Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91733 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Trojan.Win32.KillAV removal


  • This topic is locked This topic is locked
No replies to this topic

#1 psmckinley

psmckinley

    New Member

  • New Member
  • Pip
  • 1 posts

Posted 15 April 2008 - 03:53 PM

Okay, I have my AAS in Computer Systems but I am lost here. I am trying to help out a really good family friend with his virus issues, and we are just not able to kick this one. The biggest problem is that I am in Arizona and he is in Ohio.

Right now he is locked out of the ability to install anything, and to download most things. Even in Safe Mode as a system administrator, he is having issues with getting things fixed.

So, I got him HiJack This, had him run a log, had him run DSS and ComboFix and here is where we stand:

Deckard's System Scanner v20071014.68
Run by Administrator on 2008-04-15 00:43:04
Computer is in Safe Mode with Networking.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...failed; computer is in safe mode.


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:46:06 AM, on 4/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zoomtown.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....k/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {2F20CD36-E9D6-46F3-8F9E-5C3756D80A1F} - C:\WINDOWS\system32\hgGyvtTj.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: DVA Storm - {C796500F-4B97-4F2B-B886-11FA6B72F13F} - C:\WINDOWS\nslbvxpgrno.dll
O2 - BHO: (no name) - {EEC73EA5-1367-49D1-93F4-CA1D8C22E9F9} - C:\WINDOWS\system32\ddcApqqO.dll
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Pinger] C:\Toshiba\ivp\ISM\pinger.exe /run
O4 - HKLM\..\Run: [S3Hotkey] s3hotkey.exe
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TSysSMon] c:\toshiba\sysstability\tsyssmon.exe /detect
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [IDesktop.2.5] C:\PROGRA~1\IMMERS~1\TOUCHS~1\Clients\Desktop\IDesktop.exe 1
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 20
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P23 "EPSON Stylus C84 Series" /O6 "USB001" /M "Stylus C84"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [SlipStream] "C:\Program Files\BrowseBlast Web Accelerator\slipcore.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [f0cc20c2] rundll32.exe "C:\WINDOWS\system32\xqwqdnmi.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [tDn9SQCpwi] C:\Documents and Settings\All Users\Application Data\gjwdqlqz\etyfalur.exe
O4 - S-1-5-18 Startup: desktop weather.lnk = C:\Program Files\desktop weather\desktopweather_2345535.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: desktop weather.lnk = C:\Program Files\desktop weather\desktopweather_2345535.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BrowseBlast Web Accelerator.lnk = C:\Program Files\BrowseBlast Web Accelerator\slipgui.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PC Health.lnk = C:\Program Files\Toshiba\TOSHIBA Management Console\TOSHealthLocalS.vbs
O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Basic\Components\QBAgent\qbdagent2002.exe
O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O12 - Plugin for .asx: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O16 - DPF: Dice Derby by pogo - http://game1.pogo.co...g-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://popfu.pogo.co...u-ob-assets.cab
O16 - DPF: Spades by pogo - http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://holdem2.pogo....m-ob-assets.cab
O16 - DPF: Yahoo! Euchre - http://download.game...nts/y/et0_x.cab
O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} (HPSDDX Class) - http://www.hp.com/cp...ddObjSigned.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - http://esupport.aol....oach_core_1.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1155121094734
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalci....1.11_en_dl.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ddcApqqO - C:\WINDOWS\SYSTEM32\ddcApqqO.dll
O21 - SSODL: dsktbwfe - {0B612CE8-54A4-4007-9627-4400A5F81ED8} - C:\WINDOWS\dsktbwfe.dll
O21 - SSODL: ogxtsepr - {375783C5-E251-416E-92E2-6CE73AC5ADDD} - C:\WINDOWS\ogxtsepr.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: FEELitDM - Immersion Corporation - C:\WINDOWS\System32\FEELitDM.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iomega Activity Disk2 - Iomega Corporation - C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11392 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080414-014832-112 O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
backup-20080414-014832-131 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
backup-20080414-014832-134 O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
backup-20080414-014832-220 O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
backup-20080414-014832-232 O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
backup-20080414-014832-254 R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
backup-20080414-014832-407 O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
backup-20080414-014832-454 O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
backup-20080414-014832-465 O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
backup-20080414-014832-473 O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
backup-20080414-014832-495 O3 - Toolbar: sgoblxtm - {54CF4CA2-C46C-4B5C-8DC5-0C0D42ECD69E} - C:\WINDOWS\sgoblxtm.dll
backup-20080414-014832-553 O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
backup-20080414-014832-628 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
backup-20080414-014832-663 O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZNxmk996INUS
backup-20080414-014832-666 O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
backup-20080414-014832-714 O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
backup-20080414-014832-741 O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
backup-20080414-014832-789 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
backup-20080414-014832-802 O4 - HKLM\..\Run: [MyWebSearch Email Plugin]
backup-20080414-014832-811 O4 - HKLM\..\Run: [f0cc20c2] rundll32.exe "C:\WINDOWS\system32\gxdxuqmg.dll",b
backup-20080414-014832-830 O4 - HKCU\..\Run: [exypavai] C:\WINDOWS\system32\obmvsdin.exe
backup-20080414-014832-859 R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
backup-20080414-014832-891 O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
backup-20080414-014832-895 O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
backup-20080414-014832-909 O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
backup-20080414-014832-947 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
backup-20080414-014832-953 O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
backup-20080414-014833-434 O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
backup-20080414-014834-391 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
backup-20080414-014834-704 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
backup-20080414-014835-976 O12 - Plugin for .asx: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
backup-20080414-014836-314 O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} (HPSDDX Class) - http://www.hp.com/cp...ddObjSigned.cab
backup-20080414-014837-886 O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...tup1.0.0.15.cab
backup-20080414-014839-754 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
backup-20080414-014841-839 O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - http://esupport.aol....oach_core_1.cab
backup-20080414-014842-518 O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
backup-20080414-014844-573 O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalci....1.11_en_dl.cab
backup-20080414-014846-131 O21 - SSODL: ogxtsepr - {375783C5-E251-416E-92E2-6CE73AC5ADDD} - C:\WINDOWS\ogxtsepr.dll
backup-20080414-014846-472 O21 - SSODL: dsktbwfe - {0B612CE8-54A4-4007-9627-4400A5F81ED8} - C:\WINDOWS\dsktbwfe.dll
backup-20080414-014847-199 O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
backup-20080414-014847-255 O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
backup-20080414-014847-450 O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
backup-20080414-014847-890 O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 iomdisk (Iomega Devices Disk Filter Services) - c:\windows\system32\drivers\iomdisk.sys <Not Verified; Iomega Corporation; Microsoft® Windows NT® Operating System>
R0 TVALD (Toshiba ACPI-Based Value Added Logical Device Driver) - c:\windows\system32\drivers\tvald.sys <Not Verified; Toshiba Corporation; Toshiba ACPI-Compliant Value Added Logical Device>
R0 TVALG (Toshiba Value Added Logical and General Purpose Device Driver) - c:\windows\system32\drivers\tvalg.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Value Added Logical and General Purpose Device Driver>

