 [Resolved] Help Please!, Infected? |
Welcome to What the Tech! ( Log In | Register ) What tech support ought to be... Fast, friendly and free! Once registered - you'll have the ability to post your question in the appropriate forum below. Additionally, if you can assist another member by sharing your tech knowledge, please post a reply! Best of all - Registration and all assistance is FREE! Once you've completed registration, simply choose the appropriate forum below, click on the "new topic" button, and post your question! What are you waiting for? Register today! *Registered users see NO ADVERTISING.
  |
 Apr 16 2008, 05:56 PM
Post
#1
|
|
|
New Member  Group: New Member Posts: 4 Joined: 16-April 08 Member No.: 78,451 Operating System: Vista Home 32  |
In July I purchased a new Pc because I felt the old one had been damaged by Malware. When the new PC was setup. the tech did not change DSL modem password, and also setup Netgear wireless at that time. I believe I became reinfected because these passwords were not changed.
My PC is running slow. I was unable to run Spyware Doctor until I recently updated to a newer version. Spyware Doctor found Trojan: Agentsd5. Also, I was unable to save my HJT log on my PC..... McAfee was messed with. I am afraid it's infected again.Thank you in advance for any help!!! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:37:18 PM, on 4/16/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16643) Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Windows\system32\dlbacoms.exe C:\Windows\system32\svchost.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe c:\program files\windows defender\MpCmdRun.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing) O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O13 - Gopher Prefix: O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...230/mcfscan.cab O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: dlba_device - - C:\Windows\system32\dlbacoms.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 7460 bytes |
 |
 
|
|
Apr 27 2008, 07:54 AM
Post
#2
|
|
 SuperMember Group: Authentic Member Posts: 3,651 Joined: 29-September 07 Member No.: 73,164 Operating System: Windows XP |
Hello
Please do an online scan with Kaspersky WebScanner Click on Kaspersky Online Scanner and click Accept You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
Scan Mail Bases
Please download Deckard's System Scanner (DSS) and save it to your Desktop.
|
|
|
|
|
Apr 29 2008, 11:23 AM
Post
#3
|
|
|
New Member Group: New Member Posts: 4 Joined: 16-April 08 Member No.: 78,451 Operating System: Vista Home 32 |
Dear Rorschach112:
Here are the results of the Kaspersky and DSS scans; Thankk you so much for your help! Bella ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Tuesday, April 29, 2008 11:35:02 AM Operating System: Microsoft Windows Vista Home Edition, (Build 6000) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 29/04/2008 Kaspersky Anti-Virus database records: 730656 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ F:\ Scan Statistics: Total number of scanned objects: 73180 Number of viruses found: 0 Number of infected objects: 0 Number of suspicious objects: 0 Duration of the scan process: 00:31:46 Infected Object Name / Virus Name / Last Action C:\Boot\BCD Object is locked skipped C:\Boot\BCD.LOG Object is locked skipped C:\hiberfil.sys Object is locked skipped C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.ilg Object is locked skipped C:\Program Files\Spyware Doctor\NetworkLayer\InterfaceDLL.txt Object is locked skipped C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\dell.txt Object is locked skipped C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f686aace6942fb7f7ceb231212eef4a4_2cebd146-b6fd-4b16-b6ec-eea14b195cd4 Object is locked skipped C:\ProgramData\SupportSoft\DellSupportCenter\SYSTEM\state\logs\sprtcmd.log Object is locked skipped C:\Users\Penny\AppData\Local\Google\Google Desktop\b41c7fa8fe7a\dbc2e.ht1 Object is locked skipped C:\Users\Penny\AppData\Local\Google\Google Desktop\b41c7fa8fe7a\dbdam Object is locked skipped C:\Users\Penny\AppData\Local\Google\Google Desktop\b41c7fa8fe7a\dbdao Object is locked skipped C:\Users\Penny\AppData\Local\Google\Google Desktop\b41c7fa8fe7a\dbeam Object is locked skipped C:\Users\Penny\AppData\Local\Google\Google Desktop\b41c7fa8fe7a\dbeao Object is locked skipped C:\Users\Penny\AppData\Local\Google\Google Desktop\b41c7fa8fe7a\dbm Object is locked skipped C:\Users\Penny\AppData\Local\Google\Google Desktop\b41c7fa8fe7a\dbu2d.ht1 Object is locked skipped C:\Users\Penny\AppData\Local\Google\Google Desktop\b41c7fa8fe7a\dbvm.cf1 Object is locked skipped C:\Users\Penny\AppData\Local\Google\Google Desktop\b41c7fa8fe7a\dbvmh.ht1 Object is locked skipped C:\Users\Penny\AppData\Local\Google\Google Desktop\b41c7fa8fe7a\fii.cf1 Object is locked skipped C:\Users\Penny\AppData\Local\Google\Google Desktop\b41c7fa8fe7a\fiih.ht1 Object is locked skipped C:\Users\Penny\AppData\Local\Google\Google Desktop\b41c7fa8fe7a\hp Object is locked skipped C:\Users\Penny\AppData\Local\Google\Google Desktop\b41c7fa8fe7a\hpt2i.ht1 Object is locked skipped C:\Users\Penny\AppData\Local\Google\Google Desktop\b41c7fa8fe7a\rpm.cf1 Object is locked skipped C:\Users\Penny\AppData\Local\Google\Google Desktop\b41c7fa8fe7a\rpm1m.cf1 Object is locked skipped C:\Users\Penny\AppData\Local\Google\Google Desktop\b41c7fa8fe7a\rpm1mh.ht1 Object is locked skipped C:\Users\Penny\AppData\Local\Google\Google Desktop\b41c7fa8fe7a\rpmh.ht1 Object is locked skipped C:\Users\Penny\AppData\Local\Google\Google Desktop\b41c7fa8fe7a\safeweb\goog-black-enchashm.cf1 Object is locked skipped C:\Users\Penny\AppData\Local\Google\Google Desktop\b41c7fa8fe7a\safeweb\goog-black-enchashmh.ht1 Object is locked skipped C:\Users\Penny\AppData\Local\Google\Google Desktop\b41c7fa8fe7a\safeweb\goog-black-urlm.cf1 Object is locked skipped C:\Users\Penny\AppData\Local\Google\Google Desktop\b41c7fa8fe7a\safeweb\goog-black-urlmh.ht1 Object is locked skipped C:\Users\Penny\AppData\Local\Google\Google Desktop\b41c7fa8fe7a\safeweb\goog-malware-domainm.cf1 Object is locked skipped C:\Users\Penny\AppData\Local\Google\Google Desktop\b41c7fa8fe7a\safeweb\goog-malware-domainmh.ht1 Object is locked skipped C:\Users\Penny\AppData\Local\Google\Google Desktop\b41c7fa8fe7a\safeweb\goog-white-domainm.cf1 Object is locked skipped C:\Users\Penny\AppData\Local\Google\Google Desktop\b41c7fa8fe7a\safeweb\goog-white-domainmh.ht1 Object is locked skipped C:\Users\Penny\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped C:\Users\Penny\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped C:\Users\Penny\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db Object is locked skipped C:\Users\Penny\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db Object is locked skipped C:\Users\Penny\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db Object is locked skipped C:\Users\Penny\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db Object is locked skipped C:\Users\Penny\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db Object is locked skipped C:\Users\Penny\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db Object is locked skipped C:\Users\Penny\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped C:\Users\Penny\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008042920080430\index.dat Object is locked skipped C:\Users\Penny\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat Object is locked skipped C:\Users\Penny\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012008042920080430\index.dat Object is locked skipped C:\Users\Penny\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Users\Penny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Users\Penny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Users\Penny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat Object is locked skipped C:\Users\Penny\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Users\Penny\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped C:\Users\Penny\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped C:\Users\Penny\AppData\Local\Microsoft\Windows\UsrClass.dat{b9212a18-fdd9-11dc-80df-001aa089aed7}.TM.blf Object is locked skipped C:\Users\Penny\AppData\Local\Microsoft\Windows\UsrClass.dat{b9212a18-fdd9-11dc-80df-001aa089aed7}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped C:\Users\Penny\AppData\Local\Microsoft\Windows\UsrClass.dat{b9212a18-fdd9-11dc-80df-001aa089aed7}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped C:\Users\Penny\AppData\Local\Microsoft\Windows\WindowsUpdate.log Object is locked skipped C:\Users\Penny\AppData\Local\Microsoft\Windows Defender\FileTracker\{21C634B8-DBAA-41CA-AD2A-AFB53C3456C5} Object is locked skipped C:\Users\Penny\AppData\Local\Microsoft\Windows Sidebar\Settings.ini Object is locked skipped C:\Users\Penny\AppData\Local\Temp\~DF51BC.tmp Object is locked skipped C:\Users\Penny\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped C:\Users\Penny\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat Object is locked skipped C:\Users\Penny\ntuser.dat Object is locked skipped C:\Users\Penny\ntuser.dat.LOG1 Object is locked skipped C:\Users\Penny\ntuser.dat.LOG2 Object is locked skipped C:\Users\Penny\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped C:\Users\Penny\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped C:\Users\Penny\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped C:\Windows\Debug\PASSWD.LOG Object is locked skipped C:\Windows\Debug\sam.log Object is locked skipped C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped C:\Windows\Installer\MSI6545.tmp Object is locked skipped C:\Windows\Installer\MSIC8C4.tmp Object is locked skipped C:\Windows\Logs\CBS\CBS.log Object is locked skipped C:\Windows\Logs\CBS\CBS.persist.log Object is locked skipped C:\Windows\Logs\DPX\setupact.log Object is locked skipped C:\Windows\Logs\DPX\setuperr.log Object is locked skipped C:\Windows\MEMORY.DMP Object is locked skipped C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config Object is locked skipped C:\Windows\Panther\catalogs\OfflineUpgradeStore.dat Object is locked skipped C:\Windows\Panther\catalogs\OnlineEnvStore.dat Object is locked skipped C:\Windows\Panther\catalogs\OnlineMigStore.dat Object is locked skipped C:\Windows\Panther\catalogs\OnlineUpgradeStore.dat Object is locked skipped C:\Windows\Panther\UnattendGC\diagerr.xml Object is locked skipped C:\Windows\Panther\UnattendGC\diagwrn.xml Object is locked skipped C:\Windows\Panther\UnattendGC\setupact.log Object is locked skipped C:\Windows\Panther\UnattendGC\setuperr.log Object is locked skipped C:\Windows\security\database\secedit.sdb Object is locked skipped C:\Windows\SoftwareDistribution\EventCache\{CEA1D0B9-AF0A-449C-B8C1-17603ED20019}.bin Object is locked skipped C:\Windows\SoftwareDistribution\EventCache\{FE76D5FB-E677-4DA5-B1C7-F9B004751A53}.bin Object is locked skipped C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped C:\Windows\System32\catroot2\edb.log Object is locked skipped C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped C:\Windows\System32\config\COMPONENTS Object is locked skipped C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped C:\Windows\System32\config\DEFAULT Object is locked skipped C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped C:\Windows\System32\config\SAM Object is locked skipped C:\Windows\System32\config\SAM.LOG1 Object is locked skipped C:\Windows\System32\config\SAM.LOG2 Object is locked skipped C:\Windows\System32\config\SECURITY Object is locked skipped C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped C:\Windows\System32\config\SOFTWARE Object is locked skipped C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped C:\Windows\System32\config\SYSTEM Object is locked skipped C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000003.regtrans-ms Object is locked skipped C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000004.regtrans-ms Object is locked skipped C:\Windows\System32\config\TxR\{de4d48db-0018-11dd-b17d-001aa089aed7}.TxR.0.regtrans-ms Object is locked skipped C:\Windows\System32\config\TxR\{de4d48db-0018-11dd-b17d-001aa089aed7}.TxR.1.regtrans-ms Object is locked skipped C:\Windows\System32\config\TxR\{de4d48db-0018-11dd-b17d-001aa089aed7}.TxR.2.regtrans-ms Object is locked skipped C:\Windows\System32\config\TxR\{de4d48db-0018-11dd-b17d-001aa089aed7}.TxR.blf Object is locked skipped C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped C:\Windows\System32\restore\MachineGuid.txt Object is locked skipped C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped C:\Windows\System32\sysprep\Panther\diagerr.xml Object is locked skipped C:\Windows\System32\sysprep\Panther\diagwrn.xml Object is locked skipped C:\Windows\System32\sysprep\Panther\setupact.log Object is locked skipped C:\Windows\System32\sysprep\Panther\setuperr.log Object is locked skipped C:\Windows\System32\wbem\AutoRecover\1E2E58C73053C7775EB226DB5E739137.mof Object is locked skipped C:\Windows\System32\wbem\AutoRecover\2B8B1A8B0ACD3EE28B421D3918DC1F29.mof Object is locked skipped C:\Windows\System32\wbem\AutoRecover\3460B7617E0429A960E481B197F238A3.mof Object is locked skipped C:\Windows\System32\wbem\AutoRecover\A80FF2DC09487ECD60AFB147B262BDD7.mof Object is locked skipped C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped C:\Windows\System32\wbem\repository\INDEX.BTR Object is locked skipped C:\Windows\System32\wbem\repository\MAPPING1.MAP Object is locked skipped C:\Windows\System32\wbem\repository\MAPPING2.MAP Object is locked skipped C:\Windows\System32\wbem\repository\OBJECTS.DATA Object is locked skipped C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Client%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Server%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-DateTimeControlPanel%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-MSDT%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-PLA%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnostic%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticResolver%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-Forwarding%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-Help%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WDI%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-MeetingSpace%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-MemoryDiagnostics-Results%4Debug.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-ParentalControls%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Admin.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winlogon%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winsock-WS2HELP%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-Wired-AutoConfig%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Setup.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped C:\Windows\WindowsUpdate.log Object is locked skipped C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16386_none_cef7ceb03914a67f\dnary.xsd Object is locked skipped D:\Windows\security\database\secedit.sdb Object is locked skipped Scan process completed. ----------------------------------------------- Deckard's System Scanner v20071014.68 Run by Penny on 2008-04-29 11:40:20 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- Last 5 Restore Point(s) -- 17: 2008-04-29 15:26:11 UTC - RP26 - Scheduled Checkpoint 16: 2008-04-26 12:17:09 UTC - RP25 - Windows Update 15: 2008-04-23 20:05:53 UTC - RP24 - Scheduled Checkpoint 14: 2008-04-21 22:30:11 UTC - RP23 - Windows Update 13: 2008-04-21 18:42:19 UTC - RP22 - Scheduled Checkpoint -- First Restore Point -- 1: 2008-04-07 17:09:57 UTC - RP9 - Windows Update Backed up registry hives. Performed disk cleanup. Total Physical Memory: 1013 MiB (1024 MiB recommended). -- HijackThis (run as Penny.exe) ----------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:42:12 AM, on 4/29/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16643) Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe C:\Windows\system32\taskeng.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Windows\system32\dlbacoms.exe C:\Windows\system32\svchost.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Users\Penny\Desktop\dss.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Penny.exe C:\Windows\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing) O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O13 - Gopher Prefix: O15 - Trusted Zone: http://www.kaspersky.com O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...230/mcfscan.cab O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: dlba_device - - C:\Windows\system32\dlbacoms.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 7765 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 SASDIFSV - \??\c:\program files\superantispyware\sasdifsv.sys R1 SASKUTIL - \??\c:\program files\superantispyware\saskutil.sys S3 DSproct - \??\c:\program files\dellsupport\gtaction\triggers\dsproct.sys S3 SASENUM - \??