Right now he is locked out of the ability to install anything, and to download most things. Even in Safe Mode as a system administrator, he is having issues with getting things fixed.
So, I got him HiJack This, had him run a log, had him run DSS and ComboFix and here is where we stand:
Deckard's System Scanner v20071014.68
Run by Administrator on 2008-04-15 00:43:04
Computer is in Safe Mode with Networking.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
System Restore is disabled; attempting to re-enable...failed; computer is in safe mode.
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Administrator.exe) ---------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:46:06 AM, on 4/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Administrator.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zoomtown.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....k/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {2F20CD36-E9D6-46F3-8F9E-5C3756D80A1F} - C:\WINDOWS\system32\hgGyvtTj.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: DVA Storm - {C796500F-4B97-4F2B-B886-11FA6B72F13F} - C:\WINDOWS\nslbvxpgrno.dll
O2 - BHO: (no name) - {EEC73EA5-1367-49D1-93F4-CA1D8C22E9F9} - C:\WINDOWS\system32\ddcApqqO.dll
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Pinger] C:\Toshiba\ivp\ISM\pinger.exe /run
O4 - HKLM\..\Run: [S3Hotkey] s3hotkey.exe
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TSysSMon] c:\toshiba\sysstability\tsyssmon.exe /detect
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [IDesktop.2.5] C:\PROGRA~1\IMMERS~1\TOUCHS~1\Clients\Desktop\IDesktop.exe 1
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 20
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P23 "EPSON Stylus C84 Series" /O6 "USB001" /M "Stylus C84"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [SlipStream] "C:\Program Files\BrowseBlast Web Accelerator\slipcore.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [f0cc20c2] rundll32.exe "C:\WINDOWS\system32\xqwqdnmi.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [tDn9SQCpwi] C:\Documents and Settings\All Users\Application Data\gjwdqlqz\etyfalur.exe
O4 - S-1-5-18 Startup: desktop weather.lnk = C:\Program Files\desktop weather\desktopweather_2345535.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: desktop weather.lnk = C:\Program Files\desktop weather\desktopweather_2345535.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BrowseBlast Web Accelerator.lnk = C:\Program Files\BrowseBlast Web Accelerator\slipgui.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PC Health.lnk = C:\Program Files\Toshiba\TOSHIBA Management Console\TOSHealthLocalS.vbs
O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Basic\Components\QBAgent\qbdagent2002.exe
O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O12 - Plugin for .asx: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O16 - DPF: Dice Derby by pogo - http://game1.pogo.co...g-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://popfu.pogo.co...u-ob-assets.cab
O16 - DPF: Spades by pogo - http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://holdem2.pogo....m-ob-assets.cab
O16 - DPF: Yahoo! Euchre - http://download.game...nts/y/et0_x.cab
O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} (HPSDDX Class) - http://www.hp.com/cp...ddObjSigned.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - http://esupport.aol....oach_core_1.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1155121094734
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalci....1.11_en_dl.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ddcApqqO - C:\WINDOWS\SYSTEM32\ddcApqqO.dll
O21 - SSODL: dsktbwfe - {0B612CE8-54A4-4007-9627-4400A5F81ED8} - C:\WINDOWS\dsktbwfe.dll
O21 - SSODL: ogxtsepr - {375783C5-E251-416E-92E2-6CE73AC5ADDD} - C:\WINDOWS\ogxtsepr.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: FEELitDM - Immersion Corporation - C:\WINDOWS\System32\FEELitDM.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iomega Activity Disk2 - Iomega Corporation - C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 11392 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------
backup-20080414-014832-112 O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
backup-20080414-014832-131 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
backup-20080414-014832-134 O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
backup-20080414-014832-220 O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
backup-20080414-014832-232 O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
backup-20080414-014832-254 R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
backup-20080414-014832-407 O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
backup-20080414-014832-454 O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
backup-20080414-014832-465 O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
backup-20080414-014832-473 O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
backup-20080414-014832-495 O3 - Toolbar: sgoblxtm - {54CF4CA2-C46C-4B5C-8DC5-0C0D42ECD69E} - C:\WINDOWS\sgoblxtm.dll
backup-20080414-014832-553 O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
backup-20080414-014832-628 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
backup-20080414-014832-663 O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZNxmk996INUS
backup-20080414-014832-666 O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
backup-20080414-014832-714 O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
backup-20080414-014832-741 O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
backup-20080414-014832-789 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
backup-20080414-014832-802 O4 - HKLM\..\Run: [MyWebSearch Email Plugin]
backup-20080414-014832-811 O4 - HKLM\..\Run: [f0cc20c2] rundll32.exe "C:\WINDOWS\system32\gxdxuqmg.dll",b
backup-20080414-014832-830 O4 - HKCU\..\Run: [exypavai] C:\WINDOWS\system32\obmvsdin.exe
backup-20080414-014832-859 R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
backup-20080414-014832-891 O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
backup-20080414-014832-895 O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
backup-20080414-014832-909 O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
backup-20080414-014832-947 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
backup-20080414-014832-953 O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
backup-20080414-014833-434 O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
backup-20080414-014834-391 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
backup-20080414-014834-704 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
backup-20080414-014835-976 O12 - Plugin for .asx: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
backup-20080414-014836-314 O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} (HPSDDX Class) - http://www.hp.com/cp...ddObjSigned.cab
backup-20080414-014837-886 O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...tup1.0.0.15.cab
backup-20080414-014839-754 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
backup-20080414-014841-839 O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - http://esupport.aol....oach_core_1.cab
backup-20080414-014842-518 O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
backup-20080414-014844-573 O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalci....1.11_en_dl.cab
backup-20080414-014846-131 O21 - SSODL: ogxtsepr - {375783C5-E251-416E-92E2-6CE73AC5ADDD} - C:\WINDOWS\ogxtsepr.dll
backup-20080414-014846-472 O21 - SSODL: dsktbwfe - {0B612CE8-54A4-4007-9627-4400A5F81ED8} - C:\WINDOWS\dsktbwfe.dll
