Jump to content

Jcarter

Members
  • Content Count

    22
  • Joined

  • Last visited

About Jcarter

  • Rank
    Member

Previous Fields

  • System Specifications:
    Windows XP
  1. The start up and shutdown are really slow too and I am using firefox. The kaspersky report was blank since it didn't find anything. I guess my computer is clean but just slow.
  2. Hi Katana, The pages take forever to load and I scanned the computer with stinger. I read about it somewhere else and it said I had 897 viruses and that wasn't even a full scan because I stopped it. Anyway here are the logs you requested MalwareBytes Log Malwarebytes' Anti-Malware 1.40 Database version: 2678 Windows 6.0.6001 Service Pack 1 8/22/2009 2:06:18 PM mbam-log-2009-08-22 (14-06-18).txt Scan type: Full Scan (C:\|D:\|E:\|) Objects scanned: 207932 Time elapsed: 51 minute(s), 50 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ComboFix Log ComboFix 09-08-21.02 - Big John 08/22/2009 15:37.6.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2045.1306 [GMT -5:00] Running from: c:\users\Big John\Desktop\ComboFix.exe SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((( Files Created from 2009-07-22 to 2009-08-22 ))))))))))))))))))))))))))))))) . 2009-08-22 20:40 . 2009-08-22 20:40 -------- d-----w- c:\users\Public\AppData\Local\temp 2009-08-22 20:40 . 2009-08-22 20:40 -------- d-----w- c:\users\Harrison\AppData\Local\temp 2009-08-22 20:40 . 2009-08-22 20:40 -------- d-----w- c:\users\Default\AppData\Local\temp 2009-08-22 16:23 . 2009-08-22 16:22 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-08-21 21:35 . 2009-08-21 21:36 -------- d-----w- C:\rsit 2009-08-21 20:58 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll 2009-08-21 20:58 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll 2009-08-21 20:57 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-08-21 20:57 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll 2009-08-21 20:57 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll 2009-08-21 20:57 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll 2009-08-21 20:57 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll 2009-08-21 20:57 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2009-08-21 20:45 . 2009-08-21 20:45 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2009-08-21 20:44 . 2009-08-22 19:15 -------- d-----w- c:\users\Big John\AppData\Roaming\SUPERAntiSpyware.com 2009-08-21 20:44 . 2009-08-22 19:15 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-08-21 18:07 . 2009-08-21 18:07 -------- d-----w- c:\users\Big John\AppData\Roaming\Malwarebytes 2009-08-21 14:12 . 2009-08-21 14:12 -------- d-----w- c:\program files\Cricket 2009-08-18 19:50 . 2009-08-18 19:50 -------- d-----w- C:\[Transporter_3] 2009-08-08 03:22 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2009-08-08 03:22 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll 2009-08-08 03:22 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll 2009-08-08 03:22 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll 2009-08-08 03:22 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe 2009-08-08 03:22 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll 2009-08-08 03:22 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe 2009-08-08 03:17 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll 2009-08-08 03:17 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll 2009-08-08 03:17 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll 2009-08-08 03:17 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll 2009-08-08 03:17 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll 2009-08-04 17:11 . 2009-08-04 17:11 -------- d-----w- c:\program files\iPod 2009-08-04 17:11 . 2009-08-04 17:11 -------- d-----w- c:\program files\iTunes 2009-08-04 16:53 . 2009-08-04 16:53 75040 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe 2009-07-26 22:39 . 2009-07-26 22:39 713992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-22 19:25 . 2007-12-04 21:47 12 ----a-w- c:\windows\bthservsdp.dat 2009-08-22 16:22 . 2007-12-04 21:48 -------- d-----w- c:\program files\Java 2009-08-22 16:05 . 2007-12-04 22:10 -------- d-----w- c:\program files\Trend Micro 2009-08-22 15:45 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-08-21 21:42 . 2009-02-15 19:43 -------- d-----w- c:\program files\Dl_cats 2009-08-21 19:00 . 2009-02-11 06:03 -------- d-----w- c:\programdata\Yahoo! 2009-08-21 19:00 . 2009-02-11 06:02 -------- d-----w- c:\program files\Yahoo! 2009-08-21 18:07 . 2009-01-11 21:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-21 17:24 . 2009-06-30 02:07 680 ----a-w- c:\users\Big John\AppData\Local\d3d9caps.dat 2009-08-21 16:59 . 2009-01-16 00:58 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2009-08-21 14:09 . 2009-02-11 06:05 -------- d-----w- c:\program files\MySpace 2009-08-09 14:26 . 2009-01-14 08:13 60744 ----a-w- c:\users\Big John\AppData\Local\GDIPFONTCACHEV1.DAT 2009-08-08 03:31 . 2007-12-04 22:02 -------- d-----w- c:\programdata\Microsoft Help 2009-08-08 03:29 . 2007-12-04 22:04 -------- d-----w- c:\program files\Microsoft Works 2009-08-04 17:11 . 2009-03-25 01:05 -------- d-----w- c:\program files\Common Files\Apple 2009-08-03 18:36 . 2009-01-11 21:22 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-03 18:36 . 2009-01-11 21:22 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-07-18 16:06 . 2009-08-04 16:34 827904 ----a-w- c:\windows\system32\wininet.dll 2009-07-18 16:01 . 2009-08-04 16:34 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-07-18 09:46 . 2009-08-04 16:34 26624 ----a-w- c:\windows\system32\ieUnatt.exe 2009-06-15 15:24 . 2009-07-15 01:57 156672 ----a-w- c:\windows\system32\t2embed.dll 2009-06-15 15:20 . 2009-07-15 01:57 72704 ----a-w- c:\windows\system32\fontsub.dll 2009-06-15 15:20 . 2009-07-15 01:57 10240 ----a-w- c:\windows\system32\dciman32.dll 2009-06-15 12:52 . 2009-07-15 01:57 289792 ----a-w- c:\windows\system32\atmfd.dll 2009-06-05 16:42 . 2009-06-05 16:42 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2009-06-05 16:42 . 2009-06-05 16:42 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll 2007-12-04 21:56 . 2007-12-04 21:56 76 --sh--r- c:\windows\CT4CET.bin 2007-12-05 05:30 . 2007-12-05 05:20 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . ((((((((((((((((((((((((((((( SnapShot@2009-08-22_19.21.23 ))))))))))))))))))))))))))))))))))))))))) . - 2009-08-22 16:55 . 2009-08-22 16:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2009-08-22 19:26 . 2009-08-22 19:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2009-08-22 16:55 . 2009-08-22 16:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2009-08-22 19:26 . 2009-08-22 19:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2006-11-02 10:33 . 2009-08-22 17:01 595684 c:\windows\System32\perfh009.dat + 2006-11-02 10:33 . 2009-08-22 19:33 595684 c:\windows\System32\perfh009.dat + 2006-11-02 10:33 . 2009-08-22 19:33 101350 c:\windows\System32\perfc009.dat - 2006-11-02 10:33 . 2009-08-22 17:01 101350 c:\windows\System32\perfc009.dat + 2006-11-02 10:22 . 2009-08-22 19:25 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat - 2006-11-02 10:22 . 2009-08-22 17:05 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 648072] "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-28 405504] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696] "PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-04-16 184320] "OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-29 36864] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-25 86016] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-25 81920] "NVHotkey"="c:\windows\system32\nvHotkey.dll" [2007-09-25 81920] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-25 8478720] "dlccmon.exe"="c:\program files\Dell Photo AIO Printer 924\dlccmon.exe" [2007-01-30 431600] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-24 159744] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-22 149280] c:\users\Harrison\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696] c:\users\Big John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-12-4 50688] QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-7-20 1180952] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2161508168-938715772-3434536488-1000] "EnableNotificationsRef"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{1468A8FC-C510-4575-8926-3551B7EB835C}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{8535E1C6-62DF-419D-88FA-B7071E58FC5D}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{08D1CAC8-3737-4935-8BB3-4AC89313B932}"= c:\program files\Dell\MediaDirect\PowerCinema.exe:CyberLink PowerCinema "{90AD59DD-35E3-41EF-A9E4-1B5F73F9472B}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program "{B8897B42-885F-47A8-97BE-54603B02D51A}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine "{ADA8A2AA-9F8A-460D-AB27-5A85DADB48CA}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server "{57D77D1C-0AB4-4F0A-B9FF-5E586CEED7F7}"= UDP:c:\program files\AOL\RC\regclient.exe:AOL "{643AAFE8-6D0D-42D3-B89D-855587808317}"= TCP:c:\program files\AOL\RC\regclient.exe:AOL "{736F1450-CA1B-4510-801F-17114A7A5854}"= UDP:c:\program files\Common Files\AOL\ACS\AOLDial.exe:AOL Connectivity Service Dialer "{8AC52A02-652E-4542-A649-FD08BD76ED4E}"= TCP:c:\program files\Common Files\AOL\ACS\AOLDial.exe:AOL Connectivity Service Dialer "{A34CAC89-524E-4314-BB19-7572CE195666}"= UDP:c:\program files\Common Files\AOL\ACS\AOLacsd.exe:AOL Connectivity Service "{EF2BD9BB-2196-4EC3-8CA4-5C90AF8B7311}"= TCP:c:\program files\Common Files\AOL\ACS\AOLacsd.exe:AOL Connectivity Service "{179C1BB7-C7E8-4700-95AB-4F1BFF175E49}"= UDP:c:\program files\Common Files\AOL\1197693438\ee\aolsoftware.exe:AOL Shared Components "{C332549E-EB6C-4A55-8B53-B8117091A613}"= TCP:c:\program files\Common Files\AOL\1197693438\ee\aolsoftware.exe:AOL Shared Components "{E5591B15-0F2E-4A83-9D8A-BB7225659E64}"= UDP:c:\program files\AOL 9.0\waol.exe:AOL "{42CE66B0-CB99-473B-9D1E-A691CF03F746}"= TCP:c:\program files\AOL 9.0\waol.exe:AOL "{C28347B4-08A3-4577-9A99-18B11E7FDB65}"= UDP:c:\program files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed "{7AA5FBA2-0959-427A-A461-2F3195490164}"= TCP:c:\program files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed "{E5D72FEC-3C17-4C63-9EDE-5E5779AE9BF2}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader "{95528543-3B8C-4FE0-BDA5-311671F736D1}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader "{CD91922C-ED5B-466F-85A9-16330F197EE5}"= UDP:c:\program files\Common Files\AOL\System Information\sinf.exe:AOL System Information "{BFF36747-C5F6-489F-894F-BB1CFED2269E}"= TCP:c:\program files\Common Files\AOL\System Information\sinf.exe:AOL System Information "{D933DEA0-5E41-4C50-BEC2-21688BC6E7AF}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{C63889A8-BC81-41BA-BF46-EED7B7362FD4}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{9F0C8C4C-910D-47C8-B377-29D379D83EDC}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{5AED6A62-F4CC-40B9-BA09-3DB696FCB031}"= UDP:c:\windows\System32\lxcycoms.exe:Lexmark Communications System "{D026D677-E21E-4803-AD40-2A2566BD15F0}"= TCP:c:\windows\System32\lxcycoms.exe:Lexmark