S3 ApfiltrService (Alps Pointing-device Filter Driver) - c:\windows\system32\drivers\apfiltr.sys <Not Verified; Alps Electric Co., Ltd.; Alps Touch Pad Driver for Windows 2000/XP>
S3 CBTNDIS5 (CBTNDIS5 NDIS Protocol Driver) - c:\windows\system32\cbtndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 dot4ufd (HP Dot4USB Filter) - c:\windows\system32\drivers\hppaufd0.sys <Not Verified; HP; HP Dot4Ufd Windows XP>
S3 ihidfilt (Immersion ihidfilt Driver) - c:\windows\system32\drivers\ihidfilt.sys <Not Verified; Immersion Corporation; Immersion's FEELit Software>
S3 IPFilter (Microsoft IntelliPoint Features driver) - c:\windows\system32\drivers\ipfilter.sys (file missing)
S3 KMW_KBD (Kensington Input Devices Class filter driver) - c:\windows\system32\drivers\kmw_kbd.sys (file missing)
S3 KMW_USB (Kensington MouseWorks USB filter driver) - c:\windows\system32\drivers\kmw_usb.sys <Not Verified; Kensington Technology Group; KMW>
S3 S3SSavage - c:\windows\system32\drivers\s3ssavm.sys <Not Verified; S3 Graphics, Inc.; S3 Graphics SuperSavage Miniport>
S3 SilverLink (Texas Instruments SilverLink (USB GraphLink) Cable) - c:\windows\system32\drivers\silvrlnk.sys <Not Verified; Texas Instruments; TI-Connect SilverLink Cable Driver>
S3 SMCIRDA (SMC IrCC Miniport Device Driver) - c:\windows\system32\drivers\smcirda.sys <Not Verified; SMC; Fast Infrared Miniport Driver>
S3 TBiosDrv - c:\windows\system32\drivers\tbiosdrv.sys
S3 TOSHIBASoftModem (TOSHIBA Software Modem) - c:\windows\system32\drivers\ltsm.sys <Not Verified; LT; TOSHIBA SoftModem Driver>
S3 tsdhd (TOSHIBA SD Card Host Controller Driver) - c:\windows\system32\drivers\tsdhd.sys <Not Verified; TOSHIBA Corporation; SD Card Driver Set>
S3 ZSMC302 (MobileCam Pro) - c:\windows\system32\drivers\usbvm302.sys <Not Verified; VM; >


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 FEELitDM - c:\windows\system32\feelitdm.exe <Not Verified; Immersion Corporation; Immersion's FEELit Software>
S2 Iomega Activity Disk2 - "c:\progra~1\iomega\system32\activitydisk.exe" <Not Verified; Iomega Corporation; SmartSoft ActivityDisk>
S2 NICSer_WPC54G - c:\program files\linksys\wireless-g notebook adapter\nicserv.exe
S2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: Kensington PS/2 Mouse Driver
Device ID: ACPI\PNP0F13\4&1D6F7EAE&0
Manufacturer: Kensington Technology Group
Name: Kensington PS/2 Mouse Driver
PNP Device ID: ACPI\PNP0F13\4&1D6F7EAE&0
Service: i8042prt


-- Scheduled Tasks -------------------------------------------------------------

2008-04-13 11:51:55 546 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Judith Little.job


-- Files created between 2008-03-15 and 2008-04-15 -----------------------------

2008-04-15 00:20:45 0 d-------- C:\VundoFix Backups
2008-04-14 23:23:39 0 d-------- C:\Documents and Settings\Administrator\.housecall6.6
2008-04-14 23:22:56 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-04-14 20:04:42 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-04-14 16:19:35 85056 --a------ C:\WINDOWS\system32\xqwqdnmi.dll
2008-04-14 16:16:02 0 d-------- C:\WINDOWS\privacy_danger
2008-04-14 09:35:52 0 d-------- C:\Documents and Settings\Daniel Little\.housecall6.6
2008-04-14 09:34:43 0 d-------- C:\Documents and Settings\Daniel Little\Application Data\Sun
2008-04-14 02:37:18 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-14 01:11:10 0 d-------- C:\Program Files\Trend Micro
2008-04-13 23:17:54 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-04-13 22:56:29 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-04-13 22:56:29 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-04-13 22:56:29 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-04-13 22:56:29 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-04-13 22:56:29 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-04-13 22:56:29 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-04-13 22:56:29 0 d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust
2008-04-13 22:56:29 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-04-13 22:56:29 0 d-------- C:\Documents and Settings\Administrator\Application Data\Drag'n Drop CD
2008-04-13 22:56:29 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-04-13 22:56:28 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-04-13 22:56:28 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-04-13 22:56:28 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-04-13 22:56:27 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-04-13 22:56:27 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-04-13 22:56:27 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-04-13 22:56:27 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-04-13 22:56:27 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-04-13 22:56:27 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-04-13 22:56:27 0 d-------- C:\Documents and Settings\Administrator\NetWorkSwitch.temp
2008-04-13 22:56:26 1048576 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-04-13 22:23:30 0 d--hs---- C:\WINDOWS\CSC
2008-04-13 21:21:49 0 dr-h----- C:\Documents and Settings\Judith Little\Recent
2008-04-13 19:52:52 0 d-------- C:\Program Files\PC-Cleaner
2008-04-13 19:10:44 0 d-------- C:\Documents and Settings\Daniel Little\Desktopvirii
2008-04-13 19:09:31 4096 --a------ C:\Documents and Settings\Daniel Little\Desktopfilemanagerclient.exe
2008-04-13 19:09:22 4096 --a------ C:\Documents and Settings\Daniel Little\DesktopFWebdEditor.exe
2008-04-13 19:09:22 4096 --a------ C:\Documents and Settings\Daniel Little\Desktopfwebd.exe
2008-04-13 19:07:39 98304 --a------ C:\WINDOWS\system32\loxmxoda.exe
2008-04-13 18:51:24 0 d-------- C:\Documents and Settings\Daniel Little\Application Data\Google
2008-04-13 18:20:54 0 d-------- C:\Documents and Settings\Daniel Little\Application Data\TmpRecentIcons
2008-04-13 15:59:00 0 d-------- C:\Documents and Settings\Judith Little\Application Data\TmpRecentIcons
2008-04-13 15:09:53 186599 --ahs---- C:\WINDOWS\system32\jTtvyGgh.ini2
2008-04-13 15:09:34 272896 -----n--- C:\WINDOWS\system32\hgGyvtTj.dll
2008-04-13 14:54:56 98304 --a------ C:\WINDOWS\spnkfwad.exe
2008-04-13 14:54:56 204800 --a------ C:\WINDOWS\sgoblxtm.dll
2008-04-13 14:54:56 200704 --a------ C:\WINDOWS\ogxtsepr.dll
2008-04-13 14:54:56 217088 --a------ C:\WINDOWS\dsktbwfe.dll
2008-04-13 14:54:54 258048 --a------ C:\WINDOWS\nslbvxpgrno.dll
2008-04-13 14:54:53 4096 --a------ C:\WINDOWS\userconfig9x.dll
2008-04-13 14:54:53 4096 --a------ C:\WINDOWS\system32winlogonpc.exe
2008-04-13 14:54:53 4096 --a------ C:\WINDOWS\FVProtect.exe
2008-04-13 14:54:50 4096 --a------ C:\WINDOWS\system32hoproxy.dll
2008-04-13 14:54:48 4096 --a------ C:\WINDOWS\system32sncntr.exe
2008-04-13 14:54:48 4096 --a------ C:\WINDOWS\system32mwin32.exe
2008-04-13 14:54:48 4096 --a------ C:\WINDOWS\a.bat
2008-04-13 14:54:47 4096 --a------ C:\WINDOWS\system32taack.exe
2008-04-13 14:54:47 4096 --a------ C:\WINDOWS\system32taack.dat
2008-04-13 14:54:47 4096 --a------ C:\WINDOWS\system32hxiwlgpm.exe
2008-04-13 14:54:47 4096 --a------ C:\WINDOWS\system32hxiwlgpm.dat
2008-04-13 14:54:34 0 d-------- C:\Documents and Settings\Judith Little\Desktopvirii
2008-04-13 14:54:33 4096 --a------ C:\WINDOWS\system32psoft1.exe
2008-04-13 14:54:33 4096 --a------ C:\WINDOWS\system32psof1.exe
2008-04-13 14:54:33 4096 --a------ C:\WINDOWS\system32ps1.exe
2008-04-13 14:54:33 4096 --a------ C:\WINDOWS\system32bsva-egihsg52.exe
2008-04-13 14:54:33 4096 --a------ C:\WINDOWS\iTunesMusic.exe
2008-04-13 14:54:32 4096 --a------ C:\WINDOWS\system32msnbho.dll
2008-04-13 14:54:31 4096 --a------ C:\WINDOWS\system32ssurf022.dll
2008-04-13 14:54:31 0 d-------- C:\WINDOWS\system32smp
2008-04-13 14:54:31 4096 --a------ C:\WINDOWS\system32netode.exe
2008-04-13 14:54:31 4096 --a------ C:\WINDOWS\system32mtr2.exe
2008-04-13 14:54:31 4096 --a------ C:\WINDOWS\system32msgp.exe
2008-04-13 14:54:31 4096 --a------ C:\WINDOWS\system32medup020.dll
2008-04-13 14:54:31 4096 --a------ C:\WINDOWS\system32medup012.dll
2008-04-13 14:54:29 4096 --a------ C:\WINDOWS\system32temp#01.exe
2008-04-13 14:54:29 4096 --a------ C:\WINDOWS\system32h@tkeysh@@k.dll
2008-04-13 14:54:29 4096 --a------ C:\WINDOWS\system32dpcproxy.exe
2008-04-13 14:54:27 4096 --a------ C:\WINDOWS\system32ssvchost.exe
2008-04-13 14:54:27 4096 --a------ C:\WINDOWS\system32ssvchost.com
2008-04-13 14:54:27 4096 --a------ C:\WINDOWS\system32regm64.dll
2008-04-13 14:54:27 4096 --a------ C:\WINDOWS\system32regc64.dll
2008-04-13 14:54:27 4096 --a------ C:\WINDOWS\system32msvchost.exe
2008-04-13 14:54:27 4096 --a------ C:\Documents and Settings\Judith Little\Desktopfilemanagerclient.exe
2008-04-13 14:54:25 4096 --a------ C:\WINDOWS\system32thun32.dll
2008-04-13 14:54:25 4096 --a------ C:\WINDOWS\system32thun.dll
2008-04-13 14:54:23 4096 --a------ C:\WINDOWS\system32Rundl1.exe
2008-04-13 14:54:23 4096 --a------ C:\Documents and Settings\Judith Little\DesktopFWebdEditor.exe
2008-04-13 14:54:23 4096 --a------ C:\Documents and Settings\Judith Little\Desktopfwebd.exe
2008-04-13 14:54:19 4096 --a------ C:\WINDOWS\system32newsd32.exe
2008-04-13 14:54:19 4096 --a------ C:\WINDOWS\system32emesx.dll
2008-04-13 14:54:19 4096 --a------ C:\WINDOWS\system32akttzn.exe
2008-04-13 14:54:18 4096 --a------ C:\WINDOWS\winsystem.exe
2008-04-13 14:54:18 4096 --a------ C:\WINDOWS\system32WINWGPX.EXE
2008-04-13 14:54:18 4096 --a------ C:\WINDOWS\system32winsystem.exe
2008-04-13 14:54:18 4096 --a------ C:\WINDOWS\system32vcatchpi.dll
2008-04-13 14:54:18 4096 --a------ C:\WINDOWS\system32sysreq.exe
2008-04-13 14:54:18 4096 --a------ C:\WINDOWS\system32mssecu.exe
2008-04-13 14:54:18 4096 --a------ C:\WINDOWS\system32bdn.com
2008-04-13 14:54:18 4096 --a------ C:\WINDOWS\system32anticipator.dll
2008-04-13 14:54:18 4096 --a------ C:\WINDOWS\mssecu.exe
2008-04-13 14:54:18 4096 --a------ C:\WINDOWS\bdn.com
2008-04-13 14:54:14 4096 --a------ C:\WINDOWS\system32awtoolb.dll
2008-04-13 14:54:11 4096 --a------ C:\WINDOWS\system32vbsys2.dll
2008-04-13 14:54:11 0 d-------- C:\WINDOWS\mslagent
2008-04-13 14:53:38 0 d-------- C:\Documents and Settings\All Users\Application Data\gjwdqlqz
2008-04-13 14:53:37 102400 --a------ C:\WINDOWS\system32\obmvsdin.exe
2008-04-13 14:53:11 38400 --a------ C:\WINDOWS\system32\ddcApqqO.dll
2008-04-11 21:59:26 0 d-------- C:\Documents and Settings\Judith Little\Application Data\Talkback
2008-04-11 21:55:01 0 d-------- C:\Program Files\Common Files\xing shared
2008-04-11 21:51:12 0 d-------- C:\Documents and Settings\Judith Little\Application Data\Mozilla