backup-20080414-014847-199 O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
backup-20080414-014847-255 O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
backup-20080414-014847-450 O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
backup-20080414-014847-890 O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 iomdisk (Iomega Devices Disk Filter Services) - c:\windows\system32\drivers\iomdisk.sys <Not Verified; Iomega Corporation; Microsoft® Windows NT® Operating System>
R0 TVALD (Toshiba ACPI-Based Value Added Logical Device Driver) - c:\windows\system32\drivers\tvald.sys <Not Verified; Toshiba Corporation; Toshiba ACPI-Compliant Value Added Logical Device>
R0 TVALG (Toshiba Value Added Logical and General Purpose Device Driver) - c:\windows\system32\drivers\tvalg.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Value Added Logical and General Purpose Device Driver>
S3 ApfiltrService (Alps Pointing-device Filter Driver) - c:\windows\system32\drivers\apfiltr.sys <Not Verified; Alps Electric Co., Ltd.; Alps Touch Pad Driver for Windows 2000/XP>
S3 CBTNDIS5 (CBTNDIS5 NDIS Protocol Driver) - c:\windows\system32\cbtndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 dot4ufd (HP Dot4USB Filter) - c:\windows\system32\drivers\hppaufd0.sys <Not Verified; HP; HP Dot4Ufd Windows XP>
S3 ihidfilt (Immersion ihidfilt Driver) - c:\windows\system32\drivers\ihidfilt.sys <Not Verified; Immersion Corporation; Immersion's FEELit Software>
S3 IPFilter (Microsoft IntelliPoint Features driver) - c:\windows\system32\drivers\ipfilter.sys (file missing)
S3 KMW_KBD (Kensington Input Devices Class filter driver) - c:\windows\system32\drivers\kmw_kbd.sys (file missing)
S3 KMW_USB (Kensington MouseWorks USB filter driver) - c:\windows\system32\drivers\kmw_usb.sys <Not Verified; Kensington Technology Group; KMW>
S3 S3SSavage - c:\windows\system32\drivers\s3ssavm.sys <Not Verified; S3 Graphics, Inc.; S3 Graphics SuperSavage Miniport>
S3 SilverLink (Texas Instruments SilverLink (USB GraphLink) Cable) - c:\windows\system32\drivers\silvrlnk.sys <Not Verified; Texas Instruments; TI-Connect SilverLink Cable Driver>
S3 SMCIRDA (SMC IrCC Miniport Device Driver) - c:\windows\system32\drivers\smcirda.sys <Not Verified; SMC; Fast Infrared Miniport Driver>
S3 TBiosDrv - c:\windows\system32\drivers\tbiosdrv.sys
S3 TOSHIBASoftModem (TOSHIBA Software Modem) - c:\windows\system32\drivers\ltsm.sys <Not Verified; LT; TOSHIBA SoftModem Driver>
S3 tsdhd (TOSHIBA SD Card Host Controller Driver) - c:\windows\system32\drivers\tsdhd.sys <Not Verified; TOSHIBA Corporation; SD Card Driver Set>
S3 ZSMC302 (MobileCam Pro) - c:\windows\system32\drivers\usbvm302.sys <Not Verified; VM; >
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
S2 FEELitDM - c:\windows\system32\feelitdm.exe <Not Verified; Immersion Corporation; Immersion's FEELit Software>
S2 Iomega Activity Disk2 - "c:\progra~1\iomega\system32\activitydisk.exe" <Not Verified; Iomega Corporation; SmartSoft ActivityDisk>
S2 NICSer_WPC54G - c:\program files\linksys\wireless-g notebook adapter\nicserv.exe
S2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: Kensington PS/2 Mouse Driver
Device ID: ACPI\PNP0F13\4&1D6F7EAE&0
Manufacturer: Kensington Technology Group
Name: Kensington PS/2 Mouse Driver
PNP Device ID: ACPI\PNP0F13\4&1D6F7EAE&0
Service: i8042prt
-- Scheduled Tasks -------------------------------------------------------------
2008-04-13 11:51:55 546 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Judith Little.job
-- Files created between 2008-03-15 and 2008-04-15 -----------------------------
2008-04-15 00:20:45 0 d-------- C:\VundoFix Backups
2008-04-14 23:23:39 0 d-------- C:\Documents and Settings\Administrator\.housecall6.6
2008-04-14 23:22:56 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-04-14 20:04:42 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-04-14 16:19:35 85056 --a------ C:\WINDOWS\system32\xqwqdnmi.dll
2008-04-14 16:16:02 0 d-------- C:\WINDOWS\privacy_danger
2008-04-14 09:35:52 0 d-------- C:\Documents and Settings\Daniel Little\.housecall6.6
2008-04-14 09:34:43 0 d-------- C:\Documents and Settings\Daniel Little\Application Data\Sun
2008-04-14 02:37:18 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-14 01:11:10 0 d-------- C:\Program Files\Trend Micro
2008-04-13 23:17:54 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-04-13 22:56:29 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-04-13 22:56:29 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-04-13 22:56:29 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-04-13 22:56:29 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-04-13 22:56:29 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-04-13 22:56:29 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-04-13 22:56:29 0 d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust
2008-04-13 22:56:29 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-04-13 22:56:29 0 d-------- C:\Documents and Settings\Administrator\Application Data\Drag'n Drop CD
2008-04-13 22:56:29 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-04-13 22:56:28 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-04-13 22:56:28 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-04-13 22:56:28 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-04-13 22:56:27 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-04-13 22:56:27 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-04-13 22:56:27 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-04-13 22:56:27 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-04-13 22:56:27 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-04-13 22:56:27 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-04-13 22:56:27 0 d-------- C:\Documents and Settings\Administrator\NetWorkSwitch.temp
2008-04-13 22:56:26 1048576 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-04-13 22:23:30 0 d--hs---- C:\WINDOWS\CSC
2008-04-13 21:21:49 0 dr-h----- C:\Documents and Settings\Judith Little\Recent
2008-04-13 19:52:52 0 d-------- C:\Program Files\PC-Cleaner
2008-04-13 19:10:44 0 d-------- C:\Documents and Settings\Daniel Little\Desktopvirii
2008-04-13 19:09:31 4096 --a------ C:\Documents and Settings\Daniel Little\Desktopfilemanagerclient.exe
2008-04-13 19:09:22 4096 --a------ C:\Documents and Settings\Daniel Little\DesktopFWebdEditor.exe
2008-04-13 19:09:22 4096 --a------ C:\Documents and Settings\Daniel Little\Desktopfwebd.exe
2008-04-13 19:07:39 98304 --a------ C:\WINDOWS\system32\loxmxoda.exe
2008-04-13 18:51:24 0 d-------- C:\Documents and Settings\Daniel Little\Application Data\Google
2008-04-13 18:20:54 0 d-------- C:\Documents and Settings\Daniel Little\Application Data\TmpRecentIcons
2008-04-13 15:59:00 0 d-------- C:\Documents and Settings\Judith Little\Application Data\TmpRecentIcons
2008-04-13 15:09:53 186599 --ahs---- C:\WINDOWS\system32\jTtvyGgh.ini2
2008-04-13 15:09:34 272896 -----n--- C:\WINDOWS\system32\hgGyvtTj.dll
2008-04-13 14:54:56 98304 --a------ C:\WINDOWS\spnkfwad.exe
2008-04-13 14:54:56 204800 --a------ C:\WINDOWS\sgoblxtm.dll
2008-04-13 14:54:56 200704 --a------ C:\WINDOWS\ogxtsepr.dll
2008-04-13 14:54:56 217088 --a------ C:\WINDOWS\dsktbwfe.dll
2008-04-13 14:54:54 258048 --a------ C:\WINDOWS\nslbvxpgrno.dll
2008-04-13 14:54:53 4096 --a------ C:\WINDOWS\userconfig9x.dll
2008-04-13 14:54:53 4096 --a------ C:\WINDOWS\system32winlogonpc.exe
2008-04-13 14:54:53 4096 --a------ C:\WINDOWS\FVProtect.exe
2008-04-13 14:54:50 4096 --a------ C:\WINDOWS\system32hoproxy.dll
2008-04-13 14:54:48 4096 --a------ C:\WINDOWS\system32sncntr.exe
2008-04-13 14:54:48 4096 --a------ C:\WINDOWS\system32mwin32.exe
2008-04-13 14:54:48 4096 --a------ C:\WINDOWS\a.bat