Communications System "{ADDC5ADB-72AA-4BAC-AAEB-818BA5DDC095}"= UDP:c:\program files\Lexmark 3400 Series\lxcymon.exe:Device Monitor "{DBEAC87E-F6EA-46BB-89F3-952EDF017D37}"= TCP:c:\program files\Lexmark 3400 Series\lxcymon.exe:Device Monitor "{61763B67-9058-4308-888F-7A45CCB5115A}"= UDP:c:\program files\Lexmark 3400 Series\lxcyaiox.exe:All In One Center "{8DC2CF30-456D-464A-A9AF-26797106D62A}"= TCP:c:\program files\Lexmark 3400 Series\lxcyaiox.exe:All In One Center "TCP Query User{5AEEB2EC-0414-433D-AC2B-60119BD821FC}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire "UDP Query User{63BC0593-27FF-41ED-B68F-0436D4CA2516}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire "{B64FA6F9-2374-4D80-9036-81EE7F984B58}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{08EC4DD2-DC1F-47DE-9E1D-FDEB637594F0}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{DFB6E2CB-8F32-4036-A2BF-3B0189A90F48}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{37E7CC23-94CD-4534-90D3-B6766B7ADC9E}"= c:\program files\MySpace\IM\MySpaceIM.exe:MySpaceIM "{3695DA31-28C4-4411-8DB6-8C5F03C86727}"= UDP:c:\windows\System32\dlcccoms.exe:Lexmark Communications System "{B1253E2E-05F7-468C-8BAD-77332CBB6D18}"= TCP:c:\windows\System32\dlcccoms.exe:Lexmark Communications System "{2E4D4158-E8F5-4917-A58B-689F9B07C409}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\dlccpswx.exe:Printer Status Window "{8FC0DB98-4D8D-4D18-B82A-F579B3CA9E5A}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\dlccpswx.exe:Printer Status Window "{8B44D06F-25AD-48E2-8621-C9DC780B3B49}"= UDP:c:\program files\Dell Photo AIO Printer 924\dlccmon.exe:Device Monitor "{C4C25B62-2836-4AFC-AE32-8B70BE90B94C}"= TCP:c:\program files\Dell Photo AIO Printer 924\dlccmon.exe:Device Monitor "{964E97F9-4927-422B-833A-BD741937B95B}"= UDP:c:\program files\Dell Photo AIO Printer 924\dlccaiox.exe:All In One Center "{6E2DE678-D8BC-486A-9F15-5495C2C8562E}"= TCP:c:\program files\Dell Photo AIO Printer 924\dlccaiox.exe:All In One Center "{CB969612-C936-4B67-9D0F-5A40241F59BB}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{C816C5F1-12FF-426B-B951-C43E230C104D}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{5248655D-6F10-486A-B7AB-F94E5BF77412}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{9A168C9D-3F34-4827-A59C-71FC66C61C5C}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [12/4/2007 4:35 PM 73728] R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\System32\drivers\OEM02Dev.sys [12/5/2007 12:30 AM 235520] R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\System32\drivers\OEM02Vfx.sys [12/5/2007 12:30 AM 7424] R3 uts_bus;UTStarcom USB Composite Device driver (WDM);c:\windows\System32\drivers\uts_bus.sys [1/11/2009 3:20 PM 84352] R3 uts_mdfl;UTStarcom USB Modem Filter;c:\windows\System32\drivers\uts_mdfl.sys [1/11/2009 3:20 PM 14976] R3 uts_mdm;UTStarcom USB Modem Drivers;c:\windows\System32\drivers\uts_mdm.sys [1/11/2009 3:20 PM 110848] R3 uts_serd;UTStarcom USB Diagnostic Serial Port (WDM);c:\windows\System32\drivers\uts_serd.sys [1/11/2009 3:20 PM 90880] S3 PTDMBus;PANTECH USB Modem Composite Device Driver ;c:\windows\System32\drivers\PTDMBus.sys [12/16/2007 4:53 PM 29952] S3 PTDMMdm;PANTECH USB Modem Drivers ;c:\windows\System32\drivers\PTDMMdm.sys [12/16/2007 4:53 PM 41856] S3 PTDMVsp;PANTECH USB Modem Serial Port ;c:\windows\System32\drivers\PTDMVsp.sys [12/16/2007 4:53 PM 39936] S3 PTDMWWAN;PANTECH USB Modem WWAN Driver;c:\windows\System32\drivers\PTDMWWAN.sys [12/16/2007 4:53 PM 59520] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr . Contents of the 'Scheduled Tasks' folder 2009-08-22 c:\windows\Tasks\User_Feed_Synchronization-{122B8E53-1B1D-420D-B578-E1738FB783E1}.job - c:\windows\system32\msfeedssync.exe [2008-07-20 07:33] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.aol.com/ mStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1071205 uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\users\Big John\AppData\Roaming\Mozilla\Firefox\Profiles\jyr0msj4.default\ FF - prefs.js: browser.startup.homepage - www.aol.com FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-22 15:40 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... c:\users\BIGJOH~1\AppData\Local\Temp\catchme.dll 53248 bytes executable scan completed successfully hidden files: 1 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Completion time: 2009-08-22 15:42 ComboFix-quarantined-files.txt 2009-08-22 20:42 ComboFix2.txt 2009-08-22 19:25 ComboFix3.txt 2009-08-21 18:54 Pre-Run: 81,207,779,328 bytes free Post-Run: 81,162,248,192 bytes free 263 --- E O F --- 2009-08-22 15:56
  3. GMER Scan GMER 1.0.15.15077 [gmer.exe] - http://www.gmer.net Rootkit scan 2009-08-21 17:05:24 Windows 6.0.6001 Service Pack 1 ---- System - GMER 1.0.15 ---- SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys ZwTerminateProcess [0xA946B0B0] ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!KeSetTimerEx + 854 822C0E18 4 Bytes [b0, B0, 46, A9] ? C:\Windows\system32\Drivers\PROCEXP90.SYS The system cannot find the file specified. ! ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[396] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[396] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[396] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[396] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[396] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[396] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[396] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[396] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[396] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[396] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[396] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[396] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[396] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[396] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[396] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[396] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[396] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[396] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[396] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[396] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[396] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[396] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[396] @ C:\Windows\system32\psapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1197693438\ee\aolsoftware.exe[3880] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1197693438\ee\aolsoftware.exe[3880] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1197693438\ee\aolsoftware.exe[3880] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1197693438\ee\aolsoftware.exe[3880] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1197693438\ee\aolsoftware.exe[3880] @ C:\Windows\system32\MSVCRT.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1197693438\ee\aolsoftware.exe[3880] @ C:\Windows\system32\MSVCRT.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1197693438\ee\aolsoftware.exe[3880] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1197693438\ee\aolsoftware.exe[3880] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1197693438\ee\aolsoftware.exe[3880] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1197693438\ee\aolsoftware.exe[3880] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1197693438\ee\aolsoftware.exe[3880] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1197693438\ee\aolsoftware.exe[3880] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1197693438\ee\aolsoftware.exe[3880] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1197693438\ee\aolsoftware.exe[3880] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\tdx \Device\Tcp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.) AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\tdx \Device\Udp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.) AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\tdx \Device\RawIp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\Software\Fonts@LogPixels 96 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings@ProxyEnable 0 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\Print Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\Print\Printers Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\Print\Printers\Dell Photo AIO Printer 924 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\Print\Printers\Dell Photo AIO Printer 924@PrinterOnLine 0 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\Print\Printers\Lexmark 3400 Series Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\Print\Printers\Lexmark 3400 Series@PrinterOnLine 1 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{18F8DB18-C8E7-4F41-9B2C-7B4B2068ABE8} Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{18F8DB18-C8E7-4F41-9B2C-7B4B2068ABE8}\0000 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{18F8DB18-C8E7-4F41-9B2C-7B4B2068ABE8}\0000@Attach.ToDesktop 1 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{3B67A626-0A41-4204-8106-DA2BC06974D7} Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{3B67A626-0A41-4204-8106-DA2BC06974D7}\0000 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{3B67A626-0A41-4204-8106-DA2BC06974D7}\0000@Attach.ToDesktop 1 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{3B67A626-0A41-4204-8106-DA2BC06974D7}\0000@DefaultSettings.BitsPerPel 16 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{3B67A626-0A41-4204-8106-DA2BC06974D7}\0000@DefaultSettings.XResolution 1440 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{3B67A626-0A41-4204-8106-DA2BC06974D7}\0000@DefaultSettings.YResolution 900 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{3B67A626-0A41-4204-8106-DA2BC06974D7}\0000@DefaultSettings.VRefresh 59 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{3B67A626-0A41-4204-8106-DA2BC06974D7}\0000@DefaultSettings.Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{3B67A626-0A41-4204-8106-DA2BC06974D7}\0000@DefaultSettings.XPanning 0 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{3B67A626-0A41-4204-8106-DA2BC06974D7}\0000@DefaultSettings.YPanning 0 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{3B67A626-0A41-4204-8106-DA2BC06974D7}\0000@DefaultSettings.Orientation 0 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{3B67A626-0A41-4204-8106-DA2BC06974D7}\0000@DefaultSettings.FixedOutput 0 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{3B67A626-0A41-4204-8106-DA2BC06974D7}\0000@Attach.RelativeX 0 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{3B67A626-0A41-4204-8106-DA2BC06974D7}\0000@Attach.RelativeY 0 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{3B67A626-0A41-4204-8106-DA2BC06974D7}\0000\Mon00000118 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{3B67A626-0A41-4204-8106-DA2BC06974D7}\0000\Mon00000118@Attach.ToDesktop 1 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{3B67A626-0A41-4204-8106-DA2BC06974D7}\0000\Mon00000118@DefaultSettings.BitsPerPel 16 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{3B67A626-0A41-4204-8106-DA2BC06974D7}\0000\Mon00000118@DefaultSettings.XResolution 1440 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{3B67A626-0A41-4204-8106-DA2BC06974D7}\0000\Mon00000118@DefaultSettings.YResolution 900 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{3B67A626-0A41-4204-8106-DA2BC06974D7}\0000\Mon00000118@DefaultSettings.VRefresh 59 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{3B67A626-0A41-4204-8106-DA2BC06974D7}\0000\Mon00000118@DefaultSettings.Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{3B67A626-0A41-4204-8106-DA2BC06974D7}\0000\Mon00000118@DefaultSettings.XPanning 0 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{3B67A626-0A41-4204-8106-DA2BC06974D7}\0000\Mon00000118@DefaultSettings.YPanning 0 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{3B67A626-0A41-4204-8106-DA2BC06974D7}\0000\Mon00000118@DefaultSettings.Orientation 0 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{3B67A626-0A41-4204-8106-DA2BC06974D7}\0000\Mon00000118@DefaultSettings.FixedOutput 0 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{3B67A626-0A41-4204-8106-DA2BC06974D7}\0000\Mon00000118@Attach.RelativeX 0 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{3B67A626-0A41-4204-8106-DA2BC06974D7}\0000\Mon00000118@Attach.RelativeY 0 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{3B67A626-0A41-4204-8106-DA2BC06974D7}\0001 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{3B67A626-0A41-4204-8106-DA2BC06974D7}\0001@Attach.ToDesktop 0 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{3B67A626-0A41-4204-8106-DA2BC06974D7}\0001@DefaultSettings.BitsPerPel 32 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{3B67A626-0A41-4204-8106-DA2BC06974D7}\0001@DefaultSettings.XResolution 800 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{3B67A626-0A41-4204-8106-DA2BC06974D7}\0001@DefaultSettings.YResolution 600 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{3B67A626-0A41-4204-8106-DA2BC06974D7}\0001@DefaultSettings.VRefresh 59 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{3B67A626-0A41-4204-8106-DA2BC06974D7}\0001@DefaultSettings.Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{3B67A626-0A41-4204-8106-DA2BC06974D7}\0001@DefaultSettings.XPanning 0 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{3B67A626-0A41-4204-8106-DA2BC06974D7}\0001@DefaultSettings.YPanning 0 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{3B67A626-0A41-4204-8106-DA2BC06974D7}\0001@DefaultSettings.Orientation 0 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{3B67A626-0A41-4204-8106-DA2BC06974D7}\0001@DefaultSettings.FixedOutput 0 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{672002E0-F24E-456D-A7AB-25E14EA5B82D} Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{672002E0-F24E-456D-A7AB-25E14EA5B82D}\0000 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{672002E0-F24E-456D-A7AB-25E14EA5B82D}\0000@Attach.ToDesktop 1 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{672002E0-F24E-456D-A7AB-25E14EA5B82D}\0000@DefaultSettings.BitsPerPel 8 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{672002E0-F24E-456D-A7AB-25E14EA5B82D}\0000@DefaultSettings.XResolution 1024 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{672002E0-F24E-456D-A7AB-25E14EA5B82D}\0000@DefaultSettings.YResolution 768 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{672002E0-F24E-456D-A7AB-25E14EA5B82D}\0000@DefaultSettings.VRefresh 1 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{672002E0-F24E-456D-A7AB-25E14EA5B82D}\0000@DefaultSettings.Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{672002E0-F24E-456D-A7AB-25E14EA5B82D}\0000@DefaultSettings.XPanning 0 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{672002E0-F24E-456D-A7AB-25E14EA5B82D}\0000@DefaultSettings.YPanning 0 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{672002E0-F24E-456D-A7AB-25E14EA5B82D}\0000@DefaultSettings.Orientation 0 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{672002E0-F24E-456D-A7AB-25E14EA5B82D}\0000@DefaultSettings.FixedOutput 0 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{672002E0-F24E-456D-A7AB-25E14EA5B82D}\0000@Attach.RelativeX 0 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{672002E0-F24E-456D-A7AB-25E14EA5B82D}\0000@Attach.RelativeY 0 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{672002E0-F24E-456D-A7AB-25E14EA5B82D}\0000\Mon12345678 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{672002E0-F24E-456D-A7AB-25E14EA5B82D}\0000\Mon12345678@Attach.ToDesktop 1 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{672002E0-F24E-456D-A7AB-25E14EA5B82D}\0000\Mon12345678@DefaultSettings.BitsPerPel 8 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{672002E0-F24E-456D-A7AB-25E14EA5B82D}\0000\Mon12345678@DefaultSettings.XResolution 1024 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{672002E0-F24E-456D-A7AB-25E14EA5B82D}\0000\Mon12345678@DefaultSettings.YResolution 768 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{672002E0-F24E-456D-A7AB-25E14EA5B82D}\0000\Mon12345678@DefaultSettings.VRefresh 1 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{672002E0-F24E-456D-A7AB-25E14EA5B82D}\0000\Mon12345678@DefaultSettings.Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{672002E0-F24E-456D-A7AB-25E14EA5B82D}\0000\Mon12345678@DefaultSettings.XPanning 0 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{672002E0-F24E-456D-A7AB-25E14EA5B82D}\0000\Mon12345678@DefaultSettings.YPanning 0 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{672002E0-F24E-456D-A7AB-25E14EA5B82D}\0000\Mon12345678@DefaultSettings.Orientation 0 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{672002E0-F24E-456D-A7AB-25E14EA5B82D}\0000\Mon12345678@DefaultSettings.FixedOutput 0 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{672002E0-F24E-456D-A7AB-25E14EA5B82D}\0000\Mon12345678@Attach.RelativeX 0 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{672002E0-F24E-456D-A7AB-25E14EA5B82D}\0000\Mon12345678@Attach.RelativeY 0 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\SERVICES Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\SERVICES\TSDDD Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\SERVICES\TSDDD\DEVICE0 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\SERVICES\TSDDD\DEVICE0@Attach.ToDesktop 1 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\SERVICES\VGASAVE Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\SERVICES\VGASAVE\DEVICE0 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\SERVICES\VGASAVE\DEVICE0@Attach.ToDesktop 1 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\SERVICES\VGASAVE\DEVICE0@DefaultSettings.BitsPerPel 32 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\SERVICES\VGASAVE\DEVICE0@DefaultSettings.XResolution 1440 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\SERVICES\VGASAVE\DEVICE0@DefaultSettings.YResolution 900 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\SERVICES\VGASAVE\DEVICE0@DefaultSettings.VRefresh 1 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\SERVICES\VGASAVE\DEVICE0@DefaultSettings.Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\SERVICES\VGASAVE\DEVICE0@DefaultSettings.XPanning 0 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\SERVICES\VGASAVE\DEVICE0@DefaultSettings.YPanning 0 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\SERVICES\VGASAVE\DEVICE0@DefaultSettings.Orientation 0 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\SERVICES\VGASAVE\DEVICE0@DefaultSettings.FixedOutput 0 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\SERVICES\VGASAVE\DEVICE0@Attach.RelativeX 0 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\SERVICES\VGASAVE\DEVICE0@Attach.RelativeY 0 Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\Software\Fonts@LogPixels 96 Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\Software\Microsoft\windows (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings@ProxyEnable 0 Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Control (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Control\Print (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Control\Print\Printers (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Control\Print\Printers\Dell Photo AIO Printer 924 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Control\Print\Printers\Dell Photo AIO Printer 924@PrinterOnLine 0 Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Control\Print\Printers\Lexmark 3400 Series (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Control\Print\Printers\Lexmark 3400 Series@PrinterOnLine 1 Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{18F8DB18-C8E7-4F41-9B2C-7B4B2068ABE8} (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{18F8DB18-C8E7-4F41-9B2C-7B4B2068ABE8}\0000 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{18F8DB18-C8E7-4F41-9B2C-7B4B2068ABE8}\0000@Attach.ToDesktop 1 Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{3B67A626-0A41-4204-8106-DA2BC06974D7} (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{3B67A626-0A41-4204-8106-DA2BC06974D7}\0000 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{3B67A626-0A41-4204-8106-DA2BC06974D7}\0000@Attach.ToDesktop 1 Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{3B67A626-0A41-4204-8106-DA2BC06974D7}\0000@DefaultSettings.BitsPerPel 16 Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{3B67A626-0A41-4204-8106-DA2BC06974D7}\0000@DefaultSettings.XResolution 1440 Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{3B67A626-0A41-4204-8106-DA2BC06974D7}\0000@DefaultSettings.YResolution 900 Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{3B67A626-0A41-4204-8106-DA2BC06974D7}\0000@DefaultSettings.VRefresh 59 Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{3B67A626-0A41-4204-8106-DA2BC06974D7}\0000@DefaultSettings.Flags 0 Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{3B67A626-0A41-4204-8106-DA2BC06974D7}\0000@DefaultSettings.XPanning 0 Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{3B67A626-0A41-4204-8106-DA2BC06974D7}\0000@DefaultSettings.YPanning 0 Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{3B67A626-0A41-4204-8106-DA2BC06974D7}\0000@DefaultSettings.Orientation 0 Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{3B67A626-0A41-4204-8106-DA2BC06974D7}\0000@DefaultSettings.FixedOutput 0 Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{3B67A626-0A41-4204-8106-DA2BC06974D7}\0000@Attach.RelativeX 0 Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{3B67A626-0A41-4204-8106-DA2BC06974D7}\0000@Attach.RelativeY 0 Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{3B67A626-0A41-4204-8106-DA2BC06974D7}\0000\Mon00000118 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{3B67A626-0A41-4204-8106-DA2BC06974D7}\0000\Mon00000118@Attach.ToDesktop 1 Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{3B67A626-0A41-4204-8106-DA2BC06974D7}\0000\Mon00000118@DefaultSettings.BitsPerPel 16 Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{3B67A626-0A41-4204-8106-DA2BC06974D7}\0000\Mon00000118@DefaultSettings.XResolution 1440 Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{3B67A626-0A41-4204-8106-DA2BC06974D7}\0000\Mon00000118@DefaultSettings.YResolution 900 Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{3B67A626-0A41-4204-8106-DA2BC06974D7}\0000\Mon00000118@DefaultSettings.VRefresh 