ServUTray.exe" [06/12/2006 09:09 AM]
"SUPERAntiSpyware"="C:\DOCUME~1\LANCEB~1\LOCALS~1\Temp\SSUPDATE.exe" []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"Index Washer"=C:\Program Files\Webroot\Washer\WashIdx.exe "Lance Bodnar"
C:\Documents and Settings\Lance Bodnar\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [10/26/2006 8:24:54 PM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
Lexibase Express.lnk - C:\Program Files\Softissimo\Lexibase Standard\exe\L-Express.exe [4/26/2006 10:46:03 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 1:05:56 PM]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WinSetup"= {f06a233a-e948-4469-b57a-456296ef951f} - C:\WINDOWS\Resources\WinSetup.dll [04/24/2008 11:50 PM 14374]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 04/12/2008 01:55 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfDtRIY]
khfDtRIY.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
-- End of Deckard's System Scanner: finished at 2008-04-25 00:03:53 ------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel® Pentium® 4 CPU 2.40GHz
Percentage of Memory in Use: 65%
Physical Memory (total/avail): 511.3 MiB / 178.64 MiB
Pagefile Memory (total/avail): 1248.08 MiB / 804.5 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1932.51 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 37.26 GiB total, 17.96 GiB free.
D: is Fixed (NTFS) - 111.79 GiB total, 82.21 GiB free.
E: is CDROM (CDFS)
F: is CDROM (No Media)
G: is Removable (Unformatted)
\\.\PHYSICALDRIVE1 -
\\.\PHYSICALDRIVE0 - WDC WD1600JB-22GVC0 - 149.05 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 37.26 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 111.79 GiB - D:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
FW: Norton Internet Worm Protection v2006 (Symantec)
AV: Norton AntiVirus 2006 v2005 (Symantec Corporation)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Ubi Soft\\Chessmaster 9000\\Chessmaster.exe"="C:\\Program Files\\Ubi Soft\\Chessmaster 9000\\Chessmaster.exe:*:Enabled:Chessmaster 9000"
"C:\\Program Files\\BitTorrent\\btdownloadgui.exe"="C:\\Program Files\\BitTorrent\\btdownloadgui.exe:*:Disabled:btdownloadgui"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\TurboTax\\TurboTax Deluxe 2006\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\TurboTax Deluxe 2006\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax\\TurboTax Deluxe 2006\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\TurboTax Deluxe 2006\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Disabled:BitTorrent"
"C:\\Program Files\\RhinoSoft.com\\Serv-U\\ServUDaemon.exe"="C:\\Program Files\\RhinoSoft.com\\Serv-U\\ServUDaemon.exe:*:Disabled:Serv-U FTP Server"
"C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Lance Bodnar\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=BODNAR1
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Lance Bodnar
LOGONSERVER=\\BODNAR1
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;c:\program files\pc-doctor for windows\services;C:\Program Files\MATLAB_SV71\bin\win32;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0207
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\LANCEB~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\LANCEB~1\LOCALS~1\Temp
USERDOMAIN=BODNAR1
USERNAME=Lance Bodnar
USERPROFILE=C:\Documents and Settings\Lance Bodnar
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Lance Bodnar
(admin)Administrator
(admin)-- Add/Remove Programs ---------------------------------------------------------
-- Application Event Log -------------------------------------------------------
Event Record #/Type9782 / Warning
Event Submitted/Written: 04/13/2008 01:20:49 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
Event Record #/Type9728 / Warning
Event Submitted/Written: 04/12/2008 04:07:09 PM
Event ID/Source: 1020 / ASP.NET 2.0.50727.0
Event Description:
Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.
Event Record #/Type9648 / Error
Event Submitted/Written: 04/12/2008 11:09:38 AM
Event ID/Source: 1008 / MsiInstaller
Event Description:
The installation of C:\Program Files\Common Files\Wise Installation Wizard\WISCDDCBBF1270346BC938BBCC81A1EEAAA_3_6_0_1000.MSI is not permitted due to an error in software restriction policy processing. The object cannot be trusted.
Event Record #/Type9647 / Error
Event Submitted/Written: 04/12/2008 11:09:30 AM
Event ID/Source: 1008 / MsiInstaller
Event Description:
The installation of C:\Program Files\Common Files\Wise Installation Wizard\WISCDDCBBF1270346BC938BBCC81A1EEAAA_3_6_0_1000.MSI is not permitted due to an error in software restriction policy processing. The object cannot be trusted.
Event Record #/Type9634 / Error
Event Submitted/Written: 04/12/2008 11:05:09 AM
Event ID/Source: 1008 / MsiInstaller
Event Description:
The installation of C:\Program Files\Common Files\Wise Installation Wizard\WISCDDCBBF1270346BC938BBCC81A1EEAAA_3_6_0_1000.MSI is not permitted due to an error in software restriction policy processing. The object cannot be trusted.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type23268 / Error
Event Submitted/Written: 04/22/2008 00:12:43 AM
Event ID/Source: 1000 / Dhcp
Event Description:
Your computer has lost the lease to its IP address 192.168.1.100 on the
Network Card with network address 0007E9BDEBD8.
Event Record #/Type23267 / Warning
Event Submitted/Written: 04/22/2008 00:12:43 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0007E9BDEBD8. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.
Event Record #/Type23259 / Error
Event Submitted/Written: 04/20/2008 11:04:09 PM
Event ID/Source: 1003 / System Error
Event Description:
Error code 100000ea, parameter1 82a21020, parameter2 82cdff60, parameter3 ed4dccb4, parameter4 00000001.
Event Record #/Type23224 / Error
Event Submitted/Written: 04/20/2008 05:27:00 PM / 04/20/2008 05:28:06 PM
Event ID/Source: 108 / nv
Event Description:
The driver nv4_disp for the display device \Device\Video0 got stuck in an infinite loop. This
usually indicates a problem with the device itself or with the device
driver programming the hardware incorrectly. Please check with your
hardware device vendor for any driver updates.
Event Record #/Type23153 / Warning
Event Submitted/Written: 04/20/2008 11:33:13 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0007E9BDEBD8. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.
-- End of Deckard's System Scanner: finished at 2008-04-25 00:03:53 ------------