2008-04-13 14:54:47 4096 --a------ C:\WINDOWS\system32taack.exe
2008-04-13 14:54:47 4096 --a------ C:\WINDOWS\system32taack.dat
2008-04-13 14:54:47 4096 --a------ C:\WINDOWS\system32hxiwlgpm.exe
2008-04-13 14:54:47 4096 --a------ C:\WINDOWS\system32hxiwlgpm.dat
2008-04-13 14:54:34 0 d-------- C:\Documents and Settings\Judith Little\Desktopvirii
2008-04-13 14:54:33 4096 --a------ C:\WINDOWS\system32psoft1.exe
2008-04-13 14:54:33 4096 --a------ C:\WINDOWS\system32psof1.exe
2008-04-13 14:54:33 4096 --a------ C:\WINDOWS\system32ps1.exe
2008-04-13 14:54:33 4096 --a------ C:\WINDOWS\system32bsva-egihsg52.exe
2008-04-13 14:54:33 4096 --a------ C:\WINDOWS\iTunesMusic.exe
2008-04-13 14:54:32 4096 --a------ C:\WINDOWS\system32msnbho.dll
2008-04-13 14:54:31 4096 --a------ C:\WINDOWS\system32ssurf022.dll
2008-04-13 14:54:31 0 d-------- C:\WINDOWS\system32smp
2008-04-13 14:54:31 4096 --a------ C:\WINDOWS\system32netode.exe
2008-04-13 14:54:31 4096 --a------ C:\WINDOWS\system32mtr2.exe
2008-04-13 14:54:31 4096 --a------ C:\WINDOWS\system32msgp.exe
2008-04-13 14:54:31 4096 --a------ C:\WINDOWS\system32medup020.dll
2008-04-13 14:54:31 4096 --a------ C:\WINDOWS\system32medup012.dll
2008-04-13 14:54:29 4096 --a------ C:\WINDOWS\system32temp#01.exe
2008-04-13 14:54:29 4096 --a------ C:\WINDOWS\system32h@tkeysh@@k.dll
2008-04-13 14:54:29 4096 --a------ C:\WINDOWS\system32dpcproxy.exe
2008-04-13 14:54:27 4096 --a------ C:\WINDOWS\system32ssvchost.exe
2008-04-13 14:54:27 4096 --a------ C:\WINDOWS\system32ssvchost.com
2008-04-13 14:54:27 4096 --a------ C:\WINDOWS\system32regm64.dll
2008-04-13 14:54:27 4096 --a------ C:\WINDOWS\system32regc64.dll
2008-04-13 14:54:27 4096 --a------ C:\WINDOWS\system32msvchost.exe
2008-04-13 14:54:27 4096 --a------ C:\Documents and Settings\Judith Little\Desktopfilemanagerclient.exe
2008-04-13 14:54:25 4096 --a------ C:\WINDOWS\system32thun32.dll
2008-04-13 14:54:25 4096 --a------ C:\WINDOWS\system32thun.dll
2008-04-13 14:54:23 4096 --a------ C:\WINDOWS\system32Rundl1.exe
2008-04-13 14:54:23 4096 --a------ C:\Documents and Settings\Judith Little\DesktopFWebdEditor.exe
2008-04-13 14:54:23 4096 --a------ C:\Documents and Settings\Judith Little\Desktopfwebd.exe
2008-04-13 14:54:19 4096 --a------ C:\WINDOWS\system32newsd32.exe
2008-04-13 14:54:19 4096 --a------ C:\WINDOWS\system32emesx.dll
2008-04-13 14:54:19 4096 --a------ C:\WINDOWS\system32akttzn.exe
2008-04-13 14:54:18 4096 --a------ C:\WINDOWS\winsystem.exe
2008-04-13 14:54:18 4096 --a------ C:\WINDOWS\system32WINWGPX.EXE
2008-04-13 14:54:18 4096 --a------ C:\WINDOWS\system32winsystem.exe
2008-04-13 14:54:18 4096 --a------ C:\WINDOWS\system32vcatchpi.dll
2008-04-13 14:54:18 4096 --a------ C:\WINDOWS\system32sysreq.exe
2008-04-13 14:54:18 4096 --a------ C:\WINDOWS\system32mssecu.exe
2008-04-13 14:54:18 4096 --a------ C:\WINDOWS\system32bdn.com
2008-04-13 14:54:18 4096 --a------ C:\WINDOWS\system32anticipator.dll
2008-04-13 14:54:18 4096 --a------ C:\WINDOWS\mssecu.exe
2008-04-13 14:54:18 4096 --a------ C:\WINDOWS\bdn.com
2008-04-13 14:54:14 4096 --a------ C:\WINDOWS\system32awtoolb.dll
2008-04-13 14:54:11 4096 --a------ C:\WINDOWS\system32vbsys2.dll
2008-04-13 14:54:11 0 d-------- C:\WINDOWS\mslagent
2008-04-13 14:53:38 0 d-------- C:\Documents and Settings\All Users\Application Data\gjwdqlqz
2008-04-13 14:53:37 102400 --a------ C:\WINDOWS\system32\obmvsdin.exe
2008-04-13 14:53:11 38400 --a------ C:\WINDOWS\system32\ddcApqqO.dll
2008-04-11 21:59:26 0 d-------- C:\Documents and Settings\Judith Little\Application Data\Talkback
2008-04-11 21:55:01 0 d-------- C:\Program Files\Common Files\xing shared
2008-04-11 21:51:12 0 d-------- C:\Documents and Settings\Judith Little\Application Data\Mozilla
-- Find3M Report ---------------------------------------------------------------
2008-04-14 18:53:11 0 d-------- C:\Program Files\Viewpoint
2008-04-14 18:53:09 0 d-------- C:\Program Files\AWS
2008-04-14 00:07:49 1100 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-04-11 21:55:01 0 d-------- C:\Program Files\Common Files
2008-04-11 21:54:40 0 d-------- C:\Program Files\Common Files\Real
2008-04-11 21:53:30 0 d-------- C:\Program Files\Real
2008-04-03 20:48:22 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-11 00:11:04 0 d-------- C:\Program Files\AIM6
2008-02-19 01:20:16 0 d-------- C:\Program Files\Common Files\Adobe
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2F20CD36-E9D6-46F3-8F9E-5C3756D80A1F}]
04/13/2008 03:09 PM 272896 --------- C:\WINDOWS\system32\hgGyvtTj.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C796500F-4B97-4F2B-B886-11FA6B72F13F}]
04/13/2008 09:08 AM 258048 --a------ C:\WINDOWS\nslbvxpgrno.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEC73EA5-1367-49D1-93F4-CA1D8C22E9F9}]
04/13/2008 02:53 PM 38400 --a------ C:\WINDOWS\system32\ddcApqqO.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"00THotkey"="C:\WINDOWS\System32\00THotkey.exe" [04/15/2002 06:35 PM]
"000StTHK"="000StTHK.exe" [06/23/2001 08:28 PM C:\WINDOWS\system32\000StTHK.exe]
"Pinger"="C:\Toshiba\ivp\ISM\pinger.exe" [11/14/2001 06:37 AM]
"S3Hotkey"="s3hotkey.exe" [09/13/2001 12:27 PM C:\WINDOWS\system32\s3hotkey.exe]
"S3TRAY2"="S3Tray2.exe" [02/21/2002 07:38 AM C:\WINDOWS\system32\S3Tray2.exe]
"TFNF5"="TFNF5.exe" [08/03/2001 09:08 PM C:\WINDOWS\system32\TFNF5.exe]
"@"="" []
"TSysSMon"="c:\toshiba\sysstability\tsyssmon.exe" [04/05/2002 05:44 PM]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [03/29/2002 05:40 PM]
"Tpwrtray"="TPWRTRAY.EXE" [03/19/2002 08:38 PM C:\WINDOWS\system32\TPWRTRAY.EXE]
"TouchED"="C:\Program Files\TOSHIBA\TouchED\TouchED.Exe" [04/12/2002 11:13 AM]
"IDesktop.2.5"="C:\PROGRA~1\IMMERS~1\TOUCHS~1\Clients\Desktop\IDesktop.exe" [04/26/2002 10:47 AM]
"Iomega Startup Options"="C:\Program Files\Iomega\Common\ImgStart.exe" [01/17/2001 05:33 PM]
"Iomega Drive Icons"="C:\Program Files\Iomega\DriveIcons\ImgIcon.exe" [09/12/2001 11:35 AM]
"TFncKy"="TFncKy.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/05/2004 07:13 PM]
"EPSON Stylus C84 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.exe" [05/27/2003 03:00 AM]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/07/2005 12:46 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [10/20/2004 09:40 AM]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [02/17/2006 12:59 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/09/2007 10:59 PM]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [09/05/2006 09:22 PM]
"SlipStream"="C:\Program Files\BrowseBlast Web Accelerator\slipcore.exe" [04/24/2007 03:20 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [11/28/2007 08:51 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [04/11/2008 09:53 PM]
"f0cc20c2"="C:\WINDOWS\system32\xqwqdnmi.dll" [04/14/2008 04:19 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [7/28/2002 5:43:25 PM]
BrowseBlast Web Accelerator.lnk - C:\Program Files\BrowseBlast Web Accelerator\slipgui.exe [5/16/2007 7:28:42 AM]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [4/11/2007 7:54:58 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]
PC Health.lnk - C:\Program Files\Toshiba\TOSHIBA Management Console\TOSHealthLocalS.vbs [8/9/2002 8:39:00 AM]
QuickBooks 2002 Delivery Agent.lnk - C:\Program Files\Intuit\QuickBooks Basic\Components\QBAgent\qbdagent2002.exe [4/26/2003 11:19:52 AM]
Wireless-G Notebook Adapter.lnk - C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe [4/17/2006 6:44:59 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"tDn9SQCpwi"=C:\Documents and Settings\All Users\Application Data\gjwdqlqz\etyfalur.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{EEC73EA5-1367-49D1-93F4-CA1D8C22E9F9}"= C:\WINDOWS\system32\ddcApqqO.dll [04/13/2008 02:53 PM 38400]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"dsktbwfe"= {0B612CE8-54A4-4007-9627-4400A5F81ED8} - C:\WINDOWS\dsktbwfe.dll [04/13/2008 09:08 AM 217088]