59 Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{3B67A626-0A41-4204-8106-DA2BC06974D7}\0000\Mon00000118@DefaultSettings.Flags 0 Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{3B67A626-0A41-4204-8106-DA2BC06974D7}\0000\Mon00000118@DefaultSettings.XPanning 0 Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{3B67A626-0A41-4204-8106-DA2BC06974D7}\0000\Mon00000118@DefaultSettings.YPanning 0 Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{3B67A626-0A41-4204-8106-DA2BC06974D7}\0000\Mon00000118@DefaultSettings.Orientation 0 Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{3B67A626-0A41-4204-8106-DA2BC06974D7}\0000\Mon00000118@DefaultSettings.FixedOutput 0 Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{3B67A626-0A41-4204-8106-DA2BC06974D7}\0000\Mon00000118@Attach.RelativeX 0 Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{3B67A626-0A41-4204-8106-DA2BC06974D7}\0000\Mon00000118@Attach.RelativeY 0 Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{3B67A626-0A41-4204-8106-DA2BC06974D7}\0001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{3B67A626-0A41-4204-8106-DA2BC06974D7}\0001@Attach.ToDesktop 0 Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{3B67A626-0A41-4204-8106-DA2BC06974D7}\0001@DefaultSettings.BitsPerPel 32 Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{3B67A626-0A41-4204-8106-DA2BC06974D7}\0001@DefaultSettings.XResolution 800 Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{3B67A626-0A41-4204-8106-DA2BC06974D7}\0001@DefaultSettings.YResolution 600 Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{3B67A626-0A41-4204-8106-DA2BC06974D7}\0001@DefaultSettings.VRefresh 59 Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{3B67A626-0A41-4204-8106-DA2BC06974D7}\0001@DefaultSettings.Flags 0 Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{3B67A626-0A41-4204-8106-DA2BC06974D7}\0001@DefaultSettings.XPanning 0 Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{3B67A626-0A41-4204-8106-DA2BC06974D7}\0001@DefaultSettings.YPanning 0 Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{3B67A626-0A41-4204-8106-DA2BC06974D7}\0001@DefaultSettings.Orientation 0 Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{3B67A626-0A41-4204-8106-DA2BC06974D7}\0001@DefaultSettings.FixedOutput 0 Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{672002E0-F24E-456D-A7AB-25E14EA5B82D} (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{672002E0-F24E-456D-A7AB-25E14EA5B82D}\0000 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{672002E0-F24E-456D-A7AB-25E14EA5B82D}\0000@Attach.ToDesktop 1 Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{672002E0-F24E-456D-A7AB-25E14EA5B82D}\0000@DefaultSettings.BitsPerPel 8 Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{672002E0-F24E-456D-A7AB-25E14EA5B82D}\0000@DefaultSettings.XResolution 1024 Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{672002E0-F24E-456D-A7AB-25E14EA5B82D}\0000@DefaultSettings.YResolution 768 Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{672002E0-F24E-456D-A7AB-25E14EA5B82D}\0000@DefaultSettings.VRefresh 1 Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{672002E0-F24E-456D-A7AB-25E14EA5B82D}\0000@DefaultSettings.Flags 0 Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{672002E0-F24E-456D-A7AB-25E14EA5B82D}\0000@DefaultSettings.XPanning 0 Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{672002E0-F24E-456D-A7AB-25E14EA5B82D}\0000@DefaultSettings.YPanning 0 Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{672002E0-F24E-456D-A7AB-25E14EA5B82D}\0000@DefaultSettings.Orientation 0 Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{672002E0-F24E-456D-A7AB-25E14EA5B82D}\0000@DefaultSettings.FixedOutput 0 Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{672002E0-F24E-456D-A7AB-25E14EA5B82D}\0000@Attach.RelativeX 0 Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{672002E0-F24E-456D-A7AB-25E14EA5B82D}\0000@Attach.RelativeY 0 Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{672002E0-F24E-456D-A7AB-25E14EA5B82D}\0000\Mon12345678 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{672002E0-F24E-456D-A7AB-25E14EA5B82D}\0000\Mon12345678@Attach.ToDesktop 1 Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{672002E0-F24E-456D-A7AB-25E14EA5B82D}\0000\Mon12345678@DefaultSettings.BitsPerPel 8 Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{672002E0-F24E-456D-A7AB-25E14EA5B82D}\0000\Mon12345678@DefaultSettings.XResolution 1024 Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{672002E0-F24E-456D-A7AB-25E14EA5B82D}\0000\Mon12345678@DefaultSettings.YResolution 768 Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{672002E0-F24E-456D-A7AB-25E14EA5B82D}\0000\Mon12345678@DefaultSettings.VRefresh 1 Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{672002E0-F24E-456D-A7AB-25E14EA5B82D}\0000\Mon12345678@DefaultSettings.Flags 0 Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{672002E0-F24E-456D-A7AB-25E14EA5B82D}\0000\Mon12345678@DefaultSettings.XPanning 0 Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{672002E0-F24E-456D-A7AB-25E14EA5B82D}\0000\Mon12345678@DefaultSettings.YPanning 0 Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{672002E0-F24E-456D-A7AB-25E14EA5B82D}\0000\Mon12345678@DefaultSettings.Orientation 0 Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{672002E0-F24E-456D-A7AB-25E14EA5B82D}\0000\Mon12345678@DefaultSettings.FixedOutput 0 Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{672002E0-F24E-456D-A7AB-25E14EA5B82D}\0000\Mon12345678@Attach.RelativeX 0 Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{672002E0-F24E-456D-A7AB-25E14EA5B82D}\0000\Mon12345678@Attach.RelativeY 0 Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\SERVICES (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\SERVICES\TSDDD (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\SERVICES\TSDDD\DEVICE0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\SERVICES\TSDDD\DEVICE0@Attach.ToDesktop 1 Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\SERVICES\VGASAVE (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\SERVICES\VGASAVE\DEVICE0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\SERVICES\VGASAVE\DEVICE0@Attach.ToDesktop 1 Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\SERVICES\VGASAVE\DEVICE0@DefaultSettings.BitsPerPel 32 Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\SERVICES\VGASAVE\DEVICE0@DefaultSettings.XResolution 1440 Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\SERVICES\VGASAVE\DEVICE0@DefaultSettings.YResolution 900 Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\SERVICES\VGASAVE\DEVICE0@DefaultSettings.VRefresh 1 Reg HKLM\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\SERVICES\VGASAVE\DEVICE0@DefaultSettings.Flags 0 Reg HKLM\SYSTEM\ControlSet002
  4. And here is the info log info.txt logfile of random's system information tool 1.06 2009-08-21 16:36:03 ======Uninstall list====== -->MsiExec.exe /I{95D9B4D8-B091-4fab-80EA-313EB4B82FD6} -->MsiExec.exe /I{EB997E90-5EB0-4eb5-90D0-90B1D2F0CA03} -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x9 Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723} Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 9.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001} Advanced Audio FX Engine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9 /remove Advanced Video FX Engine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9 /remove AOL Uninstaller (Choose which Products to Remove)-->C:\Program Files\Common Files\AOL\uninstaller.exe Apple Mobile Device Support-->MsiExec.exe /I{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Ares 2.1.1-->"C:\Program Files\Ares\uninstall.exe" AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B} Broadcom Management Programs-->MsiExec.exe /I{C99C0593-3B48-41D9-B42F-6E035B320449} Browser Address Error Redirector-->MsiExec.exe /I{62230596-37E5-4618-A329-0D21F529A86F} CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" Conexant HDA D330 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\HXFSETUP.EXE -U -Idel000fz.inf Consumer Complete Care Services Agreement-->MsiExec.exe /X{E8C06CB3-5DB2-4689-B1DC-4A0220DEA96C} Dell Getting Started Guide-->MsiExec.exe /I{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045} Dell Photo AIO Printer 924-->C:\Program Files\Dell Photo AIO Printer 924\Install\x86\Uninst.exe Dell Touchpad-->C:\Program Files\DellTPad\Uninstap.exe ADDREMOVE Dell Webcam Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x9 /remove Dell Webcam Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x9 /remove Digital Line Detect-->C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly Draw & Paint Plus-->C:\Windows\unvise32.exe C:\Program Files\sz8007\uninstal.log HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" iTunes-->MsiExec.exe /I{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944} Java SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000} Live! Cam Avatar Creator-->C:\Program Files\InstallShield Installation Information\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}\setup.exe -runfromtemp -l0x0009 -removeonly /remove Live! Cam Avatar v1.0-->C:\Program Files\InstallShield Installation Information\{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}\setup.exe -runfromtemp -l0x0009 -removeonly /remove Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" MediaDirect-->C:\Program Files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\setup.exe -runfromtemp -l0x0009 -cluninstall Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B} Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE} Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE} Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9} Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE} Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE} Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE} Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Modem Diagnostic Tool-->MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B} Mozilla Firefox (3.0.13)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} Music, Photos & Videos Launcher-->MsiExec.exe /I{D7769185-9A7C-48D4-8874-5388743A1DE2} NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI OutlookAddinSetup-->MsiExec.exe /I{9BDEF074-020E-458D-ADC5-8FF68E0C9B56} PANTECH PC USB Modem Software-->C:\Program Files\PANTECH\PANTECH USB Modem\PTDMUninstall.exe PQ DVD to iPod Video Suite (remove only)-->"C:\Program Files\PQDVD\PQ DVD to iPod Video Suite\bt-uninst.exe" Product Documentation Launcher-->MsiExec.exe /I{89CEAE14-DD0F-448E-9554-15781EC9DB24} QualxServ Service Agreement-->MsiExec.exe /X{0F756CD9-4A1E-409B-B101-601DDC4C03AA} QuickLink Mobile-->C:\PROGRA~1\Cricket\QUICKL~1\UNWISE.EXE C:\PROGRA~1\Cricket\QUICKL~1\INSTALL.LOG QuickSet-->MsiExec.exe /I{0F95AA42-0FF6-4D48-9CA1-64C8D0777500} QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68} RTC Client API v1.2-->MsiExec.exe /X{44CDBD1B-89FB-4E02-8319-2A4C550F664A} Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08} Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73} Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780} Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D} Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C} Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050} Shockwave-->C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log Sonic Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0} Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe" SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} Trend Micro PC-cillin Internet Security-->C:\PROGRA~1\TRENDM~1\INTERN~1\remove.exe Trend Micro PC-cillin Internet Security-->MsiExec.exe /X{EA8C73AA-3D75-44C9-87A2-8E945FC5FEE6} Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D} Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42} Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9} Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245} Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876} Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C} Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726} User's Guides-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.exe" UTStarcom USB Modem Software-->C:\Program Files\UTStarcom\UTStarcom USB Modem Driver\UTS_Uninstall.exe Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u VZAccess Manager-->C:\PROGRA~1\VERIZO~1\VZACCE~1\UNWISE.EXE C:\PROGRA~1\VERIZO~1\VZACCE~1\INSTALL.LOG WeatherBug-->MsiExec.exe /X{70DECFBF-9119-4434-B2D3-A3C283D15E45} Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320} Windows Live Photo Gallery-->MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C} Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00} Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} =====HijackThis Backups===== O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing) [2009-08-21] O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-08-21] O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll [2009-08-21] O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing) [2009-08-21] O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll [2009-08-21] O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) [2009-08-21] O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe [2009-08-21] ======Hosts File====== 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com ======Security center information====== AV: AVG Anti-Virus Free AV: PC-cillin Internet Security - Virus Protection (disabled) (outdated) FW: PC-cillin Internet Security - Firewall (disabled) AS: PC-cillin Internet Security - Spyware Protection (disabled) (outdated) AS: AVG Anti-Virus Free (disabled) AS: Windows Defender (disabled) AS: SUPERAntiSpyware ======System event log====== Computer Name: BigJohn Event Code: 4374 Message: Windows Servicing identified that package KB958481(Update) is not applicable for this system Record Number: 160852 Source Name: Microsoft-Windows-Servicing Time Written: 20090821211802.000000-000 Event Type: Warning User: NT AUTHORITY\SYSTEM Computer Name: BigJohn Event Code: 4374 Message: Windows Servicing identified that package KB958481(Update) is not applicable for this system Record Number: 160853 Source Name: Microsoft-Windows-Servicing Time Written: 20090821211802.000000-000 Event Type: Warning User: NT AUTHORITY\SYSTEM Computer Name: BigJohn Event Code: 4374 Message: Windows Servicing identified that package KB958481(Update) is not applicable for this system Record Number: 160854 Source Name: Microsoft-Windows-Servicing Time Written: 20090821211802.000000-000 Event Type: Warning User: NT AUTHORITY\SYSTEM Computer Name: BigJohn Event Code: 4374 Message: Windows Servicing identified that package KB958481(Update) is not applicable for this system Record Number: 160855 Source Name: Microsoft-Windows-Servicing Time Written: 20090821211802.000000-000 Event Type: Warning User: NT AUTHORITY\SYSTEM Computer Name: BigJohn Event Code: 134 Message: NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9) Record Number: 160916 Source Name: Microsoft-Windows-Time-Service Time Written: 20090821212302.000000-000 Event Type: Warning User: =====Application event log===== Computer Name: BigJohn Event Code: 11 Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Record Number: 32937 Source Name: Microsoft-Windows-CAPI2 Time Written: 20090809170505.000000-000 Event Type: Error User: Computer Name: BigJohn Event Code: 11 Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Record Number: 32938 Source Name: Microsoft-Windows-CAPI2 Time Written: 20090809170505.000000-000 Event Type: Error User: Computer Name: BigJohn Event Code: 11 Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Record Number: 32939 Source Name: Microsoft-Windows-CAPI2 Time Written: 20090809170506.000000-000 Event Type: Error User: Computer Name: BigJohn Event Code: 20227 Message: CoId={705E2CF0-58D6-4D6B-B360-5659C6C28BC6}: The user BIGJOHN\Big John dialed a connection named Cricket Wireless which has failed. The error code returned on failure is 0. Record Number: 33007 Source Name: RasClient Time Written: 20090821204103.000000-000 Event Type: Error User: Computer Name: BigJohn Event Code: 11905 Message: Product: Ask Toolbar -- Error 1905.Module C:\Program Files\Ask.com\GenericAskToolbar.dll failed to unregister. HRESULT -2147220472. Contact your support personnel. Record Number: 33037 Source Name: MsiInstaller Time Written: 20090821211937.000000-000 Event Type: Error User: BIGJOHN\Big John =====Security event log===== Computer Name: BigJohn Event Code: 5038 Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error. File Name: \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys Record Number: 51399 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090821213558.238000-000 Event Type: Audit Failure User: Computer Name: BigJohn Event Code: 5038 Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error. File Name: \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys Record Number: 51400 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090821213558.277000-000 Event Type: Audit Failure User: Computer Name: BigJohn Event Code: 5038 Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error. File Name: \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys Record Number: 51401 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090821213558.314000-000 Event Type: Audit Failure User: Computer Name: BigJohn Event Code: 5038 Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error. File Name: \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys Record Number: 51402 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090821213558.352000-000 Event Type: Audit Failure User: Computer Name: BigJohn Event Code: 5038 Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error. File Name: \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys Record Number: 51403 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090821213558.388000-000 Event Type: Audit Failure User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared;C:\Program Files\QuickTime\QTSystem "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel "PROCESSOR_REVISION"=0f0d "NUMBER_OF_PROCESSORS"=2 "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip -----------------EOF-----------------
  5. Here is the log Logfile of random's system information tool 1.06 (written by random/random) Run by Big John at 2009-08-21 16:35:45 Microsoft® Windows Vista™ Home Premium Service Pack 1 System drive C: has 75 GB (54%) free of 140 GB Total RAM: 2045 MB (46% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:36:00 PM, on 8/21/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18294) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe C:\Program Files\Dell\MediaDirect\PCMService.exe C:\Windows\OEM02Mon.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Windows\System32\rundll32.exe C:\Program Files\Common Files\AOL\1197693438\ee\aolsoftware.exe C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\DellTPad\Apoint.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Cricket\QuickLink Mobile\QuickLink Mobile.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files\DellTPad\Apntex.exe C:\Program Files\DellTPad\HidFind.exe C:\Windows\system32\taskeng.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\wuauclt.exe C:\Users\Big John\Desktop\RSIT.exe C:\Program Files\Trend Micro\HijackThis\Big John.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll O4 - HKLM\..\Run: [Windows Mobile-based device management] %WINDIR%\WindowsMobile\wmdcBase.exe O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe" O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe" O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{6380F08B-5FD9-4AA4-BD22-84DF29A160F5}: NameServer = 172.28.221.53 172.28.221.54 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: dlcc_device - - C:\Windows\system32\dlcccoms.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 6635 bytes ======Scheduled tasks folder====== C:\Windows\tasks\User_Feed_Synchronization-{122B8E53-1B1D-420D-B578-E1738FB783E1}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - c:\Program Files\Java\jre1.6.0\bin\ssv.dll [2007-12-04 501384] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}] CBrowserHelperObject Object - C:\Program Files\Dell\BAE\BAE.dll [2006-11-09 98304] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdcBase.exe [2007-05-31 648072] "Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [] "SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [2007-09-27 405504] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696] "PCMService"=C:\Program Files\Dell\MediaDirect\PCMService.exe [2007-04-16 184320] "OEM02Mon.exe"=C:\Windows\OEM02Mon.exe [2007-08-29 36864] "NvSvc"=C:\Windows\system32\nvsvc.dll [2007-09-25 86016] "NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-09-25 81920] "NVHotkey"=C:\Windows\system32\nvHotkey.dll [2007-09-25 81920] "NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-09-25 8478720] "dlccmon.exe"=C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe [2007-01-30 431600] "Apoint"=C:\Program Files\DellTPad\Apoint.exe [2007-09-24 159744] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-08-05 1830128] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares] C:\Program Files\Ares\Ares.exe [2009-01-27 983040] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-02-01 1601304] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe [2007-07-27 118784] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLCCCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16 [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe] C:\Windows\ehome\ehTray.exe [2008-01-19 125952] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] C:\Program Files\Common Files\AOL\1197693438\ee\AOLSoftware.exe [2006-09-25 50736] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-10-03 81920] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -quiet [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pccguide.exe] C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe [2007-08-27 1807696] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather] C:\Program Files\AWS\WeatherBug\Weather.exe [2007-08-29 1347584] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe C:\Users\Big