\c:\program files\superantispyware\sasenum.sys -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- S3 DSBrokerService - "c:\program files\dellsupport\brkrsvc.exe" <Not Verified; ; Gteko BrkrSvc Application> -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2008-04-29 09:35:17 418 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{F7D6F5A0-EE11-4E9C-8ACF-A9B28ABFDD13}.job -- Files created between 2008-03-29 and 2008-04-29 ----------------------------- 2008-04-29 09:34:41 0 d-------- C:\Users\All Users\Kaspersky Lab 2008-04-29 09:34:39 0 d-------- C:\Windows\system32\Kaspersky Lab 2008-04-21 18:35:54 0 d-------- C:\Program Files\Lavasoft 2008-04-21 09:21:15 0 d-------- C:\Users\All Users\Windows Genuine Advantage 2008-04-16 21:57:28 0 d-------- C:\Users\All Users\Lavasoft 2008-04-16 19:36:46 0 d-------- C:\Program Files\Trend Micro 2008-04-09 16:29:56 0 d-------- C:\Program Files\SpywareBlaster 2008-04-09 06:56:45 0 d-------- C:\Program Files\Windows Journal 2008-04-09 03:38:56 0 d-------- C:\Users\All Users\Grisoft 2008-04-09 01:41:12 73728 --a------ C:\Windows\system32\dlbapwr.dll <Not Verified; Dell Computer Corporation; POR Monitor> 2008-04-09 01:41:11 303104 --a------ C:\Windows\system32\LEXBCES.EXE <Not Verified; Lexmark International, Inc.; MarkVision for Windows (32 bit)> 2008-04-09 01:41:11 147456 --a------ C:\Windows\system32\LEXBCE.DLL <Not Verified; Lexmark International, Inc.; MarkVision for Windows (32 bit)> 2008-04-09 01:39:29 0 d-------- C:\Users\Penny\{5b0706ea-676e-497e-a9df-f9efcef52904} 2008-04-09 01:37:09 0 d-------- C:\Program Files\Dell A940 2008-04-07 13:22:47 0 d-------- C:\Program Files\Common Files\Adobe 2008-04-04 03:19:28 0 d-------- C:\Users\All Users\Spybot - Search & Destroy 2008-04-02 07:04:34 0 d-------- C:\Users\All Users\Avg7 2008-03-30 02:19:33 0 d-------- C:\Program Files\Common Files\PC Tools 2008-03-30 02:19:25 0 d-------- C:\Users\All Users\PC Tools 2008-03-29 21:11:39 0 d-------- C:\Windows\Panther 2008-03-29 21:11:07 286720 --a------ C:\Windows\system32\dlbacomm.dll <Not Verified; Lexmark International, Inc.; LCNA for Windows (32 bit)> 2008-03-29 21:10:02 0 d-------- C:\Windows\Debug 2008-03-29 20:59:50 0 d--h----- C:\$WINDOWS.~Q 2008-03-29 20:58:02 0 d--h----- C:\$INPLACE.~TR 2008-03-29 18:00:56 0 dr------- C:\Users\Penny\Searches 2008-03-29 18:00:43 0 dr------- C:\Users\Penny\Contacts 2008-03-29 18:00:03 0 d-------- C:\Users\Penny\video 2008-03-29 17:42:34 21924 --a------ C:\Windows\system32\emptyregdb.dat 2008-03-29 17:37:17 0 d-------- C:\Users\Default\video 2008-03-29 17:26:02 0 dr------- C:\Users\Penny\Videos 2008-03-29 17:26:02 0 d--hs---- C:\Users\Penny\Templates 2008-03-29 17:26:02 0 d--hs---- C:\Users\Penny\Start Menu 2008-03-29 17:26:02 0 d--hs---- C:\Users\Penny\SendTo 2008-03-29 17:26:02 0 dr------- C:\Users\Penny\Saved Games 2008-03-29 17:26:02 0 d--hs---- C:\Users\Penny\Recent 2008-03-29 17:26:02 0 d--hs---- C:\Users\Penny\PrintHood 2008-03-29 17:26:02 0 dr------- C:\Users\Penny\Pictures 2008-03-29 17:26:02 1572864 --ahs---- C:\Users\Penny\ntuser.dat 2008-03-29 17:26:02 0 d--hs---- C:\Users\Penny\NetHood 2008-03-29 17:26:02 0 d--hs---- C:\Users\Penny\My Documents 2008-03-29 17:26:02 0 dr------- C:\Users\Penny\Music 2008-03-29 17:26:02 0 d--hs---- C:\Users\Penny\Local Settings 2008-03-29 17:26:02 0 dr------- C:\Users\Penny\Links 2008-03-29 17:26:02 0 dr------- C:\Users\Penny\Favorites 2008-03-29 17:26:02 0 dr------- C:\Users\Penny\Downloads 2008-03-29 17:26:02 0 dr------- C:\Users\Penny\Documents 2008-03-29 17:26:02 0 dr------- C:\Users\Penny\Desktop 2008-03-29 17:26:02 0 d--hs---- C:\Users\Penny\Cookies 2008-03-29 17:26:02 0 d--hs---- C:\Users\Penny\Application Data 2008-03-29 17:26:02 0 d--h----- C:\Users\Penny\AppData 2008-03-29 17:24:44 0 d-------- C:\Windows\system32\URTTEMP 2008-03-29 17:24:37 0 d--hs---- C:\Windows\Installer 2008-03-29 17:18:07 0 d-------- C:\Program Files\CONEXANT 2008-03-29 17:17:49 0 d-------- C:\Windows\system32\RTCOM 2008-03-29 17:12:52 0 d-------- C:\Windows\Prefetch 2008-03-29 16:07:24 0 d-------- C:\Users\All Users\Microsoft Corporation 2008-03-29 15:59:35 0 d-------- C:\Program Files\Microsoft Windows Vista Upgrade Advisor -- Find3M Report --------------------------------------------------------------- 2008-04-26 08:02:51 0 d-------- C:\Program Files\Spyware Doctor 2008-04-21 18:26:25 0 d-------- C:\Users\Penny\AppData\Roaming\Google 2008-04-15 08:41:06 0 d-------- C:\Users\Penny\AppData\Roaming\U3 2008-04-09 16:42:05 0 d-------- C:\Users\Penny\AppData\Roaming\SiteAdvisor 2008-04-09 05:29:41 0 d-------- C:\Program Files\Windows Mail 2008-04-09 04:31:03 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-04-09 03:41:21 0 d-------- C:\Users\Penny\AppData\Roaming\Grisoft 2008-04-07 13:22:47 0 d-------- C:\Program Files\Common Files 2008-04-07 13:10:58 0 d-------- C:\Users\Penny\AppData\Roaming\Adobe 2008-03-30 02:19:25 0 d-------- C:\Users\Penny\AppData\Roaming\PC Tools 2008-03-29 21:09:37 0 d-------- C:\Program Files\Microsoft Games 2008-03-29 20:38:41 0 d-------- C:\Users\Penny\AppData\Roaming\Macromedia 2008-03-29 20:36:47 0 d-------- C:\Users\Penny\AppData\Roaming\Mozilla 2008-03-29 19:53:04 174 --ahs---- C:\Program Files\desktop.ini 2008-03-29 19:47:35 0 d-------- C:\Program Files\Windows Calendar 2008-03-29 19:47:23 0 d-------- C:\Program Files\Windows Defender 2008-03-29 19:47:16 0 d-------- C:\Program Files\Windows Sidebar 2008-03-29 18:18:53 0 d-------- C:\Users\Penny\AppData\Roaming\Real 2008-03-29 18:01:39 0 d-------- C:\Users\Penny\AppData\Roaming\DellFaxCtr 2008-03-29 18:00:45 0 d-------- C:\Users\Penny\AppData\Roaming\Identities 2008-03-29 17:29:47 0 d-------- C:\Program Files\Yahoo! 2008-03-29 17:29:46 0 d-------- C:\Program Files\SUPERAntiSpyware 2008-03-29 17:29:46 0 d-------- C:\Program Files\Spyware Doctor(70) 2008-03-29 17:29:41 0 d-------- C:\Program Files\SiteAdvisor 2008-03-29 17:29:41 0 d-------- C:\Program Files\Real 2008-03-29 17:29:36 0 d-------- C:\Program Files\QuickTime 2008-03-29 17:29:29 0 d-------- C:\Program Files\NetWaiting 2008-03-29 17:29:24 0 d-------- C:\Program Files\Modem Diagnostic Tool 2008-03-29 17:29:23 0 d-------- C:\Program Files\Microsoft Works 2008-03-29 17:29:23 0 d-------- C:\Program Files\Microsoft Works Suite 2006 2008-03-29 17:29:14 0 d-------- C:\Program Files\Microsoft Streets and Trips Essentials 2008-03-29 17:29:06 0 d-------- C:\Program Files\Microsoft Money 2006 2008-03-29 17:29:06 0 d-------- C:\Program Files\Microsoft Location Finder 2008-03-29 17:29:05 0 d-------- C:\Program Files\Microsoft Digital Image 2006 2008-03-29 17:28:57 0 d-------- C:\Program Files\Microsoft ActiveSync 2008-03-29 17:28:57 0 d-------- C:\Program Files\MFInstall 2008-03-29 17:28:57 0 d-------- C:\Program Files\McAfee 2008-03-29 17:28:52 0 d-------- C:\Program Files\Java 2008-03-29 17:28:50 0 d-------- C:\Program Files\Intel 2008-03-29 17:28:50 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-03-29 17:28:49 0 d-------- C:\Program Files\illiminable 2008-03-29 17:28:48 0 d-------- C:\Program Files\Google 2008-03-29 17:28:47 0 d-------- C:\Program Files\Encarta 2008-03-29 17:28:47 0 d-------- C:\Program Files\Digital Line Detect 2008-03-29 17:28:47 0 d-------- C:\Program Files\DellSupport 2008-03-29 17:28:38 0 d-------- C:\Program Files\Dell Support Center 2008-03-29 17:28:13 0 d-------- C:\Program Files\Dell PC Fax 2008-03-29 17:28:11 0 d-------- C:\Program Files\Dell DataSafe Online 2008-03-29 17:28:10 0 d-------- C:\Program Files\Dell AIO Printer A940 2008-03-29 17:28:10 0 d-------- C:\Program Files\CyberLink 2008-03-29 17:27:59 0 d-------- C:\Program Files\Common Files\xing shared 2008-03-29 17:27:58 0 d-------- C:\Program Files\Common Files\SureThing Shared 2008-03-29 17:27:58 0 d-------- C:\Program Files\Common Files\supportsoft 2008-03-29 17:27:58 0 d-------- C:\Program Files\Common Files\Real 2008-03-29 17:27:53 0 d-------- C:\Program Files\Common Files\Java 2008-03-29 17:27:53 0 d-------- C:\Program Files\Common Files\InstallShield 2008-03-29 17:27:48 0 d-------- C:\Program Files\BAE 2008-03-29 17:27:48 0 d-------- C:\Program Files\Apple Software Update 2008-03-27 14:43:10 1083 --a------ C:\Windows\mozver.dat -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}] C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03/29/2008 07:17 PM] "IgfxTray"="C:\Windows\system32\igfxtray.exe" [01/02/2008 05:07 PM] "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [01/02/2008 05:06 PM] "Persistence"="C:\Windows\system32\igfxpers.exe" [01/02/2008 05:07 PM] "dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [10/09/2007 06:57 PM] "ECenter"="c:\dell\E-Center\EULALauncher.exe" [03/16/2007 