"ogxtsepr"= {375783C5-E251-416E-92E2-6CE73AC5ADDD} - C:\WINDOWS\ogxtsepr.dll [04/13/2008 09:08 AM 200704]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcApqqO]
ddcApqqO.dll 04/13/2008 02:53 PM 38400 C:\WINDOWS\system32\ddcApqqO.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\hgGyvtTj
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
"C:\Program Files\America Online 9.0o\AOL.EXE" -b
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1127558461\ee\AOLHostManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]
"C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
-- End of Deckard's System Scanner: finished at 2008-04-15 00:48:10 ------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel® Pentium® 4 CPU 1.60GHz
Percentage of Memory in Use: 40%
Physical Memory (total/avail): 511.36 MiB / 306.69 MiB
Pagefile Memory (total/avail): 864.79 MiB / 763.02 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1930.58 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 27.95 GiB total, 10.54 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Removable (No Media)
\\.\PHYSICALDRIVE0 - TOSHIBA MK3018GAS - 27.95 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 27.95 GiB - C:
\\.\PHYSICALDRIVE1 - IOMEGA ZIP 100 USB Device
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
FW: Norton AntiVirus v2007 (Symantec Corporation)
AV: Norton AntiVirus v2007 (Symantec Corporation)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\America Online 9.0o\\waol.exe"="C:\\Program Files\\America Online 9.0o\\waol.exe:*:Enabled:America Online 9.0o"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE:*:Enabled:SAgent4"
"C:\\WINDOWS\\system32\\fxsclnt.exe"="C:\\WINDOWS\\system32\\fxsclnt.exe:*:Enabled:Microsoft Fax Console"
"C:\\Toshiba\\ivp\\NetInt\\Netint.exe"="C:\\Toshiba\\ivp\\NetInt\\Netint.exe:*:Enabled:NIE - Network Interface Engine"
"C:\\Program Files\\America Online 9.0o\\waol.exe"="C:\\Program Files\\America Online 9.0o\\waol.exe:*:Enabled:America Online 9.0o"
"C:\\Documents and Settings\\Judith Little\\My Documents\\animated icons\\incredimail_install.exe"="C:\\Documents and Settings\\Judith Little\\My Documents\\animated icons\\incredimail_install.exe:*:Enabled:IncrediMail Installer"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe:*:Enabled:AOLTsMon"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"="C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe:*:Enabled:AOL"
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Common Files\\AOL\\1127558461\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1127558461\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1127558461\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1127558461\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JUDANL
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator
LOGONSERVER=\\JUDANL
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\PROGRA~1\MICROS~2\Office;C:\WINDOWS\System32
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0204
ProgramFiles=C:\Program Files
PROMPT=$P$G
SAFEBOOT_OPTION=NETWORK
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
USERDOMAIN=JUDANL
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Owner (admin)
Daniel Little (admin)
Judith Little (admin)
Brad Little (admin)
Administrator (admin)
Guest (guest)
-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\UNINST.EXE -f"C:\Program Files\Adobe\Photoshop 5.0\DeIsL1.isu" -c"C:\Program Files\Adobe\Photoshop 5.0\Uninst.dll"
--> C:\WINDOWS\UNNMP.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Active Disk --> C:\WINDOWS\unvise32.exe C:\Program Files\Iomega\AutoDisk\uninstal.log
Adobe Atmosphere Player for Acrobat and Adobe Reader --> C:\WINDOWS\atmoUn.exe
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop 6.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 6.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 6.0\Uninst.dll"
Adobe Product/Adobe Studio Update 10/2001 --> "C:\Program Files\InstallShield Installation Information\{73006B34-9743-4A39-AC37-38EDFCEB6DCE}\setup.exe"
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AIM Toolbar 5.0 --> "C:\Program Files\AOL\AIM Toolbar 5.0\uninstall.exe"
ALPS Touch Pad Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL
AnswerWorks 5.0 English Runtime --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}\setup.exe" -l0x9 -uninst -removeonly
AOL Connectivity Services --> "C:\Program Files\Common Files\AOL\ACS\AcsUninstall.exe" /c
AOL Deskbar --> "C:\Program Files\AOL Deskbar\UNWISE.EXE" /u "C:\Program Files\AOL Deskbar\INSTALL.LOG"
AOL Toolbar --> regsvr32 /u /s "C:\PROGRA~1\AOLTOO~1\toolbar.dll"
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
AOL You've Got Pictures Screensaver --> C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
Big Fish Games Client --> C:\Program Files\bfgclient\Uninstall.exe
Big Fish Games Sudoku (remove only) --> C:\Program Files\Sudoku\Uninstall.exe
Britannica CD 99 Standard Edition --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Britannica\BCDSE\bcd1disk.isu"
BrowseBlast Web Accelerator --> C:\Program Files\BrowseBlast Web Accelerator\uninstall\uninstall.exe
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CleanUp! --> C:\Program Files\CleanUp!\uninstall.exe
ClueFinders 6th Grade Adventures --> C:\WINDOWS\TLCUninstall.exe -f "C:\Program Files\The Learning Company\ClueFinders 6th Grade Adventures\Uninstall.xml"
desktop weather --> C:\WINDOWS\uninstall.exe "desktop weather"
Drag'n Drop CD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4A6405B-F37D-42F7-B317-D277BBD47D15}\SETUP.EXE" -l0x9 deleteall
EPSON EPIC C84 --> C:\Program Files\epson\epic\c84_e\uninstall.exe
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
Eyeball Chat 2.2 --> C:\PROGRA~1\Eyeball\EYEBAL~1\UNWISE.EXE C:\PROGRA~1\Eyeball\EYEBAL~1\INSTALL.LOG
Freeze Animations --> "C:\PROGRA~1\Freeze.com\Freeze Animations\UNINSTAL.EXE"
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
hp deskjet 450 printer Uninstaller --> C:\Program Files\Hewlett-Packard\hp deskjet 450 printer\Uninstall\setup.exe ciuninst.ini
HP OfficeJet Series 600 (Remove Only) --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Hewlett-Packard\HP OfficeJet Series 600\uninst.isu" -c"C:\Program Files\Hewlett-Packard\HP OfficeJet Series 600\uninst.dll"
Immersion TouchSense for Orbit 3D --> MsiExec.exe /I{51581542-F795-11D4-8CA3-00010248493A}
Immersion® TouchWare® Desktop 2.9 --> MsiExec.exe /I{D946B6A7-A837-45B9-987B-4703F1505213}
Intel® PRO Ethernet Adapter and Software --> Prounstl.exe
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
Internet Worm Protection --> MsiExec.exe /I{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}
InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{C1939820-A945-11D4-86F6-0001031E5712}\setup.exe" REMOVEALL
Iomega App Services --> C:\WINDOWS\unvise32.exe C:\Program Files\Iomega\System32\uninstal.log
IomegaWare --> C:\WINDOWS\unvise32.exe C:\Program Files\Iomega\uninstal.log
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java 2 Runtime Environment Standard Edition v1.3.0_02 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\JavaSoft\JRE\1.3.0_02\Uninst.isu"
Java 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Kid Pix Deluxe 3 --> C:\Program Files\Broderbund\Kid Pix Deluxe 3\uninstal.exe
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
Legacy 6.0 --> C:\Legacy\UNWISE.EXE /U C:\Legacy\Install.log