-- Find3M Report ---------------------------------------------------------------

2008-04-14 18:53:11 0 d-------- C:\Program Files\Viewpoint
2008-04-14 18:53:09 0 d-------- C:\Program Files\AWS
2008-04-14 00:07:49 1100 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-04-11 21:55:01 0 d-------- C:\Program Files\Common Files
2008-04-11 21:54:40 0 d-------- C:\Program Files\Common Files\Real
2008-04-11 21:53:30 0 d-------- C:\Program Files\Real
2008-04-03 20:48:22 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-11 00:11:04 0 d-------- C:\Program Files\AIM6
2008-02-19 01:20:16 0 d-------- C:\Program Files\Common Files\Adobe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2F20CD36-E9D6-46F3-8F9E-5C3756D80A1F}]
04/13/2008 03:09 PM 272896 --------- C:\WINDOWS\system32\hgGyvtTj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C796500F-4B97-4F2B-B886-11FA6B72F13F}]
04/13/2008 09:08 AM 258048 --a------ C:\WINDOWS\nslbvxpgrno.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEC73EA5-1367-49D1-93F4-CA1D8C22E9F9}]
04/13/2008 02:53 PM 38400 --a------ C:\WINDOWS\system32\ddcApqqO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"00THotkey"="C:\WINDOWS\System32\00THotkey.exe" [04/15/2002 06:35 PM]
"000StTHK"="000StTHK.exe" [06/23/2001 08:28 PM C:\WINDOWS\system32\000StTHK.exe]
"Pinger"="C:\Toshiba\ivp\ISM\pinger.exe" [11/14/2001 06:37 AM]
"S3Hotkey"="s3hotkey.exe" [09/13/2001 12:27 PM C:\WINDOWS\system32\s3hotkey.exe]
"S3TRAY2"="S3Tray2.exe" [02/21/2002 07:38 AM C:\WINDOWS\system32\S3Tray2.exe]
"TFNF5"="TFNF5.exe" [08/03/2001 09:08 PM C:\WINDOWS\system32\TFNF5.exe]
"@"="" []
"TSysSMon"="c:\toshiba\sysstability\tsyssmon.exe" [04/05/2002 05:44 PM]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [03/29/2002 05:40 PM]
"Tpwrtray"="TPWRTRAY.EXE" [03/19/2002 08:38 PM C:\WINDOWS\system32\TPWRTRAY.EXE]
"TouchED"="C:\Program Files\TOSHIBA\TouchED\TouchED.Exe" [04/12/2002 11:13 AM]
"IDesktop.2.5"="C:\PROGRA~1\IMMERS~1\TOUCHS~1\Clients\Desktop\IDesktop.exe" [04/26/2002 10:47 AM]
"Iomega Startup Options"="C:\Program Files\Iomega\Common\ImgStart.exe" [01/17/2001 05:33 PM]
"Iomega Drive Icons"="C:\Program Files\Iomega\DriveIcons\ImgIcon.exe" [09/12/2001 11:35 AM]
"TFncKy"="TFncKy.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/05/2004 07:13 PM]
"EPSON Stylus C84 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.exe" [05/27/2003 03:00 AM]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/07/2005 12:46 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [10/20/2004 09:40 AM]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [02/17/2006 12:59 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/09/2007 10:59 PM]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [09/05/2006 09:22 PM]
"SlipStream"="C:\Program Files\BrowseBlast Web Accelerator\slipcore.exe" [04/24/2007 03:20 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [11/28/2007 08:51 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [04/11/2008 09:53 PM]
"f0cc20c2"="C:\WINDOWS\system32\xqwqdnmi.dll" [04/14/2008 04:19 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [7/28/2002 5:43:25 PM]
BrowseBlast Web Accelerator.lnk - C:\Program Files\BrowseBlast Web Accelerator\slipgui.exe [5/16/2007 7:28:42 AM]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [4/11/2007 7:54:58 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]
PC Health.lnk - C:\Program Files\Toshiba\TOSHIBA Management Console\TOSHealthLocalS.vbs [8/9/2002 8:39:00 AM]
QuickBooks 2002 Delivery Agent.lnk - C:\Program Files\Intuit\QuickBooks Basic\Components\QBAgent\qbdagent2002.exe [4/26/2003 11:19:52 AM]
Wireless-G Notebook Adapter.lnk - C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe [4/17/2006 6:44:59 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"tDn9SQCpwi"=C:\Documents and Settings\All Users\Application Data\gjwdqlqz\etyfalur.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{EEC73EA5-1367-49D1-93F4-CA1D8C22E9F9}"= C:\WINDOWS\system32\ddcApqqO.dll [04/13/2008 02:53 PM 38400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"dsktbwfe"= {0B612CE8-54A4-4007-9627-4400A5F81ED8} - C:\WINDOWS\dsktbwfe.dll [04/13/2008 09:08 AM 217088]
"ogxtsepr"= {375783C5-E251-416E-92E2-6CE73AC5ADDD} - C:\WINDOWS\ogxtsepr.dll [04/13/2008 09:08 AM 200704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcApqqO]
ddcApqqO.dll 04/13/2008 02:53 PM 38400 C:\WINDOWS\system32\ddcApqqO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\hgGyvtTj