06:20 AM] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [07/16/2007 09:38 AM] "PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [10/20/2006 06:23 PM] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [11/27/2007 05:15 PM] "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [02/01/2008 12:55 PM] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 05:25 AM] "MSConfig"="C:\Windows\system32\msconfig.exe" [11/02/2006 05:45 AM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [03/29/2008 07:03 PM] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [7/16/2007 9:28:11 AM] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 2:01:04 AM] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"=2 (0x2) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] @="IEEE 1394 Bus host controllers" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] @="SBP2 IEEE 1394 Devices" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] @="SecurityDevices" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] C:\Windows\system32\unregmp2.exe /ShowWMP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI -- End of Deckard's System Scanner: finished at 2008-04-29 11:46:28 ------------ DSS Extra Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft® Windows Vista™ Home Premium (build 6000) Architecture: X86; Language: English CPU 0: Genuine Intel® CPU 2140 @ 1.60GHz Percentage of Memory in Use: 71% Physical Memory (total/avail): 1012.56 MiB / 289.42 MiB Pagefile Memory (total/avail): 2280.5 MiB / 963.83 MiB Virtual Memory (total/avail): 2047.88 MiB / 1929.07 MiB A: is Removable (No Media) C: is Fixed (NTFS) - 138.96 GiB total, 102.84 GiB free. D: is Fixed (NTFS) - 10 GiB total, 4.71 GiB free. E: is CDROM (No Media) F: is CDROM (No Media) \\.\PHYSICALDRIVE0 - ST3160815AS ATA Device - 149.01 GiB - 3 partitions \PARTITION0 - Unknown - 47.03 MiB \PARTITION1 - Installable File System - 10 GiB - D: \PARTITION2 (bootable) - Installable File System - 138.96 GiB - C: -- Security Center ------------------------------------------------------------- AUOptions is set to notify before install. Windows Internal Firewall is enabled. AV: Spyware Doctor with AntiVirus v4.4.5 (PC Tools) AS: Spyware Doctor v5.5.0.212 (PC Tools) Outdated AS: AVG Anti-Spyware v7, 5, 1, 43 (GRISOFT s.r.o.) Disabled Outdated AS: Windows Defender v1.1.1505.0 (Microsoft Corporation) [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\ProgramData APPDATA=C:\Users\Penny\AppData\Roaming CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=PENNY-PC ComSpec=C:\Windows\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Users\Penny LOCALAPPDATA=C:\Users\Penny\AppData\Local LOGONSERVER=\\PENNY-PC NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Intel\DMIX PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 2, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0f02 ProgramData=C:\ProgramData ProgramFiles=C:\Program Files PROMPT=$P$G PUBLIC=C:\Users\Public SystemDrive=C: SystemRoot=C:\Windows TEMP=C:\Users\Penny\AppData\Local\Temp TMP=C:\Users\Penny\AppData\Local\Temp USERDOMAIN=Penny-PC USERNAME=Penny USERPROFILE=C:\Users\Penny windir=C:\Windows -- User Profiles --------------------------------------------------------------- Penny -- Add/Remove Programs --------------------------------------------------------- --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 --> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095} Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} Adobe Flash Player 9 ActiveX --> C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003} AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe Conexant D850 PCI V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -IDel200fz.inf Dell DataSafe Online --> MsiExec.exe /I{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB} Dell Support Center --> MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1} Dell System Customization Wizard --> MsiExec.exe /I{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5} DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D} Digital Line Detect --> C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly Fax Solutions --> C:\Program Files\Dell PC Fax\Install\x86\Uninst.exe Games, Music, & Photos Launcher --> MsiExec.exe /I{3E25E350-949F-4DB7-8288-2A60E018B4C1} Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29} Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll" HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Intel® Graphics Media Accelerator Driver --> C:\Windows\system32\igxpun.exe -uninstall Intel® PRO Network Connections 12.1.11.0 --> MsiExec.exe /i{777CA40C-0206-4EF6-A0FC-618BF06BF8D0} ARPREMOVE=1 Intel® PRO Network Connections 12.1.11.0 --> MsiExec.exe /i{777CA40C-0206-4EF6-A0FC-618BF06BF8D0} ARPREMOVE=1 Intel® PRO Network Connections Drivers --> Prounstl.exe Java™ SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000} Kaspersky Online Scanner --> C:\Windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe Macromedia Shockwave Player --> C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log Microsoft .NET Framework 1.1 --> msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1 Hotfix (KB929729) --> "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp" Microsoft Digital Image Standard 2006 --> "C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=PREM VERSION=11 Microsoft Encarta Encyclopedia Standard 2006 --> MsiExec.exe /I{06040048-3E21-46D6-9A91-D927BA08F41D} Microsoft Money 2006 --> "C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120 Microsoft Streets & Trips 2006 --> MsiExec.exe /I{83ED1E80-A1B7-4226-BCF1-AC4A88151A6B} Microsoft Word 2002 --> MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9} Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1} Microsoft Works Suite 2006 Setup Launcher --> C:\Program Files\Microsoft Works Suite 2006\Setup\Launcher.exe /ARP E:\ Microsoft Works Suite Add-in for Microsoft Word --> MsiExec.exe /I{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F} Modem Diagnostic Tool --> MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B} Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF} NetWaiting --> C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{281ECE39-F043-492B-8337-F2E546B5604A}\Setup.exe" -l0x9 -cluninstall Product Documentation Launcher --> MsiExec.exe /I{89CEAE14-DD0F-448E-9554-15781EC9DB24} QualxServ Service Agreement --> MsiExec.exe /X{0F756CD9-4A1E-409B-B101-601DDC4C03AA} RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 Realtek High Definition Audio Driver --> RtlUpd.exe -r -m Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG SpywareBlaster 4.0 --> "C:\Program Files\SpywareBlaster\unins000.exe" SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} URL Assistant --> regsvr32 /u /s "C:\Program Files\BAE\BAE.dll" User's Guides --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.exe" Windows Vista Upgrade Advisor --> MsiExec.exe /I{C6AA3FB7-804F-4808-AD91-B62D6ED9B788} Yahoo! Music Jukebox --> MsiExec.exe /X{7C49EA42-5647-4051-84C2-E6404F25A931} -- Application Event Log ------------------------------------------------------- Event Record #/Type6411 / Error Event Submitted/Written: 04/29/2008 09:28:01 AM Event ID/Source: 1024 / MsiInstaller Event Description: Product: Google Toolbar for Internet Explorer - Update '{9DDC8D83-251D-4E15-9689-FCB1F0E8E0C0}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127 Event Record #/Type6391 / Success Event Submitted/Written: 04/29/2008 09:19:22 AM Event ID/Source: 5617 / WinMgmt Event Description: Event Record #/Type6389 / Success Event Submitted/Written: 04/29/2008 09:19:20 AM Event ID/Source: 5615 / WinMgmt Event Description: Event Record #/Type6388 / Success Event Submitted/Written: 04/29/2008 09:19:14 AM Event ID/Source: 902 / Software Licensing Service Event Description: The Software Licensing service has started. Event Record #/Type6364 / Success Event Submitted/Written: 04/26/2008 07:55:00 AM Event ID/Source: 5617 / WinMgmt Event Description: -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type34933 / Warning Event Submitted/Written: 04/29/2008 11:43:49 AM Event ID/Source: 3004 / WinDefend Event Description: %Penny-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Penny-PC27 can't undo changes that you allow. For more information please see the following: %Penny-PC275 Scan ID: {57F43563-A08B-425D-812B-8CBB86E84CD5} User: Penny-PC\Penny Name: %Penny-PC271 ID: %Penny-PC272 Severity ID: %Penny-PC273 Category ID: %Penny-PC274 Path Found: %Penny-PC276 Alert Type: %Penny-PC278 