Lernout & Hauspie TruVoice American English TTS Engine --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, Uninstall
LiveUpdate 3.1 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Living Waterfalls Wallpaper #1 --> "C:\PROGRA~1\Freeze.com\LIVING~1\UNINSTAL.EXE"
Lotus NotesSQL 3.01 driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{113EECD6-9A04-11D4-811D-00805F923B86}\Setup.exe" -uninst
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
Mahjong Towers Eternity (remove only) --> "C:\Program Files\Mahjong Towers Eternity\Uninstall.exe"
Mahjongg XP Championship 2006 Platinum Edition --> "C:\Program Files\Selectsoft\Mahjongg Platinum\uninstall.exe"
Memory Module Check Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B0A5E23-DA45-4FF6-92C4-406D2430EA77}\Setup.exe" -l0x9
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Office 2000 SR-1 Disc 2 --> MsiExec.exe /I{00040409-78E1-11D2-B60F-006097C998E7}
Microsoft Office XP Professional --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Text-to-Speech Engine 4.0 (English) --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTS.inf, Uninstall
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (2.0) --> C:\Program Files\Mozilla Firefox\uninstall\uninst.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero Suite --> C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
Netflix Movie Viewer --> MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
Netscape Communicator --> C:\WINDOWS\cd32403.exe
Network Device Switch 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{364F2A4B-C161-4E2C-8627-1440BC2E8030}\Setup.exe"
Norton AntiVirus --> MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
Norton AntiVirus (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{830D8CBD-C668-49e2-A969-C2C2106332E0}_14_0_0_89\{830D8CBD-C668-49e2-A969-C2C2106332E0}.exe" /X
Norton AntiVirus Help --> MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}
Norton AntiVirus Parent MSI --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton AntiVirus SYMLT MSI --> MsiExec.exe /I{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8}
Norton Protection Center --> MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
Numerology Calculator --> "C:\Program Files\2Near\Numerology\unins000.exe"
Odyssey Client --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{99D42EC7-652B-4819-B3E6-6450C815E03F}
OLYMPUS CAMEDIA Master 4.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{30BB4D60-81DB-11D5-BB77-00400536ABAC}\Setup.exe"
OLYMPUS Master 2 --> MsiExec.exe /X{F958F15A-4CE2-44E7-8179-97BBDCAF401A}
POWERPREP GRE --> C:\WINDOWS\IsUninst.exe -fC:\ETS\PPGRE.isu
Punch! Super Home Suite --> C:\PROGRA~1\PUNCH!~1\UNWISE.EXE C:\PROGRA~1\PUNCH!~1\INSTALL.LOG
QuickBooks Basic 2002 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{809987B2-F964-11D4-A1A5-00104BD190B1}\setup.exe" -addremove
Quicken 2008 --> MsiExec.exe /X{3B0F52AC-EF5C-4831-B221-06C782E41280}
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log
Rand McNally SGDE Engine V6 --> MsiExec.exe /I{5F05B7D4-0064-4D7F-B888-5E5C190E0A69}
Rand McNally SGDE Search Databases --> MsiExec.exe /X{BE50CAF7-C98E-4242-B476-C1BCEFC6E22E}
Rand McNally Street Guide Cincinnati & Dayton 2006 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{2D621F6A-4C9B-4A24-AF70-18895662ADD9}
RealArcade --> C:\Program Files\Real\RealArcade\Update\rnuninst.exe RealNetworks|RealArcade|1.2
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RTC Client API v1.2 --> MsiExec.exe /X{44CDBD1B-89FB-4E02-8319-2A4C550F664A}
S3Display --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Display'
S3Gamma2 --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Gamma2'
S3Info2 --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Info2'
SCRABBLE --> C:\PROGRA~1\GAMEHO~1\SCRABBLE\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\SCRABBLE\INSTALL.LOG
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Skype™ 3.5 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spelling Dictionaries Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Super WHATword? --> C:\PROGRA~1\GAMEHO~1\WHATword\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\WHATword\INSTALL.LOG
Symantec --> MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09}
Symantec Technical Support Web Controls --> MsiExec.exe /X{C4868E88-F5B5-4E45-9592-C7062BD97441}
Tax Forms Helper 2002 5.5 --> "C:\Program Files\Adams Business Forms\Tax Forms Helper 2002\unins000.exe"
Toshiba Access --> C:\PROGRA~1\TOSHIB~2\UNWISE.EXE C:\PROGRA~1\TOSHIB~2\INSTALL.LOG
TOSHIBA Console --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3CF0858D-1AC5-4308-9DE7-AD15288A8BDC}\Setup.exe" -uninst
TOSHIBA Controls --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}\Setup.exe"
Toshiba Hotkey Utility for Display Devices --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\TFNF5Wxp.inf,DefaultUninstall,5
TOSHIBA Management Console Version 2.0 (2.0.3) --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\TOSHIBA Management Console\Uninst.isu" -c"C:\Program Files\TOSHIBA\TOSHIBA Management Console\ttinst.dll"
Toshiba On the Web and Support Menu --> C:\PROGRA~1\TOSHIB~1\UNWISE.EXE C:\PROGRA~1\TOSHIB~1\INSTALL.LOG
TOSHIBA Power Saver --> TPWRDEL.EXE
Toshiba Registration --> MsiExec.exe /X{F6C405D2-C50D-4D10-B89E-73A233A14D74}
TOSHIBA Software Modem --> Tosmreg -U
Toshiba Software Upgrades --> C:\Toshiba\ivp\swupdate\UNWISE.EXE C:\Toshiba\ivp\swupdate\INSTALL.LOG
Toshiba System Stability Program --> C:\Toshiba\SYSSTA~1\UNWISE.EXE C:\Toshiba\SYSSTA~1\INSTALL.LOG
Toshiba Tbiosdrv Driver --> C:\PROGRA~1\Toshiba\TOSHIB~1\UNWISE.EXE C:\PROGRA~1\Toshiba\TOSHIB~1\INSTALL.LOG
TOSHIBA TouchPad On/Off Utility V2.01.01 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\TouchED\Uninst.isu" -c"C:\Program Files\TOSHIBA\TouchED\tpedinst.dll"
TOSHIBA Utilities --> tutildel.exe
Toshiba WinXP Registration --> C:\WINDOWS\uninst.exe -f"C:\Program Files\DataLode\Toshiba WinXP Registration\DeIsL2.isu" -cC:\PROGRA~1\DataLode\TOSHIB~2\_ISREG32.DLL
USB Storage Driver --> DelUIDrv.exe
Veo Connect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8026D160-0B5D-11D6-BC84-00D0B7E10CD1}\setup.exe"
Veo Creative Studio - Connect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A72C3852-1B81-4E49-BBF7-A1795413FCBD}\Setup.exe" -l0x9
Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WebVideo Support --> C:\WINDOWS\spnkfwad.exe
WildTangent Web Driver --> C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Wireless-G Notebook Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A2EDF5F-F3C6-4919-AE34-C08A71AD034A}\Setup.exe" -l0x9
Woodalls 1.0 --> C:\Program Files\Woodalls\uninst.exe
Word Slinger --> C:\PROGRA~1\AOLGAM~1\WORDSL~1\UNWISE.EXE /U C:\PROGRA~1\AOLGAM~1\WORDSL~1\INSTALL.LOG
XML Paper Specification Shared Components Pack 1.0 -->
Yahoo! Extras --> C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Mail --> C:\WINDOWS\system32\regsvr32.exe /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
YAMAHA AC-XG WDM --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3663DDE0-D8AE-11D3-9850-00C04F7AC096}\setup.exe" maintenance
Zuma Deluxe 1.0 --> C:\Program Files\Pogo Games\Zuma Deluxe\PopUninstall.exe "C:\Program Files\Pogo Games\Zuma Deluxe\Install.log"
-- Application Event Log -------------------------------------------------------
Event Record #/Type44746 / Error
Event Submitted/Written: 04/14/2008 11:13:23 PM
Event ID/Source: 1008 / MsiInstaller
Event Description:
The installation of C:\Program Files\Common Files\Wise Installation Wizard\WISDED53B0BB67C4244AE6AD6FD3C28D1EF_7_0_2_7.MSI is not permitted due to an error in software restriction policy processing. The object cannot be trusted.