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
"C:\Program Files\America Online 9.0o\AOL.EXE" -b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1127558461\ee\AOLHostManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]
"C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run




-- End of Deckard's System Scanner: finished at 2008-04-15 00:48:10 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 1.60GHz
Percentage of Memory in Use: 40%
Physical Memory (total/avail): 511.36 MiB / 306.69 MiB
Pagefile Memory (total/avail): 864.79 MiB / 763.02 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1930.58 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 27.95 GiB total, 10.54 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Removable (No Media)

\\.\PHYSICALDRIVE0 - TOSHIBA MK3018GAS - 27.95 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 27.95 GiB - C:

\\.\PHYSICALDRIVE1 - IOMEGA ZIP 100 USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: Norton AntiVirus v2007 (Symantec Corporation)
AV: Norton AntiVirus v2007 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\America Online 9.0o\\waol.exe"="C:\\Program Files\\America Online 9.0o\\waol.exe:*:Enabled:America Online 9.0o"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE:*:Enabled:SAgent4"
"C:\\WINDOWS\\system32\\fxsclnt.exe"="C:\\WINDOWS\\system32\\fxsclnt.exe:*:Enabled:Microsoft Fax Console"
"C:\\Toshiba\\ivp\\NetInt\\Netint.exe"="C:\\Toshiba\\ivp\\NetInt\\Netint.exe:*:Enabled:NIE - Network Interface Engine"
"C:\\Program Files\\America Online 9.0o\\waol.exe"="C:\\Program Files\\America Online 9.0o\\waol.exe:*:Enabled:America Online 9.0o"
"C:\\Documents and Settings\\Judith Little\\My Documents\\animated icons\\incredimail_install.exe"="C:\\Documents and Settings\\Judith Little\\My Documents\\animated icons\\incredimail_install.exe:*:Enabled:IncrediMail Installer"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe:*:Enabled:AOLTsMon"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"="C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe:*:Enabled:AOL"
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Common Files\\AOL\\1127558461\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1127558461\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1127558461\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1127558461\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JUDANL
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator
LOGONSERVER=\\JUDANL
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\PROGRA~1\MICROS~2\Office;C:\WINDOWS\System32
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0204
ProgramFiles=C:\Program Files
PROMPT=$P$G
SAFEBOOT_OPTION=NETWORK
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
USERDOMAIN=JUDANL
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)
Daniel Little (admin)
Judith Little (admin)
Brad Little (admin)
Administrator (admin)
Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\UNINST.EXE -f"C:\Program Files\Adobe\Photoshop 5.0\DeIsL1.isu" -c"C:\Program Files\Adobe\Photoshop 5.0\Uninst.dll"
--> C:\WINDOWS\UNNMP.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Active Disk --> C:\WINDOWS\unvise32.exe C:\Program Files\Iomega\AutoDisk\uninstal.log
Adobe Atmosphere Player for Acrobat and Adobe Reader --> C:\WINDOWS\atmoUn.exe
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop 6.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 6.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 6.0\Uninst.dll"
Adobe Product/Adobe Studio Update 10/2001 --> "C:\Program Files\InstallShield Installation Information\{73006B34-9743-4A39-AC37-38EDFCEB6DCE}\setup.exe"
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AIM Toolbar 5.0 --> "C:\Program Files\AOL\AIM Toolbar 5.0\uninstall.exe"
ALPS Touch Pad Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL
AnswerWorks 5.0 English Runtime --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}\setup.exe" -l0x9 -uninst -removeonly
AOL Connectivity Services --> "C:\Program Files\Common Files\AOL\ACS\AcsUninstall.exe" /c
AOL Deskbar --> "C:\Program Files\AOL Deskbar\UNWISE.EXE" /u "C:\Program Files\AOL Deskbar\INSTALL.LOG"
AOL Toolbar --> regsvr32 /u /s "C:\PROGRA~1\AOLTOO~1\toolbar.dll"
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
AOL You've Got Pictures Screensaver --> C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
Big Fish Games Client --> C:\Program Files\bfgclient\Uninstall.exe
Big Fish Games Sudoku (remove only) --> C:\Program Files\Sudoku\Uninstall.exe
Britannica CD 99 Standard Edition --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Britannica\BCDSE\bcd1disk.isu"
BrowseBlast Web Accelerator --> C:\Program Files\BrowseBlast Web Accelerator\uninstall\uninstall.exe
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CleanUp! --> C:\Program Files\CleanUp!\uninstall.exe
ClueFinders 6th Grade Adventures --> C:\WINDOWS\TLCUninstall.exe -f "C:\Program Files\The Learning Company\ClueFinders 6th Grade Adventures\Uninstall.xml"
desktop weather --> C:\WINDOWS\uninstall.exe "desktop weather"
Drag'n Drop CD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4A6405B-F37D-42F7-B317-D277BBD47D15}\SETUP.EXE" -l0x9 deleteall
EPSON EPIC C84 --> C:\Program Files\epson\epic\c84_e\uninstall.exe
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
Eyeball Chat 2.2 --> C:\PROGRA~1\Eyeball\EYEBAL~1\UNWISE.EXE C:\PROGRA~1\Eyeball\EYEBAL~1\INSTALL.LOG
Freeze Animations --> "C:\PROGRA~1\Freeze.com\Freeze Animations\UNINSTAL.EXE"
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
hp deskjet 450 printer Uninstaller --> C:\Program Files\Hewlett-Packard\hp deskjet 450 printer\Uninstall\setup.exe ciuninst.ini
HP OfficeJet Series 600 (Remove Only) --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Hewlett-Packard\HP OfficeJet Series 600\uninst.isu" -c"C:\Program Files\Hewlett-Packard\HP OfficeJet Series 600\uninst.dll"
Immersion TouchSense for Orbit 3D --> MsiExec.exe /I{51581542-F795-11D4-8CA3-00010248493A}
Immersion® TouchWare® Desktop 2.9 --> MsiExec.exe /I{D946B6A7-A837-45B9-987B-4703F1505213}
Intel® PRO Ethernet Adapter and Software --> Prounstl.exe
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
Internet Worm Protection --> MsiExec.exe /I{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}
InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{C1939820-A945-11D4-86F6-0001031E5712}\setup.exe" REMOVEALL
Iomega App Services --> C:\WINDOWS\unvise32.exe C:\Program Files\Iomega\System32\uninstal.log
IomegaWare --> C:\WINDOWS\unvise32.exe C:\Program Files\Iomega\uninstal.log
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java 2 Runtime Environment Standard Edition v1.3.0_02 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\JavaSoft\JRE\1.3.0_02\Uninst.isu"
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Kid Pix Deluxe 3 --> C:\Program Files\Broderbund\Kid Pix Deluxe 3\uninstal.exe
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
Legacy 6.0 --> C:\Legacy\UNWISE.EXE /U C:\Legacy\Install.log
Lernout & Hauspie TruVoice American English TTS Engine --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, Uninstall
LiveUpdate 3.1 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Living Waterfalls Wallpaper #1 --> "C:\PROGRA~1\Freeze.com\LIVING~1\UNINSTAL.EXE"
Lotus NotesSQL 3.01 driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{113EECD6-9A04-11D4-811D-00805F923B86}\Setup.exe" -uninst