Detection Type: 1.1.1505.02 Event Record #/Type34932 / Warning Event Submitted/Written: 04/29/2008 11:43:49 AM Event ID/Source: 3004 / WinDefend Event Description: %Penny-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Penny-PC27 can't undo changes that you allow. For more information please see the following: %Penny-PC275 Scan ID: {EF2A520D-7023-4CB0-B322-8AD4433653C3} User: Penny-PC\Penny Name: %Penny-PC271 ID: %Penny-PC272 Severity ID: %Penny-PC273 Category ID: %Penny-PC274 Path Found: %Penny-PC276 Alert Type: %Penny-PC278 Detection Type: 1.1.1505.02 Event Record #/Type34931 / Warning Event Submitted/Written: 04/29/2008 11:43:49 AM Event ID/Source: 3004 / WinDefend Event Description: %Penny-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Penny-PC27 can't undo changes that you allow. For more information please see the following: %Penny-PC275 Scan ID: {F665583C-7319-4BAD-8539-B89928486A51} User: Penny-PC\Penny Name: %Penny-PC271 ID: %Penny-PC272 Severity ID: %Penny-PC273 Category ID: %Penny-PC274 Path Found: %Penny-PC276 Alert Type: %Penny-PC278 Detection Type: 1.1.1505.02 Event Record #/Type34930 / Warning Event Submitted/Written: 04/29/2008 11:43:47 AM Event ID/Source: 3004 / WinDefend Event Description: %Penny-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Penny-PC27 can't undo changes that you allow. For more information please see the following: %Penny-PC275 Scan ID: {38F57145-ECB2-4F8A-8D2B-A2921EB43F79} User: Penny-PC\Penny Name: %Penny-PC271 ID: %Penny-PC272 Severity ID: %Penny-PC273 Category ID: %Penny-PC274 Path Found: %Penny-PC276 Alert Type: %Penny-PC278 Detection Type: 1.1.1505.02 Event Record #/Type34929 / Warning Event Submitted/Written: 04/29/2008 11:43:47 AM Event ID/Source: 3004 / WinDefend Event Description: %Penny-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Penny-PC27 can't undo changes that you allow. For more information please see the following: %Penny-PC275 Scan ID: {23BB2063-CE19-4932-A49E-B84AC88B5370} User: Penny-PC\Penny Name: %Penny-PC271 ID: %Penny-PC272 Severity ID: %Penny-PC273 Category ID: %Penny-PC274 Path Found: %Penny-PC276 Alert Type: %Penny-PC278 Detection Type: 1.1.1505.02 -- End of Deckard's System Scanner: finished at 2008-04-29 11:46:28 ------------ |
|
|
|
|
Apr 29 2008, 12:09 PM
Post
#4
|
|
|
SuperMember Group: Authentic Member Posts: 3,651 Joined: 29-September 07 Member No.: 73,164 Operating System: Windows XP |
Hello
1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present): O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing) O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing) 2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis. Reboot and tell me how your PC is running and if you are having visible problems |
|
|
|
|
Apr 29 2008, 07:24 PM
Post
#5
|
|
|
New Member Group: New Member Posts: 4 Joined: 16-April 08 Member No.: 78,451 Operating System: Vista Home 32 |
HI:
I followed your last steps and ran a new HJT log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:44:14 PM, on 4/29/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16643) Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe C:\Windows\system32\taskeng.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Windows\system32\dlbacoms.exe C:\Windows\system32\svchost.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O13 - Gopher Prefix: O15 - Trusted Zone: http://www.kaspersky.com O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...230/mcfscan.cab O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: dlba_device - - C:\Windows\system32\dlbacoms.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 7591 bytes ------------------------------------------------------------------- Still having problems with: Spyware Doctor with AV: The following exclusions keep being added to AV scan: DBX, OST, MBX, DBT, BAK, ISO, TTF, and PST. This program quarantined : Trojan Agent!sd5. Windows update keeps listing "Office XP Service pack 3" as an important update but fails repeatedly to install. AdAware 2007:will not update definitions. Error message SSL function failed. Spybot S&D: cannot setup fullly and run: Error sending request connection with server could not be established. Under Control Panel User accounts: ASP.NET Machine Account-password protected. I'm not sure what this account is. I had NETGEAR set up on my pc and I am not sure if this is related to the router or not. I also have 4 internet explorer Icons on my desktop....they seem to be multiplying... Thanks again, Bella |
|
|
|
|
Apr 30 2008, 06:21 AM
Post
#6
|
|
|
SuperMember Group: Authentic Member Posts: 3,651 Joined: 29-September 07 Member No.: 73,164 Operating System: Windows XP |
Your problem doesn't seem to be malware related
Download RootAlyzer to your desktop.
|
|
|
|
|
May 2 2008, 09:44 AM
Post
#7
|
|
|
New Member Group: New Member Posts: 4 Joined: 16-April 08 Member No.: 78,451 Operating System: Vista Home 32 |
Hello again,
Here are the results from DSS and Rootanalyzer: Deckard's System Scanner v20071014.68 Run by Penny on 2008-04-29 11:40:20 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- Last 5 Restore Point(s) -- 17: 2008-04-29 15:26:11 UTC - RP26 - Scheduled Checkpoint 16: 2008-04-26 12:17:09 UTC - RP25 - Windows Update 15: 2008-04-23 20:05:53 UTC - RP24 - Scheduled Checkpoint 14: 2008-04-21 22:30:11 UTC - RP23 - Windows Update 13: 2008-04-21 18:42:19 UTC - RP22 - Scheduled Checkpoint -- First Restore Point -- 1: 2008-04-07 17:09:57 UTC - RP9 - Windows Update Backed up registry hives. Performed disk cleanup. Total Physical Memory: 1013 MiB (1024 MiB recommended). -- HijackThis (run as Penny.exe) ----------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:42:12 AM, on 4/29/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16643) Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe C:\Windows\system32\taskeng.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Windows\system32\dlbacoms.exe C:\Windows\system32\svchost.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Users\Penny\Desktop\dss.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Penny.exe C:\Windows\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing) O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O13 - Gopher Prefix: O15 - Trusted Zone: http://www.kaspersky.com O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...230/mcfscan.cab O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: dlba_device - - C:\Windows\system32\dlbacoms.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 7765 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 SASDIFSV - \??\c:\program files\superantispyware\sasdifsv.sys R1 SASKUTIL - \??\c:\program files\superantispyware\saskutil.sys S3 DSproct - \??\c:\program files\dellsupport\gtaction\triggers\dsproct.sys S3 SASENUM - \??\c:\program files\superantispyware\sasenum.sys -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- S3 DSBrokerService - "c:\program files\dellsupport\brkrsvc.exe" <Not Verified; ; Gteko BrkrSvc Application> -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2008-04-29 09:35:17 418 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{F7D6F5A0-EE11-4E9C-8ACF-A9B28ABFDD13}.job -- Files created between 2008-03-29 and 2008-04-29 ----------------------------- 2008-04-29 09:34:41 0 d-------- C:\Users\All Users\Kaspersky Lab 2008-04-29 09:34:39 0 d-------- C:\Windows\system32\Kaspersky Lab 2008-04-21 18:35:54 0 d-------- C:\Program Files\Lavasoft 2008-04-21 09:21:15 0 d-------- C:\Users\All Users\Windows Genuine Advantage 2008-04-16 21:57:28 0 d-------- C:\Users\All Users\Lavasoft 2008-04-16 19:36:46 0 d-------- C:\Program Files\Trend Micro 2008-04-09 16:29:56 0 d-------- C:\Program Files\SpywareBlaster 2008-04-09 06:56:45 0 d-------- C:\Program Files\Windows Journal 2008-04-09 03:38:56 0 d-------- C:\Users\All Users\Grisoft 2008-04-09 01:41:12 73728 --a------ C:\Windows\system32\dlbapwr.dll <Not Verified; Dell Computer Corporation; POR Monitor> 2008-04-09 01:41:11 303104 --a------ C:\Windows\system32\LEXBCES.EXE <Not Verified; Lexmark International, Inc.; MarkVision for Windows (32 bit)> 2008-04-09 01:41:11 147456 --a------ C:\Windows\system32\LEXBCE.DLL <Not Verified; Lexmark International, Inc.; MarkVision for Windows (32 bit)> 2008-04-09 01:39:29 0 d-------- C:\Users\Penny\{5b0706ea-676e-497e-a9df-f9efcef52904} 2008-04-09 01:37:09 0 d-------- C:\Program Files\Dell A940 2008-04-07 13:22:47 0 d-------- C:\Program Files\Common Files\Adobe 2008-04-04 03:19:28 0 d-------- C:\Users\All Users\Spybot - Search & Destroy 2008-04-02 07:04:34 0 d-------- C:\Users\All Users\Avg7 2008-03-30 02:19:33 0 d-------- C:\Program Files\Common Files\PC Tools 2008-03-30 02:19:25 0 d-------- C:\Users\All Users\PC Tools 2008-03-29 21:11:39 0 d-------- C:\Windows\Panther 2008-03-29 21:11:07 286720 --a------ C:\Windows\system32\dlbacomm.dll <Not Verified; Lexmark International, Inc.; LCNA for Windows (32 bit)> 2008-03-29 21:10:02 0 d-------- C:\Windows\Debug 2008-03-29 20:59:50 0 d--h----- C:\$WINDOWS.