Event Record #/Type44744 / Error
Event Submitted/Written: 04/14/2008 11:08:49 PM
Event ID/Source: 1008 / MsiInstaller
Event Description:
The installation of C:\Program Files\Common Files\Wise Installation Wizard\WISDED53B0BB67C4244AE6AD6FD3C28D1EF_7_0_2_7.MSI is not permitted due to an error in software restriction policy processing. The object cannot be trusted.
Event Record #/Type44743 / Error
Event Submitted/Written: 04/14/2008 08:01:57 PM
Event ID/Source: 1008 / MsiInstaller
Event Description:
The installation of C:\Program Files\Common Files\Wise Installation Wizard\WISDED53B0BB67C4244AE6AD6FD3C28D1EF_7_0_2_7.MSI is not permitted due to an error in software restriction policy processing. The object cannot be trusted.
Event Record #/Type44704 / Error
Event Submitted/Written: 04/14/2008 09:31:20 AM
Event ID/Source: 11 / crypt32
Event Description:
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
Event Record #/Type44702 / Error
Event Submitted/Written: 04/14/2008 02:41:47 AM
Event ID/Source: 1008 / MsiInstaller
Event Description:
The installation of C:\Program Files\Common Files\Wise Installation Wizard\WISDED53B0BB67C4244AE6AD6FD3C28D1EF_7_0_2_7.MSI is not permitted due to an error in software restriction policy processing. The object cannot be trusted.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type121855 / Error
Event Submitted/Written: 04/14/2008 11:26:38 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}
Event Record #/Type121854 / Error
Event Submitted/Written: 04/14/2008 11:13:42 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}
Event Record #/Type121852 / Error
Event Submitted/Written: 04/14/2008 11:12:23 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
eeCtrl
Fips
intelppm
SPBBCDrv
SRTSPX
SYMTDI
Event Record #/Type121851 / Error
Event Submitted/Written: 04/14/2008 11:12:09 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
Event Record #/Type121846 / Error
Event Submitted/Written: 04/14/2008 11:09:18 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
-- End of Deckard's System Scanner: finished at 2008-04-15 00:48:10 ------------
ComboFix 08-04-14.2 - Administrator 2008-04-15 13:13:26.1 - NTFSx86 NETWORK
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Daniel Little\Desktopblackbird.jpg
C:\Documents and Settings\Daniel Little\DesktopEditorFKWP1.5.exe
C:\Documents and Settings\Daniel Little\DesktopEditorFKWP2.0.exe
C:\Documents and Settings\Daniel Little\Desktopfilemanagerclient.exe
C:\Documents and Settings\Daniel Little\Desktopfkwp1.5.exe
C:\Documents and Settings\Daniel Little\Desktopfkwp2.0.exe
C:\Documents and Settings\Daniel Little\Desktopfwebd.exe
C:\Documents and Settings\Daniel Little\DesktopFWebdEditor.exe
C:\Documents and Settings\Daniel Little\DesktopTrojan.Win32.BlackBird.exe
C:\Documents and Settings\Daniel Little\Desktopvirii
C:\Documents and Settings\Daniel Little\Favorites\Error Cleaner.url
C:\Documents and Settings\Daniel Little\Favorites\Privacy Protector.url
C:\Documents and Settings\Daniel Little\Favorites\Spyware&Malware Protection.url
C:\Documents and Settings\Judith Little\Desktopblackbird.jpg
C:\Documents and Settings\Judith Little\DesktopEditorFKWP1.5.exe
C:\Documents and Settings\Judith Little\DesktopEditorFKWP2.0.exe
C:\Documents and Settings\Judith Little\Desktopfilemanagerclient.exe
C:\Documents and Settings\Judith Little\Desktopfkwp1.5.exe
C:\Documents and Settings\Judith Little\Desktopfkwp2.0.exe
C:\Documents and Settings\Judith Little\Desktopfwebd.exe
C:\Documents and Settings\Judith Little\DesktopFWebdEditor.exe
C:\Documents and Settings\Judith Little\DesktopTrojan.Win32.BlackBird.exe
C:\Documents and Settings\Judith Little\Desktopvirii
C:\Documents and Settings\Judith Little\Favorites\Error Cleaner.url
C:\Documents and Settings\Judith Little\Favorites\Privacy Protector.url
C:\Documents and Settings\Judith Little\Favorites\Spyware&Malware Protection.url
C:\Program Files\PC-Cleaner
C:\WINDOWS\a.bat
C:\WINDOWS\base64.tmp
C:\WINDOWS\bdn.com
C:\WINDOWS\FVProtect.exe
C:\WINDOWS\iTunesMusic.exe
C:\WINDOWS\mslagent
C:\WINDOWS\mssecu.exe
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\system32\ddcApqqO.dll
C:\WINDOWS\system32\hgGyvtTj.dll
C:\WINDOWS\system32\HjiSYJjl.ini
C:\WINDOWS\system32\HjiSYJjl.ini2
C:\WINDOWS\system32\imndqwqx.ini
C:\WINDOWS\system32\jTtvyGgh.ini
C:\WINDOWS\system32\jTtvyGgh.ini2
C:\WINDOWS\system32\ljJYSijH.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\qqlyrels.ini
C:\WINDOWS\system32\slerylqq.dll
C:\WINDOWS\system32\xqwqdnmi.dll
C:\WINDOWS\system32akttzn.exe
C:\WINDOWS\system32anticipator.dll
C:\WINDOWS\system32awtoolb.dll
C:\WINDOWS\system32bdn.com
C:\WINDOWS\system32bsva-egihsg52.exe
C:\WINDOWS\system32dpcproxy.exe
C:\WINDOWS\system32emesx.dll
C:\WINDOWS\system32h@tkeysh@@k.dll
C:\WINDOWS\system32hoproxy.dll
C:\WINDOWS\system32hxiwlgpm.dat
C:\WINDOWS\system32hxiwlgpm.exe
C:\WINDOWS\system32medup012.dll
C:\WINDOWS\system32medup020.dll
C:\WINDOWS\system32msgp.exe
C:\WINDOWS\system32msnbho.dll
C:\WINDOWS\system32mssecu.exe
C:\WINDOWS\system32msvchost.exe
C:\WINDOWS\system32mtr2.exe
C:\WINDOWS\system32mwin32.exe
C:\WINDOWS\system32netode.exe
C:\WINDOWS\system32newsd32.exe
C:\WINDOWS\system32ps1.exe
C:\WINDOWS\system32psof1.exe
C:\WINDOWS\system32psoft1.exe
C:\WINDOWS\system32regc64.dll
C:\WINDOWS\system32regm64.dll
C:\WINDOWS\system32Rundl1.exe
C:\WINDOWS\system32smp
C:\WINDOWS\system32smp\msrc.exe
C:\WINDOWS\system32sncntr.exe
C:\WINDOWS\system32ssurf022.dll
C:\WINDOWS\system32ssvchost.com
C:\WINDOWS\system32ssvchost.exe
C:\WINDOWS\system32sysreq.exe
C:\WINDOWS\system32taack.dat
C:\WINDOWS\system32taack.exe
C:\WINDOWS\system32temp#01.exe
C:\WINDOWS\system32thun.dll
C:\WINDOWS\system32thun32.dll
C:\WINDOWS\system32VBIEWER.OCX
C:\WINDOWS\system32vbsys2.dll
C:\WINDOWS\system32vcatchpi.dll
C:\WINDOWS\system32winlogonpc.exe
C:\WINDOWS\system32winsystem.exe
C:\WINDOWS\system32WINWGPX.EXE
C:\WINDOWS\userconfig9x.dll
C:\WINDOWS\Web\def.htm
C:\WINDOWS\winsystem.exe
C:\WINDOWS\zip1.tmp
C:\WINDOWS\zip2.tmp
C:\WINDOWS\zip3.tmp
C:\WINDOWS\zipped.tmp
.