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
Mahjong Towers Eternity (remove only) --> "C:\Program Files\Mahjong Towers Eternity\Uninstall.exe"
Mahjongg XP Championship 2006 Platinum Edition --> "C:\Program Files\Selectsoft\Mahjongg Platinum\uninstall.exe"
Memory Module Check Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B0A5E23-DA45-4FF6-92C4-406D2430EA77}\Setup.exe" -l0x9
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Office 2000 SR-1 Disc 2 --> MsiExec.exe /I{00040409-78E1-11D2-B60F-006097C998E7}
Microsoft Office XP Professional --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Text-to-Speech Engine 4.0 (English) --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTS.inf, Uninstall
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (2.0) --> C:\Program Files\Mozilla Firefox\uninstall\uninst.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero Suite --> C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
Netflix Movie Viewer --> MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
Netscape Communicator --> C:\WINDOWS\cd32403.exe
Network Device Switch 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{364F2A4B-C161-4E2C-8627-1440BC2E8030}\Setup.exe"
Norton AntiVirus --> MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
Norton AntiVirus (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{830D8CBD-C668-49e2-A969-C2C2106332E0}_14_0_0_89\{830D8CBD-C668-49e2-A969-C2C2106332E0}.exe" /X
Norton AntiVirus Help --> MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}
Norton AntiVirus Parent MSI --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton AntiVirus SYMLT MSI --> MsiExec.exe /I{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8}
Norton Protection Center --> MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
Numerology Calculator --> "C:\Program Files\2Near\Numerology\unins000.exe"
Odyssey Client --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{99D42EC7-652B-4819-B3E6-6450C815E03F}
OLYMPUS CAMEDIA Master 4.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{30BB4D60-81DB-11D5-BB77-00400536ABAC}\Setup.exe"
OLYMPUS Master 2 --> MsiExec.exe /X{F958F15A-4CE2-44E7-8179-97BBDCAF401A}
POWERPREP GRE --> C:\WINDOWS\IsUninst.exe -fC:\ETS\PPGRE.isu
Punch! Super Home Suite --> C:\PROGRA~1\PUNCH!~1\UNWISE.EXE C:\PROGRA~1\PUNCH!~1\INSTALL.LOG
QuickBooks Basic 2002 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{809987B2-F964-11D4-A1A5-00104BD190B1}\setup.exe" -addremove
Quicken 2008 --> MsiExec.exe /X{3B0F52AC-EF5C-4831-B221-06C782E41280}
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log
Rand McNally SGDE Engine V6 --> MsiExec.exe /I{5F05B7D4-0064-4D7F-B888-5E5C190E0A69}
Rand McNally SGDE Search Databases --> MsiExec.exe /X{BE50CAF7-C98E-4242-B476-C1BCEFC6E22E}
Rand McNally Street Guide Cincinnati & Dayton 2006 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{2D621F6A-4C9B-4A24-AF70-18895662ADD9}
RealArcade --> C:\Program Files\Real\RealArcade\Update\rnuninst.exe RealNetworks|RealArcade|1.2
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RTC Client API v1.2 --> MsiExec.exe /X{44CDBD1B-89FB-4E02-8319-2A4C550F664A}
S3Display --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Display'
S3Gamma2 --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Gamma2'
S3Info2 --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Info2'
SCRABBLE --> C:\PROGRA~1\GAMEHO~1\SCRABBLE\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\SCRABBLE\INSTALL.LOG
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Skype™ 3.5 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spelling Dictionaries Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Super WHATword? --> C:\PROGRA~1\GAMEHO~1\WHATword\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\WHATword\INSTALL.LOG
Symantec --> MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09}
Symantec Technical Support Web Controls --> MsiExec.exe /X{C4868E88-F5B5-4E45-9592-C7062BD97441}
Tax Forms Helper 2002 5.5 --> "C:\Program Files\Adams Business Forms\Tax Forms Helper 2002\unins000.exe"
Toshiba Access --> C:\PROGRA~1\TOSHIB~2\UNWISE.EXE C:\PROGRA~1\TOSHIB~2\INSTALL.LOG
TOSHIBA Console --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3CF0858D-1AC5-4308-9DE7-AD15288A8BDC}\Setup.exe" -uninst
TOSHIBA Controls --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}\Setup.exe"
Toshiba Hotkey Utility for Display Devices --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\TFNF5Wxp.inf,DefaultUninstall,5
TOSHIBA Management Console Version 2.0 (2.0.3) --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\TOSHIBA Management Console\Uninst.isu" -c"C:\Program Files\TOSHIBA\TOSHIBA Management Console\ttinst.dll"
Toshiba On the Web and Support Menu --> C:\PROGRA~1\TOSHIB~1\UNWISE.EXE C:\PROGRA~1\TOSHIB~1\INSTALL.LOG
TOSHIBA Power Saver --> TPWRDEL.EXE
Toshiba Registration --> MsiExec.exe /X{F6C405D2-C50D-4D10-B89E-73A233A14D74}
TOSHIBA Software Modem --> Tosmreg -U
Toshiba Software Upgrades --> C:\Toshiba\ivp\swupdate\UNWISE.EXE C:\Toshiba\ivp\swupdate\INSTALL.LOG
Toshiba System Stability Program --> C:\Toshiba\SYSSTA~1\UNWISE.EXE C:\Toshiba\SYSSTA~1\INSTALL.LOG
Toshiba Tbiosdrv Driver --> C:\PROGRA~1\Toshiba\TOSHIB~1\UNWISE.EXE C:\PROGRA~1\Toshiba\TOSHIB~1\INSTALL.LOG
TOSHIBA TouchPad On/Off Utility V2.01.01 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\TouchED\Uninst.isu" -c"C:\Program Files\TOSHIBA\TouchED\tpedinst.dll"
TOSHIBA Utilities --> tutildel.exe
Toshiba WinXP Registration --> C:\WINDOWS\uninst.exe -f"C:\Program Files\DataLode\Toshiba WinXP Registration\DeIsL2.isu" -cC:\PROGRA~1\DataLode\TOSHIB~2\_ISREG32.DLL
USB Storage Driver --> DelUIDrv.exe
Veo Connect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8026D160-0B5D-11D6-BC84-00D0B7E10CD1}\setup.exe"
Veo Creative Studio - Connect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A72C3852-1B81-4E49-BBF7-A1795413FCBD}\Setup.exe" -l0x9
Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WebVideo Support --> C:\WINDOWS\spnkfwad.exe
WildTangent Web Driver --> C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Wireless-G Notebook Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A2EDF5F-F3C6-4919-AE34-C08A71AD034A}\Setup.exe" -l0x9
Woodalls 1.0 --> C:\Program Files\Woodalls\uninst.exe
Word Slinger --> C:\PROGRA~1\AOLGAM~1\WORDSL~1\UNWISE.EXE /U C:\PROGRA~1\AOLGAM~1\WORDSL~1\INSTALL.LOG
XML Paper Specification Shared Components Pack 1.0 -->
Yahoo! Extras --> C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Mail --> C:\WINDOWS\system32\regsvr32.exe /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
YAMAHA AC-XG WDM --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3663DDE0-D8AE-11D3-9850-00C04F7AC096}\setup.exe" maintenance
Zuma Deluxe 1.0 --> C:\Program Files\Pogo Games\Zuma Deluxe\PopUninstall.exe "C:\Program Files\Pogo Games\Zuma Deluxe\Install.log"


-- Application Event Log -------------------------------------------------------

Event Record #/Type44746 / Error
Event Submitted/Written: 04/14/2008 11:13:23 PM
Event ID/Source: 1008 / MsiInstaller
Event Description:
The installation of C:\Program Files\Common Files\Wise Installation Wizard\WISDED53B0BB67C4244AE6AD6FD3C28D1EF_7_0_2_7.MSI is not permitted due to an error in software restriction policy processing. The object cannot be trusted.