~Q 2008-03-29 20:58:02 0 d--h----- C:\$INPLACE.~TR 2008-03-29 18:00:56 0 dr------- C:\Users\Penny\Searches 2008-03-29 18:00:43 0 dr------- C:\Users\Penny\Contacts 2008-03-29 18:00:03 0 d-------- C:\Users\Penny\video 2008-03-29 17:42:34 21924 --a------ C:\Windows\system32\emptyregdb.dat 2008-03-29 17:37:17 0 d-------- C:\Users\Default\video 2008-03-29 17:26:02 0 dr------- C:\Users\Penny\Videos 2008-03-29 17:26:02 0 d--hs---- C:\Users\Penny\Templates 2008-03-29 17:26:02 0 d--hs---- C:\Users\Penny\Start Menu 2008-03-29 17:26:02 0 d--hs---- C:\Users\Penny\SendTo 2008-03-29 17:26:02 0 dr------- C:\Users\Penny\Saved Games 2008-03-29 17:26:02 0 d--hs---- C:\Users\Penny\Recent 2008-03-29 17:26:02 0 d--hs---- C:\Users\Penny\PrintHood 2008-03-29 17:26:02 0 dr------- C:\Users\Penny\Pictures 2008-03-29 17:26:02 1572864 --ahs---- C:\Users\Penny\ntuser.dat 2008-03-29 17:26:02 0 d--hs---- C:\Users\Penny\NetHood 2008-03-29 17:26:02 0 d--hs---- C:\Users\Penny\My Documents 2008-03-29 17:26:02 0 dr------- C:\Users\Penny\Music 2008-03-29 17:26:02 0 d--hs---- C:\Users\Penny\Local Settings 2008-03-29 17:26:02 0 dr------- C:\Users\Penny\Links 2008-03-29 17:26:02 0 dr------- C:\Users\Penny\Favorites 2008-03-29 17:26:02 0 dr------- C:\Users\Penny\Downloads 2008-03-29 17:26:02 0 dr------- C:\Users\Penny\Documents 2008-03-29 17:26:02 0 dr------- C:\Users\Penny\Desktop 2008-03-29 17:26:02 0 d--hs---- C:\Users\Penny\Cookies 2008-03-29 17:26:02 0 d--hs---- C:\Users\Penny\Application Data 2008-03-29 17:26:02 0 d--h----- C:\Users\Penny\AppData 2008-03-29 17:24:44 0 d-------- C:\Windows\system32\URTTEMP 2008-03-29 17:24:37 0 d--hs---- C:\Windows\Installer 2008-03-29 17:18:07 0 d-------- C:\Program Files\CONEXANT 2008-03-29 17:17:49 0 d-------- C:\Windows\system32\RTCOM 2008-03-29 17:12:52 0 d-------- C:\Windows\Prefetch 2008-03-29 16:07:24 0 d-------- C:\Users\All Users\Microsoft Corporation 2008-03-29 15:59:35 0 d-------- C:\Program Files\Microsoft Windows Vista Upgrade Advisor -- Find3M Report --------------------------------------------------------------- 2008-04-26 08:02:51 0 d-------- C:\Program Files\Spyware Doctor 2008-04-21 18:26:25 0 d-------- C:\Users\Penny\AppData\Roaming\Google 2008-04-15 08:41:06 0 d-------- C:\Users\Penny\AppData\Roaming\U3 2008-04-09 16:42:05 0 d-------- C:\Users\Penny\AppData\Roaming\SiteAdvisor 2008-04-09 05:29:41 0 d-------- C:\Program Files\Windows Mail 2008-04-09 04:31:03 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-04-09 03:41:21 0 d-------- C:\Users\Penny\AppData\Roaming\Grisoft 2008-04-07 13:22:47 0 d-------- C:\Program Files\Common Files 2008-04-07 13:10:58 0 d-------- C:\Users\Penny\AppData\Roaming\Adobe 2008-03-30 02:19:25 0 d-------- C:\Users\Penny\AppData\Roaming\PC Tools 2008-03-29 21:09:37 0 d-------- C:\Program Files\Microsoft Games 2008-03-29 20:38:41 0 d-------- C:\Users\Penny\AppData\Roaming\Macromedia 2008-03-29 20:36:47 0 d-------- C:\Users\Penny\AppData\Roaming\Mozilla 2008-03-29 19:53:04 174 --ahs---- C:\Program Files\desktop.ini 2008-03-29 19:47:35 0 d-------- C:\Program Files\Windows Calendar 2008-03-29 19:47:23 0 d-------- C:\Program Files\Windows Defender 2008-03-29 19:47:16 0 d-------- C:\Program Files\Windows Sidebar 2008-03-29 18:18:53 0 d-------- C:\Users\Penny\AppData\Roaming\Real 2008-03-29 18:01:39 0 d-------- C:\Users\Penny\AppData\Roaming\DellFaxCtr 2008-03-29 18:00:45 0 d-------- C:\Users\Penny\AppData\Roaming\Identities 2008-03-29 17:29:47 0 d-------- C:\Program Files\Yahoo! 2008-03-29 17:29:46 0 d-------- C:\Program Files\SUPERAntiSpyware 2008-03-29 17:29:46 0 d-------- C:\Program Files\Spyware Doctor(70) 2008-03-29 17:29:41 0 d-------- C:\Program Files\SiteAdvisor 2008-03-29 17:29:41 0 d-------- C:\Program Files\Real 2008-03-29 17:29:36 0 d-------- C:\Program Files\QuickTime 2008-03-29 17:29:29 0 d-------- C:\Program Files\NetWaiting 2008-03-29 17:29:24 0 d-------- C:\Program Files\Modem Diagnostic Tool 2008-03-29 17:29:23 0 d-------- C:\Program Files\Microsoft Works 2008-03-29 17:29:23 0 d-------- C:\Program Files\Microsoft Works Suite 2006 2008-03-29 17:29:14 0 d-------- C:\Program Files\Microsoft Streets and Trips Essentials 2008-03-29 17:29:06 0 d-------- C:\Program Files\Microsoft Money 2006 2008-03-29 17:29:06 0 d-------- C:\Program Files\Microsoft Location Finder 2008-03-29 17:29:05 0 d-------- C:\Program Files\Microsoft Digital Image 2006 2008-03-29 17:28:57 0 d-------- C:\Program Files\Microsoft ActiveSync 2008-03-29 17:28:57 0 d-------- C:\Program Files\MFInstall 2008-03-29 17:28:57 0 d-------- C:\Program Files\McAfee 2008-03-29 17:28:52 0 d-------- C:\Program Files\Java 2008-03-29 17:28:50 0 d-------- C:\Program Files\Intel 2008-03-29 17:28:50 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-03-29 17:28:49 0 d-------- C:\Program Files\illiminable 2008-03-29 17:28:48 0 d-------- C:\Program Files\Google 2008-03-29 17:28:47 0 d-------- C:\Program Files\Encarta 2008-03-29 17:28:47 0 d-------- C:\Program Files\Digital Line Detect 2008-03-29 17:28:47 0 d-------- C:\Program Files\DellSupport 2008-03-29 17:28:38 0 d-------- C:\Program Files\Dell Support Center 2008-03-29 17:28:13 0 d-------- C:\Program Files\Dell PC Fax 2008-03-29 17:28:11 0 d-------- C:\Program Files\Dell DataSafe Online 2008-03-29 17:28:10 0 d-------- C:\Program Files\Dell AIO Printer A940 2008-03-29 17:28:10 0 d-------- C:\Program Files\CyberLink 2008-03-29 17:27:59 0 d-------- C:\Program Files\Common Files\xing shared 2008-03-29 17:27:58 0 d-------- C:\Program Files\Common Files\SureThing Shared 2008-03-29 17:27:58 0 d-------- C:\Program Files\Common Files\supportsoft 2008-03-29 17:27:58 0 d-------- C:\Program Files\Common Files\Real 2008-03-29 17:27:53 0 d-------- C:\Program Files\Common Files\Java 2008-03-29 17:27:53 0 d-------- C:\Program Files\Common Files\InstallShield 2008-03-29 17:27:48 0 d-------- C:\Program Files\BAE 2008-03-29 17:27:48 0 d-------- C:\Program Files\Apple Software Update 2008-03-27 14:43:10 1083 --a------ C:\Windows\mozver.dat -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}] C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03/29/2008 07:17 PM] "IgfxTray"="C:\Windows\system32\igfxtray.exe" [01/02/2008 05:07 PM] "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [01/02/2008 05:06 PM] "Persistence"="C:\Windows\system32\igfxpers.exe" [01/02/2008 05:07 PM] "dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [10/09/2007 06:57 PM] "ECenter"="c:\dell\E-Center\EULALauncher.exe" [03/16/2007 06:20 AM] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [07/16/2007 09:38 AM] "PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [10/20/2006 06:23 PM] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [11/27/2007 05:15 PM] "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [02/01/2008 12:55 PM] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 05:25 AM] "MSConfig"="C:\Windows\system32\msconfig.exe" [11/02/2006 05:45 AM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [03/29/2008 07:03 PM] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [7/16/2007 9:28:11 AM] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 2:01:04 AM] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"=2 (0x2) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] @="IEEE 1394 Bus host controllers" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] @="SBP2 IEEE 1394 Devices" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] @="SecurityDevices" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] C:\Windows\system32\unregmp2.exe /ShowWMP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI -- End of Deckard's System Scanner: finished at 2008-04-29 11:46:28 ------------ DSS Extra Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft® Windows Vista™ Home Premium (build 6000) Architecture: X86; Language: English CPU 0: Genuine Intel® CPU 2140 @ 1.60GHz Percentage of Memory in Use: 71% Physical Memory (total/avail): 1012.56 MiB / 289.42 MiB Pagefile Memory (total/avail): 2280.5 MiB / 963.83 MiB Virtual Memory (total/avail): 2047.88 MiB / 1929.07 MiB A: is Removable (No Media) C: is Fixed (NTFS) - 138.96 GiB total, 102.84 GiB free. D: is Fixed (NTFS) - 10 GiB total, 4.71 GiB free. E: is CDROM (No Media) F: is CDROM (No Media) \\.