((((((((((((((((((((((((( Files Created from 2008-03-15 to 2008-04-15 )))))))))))))))))))))))))))))))
.
2008-04-15 07:09 . 2008-04-15 07:09 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-15 07:09 . 2008-04-15 07:09 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2008-04-15 07:09 . 2008-04-15 07:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-15 07:02 . 2008-04-15 07:02 3,648 --a------ C:\WINDOWS\system32\ivpdmmck.dll
2008-04-15 00:42 . 2008-04-15 00:42 <DIR> d-------- C:\Deckard
2008-04-15 00:20 . 2008-04-15 00:20 <DIR> d-------- C:\VundoFix Backups
2008-04-14 23:23 . 2008-04-14 23:54 <DIR> d-------- C:\Documents and Settings\Administrator\.housecall6.6
2008-04-14 20:04 . 2008-04-14 20:04 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-04-14 09:35 . 2008-04-14 12:12 <DIR> d-------- C:\Documents and Settings\Daniel Little\.housecall6.6
2008-04-14 02:37 . 2008-04-14 02:37 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-14 01:11 . 2008-04-14 01:11 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-13 23:17 . 2008-04-13 23:17 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-04-13 22:56 . 2002-03-27 18:32 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-04-13 22:56 . 2004-02-08 09:07 <DIR> d-------- C:\Documents and Settings\Administrator\NetWorkSwitch.temp
2008-04-13 22:56 . 2002-03-27 18:05 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-04-13 22:56 . 2002-03-27 16:53 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust
2008-04-13 22:56 . 2002-03-27 18:03 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Drag'n Drop CD
2008-04-13 22:56 . 2008-04-14 23:23 <DIR> d-------- C:\Documents and Settings\Administrator
2008-04-13 19:07 . 2008-04-13 19:07 98,304 --a------ C:\WINDOWS\system32\loxmxoda.exe
2008-04-13 18:20 . 2008-04-13 18:42 <DIR> d-------- C:\Documents and Settings\Daniel Little\Application Data\TmpRecentIcons
2008-04-13 15:59 . 2008-04-14 19:51 <DIR> d-------- C:\Documents and Settings\Judith Little\Application Data\TmpRecentIcons
2008-04-13 15:18 . 2008-04-14 00:40 946 ---hs---- C:\WINDOWS\system32\gmquxdxg.ini
2008-04-13 14:54 . 2008-04-13 09:08 258,048 --a------ C:\WINDOWS\nslbvxpgrno.dll
2008-04-13 14:54 . 2008-04-13 09:08 217,088 --a------ C:\WINDOWS\dsktbwfe.dll
2008-04-13 14:54 . 2008-04-13 09:08 204,800 --a------ C:\WINDOWS\sgoblxtm.dll
2008-04-13 14:54 . 2008-04-13 09:08 200,704 --a------ C:\WINDOWS\ogxtsepr.dll
2008-04-13 14:54 . 2008-04-13 09:08 98,304 --a------ C:\WINDOWS\spnkfwad.exe
2008-04-13 14:53 . 2008-04-13 14:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\gjwdqlqz
2008-04-13 14:53 . 2008-04-13 14:53 102,400 --a------ C:\WINDOWS\system32\obmvsdin.exe
2008-04-11 21:59 . 2008-04-11 21:59 <DIR> d-------- C:\Documents and Settings\Judith Little\Application Data\Talkback
2008-04-11 21:55 . 2008-04-11 21:55 <DIR> d-------- C:\Program Files\Common Files\xing shared
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-14 22:53 --------- d-----w C:\Program Files\Viewpoint
2008-04-14 22:53 --------- d-----w C:\Program Files\AWS
2008-04-14 04:45 --------- d-----w C:\Documents and Settings\Judith Little\Application Data\SlipStream
2008-04-13 16:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-04-12 01:54 --------- d-----w C:\Program Files\Common Files\Real
2008-04-12 01:53 --------- d-----w C:\Program Files\Real
2008-04-04 00:48 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-24 23:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-11 04:11 --------- d-----w C:\Program Files\AIM6
2008-03-11 04:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-03-11 04:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-03-11 04:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-03-07 17:40 13,035 ----a-w C:\WINDOWS\system32\drivers\SymRedir.cat
2008-03-07 17:40 1,358 ----a-w C:\WINDOWS\system32\drivers\SymRedir.inf
2008-03-07 17:39 39,984 ----a-w C:\WINDOWS\system32\drivers\symids.sys
2008-03-07 17:39 37,936 ----a-w C:\WINDOWS\system32\drivers\symndisv.sys
2008-03-07 17:39 35,120 ----a-w C:\WINDOWS\system32\drivers\symndis.sys
2008-03-07 17:39 27,696 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys
2008-03-07 17:39 191,536 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys
2008-03-07 17:39 145,968 ----a-w C:\WINDOWS\system32\drivers\symfw.sys
2008-03-07 17:39 12,848 ----a-w C:\WINDOWS\system32\drivers\symdns.sys
2008-03-07 01:32 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-03-07 01:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-03-07 01:32 10,537 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-02-19 05:20 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-16 03:37 74,640 ----a-w C:\Documents and Settings\Judith Little\Application Data\GDIPFONTCACHEV1.DAT
2007-06-04 11:54 29,352,069 ----a-w C:\Program Files\Legacy6Setup.exe
2006-04-27 22:45 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2005-04-28 14:35 86,512 ----a-w C:\Documents and Settings\Daniel Little\Application Data\GDIPFONTCACHEV1.DAT
2005-02-10 23:55 4,466,776 ----a-w C:\Program Files\aol instant messanger.exe
2000-12-12 15:17 100,432 ------w C:\Program Files\Win2000PPAHotfix.exe
2007-09-12 18:46 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
2007-09-12 18:46 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
2007-09-12 18:46 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C796500F-4B97-4F2B-B886-11FA6B72F13F}]
2008-04-13 09:08 258048 --a------ C:\WINDOWS\nslbvxpgrno.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"00THotkey"="C:\WINDOWS\System32\00THotkey.exe" [2002-04-15 18:35 249856]
"000StTHK"="000StTHK.exe" [2001-06-23 20:28 24576 C:\WINDOWS\system32\000StTHK.exe]
"Pinger"="C:\Toshiba\ivp\ISM\pinger.exe" [2001-11-14 06:37 147456]
"S3Hotkey"="s3hotkey.exe" [2001-09-13 12:27 40960 C:\WINDOWS\system32\s3hotkey.exe]
"S3TRAY2"="S3Tray2.exe" [2002-02-21 07:38 69632 C:\WINDOWS\system32\S3Tray2.exe]
"TFNF5"="TFNF5.exe" [2001-08-03 21:08 73728 C:\WINDOWS\system32\TFNF5.exe]
"TSysSMon"="c:\toshiba\sysstability\tsyssmon.exe" [2002-04-05 17:44 49152]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2002-03-29 17:40 122880]
"Tpwrtray"="TPWRTRAY.EXE" [2002-03-19 20:38 217088 C:\WINDOWS\system32\TPWRTRAY.EXE]
"TouchED"="C:\Program Files\TOSHIBA\TouchED\TouchED.Exe" [2002-04-12 11:13 126976]
"IDesktop.2.5"="C:\PROGRA~1\IMMERS~1\TOUCHS~1\Clients\Desktop\IDesktop.exe" [2002-04-26 10:47 532480]
"Iomega Startup Options"="C:\Program Files\Iomega\Common\ImgStart.exe" [2001-01-17 17:33 45056]
"Iomega Drive Icons"="C:\Program Files\Iomega\DriveIcons\ImgIcon.exe" [2001-09-12 11:35 61440]
"TFncKy"="TFncKy.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-02-05 19:13 98304]
"EPSON Stylus C84 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.exe" [2003-05-27 03:00 99840]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46 57344]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2004-10-20 09:40 34904]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 12:59 124520]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59 115816]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2006-09-05 21:22 26248]
"SlipStream"="C:\Program Files\BrowseBlast Web Accelerator\slipcore.exe" [2007-04-24 15:20 339968]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 20:51 583048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-11 21:53 185896]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2002-07-28 17:43:25 113664]
BrowseBlast Web Accelerator.lnk - C:\Program Files\BrowseBlast Web Accelerator\slipgui.exe [2007-05-16 07:28:42 225280]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-04-11 07:54:58 124912]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
PC Health.lnk - C:\Program Files\Toshiba\TOSHIBA Management Console\TOSHealthLocalS.vbs [2002-08-09 08:39:00 2126]
QuickBooks 2002 Delivery Agent.lnk - C:\Program Files\Intuit\QuickBooks Basic\Components\QBAgent\qbdagent2002.exe [2003-04-26 11:19:52 311296]
Wireless-G Notebook Adapter.lnk - C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe [2006-04-17 18:44:59 36864]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"tDn9SQCpwi"= C:\Documents and Settings\All Users\Application Data\gjwdqlqz\etyfalur.exe
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
C:\Program Files\America Online 9.0o\AOL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
-r------- 2004-10-20 09:40 34904 C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-04-20 13:10 13416 C:\Program Files\Common Files\AOL\1127558461\ee\AOLHostManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]