Event Record #/Type44744 / Error
Event Submitted/Written: 04/14/2008 11:08:49 PM
Event ID/Source: 1008 / MsiInstaller
Event Description:
The installation of C:\Program Files\Common Files\Wise Installation Wizard\WISDED53B0BB67C4244AE6AD6FD3C28D1EF_7_0_2_7.MSI is not permitted due to an error in software restriction policy processing. The object cannot be trusted.

Event Record #/Type44743 / Error
Event Submitted/Written: 04/14/2008 08:01:57 PM
Event ID/Source: 1008 / MsiInstaller
Event Description:
The installation of C:\Program Files\Common Files\Wise Installation Wizard\WISDED53B0BB67C4244AE6AD6FD3C28D1EF_7_0_2_7.MSI is not permitted due to an error in software restriction policy processing. The object cannot be trusted.

Event Record #/Type44704 / Error
Event Submitted/Written: 04/14/2008 09:31:20 AM
Event ID/Source: 11 / crypt32
Event Description:
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Event Record #/Type44702 / Error
Event Submitted/Written: 04/14/2008 02:41:47 AM
Event ID/Source: 1008 / MsiInstaller
Event Description:
The installation of C:\Program Files\Common Files\Wise Installation Wizard\WISDED53B0BB67C4244AE6AD6FD3C28D1EF_7_0_2_7.MSI is not permitted due to an error in software restriction policy processing. The object cannot be trusted.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type121855 / Error
Event Submitted/Written: 04/14/2008 11:26:38 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Event Record #/Type121854 / Error
Event Submitted/Written: 04/14/2008 11:13:42 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type121852 / Error
Event Submitted/Written: 04/14/2008 11:12:23 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
eeCtrl
Fips
intelppm
SPBBCDrv
SRTSPX
SYMTDI

Event Record #/Type121851 / Error
Event Submitted/Written: 04/14/2008 11:12:09 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type121846 / Error
Event Submitted/Written: 04/14/2008 11:09:18 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}



-- End of Deckard's System Scanner: finished at 2008-04-15 00:48:10 ------------

ComboFix 08-04-14.2 - Administrator 2008-04-15 13:13:26.1 - NTFSx86 NETWORK
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Daniel Little\Desktopblackbird.jpg
C:\Documents and Settings\Daniel Little\DesktopEditorFKWP1.5.exe
C:\Documents and Settings\Daniel Little\DesktopEditorFKWP2.0.exe
C:\Documents and Settings\Daniel Little\Desktopfilemanagerclient.exe
C:\Documents and Settings\Daniel Little\Desktopfkwp1.5.exe
C:\Documents and Settings\Daniel Little\Desktopfkwp2.0.exe
C:\Documents and Settings\Daniel Little\Desktopfwebd.exe
C:\Documents and Settings\Daniel Little\DesktopFWebdEditor.exe
C:\Documents and Settings\Daniel Little\DesktopTrojan.Win32.BlackBird.exe
C:\Documents and Settings\Daniel Little\Desktopvirii
C:\Documents and Settings\Daniel Little\Favorites\Error Cleaner.url
C:\Documents and Settings\Daniel Little\Favorites\Privacy Protector.url
C:\Documents and Settings\Daniel Little\Favorites\Spyware&Malware Protection.url
C:\Documents and Settings\Judith Little\Desktopblackbird.jpg
C:\Documents and Settings\Judith Little\DesktopEditorFKWP1.5.exe
C:\Documents and Settings\Judith Little\DesktopEditorFKWP2.0.exe
C:\Documents and Settings\Judith Little\Desktopfilemanagerclient.exe
C:\Documents and Settings\Judith Little\Desktopfkwp1.5.exe
C:\Documents and Settings\Judith Little\Desktopfkwp2.0.exe
C:\Documents and Settings\Judith Little\Desktopfwebd.exe
C:\Documents and Settings\Judith Little\DesktopFWebdEditor.exe
C:\Documents and Settings\Judith Little\DesktopTrojan.Win32.BlackBird.exe
C:\Documents and Settings\Judith Little\Desktopvirii
C:\Documents and Settings\Judith Little\Favorites\Error Cleaner.url
C:\Documents and Settings\Judith Little\Favorites\Privacy Protector.url
C:\Documents and Settings\Judith Little\Favorites\Spyware&Malware Protection.url
C:\Program Files\PC-Cleaner
C:\WINDOWS\a.bat
C:\WINDOWS\base64.tmp
C:\WINDOWS\bdn.com
C:\WINDOWS\FVProtect.exe
C:\WINDOWS\iTunesMusic.exe
C:\WINDOWS\mslagent
C:\WINDOWS\mssecu.exe
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\system32\ddcApqqO.dll
C:\WINDOWS\system32\hgGyvtTj.dll
C:\WINDOWS\system32\HjiSYJjl.ini
C:\WINDOWS\system32\HjiSYJjl.ini2
C:\WINDOWS\system32\imndqwqx.ini
C:\WINDOWS\system32\jTtvyGgh.ini
C:\WINDOWS\system32\jTtvyGgh.ini2
C:\WINDOWS\system32\ljJYSijH.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\qqlyrels.ini
C:\WINDOWS\system32\slerylqq.dll
C:\WINDOWS\system32\xqwqdnmi.dll
C:\WINDOWS\system32akttzn.exe
C:\WINDOWS\system32anticipator.dll
C:\WINDOWS\system32awtoolb.dll
C:\WINDOWS\system32bdn.com
C:\WINDOWS\system32bsva-egihsg52.exe
C:\WINDOWS\system32dpcproxy.exe
C:\WINDOWS\system32emesx.dll
C:\WINDOWS\system32h@tkeysh@@k.dll
C:\WINDOWS\system32hoproxy.dll
C:\WINDOWS\system32hxiwlgpm.dat
C:\WINDOWS\system32hxiwlgpm.exe
C:\WINDOWS\system32medup012.dll
C:\WINDOWS\system32medup020.dll
C:\WINDOWS\system32msgp.exe
C:\WINDOWS\system32msnbho.dll
C:\WINDOWS\system32mssecu.exe
C:\WINDOWS\system32msvchost.exe
C:\WINDOWS\system32mtr2.exe
C:\WINDOWS\system32mwin32.exe
C:\WINDOWS\system32netode.exe
C:\WINDOWS\system32newsd32.exe
C:\WINDOWS\system32ps1.exe
C:\WINDOWS\system32psof1.exe
C:\WINDOWS\system32psoft1.exe
C:\WINDOWS\system32regc64.dll
C:\WINDOWS\system32regm64.dll
C:\WINDOWS\system32Rundl1.exe
C:\WINDOWS\system32smp
C:\WINDOWS\system32smp\msrc.exe
C:\WINDOWS\system32sncntr.exe
C:\WINDOWS\system32ssurf022.dll
C:\WINDOWS\system32ssvchost.com
C:\WINDOWS\system32ssvchost.exe
C:\WINDOWS\system32sysreq.exe
C:\WINDOWS\system32taack.dat
C:\WINDOWS\system32taack.exe
C:\WINDOWS\system32temp#01.exe
C:\WINDOWS\system32thun.dll
C:\WINDOWS\system32thun32.dll
C:\WINDOWS\system32VBIEWER.OCX
C:\WINDOWS\system32vbsys2.dll
C:\WINDOWS\system32vcatchpi.dll
C:\WINDOWS\system32winlogonpc.exe
C:\WINDOWS\system32winsystem.exe
C:\WINDOWS\system32WINWGPX.EXE
C:\WINDOWS\userconfig9x.dll
C:\WINDOWS\Web\def.htm
C:\WINDOWS\winsystem.exe
C:\WINDOWS\zip1.tmp
C:\WINDOWS\zip2.tmp
C:\WINDOWS\zip3.tmp
C:\WINDOWS\zipped.tmp

.
((((((((((((((((((((((((( Files Created from 2008-03-15 to 2008-04-15 )))))))))))))))))))))))))))))))
.