\PHYSICALDRIVE0 - ST3160815AS ATA Device - 149.01 GiB - 3 partitions \PARTITION0 - Unknown - 47.03 MiB \PARTITION1 - Installable File System - 10 GiB - D: \PARTITION2 (bootable) - Installable File System - 138.96 GiB - C: -- Security Center ------------------------------------------------------------- AUOptions is set to notify before install. Windows Internal Firewall is enabled. AV: Spyware Doctor with AntiVirus v4.4.5 (PC Tools) AS: Spyware Doctor v5.5.0.212 (PC Tools) Outdated AS: AVG Anti-Spyware v7, 5, 1, 43 (GRISOFT s.r.o.) Disabled Outdated AS: Windows Defender v1.1.1505.0 (Microsoft Corporation) [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\ProgramData APPDATA=C:\Users\Penny\AppData\Roaming CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=PENNY-PC ComSpec=C:\Windows\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Users\Penny LOCALAPPDATA=C:\Users\Penny\AppData\Local LOGONSERVER=\\PENNY-PC NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Intel\DMIX PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 2, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0f02 ProgramData=C:\ProgramData ProgramFiles=C:\Program Files PROMPT=$P$G PUBLIC=C:\Users\Public SystemDrive=C: SystemRoot=C:\Windows TEMP=C:\Users\Penny\AppData\Local\Temp TMP=C:\Users\Penny\AppData\Local\Temp USERDOMAIN=Penny-PC USERNAME=Penny USERPROFILE=C:\Users\Penny windir=C:\Windows -- User Profiles --------------------------------------------------------------- Penny -- Add/Remove Programs --------------------------------------------------------- --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 --> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095} Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} Adobe Flash Player 9 ActiveX --> C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003} AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe Conexant D850 PCI V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -IDel200fz.inf Dell DataSafe Online --> MsiExec.exe /I{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB} Dell Support Center --> MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1} Dell System Customization Wizard --> MsiExec.exe /I{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5} DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D} Digital Line Detect --> C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly Fax Solutions --> C:\Program Files\Dell PC Fax\Install\x86\Uninst.exe Games, Music, & Photos Launcher --> MsiExec.exe /I{3E25E350-949F-4DB7-8288-2A60E018B4C1} Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29} Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll" HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Intel® Graphics Media Accelerator Driver --> C:\Windows\system32\igxpun.exe -uninstall Intel® PRO Network Connections 12.1.11.0 --> MsiExec.exe /i{777CA40C-0206-4EF6-A0FC-618BF06BF8D0} ARPREMOVE=1 Intel® PRO Network Connections 12.1.11.0 --> MsiExec.exe /i{777CA40C-0206-4EF6-A0FC-618BF06BF8D0} ARPREMOVE=1 Intel® PRO Network Connections Drivers --> Prounstl.exe Java™ SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000} Kaspersky Online Scanner --> C:\Windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe Macromedia Shockwave Player --> C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log Microsoft .NET Framework 1.1 --> msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1 Hotfix (KB929729) --> "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp" Microsoft Digital Image Standard 2006 --> "C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=PREM VERSION=11 Microsoft Encarta Encyclopedia Standard 2006 --> MsiExec.exe /I{06040048-3E21-46D6-9A91-D927BA08F41D} Microsoft Money 2006 --> "C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120 Microsoft Streets & Trips 2006 --> MsiExec.exe /I{83ED1E80-A1B7-4226-BCF1-AC4A88151A6B} Microsoft Word 2002 --> MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9} Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1} Microsoft Works Suite 2006 Setup Launcher --> C:\Program Files\Microsoft Works Suite 2006\Setup\Launcher.exe /ARP E:\ Microsoft Works Suite Add-in for Microsoft Word --> MsiExec.exe /I{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F} Modem Diagnostic Tool --> MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B} Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF} NetWaiting --> C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{281ECE39-F043-492B-8337-F2E546B5604A}\Setup.exe" -l0x9 -cluninstall Product Documentation Launcher --> MsiExec.exe /I{89CEAE14-DD0F-448E-9554-15781EC9DB24} QualxServ Service Agreement --> MsiExec.exe /X{0F756CD9-4A1E-409B-B101-601DDC4C03AA} RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 Realtek High Definition Audio Driver --> RtlUpd.exe -r -m Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG SpywareBlaster 4.0 --> "C:\Program Files\SpywareBlaster\unins000.exe" SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} URL Assistant --> regsvr32 /u /s "C:\Program Files\BAE\BAE.dll" User's Guides --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.exe" Windows Vista Upgrade Advisor --> MsiExec.exe /I{C6AA3FB7-804F-4808-AD91-B62D6ED9B788} Yahoo! Music Jukebox --> MsiExec.exe /X{7C49EA42-5647-4051-84C2-E6404F25A931} -- Application Event Log ------------------------------------------------------- Event Record #/Type6411 / Error Event Submitted/Written: 04/29/2008 09:28:01 AM Event ID/Source: 1024 / MsiInstaller Event Description: Product: Google Toolbar for Internet Explorer - Update '{9DDC8D83-251D-4E15-9689-FCB1F0E8E0C0}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127 Event Record #/Type6391 / Success Event Submitted/Written: 04/29/2008 09:19:22 AM Event ID/Source: 5617 / WinMgmt Event Description: Event Record #/Type6389 / Success Event Submitted/Written: 04/29/2008 09:19:20 AM Event ID/Source: 5615 / WinMgmt Event Description: Event Record #/Type6388 / Success Event Submitted/Written: 04/29/2008 09:19:14 AM Event ID/Source: 902 / Software Licensing Service Event Description: The Software Licensing service has started. Event Record #/Type6364 / Success Event Submitted/Written: 04/26/2008 07:55:00 AM Event ID/Source: 5617 / WinMgmt Event Description: -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type34933 / Warning Event Submitted/Written: 04/29/2008 11:43:49 AM Event ID/Source: 3004 / WinDefend Event Description: %Penny-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Penny-PC27 can't undo changes that you allow. For more information please see the following: %Penny-PC275 Scan ID: {57F43563-A08B-425D-812B-8CBB86E84CD5} User: Penny-PC\Penny Name: %Penny-PC271 ID: %Penny-PC272 Severity ID: %Penny-PC273 Category ID: %Penny-PC274 Path Found: %Penny-PC276 Alert Type: %Penny-PC278 Detection Type: 1.1.1505.02 Event Record #/Type34932 / Warning Event Submitted/Written: 04/29/2008 11:43:49 AM Event ID/Source: 3004 / WinDefend Event Description: %Penny-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Penny-PC27 can't undo changes that you allow. For more information please see the following: %Penny-PC275 Scan ID: {EF2A520D-7023-4CB0-B322-8AD4433653C3} User: Penny-PC\Penny Name: %Penny-PC271 ID: %Penny-PC272 Severity ID: %Penny-PC273 Category ID: %Penny-PC274 Path Found: %Penny-PC276 Alert Type: %Penny-PC278 Detection Type: 1.1.1505.02 Event Record #/Type34931 / Warning Event Submitted/Written: 04/29/2008 11:43:49 AM Event ID/Source: 3004 / WinDefend Event Description: %Penny-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Penny-PC27 can't undo changes that you allow. For more information please see the following: %Penny-PC275 Scan ID: {F665583C-7319-4BAD-8539-B89928486A51} User: Penny-PC\Penny Name: %Penny-PC271 ID: %Penny-PC272 Severity ID: %Penny-PC273 Category ID: %Penny-PC274 Path Found: %Penny-PC276 Alert Type: %Penny-PC278 Detection Type: 1.1.1505.02 Event Record #/Type34930 / Warning Event Submitted/Written: 04/29/2008 11:43:47 AM Event ID/Source: 3004 / WinDefend Event Description: %Penny-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Penny-PC27 can't undo changes that you allow. For more information please see the following: %Penny-PC275 Scan ID: {38F57145-ECB2-4F8A-8D2B-A2921EB43F79} User: Penny-PC\Penny Name: %Penny-PC271 ID: %Penny-PC272 Severity ID: %Penny-PC273 Category ID: %Penny-PC274 Path Found: %Penny-PC276 Alert Type: %Penny-PC278 Detection Type: 1.1.1505.02 Event Record #/Type34929 / Warning Event Submitted/Written: 04/29/2008 11:43:47 AM Event