C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"C:\\WINDOWS\\system32\\fxsclnt.exe"=
"C:\\Toshiba\\ivp\\NetInt\\Netint.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Common Files\\AOL\\1127558461\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\1127558461\\ee\\aim6.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
R0 TVALG;Toshiba Value Added Logical and General Purpose Device Driver;C:\WINDOWS\system32\DRIVERS\TVALG.SYS [2001-09-13 19:53]
R3 odysseyIM4;Odyssey Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys [2004-09-24 23:36]
S2 FEELitDM;FEELitDM;C:\WINDOWS\System32\FEELitDM.exe [2001-02-19 11:20]
S2 NICSer_WPC54G;NICSer_WPC54G;C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe [2003-11-13 13:29]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
S3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\CBTNDIS5.SYS [2003-07-16 22:28]
S3 HPZs2k12;Storage Class Driver for IEEE-1284.4 (HPZ12);C:\WINDOWS\system32\Drivers\hpzs2k12.sys [2002-06-20 10:51]
S3 ihidfilt;Immersion ihidfilt Driver;C:\WINDOWS\system32\DRIVERS\ihidfilt.sys [2001-02-19 11:19]
S3 KMW_KBD;Kensington Input Devices Class filter driver;C:\WINDOWS\system32\DRIVERS\KMW_KBD.sys []
S3 KMW_USB;Kensington MouseWorks USB filter driver;C:\WINDOWS\system32\DRIVERS\KMW_USB.sys [2003-12-01 18:53]
S3 pciSd;pciSd;C:\WINDOWS\system32\DRIVERS\tossdpci.sys [2002-01-07 18:16]
S3 TOSHIBASoftModem;TOSHIBA Software Modem;C:\WINDOWS\system32\DRIVERS\LTSM.sys [2001-09-26 20:34]
S3 tsdhd;TOSHIBA SD Card Host Controller Driver;C:\WINDOWS\system32\DRIVERS\tsdhd.sys [2002-04-04 18:12]
S3 WPC54Gv3;Linksys Wireless Notebook Adapter WPC54Gv3 Driver;C:\WINDOWS\system32\DRIVERS\WPC54Gv3.SYS [2006-11-30 23:54]
S3 XIRLINK;Veo PC Camera;C:\WINDOWS\system32\DRIVERS\ucdnt.sys [2002-03-12 22:50]
S3 ZSMC302;MobileCam Pro;C:\WINDOWS\system32\Drivers\usbvm302.sys [2004-01-07 14:22]
.
Contents of the 'Scheduled Tasks' folder
"2008-04-13 15:51:55 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Judith Little.job"
- C:\PROGRA~1\NORTON~1\Navw32.exeh/TASK:
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-15 13:59:11
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-04-15 14:08:50 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-15 18:08:45
Pre-Run: 11,252,781,056 bytes free
Post-Run: 11,643,826,176 bytes free
.
2008-04-12 07:16:58 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:16:38 PM, on 4/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zoomtown.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....k/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: DVA Storm - {C796500F-4B97-4F2B-B886-11FA6B72F13F} - C:\WINDOWS\nslbvxpgrno.dll
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Pinger] C:\Toshiba\ivp\ISM\pinger.exe /run
O4 - HKLM\..\Run: [S3Hotkey] s3hotkey.exe
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TSysSMon] c:\toshiba\sysstability\tsyssmon.exe /detect
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [IDesktop.2.5] C:\PROGRA~1\IMMERS~1\TOUCHS~1\Clients\Desktop\IDesktop.exe 1
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 20
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P23 "EPSON Stylus C84 Series" /O6 "USB001" /M "Stylus C84"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [SlipStream] "C:\Program Files\BrowseBlast Web Accelerator\slipcore.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [tDn9SQCpwi] C:\Documents and Settings\All Users\Application Data\gjwdqlqz\etyfalur.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BrowseBlast Web Accelerator.lnk = C:\Program Files\BrowseBlast Web Accelerator\slipgui.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PC Health.lnk = C:\Program Files\Toshiba\TOSHIBA Management Console\TOSHealthLocalS.vbs
O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Basic\Components\QBAgent\qbdagent2002.exe
O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O12 - Plugin for .asx: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O16 - DPF: Dice Derby by pogo - http://game1.pogo.co...g-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://popfu.pogo.co...u-ob-assets.cab
O16 - DPF: Spades by pogo - http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://holdem2.pogo....m-ob-assets.cab
O16 - DPF: Yahoo! Euchre - http://download.game...nts/y/et0_x.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} (HPSDDX Class) - http://www.hp.com/cp...ddObjSigned.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - http://esupport.aol....oach_core_1.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1155121094734
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalci....1.11_en_dl.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: FEELitDM - Immersion Corporation - C:\WINDOWS\System32\FEELitDM.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iomega Activity Disk2 - Iomega Corporation - C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 10811 bytes
Tuesday, April 15, 2008 1:04:56 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 15/04/2008
Kaspersky Anti-Virus database records: 706125
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target Critical Areas
C:\WINDOWS
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\
Scan Statistics
Total number of scanned objects 30936
Number of viruses found 3
Number of infected objects 3
Number of suspicious objects 0
Duration of the scan process 00:46:27
Infected Object Name Virus Name Last Action
C:\WINDOWS\$NtUninstallKB824141$\user32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\win32k.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB828028$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\dao360.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\expsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msexch40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msexcl40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msjet40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msjetoledb40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msjint40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msjter40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msjtes40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msltus40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\mspbde40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msrd2x40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msrd3x40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msrepl40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\mstext40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\mswdat10.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\mswstr10.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msxbde40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\vbajet32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\cmdevtgprov.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\evtgprov.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\xpsp2res.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\dao360.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msexcl40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjet40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjetol1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjetoledb40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjtes40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\fldrclnr.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\shell32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\shlwapi.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\sxs.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\xpsp2res.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ329048$\reg00002 Object is locked skipped
C:\WINDOWS\$NtUninstallQ329115$\reg00002 Object is locked skipped
C:\WINDOWS\$NtUninstallQ329115$\reg00003 Object is locked skipped
C:\WINDOWS\$NtUninstallQ329390$\reg00002 Object is locked skipped
C:\WINDOWS\$NtUninstallQ329834$\reg00002 Object is locked skipped
C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx Object is locked skipped
C:\WINDOWS\$NtUninstallQ828026$\wmp.dll Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\ivpdmmck.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\xqwqdnmi.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.nvf skipped
C:\WINDOWS\Web\def.htm Infected: not-virus:Hoax.HTML.Secureinvites.c skipped
Scan process completed.
Still having the same problems, although we were able to get AdAware installed, finally. Can ANYONE help?