2008-04-15 07:09 . 2008-04-15 07:09 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-15 07:09 . 2008-04-15 07:09 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2008-04-15 07:09 . 2008-04-15 07:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-15 07:02 . 2008-04-15 07:02 3,648 --a------ C:\WINDOWS\system32\ivpdmmck.dll
2008-04-15 00:42 . 2008-04-15 00:42 <DIR> d-------- C:\Deckard
2008-04-15 00:20 . 2008-04-15 00:20 <DIR> d-------- C:\VundoFix Backups
2008-04-14 23:23 . 2008-04-14 23:54 <DIR> d-------- C:\Documents and Settings\Administrator\.housecall6.6
2008-04-14 20:04 . 2008-04-14 20:04 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-04-14 09:35 . 2008-04-14 12:12 <DIR> d-------- C:\Documents and Settings\Daniel Little\.housecall6.6
2008-04-14 02:37 . 2008-04-14 02:37 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-14 01:11 . 2008-04-14 01:11 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-13 23:17 . 2008-04-13 23:17 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-04-13 22:56 . 2002-03-27 18:32 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-04-13 22:56 . 2004-02-08 09:07 <DIR> d-------- C:\Documents and Settings\Administrator\NetWorkSwitch.temp
2008-04-13 22:56 . 2002-03-27 18:05 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-04-13 22:56 . 2002-03-27 16:53 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust
2008-04-13 22:56 . 2002-03-27 18:03 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Drag'n Drop CD
2008-04-13 22:56 . 2008-04-14 23:23 <DIR> d-------- C:\Documents and Settings\Administrator
2008-04-13 19:07 . 2008-04-13 19:07 98,304 --a------ C:\WINDOWS\system32\loxmxoda.exe
2008-04-13 18:20 . 2008-04-13 18:42 <DIR> d-------- C:\Documents and Settings\Daniel Little\Application Data\TmpRecentIcons
2008-04-13 15:59 . 2008-04-14 19:51 <DIR> d-------- C:\Documents and Settings\Judith Little\Application Data\TmpRecentIcons
2008-04-13 15:18 . 2008-04-14 00:40 946 ---hs---- C:\WINDOWS\system32\gmquxdxg.ini
2008-04-13 14:54 . 2008-04-13 09:08 258,048 --a------ C:\WINDOWS\nslbvxpgrno.dll
2008-04-13 14:54 . 2008-04-13 09:08 217,088 --a------ C:\WINDOWS\dsktbwfe.dll
2008-04-13 14:54 . 2008-04-13 09:08 204,800 --a------ C:\WINDOWS\sgoblxtm.dll
2008-04-13 14:54 . 2008-04-13 09:08 200,704 --a------ C:\WINDOWS\ogxtsepr.dll
2008-04-13 14:54 . 2008-04-13 09:08 98,304 --a------ C:\WINDOWS\spnkfwad.exe
2008-04-13 14:53 . 2008-04-13 14:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\gjwdqlqz
2008-04-13 14:53 . 2008-04-13 14:53 102,400 --a------ C:\WINDOWS\system32\obmvsdin.exe
2008-04-11 21:59 . 2008-04-11 21:59 <DIR> d-------- C:\Documents and Settings\Judith Little\Application Data\Talkback
2008-04-11 21:55 . 2008-04-11 21:55 <DIR> d-------- C:\Program Files\Common Files\xing shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-14 22:53 --------- d-----w C:\Program Files\Viewpoint
2008-04-14 22:53 --------- d-----w C:\Program Files\AWS
2008-04-14 04:45 --------- d-----w C:\Documents and Settings\Judith Little\Application Data\SlipStream
2008-04-13 16:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-04-12 01:54 --------- d-----w C:\Program Files\Common Files\Real
2008-04-12 01:53 --------- d-----w C:\Program Files\Real
2008-04-04 00:48 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-24 23:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-11 04:11 --------- d-----w C:\Program Files\AIM6
2008-03-11 04:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-03-11 04:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-03-11 04:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-03-07 17:40 13,035 ----a-w C:\WINDOWS\system32\drivers\SymRedir.cat
2008-03-07 17:40 1,358 ----a-w C:\WINDOWS\system32\drivers\SymRedir.inf
2008-03-07 17:39 39,984 ----a-w C:\WINDOWS\system32\drivers\symids.sys
2008-03-07 17:39 37,936 ----a-w C:\WINDOWS\system32\drivers\symndisv.sys
2008-03-07 17:39 35,120 ----a-w C:\WINDOWS\system32\drivers\symndis.sys
2008-03-07 17:39 27,696 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys
2008-03-07 17:39 191,536 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys
2008-03-07 17:39 145,968 ----a-w C:\WINDOWS\system32\drivers\symfw.sys
2008-03-07 17:39 12,848 ----a-w C:\WINDOWS\system32\drivers\symdns.sys
2008-03-07 01:32 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-03-07 01:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-03-07 01:32 10,537 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-02-19 05:20 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-16 03:37 74,640 ----a-w C:\Documents and Settings\Judith Little\Application Data\GDIPFONTCACHEV1.DAT
2007-06-04 11:54 29,352,069 ----a-w C:\Program Files\Legacy6Setup.exe
2006-04-27 22:45 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2005-04-28 14:35 86,512 ----a-w C:\Documents and Settings\Daniel Little\Application Data\GDIPFONTCACHEV1.DAT
2005-02-10 23:55 4,466,776 ----a-w C:\Program Files\aol instant messanger.exe
2000-12-12 15:17 100,432 ------w C:\Program Files\Win2000PPAHotfix.exe
2007-09-12 18:46 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
2007-09-12 18:46 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
2007-09-12 18:46 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C796500F-4B97-4F2B-B886-11FA6B72F13F}]
2008-04-13 09:08 258048 --a------ C:\WINDOWS\nslbvxpgrno.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"00THotkey"="C:\WINDOWS\System32\00THotkey.exe" [2002-04-15 18:35 249856]
"000StTHK"="000StTHK.exe" [2001-06-23 20:28 24576 C:\WINDOWS\system32\000StTHK.exe]
"Pinger"="C:\Toshiba\ivp\ISM\pinger.exe" [2001-11-14 06:37 147456]
"S3Hotkey"="s3hotkey.exe" [2001-09-13 12:27 40960 C:\WINDOWS\system32\s3hotkey.exe]
"S3TRAY2"="S3Tray2.exe" [2002-02-21 07:38 69632 C:\WINDOWS\system32\S3Tray2.exe]
"TFNF5"="TFNF5.exe" [2001-08-03 21:08 73728 C:\WINDOWS\system32\TFNF5.exe]
"TSysSMon"="c:\toshiba\sysstability\tsyssmon.exe" [2002-04-05 17:44 49152]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2002-03-29 17:40 122880]
"Tpwrtray"="TPWRTRAY.EXE" [2002-03-19 20:38 217088 C:\WINDOWS\system32\TPWRTRAY.EXE]
"TouchED"="C:\Program Files\TOSHIBA\TouchED\TouchED.Exe" [2002-04-12 11:13 126976]
"IDesktop.2.5"="C:\PROGRA~1\IMMERS~1\TOUCHS~1\Clients\Desktop\IDesktop.exe" [2002-04-26 10:47 532480]
"Iomega Startup Options"="C:\Program Files\Iomega\Common\ImgStart.exe" [2001-01-17 17:33 45056]
"Iomega Drive Icons"="C:\Program Files\Iomega\DriveIcons\ImgIcon.exe" [2001-09-12 11:35 61440]
"TFncKy"="TFncKy.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-02-05 19:13 98304]
"EPSON Stylus C84 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.exe" [2003-05-27 03:00 99840]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46 57344]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2004-10-20 09:40 34904]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 12:59 124520]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59 115816]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2006-09-05 21:22 26248]
"SlipStream"="C:\Program Files\BrowseBlast Web Accelerator\slipcore.exe" [2007-04-24 15:20 339968]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 20:51 583048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-11 21:53 185896]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2002-07-28 17:43:25 113664]
BrowseBlast Web Accelerator.lnk - C:\Program Files\BrowseBlast Web Accelerator\slipgui.exe [2007-05-16 07:28:42 225280]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-04-11 07:54:58 124912]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
PC Health.lnk - C:\Program Files\Toshiba\TOSHIBA Management Console\TOSHealthLocalS.vbs [2002-08-09 08:39:00 2126]
QuickBooks 2002 Delivery Agent.lnk - C:\Program Files\Intuit\QuickBooks Basic\Components\QBAgent\qbdagent2002.exe [2003-04-26 11:19:52 311296]
Wireless-G Notebook Adapter.lnk - C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe [2006-04-17 18:44:59 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"tDn9SQCpwi"= C:\Documents and Settings\All Users\Application Data\gjwdqlqz\etyfalur.exe