ID/Source: 3004 / WinDefend Event Description: %Penny-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Penny-PC27 can't undo changes that you allow. For more information please see the following: %Penny-PC275 Scan ID: {23BB2063-CE19-4932-A49E-B84AC88B5370} User: Penny-PC\Penny Name: %Penny-PC271 ID: %Penny-PC272 Severity ID: %Penny-PC273 Category ID: %Penny-PC274 Path Found: %Penny-PC276 Alert Type: %Penny-PC278 Detection Type: 1.1.1505.02 -- End of Deckard's System Scanner: finished at 2008-04-29 11:46:28 ------------ ---------------------------------------------- // info: Rootkit removal help file // copyright: © 2008 Safer Networking Ltd. All rights reserved. :: RootAlyzer Results File:"No admin in ACL","D:\Windows\inf\drvindex.dat" File:"No admin in ACL","D:\Windows\inf\INFCACHE.1" File:"No admin in ACL","D:\Windows\inf\infpub.dat" File:"No admin in ACL","D:\Windows\inf\infstor.dat" File:"No admin in ACL","D:\Windows\inf\infstrng.dat" File:"No admin in ACL","C:\hiberfil.sys" File:"No admin in ACL","C:\Windows\System32\hal.dll" File:"No admin in ACL","C:\Windows\System32\halacpi.dll" File:"No admin in ACL","C:\Windows\System32\halmacpi.dll" File:"No admin in ACL","C:\Windows\System32\hccoin.dll" File:"No admin in ACL","C:\Windows\System32\iscsilog.dll" File:"No admin in ACL","C:\Windows\System32\SysFxUI.dll" File:"No admin in ACL","C:\Windows\System32\WMALFXGFXDSP.dll" File:"No admin in ACL","C:\Windows\System32\drivers\acpi.sys" File:"No admin in ACL","C:\Windows\System32\drivers\atapi.sys" File:"No admin in ACL","C:\Windows\System32\drivers\ataport.sys" File:"No admin in ACL","C:\Windows\System32\drivers\cdrom.sys" File:"No admin in ACL","C:\Windows\System32\drivers\disk.sys" File:"No admin in ACL","C:\Windows\System32\drivers\drmk.sys" File:"No admin in ACL","C:\Windows\System32\drivers\drmkaud.sys" File:"No admin in ACL","C:\Windows\System32\drivers\fdc.sys" File:"No admin in ACL","C:\Windows\System32\drivers\flpydisk.sys" File:"No admin in ACL","C:\Windows\System32\drivers\hdaudbus.sys" File:"No admin in ACL","C:\Windows\System32\drivers\hidclass.sys" File:"No admin in ACL","C:\Windows\System32\drivers\hidparse.sys" File:"No admin in ACL","C:\Windows\System32\drivers\hidusb.sys" File:"No admin in ACL","C:\Windows\System32\drivers\i8042prt.sys" File:"No admin in ACL","C:\Windows\System32\drivers\kbdclass.sys" File:"No admin in ACL","C:\Windows\System32\drivers\kbdhid.sys" File:"No admin in ACL","C:\Windows\System32\drivers\mouclass.sys" File:"No admin in ACL","C:\Windows\System32\drivers\mouhid.sys" File:"No admin in ACL","C:\Windows\System32\drivers\msisadrv.sys" File:"No admin in ACL","C:\Windows\System32\drivers\msiscsi.sys" File:"No admin in ACL","C:\Windows\System32\drivers\mssmbios.sys" File:"No admin in ACL","C:\Windows\System32\drivers\pci.sys" File:"No admin in ACL","C:\Windows\System32\drivers\pciidex.sys" File:"No admin in ACL","C:\Windows\System32\drivers\portcls.sys" File:"No admin in ACL","C:\Windows\System32\drivers\sermouse.sys" File:"No admin in ACL","C:\Windows\System32\drivers\termdd.sys" File:"No admin in ACL","C:\Windows\System32\drivers\umbus.sys" File:"No admin in ACL","C:\Windows\System32\drivers\usbccgp.sys" File:"No admin in ACL","C:\Windows\System32\drivers\usbd.sys" File:"No admin in ACL","C:\Windows\System32\drivers\usbehci.sys" File:"No admin in ACL","C:\Windows\System32\drivers\usbhub.sys" File:"No admin in ACL","C:\Windows\System32\drivers\usbport.sys" File:"No admin in ACL","C:\Windows\System32\drivers\usbprint.sys" File:"No admin in ACL","C:\Windows\System32\drivers\USBSTOR.SYS" File:"No admin in ACL","C:\Windows\System32\drivers\usbuhci.sys" File:"No admin in ACL","C:\Windows\System32\drivers\volmgr.sys" File:"No admin in ACL","C:\Windows\System32\drivers\volsnap.sys" File:"No admin in ACL","C:\Windows\System32\drivers\UMDF\WpdFs.dll" File:"No admin in ACL","C:\Windows\inf\drvindex.dat" File:"No admin in ACL","C:\Windows\inf\INFCACHE.1" File:"No admin in ACL","C:\Windows\inf\infpub.dat" File:"No admin in ACL","C:\Windows\inf\infstor.dat" File:"No admin in ACL","C:\Windows\inf\infstrng.dat" File:"Unknown ADS","C:\Users\Penny\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\53BC3F13-00000001.eml:OECustomProperty:$DATA" File:"No admin in ACL","C:\Deckard\System Scanner\backup\Users\Penny\AppData\Local\Temp\~DFA041.tmp" File:"No admin in ACL","C:\Deckard\System Scanner\backup\Users\Penny\AppData\Local\Temp\~DFA237.tmp" File:"No admin in ACL","C:\Deckard\System Scanner\backup\Users\Penny\AppData\Local\Temp\~DFABFB.tmp" File:"No admin in ACL","C:\Deckard\System Scanner\backup\Users\Penny\AppData\Local\Temp\~DFADD4.tmp" Directory:"No admin in ACL","D:\System Volume Information" Directory:"No admin in ACL","C:\Windows\System32\LogFiles\WMI\RtBackup" Directory:"Unknown ADS","C:\Users\All Users\TEMP:5C321E34:$DATA" Directory:"Unknown ADS","C:\Users\All Users\TEMP:DFC5A2B2:$DATA" Directory:"Unknown ADS","C:\ProgramData\TEMP:5C321E34:$DATA" Directory:"Unknown ADS","C:\ProgramData\TEMP:DFC5A2B2:$DATA" RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\CurrentControlSet\Services\","DcomLaunch" RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\CurrentControlSet\Services\","RpcSs" RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\ControlSet002\Services\","DcomLaunch" RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\ControlSet002\Services\","RpcSs" RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\ControlSet001\Services\","DcomLaunch" RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\ControlSet001\Services\","RpcSs" RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Windows\CurrentVersion\","HotStart" RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Windows\CurrentVersion\Applets\SysTray\BattMeter\","Flyout" RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\","Svc" ----------------------------------------------------------------- I am curious why some files in previous scans were "locked" and skipped in scans??? I am still unable to run Adaware and spybot S&D. Thanks again! |
|
|
|
|
May 2 2008, 05:42 PM
Post
#8
|
|
|
SuperMember Group: Authentic Member Posts: 3,651 Joined: 29-September 07 Member No.: 73,164 Operating System: Windows XP |
That means they are in use
Your logs are clean ! We need to do a few things You can delete the tools that we used You now need to update your Java and remove your older versions. Please follow these steps to remove older version Java components. * Click Start > Control Panel. * Click Add/Remove Programs. * Check any item with Java Runtime Environment (JRE) in the name. * Click the Remove or Change/Remove button. Download the latest version of Java Runtime Environment (JRE), and install it to your computer from here Below I have included a number of recommendations for how to protect your computer against malware infections. * Keep Windows updated by regularly checking their website at : http://windowsupdate.microsoft.com/ This will ensure your computer has always the latest security updates available installed on your computer. * To reduce re-infection for malware in the future, I strongly recommend installing these free programs: SpywareBlaster protects against bad ActiveX IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all Have a look at this tutorial for IE-Spyad here * SpywareGuard offers realtime protection from spyware installation attempts. Make Internet Explorer more secure
* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future. * Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from Here * Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place' Here Thank you for your patience, and performing all of the procedures requested. |
|
|
|
|
May 7 2008, 07:01 PM
Post
#9
|
|
|
SuperMember Group: Authentic Member Posts: 3,651 Joined: 29-September 07 Member No.: 73,164 Operating System: Windows XP |
Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic. |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
Similar Topics
| Topic Title | Replies | Topic Starter | Views | Last Action | |||
|---|---|---|---|---|---|---|---|
 |
29 | 83valentine | 342 | Today, 11:38 AM Last post by: ken545 |
|||
|
14 | juibre | 179 | Today, 11:37 AM Last post by: ken545 |
|||
|
20 | toyotomi | 372 | Today, 11:16 AM Last post by: CatByte |
|||
|
17 | Granny Mouse | 259 | Today, 05:04 AM Last post by: CatByte |
|||
|
Time is now: 7th November 2009 - 03:18 PM |
Member site: Alliance of Security Analysis Professionals | UNITE Against Malware
Memory Forums | Auto Repair Forum
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy