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
C:\Program Files\America Online 9.0o\AOL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
-r------- 2004-10-20 09:40 34904 C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-04-20 13:10 13416 C:\Program Files\Common Files\AOL\1127558461\ee\AOLHostManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]
C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"C:\\WINDOWS\\system32\\fxsclnt.exe"=
"C:\\Toshiba\\ivp\\NetInt\\Netint.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Common Files\\AOL\\1127558461\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\1127558461\\ee\\aim6.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

R0 TVALG;Toshiba Value Added Logical and General Purpose Device Driver;C:\WINDOWS\system32\DRIVERS\TVALG.SYS [2001-09-13 19:53]
R3 odysseyIM4;Odyssey Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys [2004-09-24 23:36]
S2 FEELitDM;FEELitDM;C:\WINDOWS\System32\FEELitDM.exe [2001-02-19 11:20]
S2 NICSer_WPC54G;NICSer_WPC54G;C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe [2003-11-13 13:29]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
S3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\CBTNDIS5.SYS [2003-07-16 22:28]
S3 HPZs2k12;Storage Class Driver for IEEE-1284.4 (HPZ12);C:\WINDOWS\system32\Drivers\hpzs2k12.sys [2002-06-20 10:51]
S3 ihidfilt;Immersion ihidfilt Driver;C:\WINDOWS\system32\DRIVERS\ihidfilt.sys [2001-02-19 11:19]
S3 KMW_KBD;Kensington Input Devices Class filter driver;C:\WINDOWS\system32\DRIVERS\KMW_KBD.sys []
S3 KMW_USB;Kensington MouseWorks USB filter driver;C:\WINDOWS\system32\DRIVERS\KMW_USB.sys [2003-12-01 18:53]
S3 pciSd;pciSd;C:\WINDOWS\system32\DRIVERS\tossdpci.sys [2002-01-07 18:16]
S3 TOSHIBASoftModem;TOSHIBA Software Modem;C:\WINDOWS\system32\DRIVERS\LTSM.sys [2001-09-26 20:34]
S3 tsdhd;TOSHIBA SD Card Host Controller Driver;C:\WINDOWS\system32\DRIVERS\tsdhd.sys [2002-04-04 18:12]
S3 WPC54Gv3;Linksys Wireless Notebook Adapter WPC54Gv3 Driver;C:\WINDOWS\system32\DRIVERS\WPC54Gv3.SYS [2006-11-30 23:54]
S3 XIRLINK;Veo PC Camera;C:\WINDOWS\system32\DRIVERS\ucdnt.sys [2002-03-12 22:50]
S3 ZSMC302;MobileCam Pro;C:\WINDOWS\system32\Drivers\usbvm302.sys [2004-01-07 14:22]

.
Contents of the 'Scheduled Tasks' folder
"2008-04-13 15:51:55 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Judith Little.job"
- C:\PROGRA~1\NORTON~1\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-15 13:59:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-15 14:08:50 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-15 18:08:45

Pre-Run: 11,252,781,056 bytes free
Post-Run: 11,643,826,176 bytes free
.
2008-04-12 07:16:58 --- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:16:38 PM, on 4/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zoomtown.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....k/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: DVA Storm - {C796500F-4B97-4F2B-B886-11FA6B72F13F} - C:\WINDOWS\nslbvxpgrno.dll
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Pinger] C:\Toshiba\ivp\ISM\pinger.exe /run
O4 - HKLM\..\Run: [S3Hotkey] s3hotkey.exe
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TSysSMon] c:\toshiba\sysstability\tsyssmon.exe /detect
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [IDesktop.2.5] C:\PROGRA~1\IMMERS~1\TOUCHS~1\Clients\Desktop\IDesktop.exe 1
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 20
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P23 "EPSON Stylus C84 Series" /O6 "USB001" /M "Stylus C84"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [SlipStream] "C:\Program Files\BrowseBlast Web Accelerator\slipcore.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [tDn9SQCpwi] C:\Documents and Settings\All Users\Application Data\gjwdqlqz\etyfalur.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BrowseBlast Web Accelerator.lnk = C:\Program Files\BrowseBlast Web Accelerator\slipgui.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PC Health.lnk = C:\Program Files\Toshiba\TOSHIBA Management Console\TOSHealthLocalS.vbs
O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Basic\Components\QBAgent\qbdagent2002.exe
O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O12 - Plugin for .asx: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O16 - DPF: Dice Derby by pogo - http://game1.pogo.co...g-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://popfu.pogo.co...u-ob-assets.cab
O16 - DPF: Spades by pogo - http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://holdem2.pogo....m-ob-assets.cab
O16 - DPF: Yahoo! Euchre - http://download.game...nts/y/et0_x.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} (HPSDDX Class) - http://www.hp.com/cp...ddObjSigned.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - http://esupport.aol....oach_core_1.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1155121094734
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalci....1.11_en_dl.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: FEELitDM - Immersion Corporation - C:\WINDOWS\System32\FEELitDM.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iomega Activity Disk2 - Iomega Corporation - C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10811 bytes

Tuesday, April 15, 2008 1:04:56 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 15/04/2008
Kaspersky Anti-Virus database records: 706125
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target Critical Areas
C:\WINDOWS
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\
Scan Statistics
Total number of scanned objects 30936
Number of viruses found 3
Number of infected objects 3
Number of suspicious objects 0
Duration of the scan process 00:46:27

Infected Object Name Virus Name Last Action
C:\WINDOWS\$NtUninstallKB824141$\user32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\win32k.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB828028$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\dao360.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\expsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msexch40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msexcl40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msjet40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msjetoledb40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msjint40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msjter40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msjtes40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msltus40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\mspbde40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msrd2x40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msrd3x40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msrepl40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\mstext40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\mswdat10.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\mswstr10.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msxbde40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\vbajet32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\cmdevtgprov.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\evtgprov.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\xpsp2res.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\dao360.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msexcl40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjet40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjetol1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjetoledb40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjtes40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\fldrclnr.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\shell32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\shlwapi.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\sxs.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\xpsp2res.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ329048$\reg00002 Object is locked skipped
C:\WINDOWS\$NtUninstallQ329115$\reg00002 Object is locked skipped
C:\WINDOWS\$NtUninstallQ329115$\reg00003 Object is locked skipped
C:\WINDOWS\$NtUninstallQ329390$\reg00002 Object is locked skipped
C:\WINDOWS\$NtUninstallQ329834$\reg00002 Object is locked skipped
C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx Object is locked skipped
C:\WINDOWS\$NtUninstallQ828026$\wmp.dll Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\ivpdmmck.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\xqwqdnmi.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.nvf skipped
C:\WINDOWS\Web\def.htm Infected: not-virus:Hoax.HTML.Secureinvites.c skipped
Scan process completed.

Still having the same problems, although we were able to get AdAware installed, finally. Can ANYONE help?

    Advertisements

Register to Remove

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users