John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= [] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======List of files/folders created in the last 1 months====== 2009-08-21 16:35:45 ----D---- C:\rsit 2009-08-21 15:45:02 ----D---- C:\ProgramData\SUPERAntiSpyware.com 2009-08-21 15:44:51 ----D---- C:\Users\Big John\AppData\Roaming\SUPERAntiSpyware.com 2009-08-21 15:44:51 ----D---- C:\Program Files\SUPERAntiSpyware 2009-08-21 13:54:43 ----D---- C:\Windows\temp 2009-08-21 13:54:42 ----A---- C:\ComboFix.txt 2009-08-21 13:53:49 ----SHD---- C:\$RECYCLE.BIN 2009-08-21 13:32:17 ----D---- C:\Program Files\Common Files\Wise Installation Wizard 2009-08-21 13:07:28 ----D---- C:\Users\Big John\AppData\Roaming\Malwarebytes 2009-08-21 12:04:35 ----A---- C:\Windows\ntbtlog.txt 2009-08-21 09:12:52 ----D---- C:\Program Files\Cricket 2009-08-18 14:50:50 ----D---- C:\[Transporter_3] 2009-08-04 12:11:22 ----D---- C:\Program Files\iPod 2009-08-04 12:11:21 ----D---- C:\Program Files\iTunes 2009-08-04 11:34:58 ----A---- C:\Windows\system32\mshtml.dll 2009-08-04 11:34:57 ----A---- C:\Windows\system32\occache.dll 2009-08-04 11:34:56 ----A---- C:\Windows\system32\ieframe.dll 2009-08-04 11:34:55 ----A---- C:\Windows\system32\urlmon.dll 2009-08-04 11:34:54 ----A---- C:\Windows\system32\wininet.dll 2009-08-04 11:34:54 ----A---- C:\Windows\system32\msfeeds.dll 2009-08-04 11:34:54 ----A---- C:\Windows\system32\ieUnatt.exe 2009-08-04 11:34:54 ----A---- C:\Windows\system32\iertutil.dll 2009-08-04 11:34:54 ----A---- C:\Windows\system32\iedkcs32.dll 2009-08-04 11:34:54 ----A---- C:\Windows\system32\ieaksie.dll 2009-08-04 11:34:53 ----A---- C:\Windows\system32\mstime.dll 2009-08-04 11:34:53 ----A---- C:\Windows\system32\jsproxy.dll 2009-08-04 11:34:53 ----A---- C:\Windows\system32\ieencode.dll ======List of files/folders modified in the last 1 months====== 2009-08-21 16:35:56 ----D---- C:\Windows\Prefetch 2009-08-21 16:22:31 ----HD---- C:\$AVG8.VAULT$ 2009-08-21 16:19:59 ----D---- C:\Windows 2009-08-21 16:19:54 ----D---- C:\Windows\system32\en-US 2009-08-21 16:19:54 ----D---- C:\Windows\System32 2009-08-21 16:19:37 ----SHD---- C:\Windows\Installer 2009-08-21 16:19:01 ----SHD---- C:\System Volume Information 2009-08-21 16:18:17 ----D---- C:\Windows\ERDNT 2009-08-21 16:18:01 ----D---- C:\Windows\system32\drivers 2009-08-21 16:04:53 ----D---- C:\Windows\tracing 2009-08-21 15:52:16 ----D---- C:\Windows\system32\catroot 2009-08-21 15:52:15 ----D---- C:\Windows\system32\catroot2 2009-08-21 15:52:10 ----D---- C:\Windows\winsxs 2009-08-21 15:48:49 ----D---- C:\Program Files\Trend Micro 2009-08-21 15:45:02 ----HD---- C:\ProgramData 2009-08-21 15:44:51 ----RD---- C:\Program Files 2009-08-21 15:43:12 ----D---- C:\Windows\inf 2009-08-21 15:43:12 ----A---- C:\Windows\system32\PerfStringBackup.INI 2009-08-21 15:39:46 ----D---- C:\Program Files\Dl_cats 2009-08-21 15:36:28 ----D---- C:\Windows\pss 2009-08-21 14:00:37 ----D---- C:\ProgramData\Yahoo! 2009-08-21 14:00:36 ----D---- C:\Program Files\Yahoo! 2009-08-21 13:52:49 ----A---- C:\Windows\system.ini 2009-08-21 13:51:06 ----D---- C:\Windows\AppPatch 2009-08-21 13:51:05 ----D---- C:\Program Files\Common Files 2009-08-21 13:07:31 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-08-21 12:41:55 ----D---- C:\Program Files\Mozilla Firefox 2009-08-21 11:59:12 ----D---- C:\ProgramData\Spybot - Search & Destroy 2009-08-21 11:59:10 ----D---- C:\Windows\Debug 2009-08-21 09:09:14 ----D---- C:\Program Files\MySpace 2009-08-09 12:05:10 ----D---- C:\Windows\Microsoft.NET 2009-08-09 12:05:08 ----RSD---- C:\Windows\assembly 2009-08-09 09:06:34 ----D---- C:\Windows\system32\XPSViewer 2009-08-09 09:06:33 ----D---- C:\Windows\system32\wbem 2009-08-09 09:06:21 ----D---- C:\Windows\system32\migration 2009-08-09 09:06:21 ----D---- C:\Windows\PolicyDefinitions 2009-08-09 09:06:21 ----D---- C:\Program Files\Internet Explorer 2009-08-07 22:31:07 ----D---- C:\ProgramData\Microsoft Help 2009-08-07 22:29:49 ----RSD---- C:\Windows\Fonts 2009-08-07 22:29:41 ----D---- C:\Program Files\Common Files\microsoft shared 2009-08-07 22:29:35 ----D---- C:\Program Files\Microsoft Works 2009-08-04 12:11:21 ----D---- C:\Program Files\Common Files\Apple ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2009-02-01 325128] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2009-02-01 27656] R1 AvgTdiX;AVG8 Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2009-02-01 107272] R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2009-08-05 9968] R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2009-08-05 74480] R1 tmtdi;Trend Micro TDI Driver; C:\Windows\system32\DRIVERS\tmtdi.sys [2007-08-27 73288] R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672] R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2006-11-27 32256] R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2006-11-27 43520] R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2006-11-27 37376] R2 tmpreflt;tmpreflt; C:\Windows\system32\DRIVERS\tmpreflt.sys [2008-11-26 36368] R2 tmxpflt;tmxpflt; C:\Windows\system32\drivers\TmXPFlt.sys [2008-11-26 205328] R2 vsapint;vsapint; C:\Windows\system32\DRIVERS\vsapint.sys [2008-11-26 1195384] R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 8192] R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\Windows\system32\DRIVERS\Apfiltr.sys [2007-09-24 155136] R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-10-16 1044472] R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\Windows\system32\DRIVERS\bcm4sbxp.sys [2006-11-21 45568] R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400] R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-11-02 986624] R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-11-02 206848] R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-09-25 7617600] R3 OEM02Dev;Creative Camera OEM002 Driver; C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-08-29 235520] R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver; C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-08-29 7424] R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2009-08-05 7408] R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-19 88576] R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2007-09-27 330240] R3 tmcfw;Trend Micro Common Firewall Service; C:\Windows\system32\DRIVERS\TM_CFW.sys [2007-08-27 280392] R3 uts_bus;UTStarcom USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\uts_bus.sys [2007-12-05 84352] R3 uts_mdfl;UTStarcom USB Modem Filter; C:\Windows\system32\DRIVERS\uts_mdfl.sys [2007-12-05 14976] R3 uts_mdm;UTStarcom USB Modem Drivers; C:\Windows\system32\DRIVERS\uts_mdm.sys [2007-12-05 110848] R3 uts_serd;UTStarcom USB Diagnostic Serial Port (WDM); C:\Windows\system32\DRIVERS\uts_serd.sys [2007-12-05 90880] R3 wanatw;WAN Miniport (ATW); C:\Windows\system32\DRIVERS\wanatw4.sys [2006-11-01 33588] R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-11-02 659968] R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264] S3 catchme;catchme; \??\C:\Users\BIGJOH~1\AppData\Local\Temp\catchme.sys [] S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632] S3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2006-11-02 200704] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192] S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888] S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016] S3 PTDMBus;PANTECH USB Modem Composite Device Driver ; C:\Windows\system32\DRIVERS\PTDMBus.sys [2007-08-17 29952] S3 PTDMMdm;PANTECH USB Modem Drivers ; C:\Windows\system32\DRIVERS\PTDMMdm.sys [2007-08-17 41856] S3 PTDMVsp;PANTECH USB Modem Serial Port ; C:\Windows\system32\DRIVERS\PTDMVsp.sys [2007-08-17 39936] S3 PTDMWWAN;PANTECH USB Modem WWAN Driver; C:\Windows\system32\DRIVERS\PTDMWWAN.sys [2007-08-17 59520] S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032] S3 usb_rndisx;USB RNDIS Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2008-01-19 15872] S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-06-05 39424] S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AESTFilters;Andrea ST Filters Service; C:\Windows\system32\aestsrv.exe [2007-09-27 73728] R2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2006-10-23 46640] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712] R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-02-01 903960] R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-02-01 298264] R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504] R2 dlcc_device;dlcc_device; C:\Windows\system32\dlcccoms.exe [2007-01-30 538096] R2 PcCtlCom;Trend Micro Central Control Component; C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe [2007-08-27 1471840] R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-19 21504] R2 STacSV;SigmaTel Audio Service; C:\Windows\system32\STacSV.exe [2007-09-27 102400] R2 Tmntsrv;Trend Micro Real-time Service; C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe [2007-08-27 345432] R2 TmPfw;Trend Micro Personal Firewall; C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe [2007-08-27 923216] R2 tmproxy;Trend Micro Proxy Service; C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe [2007-08-27 566872] R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-19 21504] R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-08-04 386560] R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240] S4 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [] -----------------EOF-----------------
  6. Hi my husband's laptop is running extremely slow. Here is a hijackthis log. Please someone help! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:49:16 PM, on 8/21/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18294) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe C:\Program Files\Dell\MediaDirect\PCMService.exe C:\Windows\OEM02Mon.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Windows\System32\rundll32.exe C:\Program Files\Common Files\AOL\1197693438\ee\aolsoftware.exe C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\DellTPad\Apoint.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Cricket\QuickLink Mobile\QuickLink Mobile.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files\DellTPad\Apntex.exe C:\Program Files\DellTPad\HidFind.exe C:\Windows\system32\taskeng.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\wuauclt.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing) O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing) O4 - HKLM\..\Run: [Windows Mobile-based device management] %WINDIR%\WindowsMobile\wmdcBase.exe O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe" O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe" O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{6380F08B-5FD9-4AA4-BD22-84DF29A160F5}: NameServer = 172.28.221.53 172.28.221.54 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: dlcc_device - - C:\Windows\system32\dlcccoms.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 7124 bytes
  7. You can close this one too...you saved me $180 because I was going to take this one and have it cleaned. Thanks Juliet you're a doll....Jennifer
  8. I believe you can close it now. Like I said earlier it's running a lot better now! I only did a very good job because I had a great teacher!
  9. Okay I did all you suggested but the Teatime box wasn't checked so I was unable to do that. Thank you for everything.
  10. HJT Log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:53:13 PM, on 4/14/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\hkcmd.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Ares\Ares.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Nikon\NkView5\NkvMon.exe C:\WINDOWS\system32\dlcccoms.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/da/PCPitStop.CAB O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tr...Transporter.cab? O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/bejewele...ploader_v10.cab O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- End of file - 7397 bytes Phew! I think that's all. Let me know if there is anything else I need to do. Thanks-Jennifer
  11. WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons Kaspersky Monday, April 14, 2008 8:40:10 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 15/04/2008 Kaspersky Anti-Virus database records: 705072 Scan Settings Scan using the following antivirus database extended Scan Archives true Scan Mail Bases true Scan Target My Computer C:\ D:\ E:\ Scan Statistics Total number of scanned objects 45791 Number of viruses found 4 Number of infected objects 10 Number of suspicious objects 0 Duration of the scan process 00:26:04 Infected Object Name Virus Name Last Action C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\J\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped C:\Documents and Settings\J\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt_GTActions.log Object is locked skipped C:\Documents and Settings\J\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\gdql_d_DSAgnt.log Object is locked skipped C:\Documents and Settings\J\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\glog.log Object is locked skipped C:\Documents and Settings\J\Cookies\index.dat Object is locked skipped C:\Documents and Settings\J\Local Settings\Application Data\ApplicationHistory\TransferAgent.exe.91f03f4d.ini.inuse Object is locked skipped C:\Documents and Settings\J\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\J\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\J\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\J\Local Settings\Temp\~DFF6F0.tmp Object is locked skipped C:\Documents and Settings\J\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\J\NTUSER.DAT Object is locked skipped C:\Documents and Settings\J\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Program Files\Common Files\DriveCleaner Freeware\dcsm.exe Infected: not-a-virus:Downloader.Win32.WinFixer.ah skipped C:\Program Files\Trend Micro\HijackThis\backups\backup-20080413-202356-461-source.html Infected: Trojan-Clicker.HTML.IFrame.dn skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP248\A0063828.dll Infected: Packed.Win32.Monder.gen skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP248\A0063845.dll Infected: Packed.Win32.Monder.gen skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP253\A0064226.dll Infected: Trojan.Win32.KillAV.rf skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP253\A0064227.dll Infected: Trojan.Win32.KillAV.rf skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP253\A0064228.dll Infected: Trojan.Win32.KillAV.rf skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP253\A0064229.dll Infected: Trojan.Win32.KillAV.rf skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP253\A0064230.dll Infected: Trojan.Win32.KillAV.rf skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP253\A0064231.dll Infected: Trojan.Win32.KillAV.rf skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP256\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\DEFAULT Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SYSTEM Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped D:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP256\change.log Object is locked skipped Scan process completed.
  12. ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ares"="C:\Program Files\Ares\Ares.exe" [2007-07-16 16:54 961536] "DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784] "Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 19:23 102400] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208] "DellTransferAgent"="C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [2007-11-13 16:46 135168] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 16:16 1121792] "RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2005-06-09 09:51 1695744] "dlccmon.exe"="C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-10-21 02:40 430080] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-08 08:38 98304] "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 05:20 122940] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44 81920] "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44 249856] "DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-11-01 03:12 94208] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 20:50 114688] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 20:46 77824] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 20:49 94208] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-13 21:45 579072] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [ ] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-13 21:45 219136] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 05:44:06 29696] Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-08-08 08:35:42 24576] NkvMon.exe.lnk - C:\Program Files\Nikon\NkView5\NkvMon.exe [2006-08-19 18:33:22 233472] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Ares\\Ares.exe"= "C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"= S3 BRGSp50;BRGSp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\BRGSp50.sys [2005-06-08 18:44] S3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\system32\PavSRK.sys [] S3 PavTPK.sys;PavTPK.sys;C:\WINDOWS\system32\PavTPK.sys [] S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-10-28 11:38] . ************************************************************************** catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-14 19:48:49 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-04-14 19:49:22 ComboFix-quarantined-files.txt 2008-04-15 00:49:14 ComboFix2.txt 2008-04-14 04:33:14 Pre-Run: 105,693,175,808 bytes free Post-Run: 105,681,141,760 bytes free . 2007-09-12 19:14:52 --- E O F ---
  13. CF_RC.txt ComboFix.txt Kaspersky log New HJT taken after the above scans have run It's doing better. A lot quicker now and no more popups. CF_RC.txt ComboFix 08-04-13.2 - J 2008-04-14 19:47:24.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.644 [GMT -5:00] Running from: C:\Documents and Settings\J\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\J\Desktop\CFScript.txt * Created a new restore point FILE :: C:\WINDOWS\BM27170dbb.xml C:\WINDOWS\system32\alwgcuds.dll C:\WINDOWS\system32\kkgrpovj.dll C:\WINDOWS\system32\lxlqbppl.dll C:\WINDOWS\system32\oscihtly.dll C:\WINDOWS\system32\rpfcakny.dll C:\WINDOWS\system32\syirdbdg.dll C:\WINDOWS\system32\uhbkragl.dll C:\WINDOWS\system32\uhbkragl.dll_old . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\DOCUME~1\J\MYDOCU~1\NEWFOL~1\SDFix C:\DOCUME~1\J\MYDOCU~1\NEWFOL~1\SDFix\apps\assosfix.reg C:\DOCUME~1\J\MYDOCU~1\NEWFOL~1\SDFix\apps\cliptext.exe C:\DOCUME~1\J\MYDOCU~1\NEWFOL~1\SDFix\apps\download.exe C:\DOCUME~1\J\MYDOCU~1\NEWFOL~1\SDFix\apps\dummy.sys C:\DOCUME~1\J\MYDOCU~1\NEWFOL~1\SDFix\apps\Enable_Command_Prompt.reg C:\DOCUME~1\J\MYDOCU~1\NEWFOL~1\SDFix\apps\ERDNT.E_E C:\DOCUME~1\J\MYDOCU~1\NEWFOL~1\SDFix\apps\ERDNTDOS.LOC C:\DOCUME~1\J\MYDOCU~1\NEWFOL~1\SDFix\apps\ERDNTWIN.LOC C:\DOCUME~1\J\MYDOCU~1\NEWFOL~1\SDFix\apps\ERUNT.EXE C:\DOCUME~1\J\MYDOCU~1\NEWFOL~1\SDFix\apps\ERUNT.LOC C:\DOCUME~1\J\MYDOCU~1\NEWFOL~1\SDFix\apps\fix.reg C:\DOCUME~1\J\MYDOCU~1\NEWFOL~1\SDFix\apps\FixBH.reg C:\DOCUME~1\J\MYDOCU~1\NEWFOL~1\SDFix\apps\FixComponents.reg C:\DOCUME~1\J\MYDOCU~1\NEWFOL~1\SDFix\apps\FIXCU.reg C:\DOCUME~1\J\MYDOCU~1\NEWFOL~1\SDFix\apps\FIXLM.reg C:\DOCUME~1\J\MYDOCU~1\NEWFOL~1\SDFix\apps\FixPath.exe C:\DOCUME~1\J\MYDOCU~1\NEWFOL~1\SDFix\apps\FixRedir.reg C:\DOCUME~1\J\MYDOCU~1\NEWFOL~1\SDFix\apps\FixSchedule.reg C:\DOCUME~1\J\MYDOCU~1\NEWFOL~1\SDFix\apps\FixWebCheck.reg C:\DOCUME~1\J\MYDOCU~1\NEWFOL~1\SDFix\apps\fixXP.reg C:\DOCUME~1\J\MYDOCU~1\NEWFOL~1\SDFix\apps\FixXPsp2.reg C:\DOCUME~1\J\MYDOCU~1\NEWFOL~1\SDFix\apps\grep.exe C:\DOCUME~1\J\MYDOCU~1\NEWFOL~1\SDFix\apps\HPFix.reg C:\DOCUME~1\J\MYDOCU~1\NEWFOL~1\SDFix\apps\HPFix2.reg C:\DOCUME~1\J\MYDOCU~1\NEWFOL~1\SDFix\apps\HPFix3.reg C:\DOCUME~1\J\MYDOCU~1\NEWFOL~1\SDFix\apps\HPFix4.reg C:\DOCUME~1\J\MYDOCU~1\NEWFOL~1\SDFix\apps\HPFix5.reg C:\DOCUME~1\J\MYDOCU~1\NEWFOL~1\SDFix\apps\HPFix6.reg C:\DOCUME~1\J\MYDOCU~1\NEWFOL~1\SDFix\apps\HPFix7.reg C:\DOCUME~1\J\MYDOCU~1\NEWFOL~1\SDFix\apps\isadmin.exe C:\DOCUME~1\J\MYDOCU~1\NEWFOL~1\SDFix\apps\leg2.txt C:\DOCUME~1\J\MYDOCU~1\NEWFOL~1\SDFix\apps\legacy.txt C:\DOCUME~1\J\MYDOCU~1\NEWFOL~1\SDFix\apps\legacybk.txt C:\DOCUME~1\J\MYDOCU~1\NEWFOL~1\SDFix\apps\locate.com C:\DOCUME~1\J\MYDOCU~1\NEWFOL~1\SDFix\apps\LS.exe C:\DOCUME~1\J\MYDOCU~1\NEWFOL~1\SDFix\apps\MD5File.exe C:\DOCUME~1\J\MYDOCU~1\NEWFOL~1\SDFix\apps\MyGcpvFix.reg C:\DOCUME~1\J\MYDOCU~1\NEWFOL~1\SDFix\apps\MyGkFix2.reg C:\DOCUME~1\J\MYDOCU~1\NEWFOL~1\SDFix\apps\Process.exe C:\DOCUME~1\J\MYDOCU~1\NEWFOL~1\SDFix\apps\procs.exe C:\DOCUME~1\J\MYDOCU~1\NEWFOL~1\SDFix\apps\psservice.exe C:\DOCUME~1\J\MYDOCU~1\NEWFOL~1\SDFix\apps\Rem.txt C:\DOCUME~1\J\MYDOCU~1\NEWFOL~1\SDFix\apps\Rem2.txt C:\DOCUME~1\J\MYDOCU~1\NEWFOL~1\SDFix\apps\Replace\regedit.exe C:\DOCUME~1\J\MYDOCU~1\NEWFOL~1\SDFix\apps\Replace\W2K.exe C:\DOCUME~1\J\MYDOCU~1\NEWFOL~1\SDFix\apps\Replace\w2k\beep.sys C:\DOCUME~1\J\MYDOCU~1\NEWFOL~1\SDFix\apps\Replace\w2k\null.sys C:\DOCUME~1\J\MYDOCU~1\NEWFOL~1\SDFix\apps\Replace\XP.exe C:\DOCUME~1\J\MYDOCU~1\NEWFOL~1\SDFix\apps\Replace\xp\beep.sys C:\DOCUME~1\J\MYDOCU~1\NEWFOL~1\SDFix\apps\Replace\xp\null.sys C:\DOCUME~1\J\MYDOCU~1\NEWFOL~1\SDFix\apps\Reset_AppInit_DLLs.reg C:\DOCUME~1\J\MYDOCU~1\NEWFOL~1\SDFix\apps\RestartIt!.exe C:\DOCUME~1\J\MYDOCU~1\NEWFOL~1\SDFix\apps\Restore_SecurityCenter.reg C:\DOCUME~1\J\MYDOCU~1\NEWFOL~1\SDFix\apps\Restore_SharedAccess.reg C:\DOCUME~1\J\MYDOCU~1\NEWFOL~1\SDFix\apps\sc.exe C:\DOCUME~1\J\MYDOCU~1\NEWFOL~1\SDFix\apps\sed.exe C:\DOCUME~1\J\MYDOCU~1\NEWFOL~1\SDFix\apps\SF.exe C:\DOCUME~1\J\MYDOCU~1\NEWFOL~1\SDFix\apps\shutdown.exe C:\DOCUME~1\J\MYDOCU~1\NEWFOL~1\SDFix\apps\srv2.txt C:\DOCUME~1\J\MYDOCU~1\NEWFOL~1\SDFix\apps\srv2bk.txt C:\DOCUME~1\J\MYDOCU~1\NEWFOL~1\SDFix\apps\svc.txt C:\DOCUME~1\J\MYDOCU~1\NEWFOL~1\SDFix\apps\svcbk.txt C:\DOCUME~1\J\MYDOCU~1\NEWFOL~1\SDFix\apps\swreg.exe C:\DOCUME~1\J\MYDOCU~1\NEWFOL~1\SDFix\apps\swsc.exe C:\DOCUME~1\J\MYDOCU~1\NEWFOL~1\SDFix\apps\unzip.exe C:\DOCUME~1\J\MYDOCU~1\NEWFOL~1\SDFix\apps\vfind.exe C:\DOCUME~1\J\MYDOCU~1\NEWFOL~1\SDFix\apps\WINMSG.EXE C:\DOCUME~1\J\MYDOCU~1\NEWFOL~1\SDFix\apps\winsec.reg C:\DOCUME~1\J\MYDOCU~1\NEWFOL~1\SDFix\apps\zip.exe C:\DOCUME~1\J\MYDOCU~1\NEWFOL~1\SDFix\backups\backupreg.zip C:\DOCUME~1\J\MYDOCU~1\NEWFOL~1\SDFix\backups\backups.zip C:\DOCUME~1\J\MYDOCU~1\NEWFOL~1\SDFix\backups\catchme.log C:\DOCUME~1\J\MYDOCU~1\NEWFOL~1\SDFix\backups\HOSTS C:\DOCUME~1\J\MYDOCU~1\NEWFOL~1\SDFix\catchme.exe C:\DOCUME~1\J\MYDOCU~1\NEWFOL~1\SDFix\dummy.sys C:\DOCUME~1\J\MYDOCU~1\NEWFOL~1\SDFix\Report.txt C:\DOCUME~1\J\MYDOCU~1\NEWFOL~1\SDFix\RunThis.bat C:\DOCUME~1\J\MYDOCU~1\NEWFOL~1\SDFix\SDFIX_ReadMe_Online.url C:\Documents and Settings\J\err.log C:\Documents and Settings\Jennifer\err.log C:\Program Files\AWS C:\WINDOWS\BM27170dbb.xml C:\WINDOWS\system32\uhbkragl.dll_old . ((((((((((((((((((((((((( Files Created from 2008-03-15 to 2008-04-15 ))))))))))))))))))))))))))))))) . 2008-04-14 16:28 . 2008-04-14 16:28 1,160 --a------ C:\WINDOWS\mozver.dat 2008-04-14 01:42 . 2008-04-14 01:42 <DIR> d-------- C:\WINDOWS\ERUNT 2008-04-13 23:58 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-04-13 23:37 . 2008-04-12 19:17 <DIR> d-------- C:\SDFix 2008-04-13 22:22 . 2008-04-13 22:22 <DIR> d-------- C:\Documents and Settings\J\Application Data\Malwarebytes 2008-04-13 22:21 . 2008-04-13 22:21 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-04-13 22:21 . 2008-04-13 22:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-04-13 21:45 . 2008-04-13 21:45 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7 2008-04-13 21:45 . 2008-04-14 13:33 <DIR> d-------- C:\Documents and Settings\J\Application Data\AVG7 2008-04-13 21:45 . 2008-04-13 21:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-04-13 21:45 . 2008-04-14 13:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7 2008-04-13 20:59 . 2008-04-13 21:34 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-04-13 20:59 . 2008-04-13 21:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-04-13 20:20 . 2008-04-13 20:20 <DIR> d-------- C:\Program Files\Trend Micro 2008-04-13 20:10 . 2008-04-13 20:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Dell 2008-04-13 20:09 . 2008-04-13 20:09 <DIR> d-------- C:\Program Files\Abexo 2008-04-13 19:40 . 2006-08-08 08:40 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec 2008-04-13 19:40 . 2008-04-13 21:45 <DIR> d-------- C:\Documents and Settings\Administrator . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-14 04:58 --------- d-----w C:\Program Files\Java 2008-04-14 04:28 --------- d-----w C:\Program Files\Google 2008-04-14 02:50 --------- d-----w C:\Program Files\Common Files\Panda Software 2008-04-14 01:57 --------- d-----w C:\Documents and Settings\J\Application Data\Yahoo! 2008-04-14 01:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\yahoo! 2008-04-14 01:20 --------- d-----w C:\Program Files\Digital Line Detect 2008-04-14 01:20 --------- d-----w C:\Program Files\DellSupport 2008-04-14 01:20 --------- d-----w C:\Program Files\Dell Photo AIO Printer 924 2008-04-14 01:20 --------- d-----w C:\Program Files\BAE 2008-04-14 01:20 --------- d-----w C:\Program Files\Ares 2008-04-14 00:33 --------- d-----w C:\Program Files\Yahoo! 2008-04-14 00:32 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-13 23:53 --------- d-----w C:\Program Files\Dl_cats 2008-01-29 02:03 4,184 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2007-01-16 21:57 56 --sh--r C:\WINDOWS\system32\700041A0EC.sys 2006-08-21 19:48 88 --sh--r C:\WINDOWS\system32\F51D69283B.sys .
  14. Hey it's me again! This HJT is for my newest and worse off computer . I took the suggestions made by Juliet in my other topic and that I read on some other topics. I ran AVG,Combofix,SDFix,ATF,MBAM and Abexo. It's definitely better and I did a couple of other things I read on th net to speed up startup and shutdown and those are better too. PLease help! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:10:39 PM, on 4/14/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\hkcmd.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Ares\Ares.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Nikon\NkView5\NkvMon.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\dlcccoms.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/da/PCPitStop.CAB O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tr...Transporter.cab? O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/bejewele...ploader_v10.cab O20 - Winlogon Notify: mljjh - C:\WINDOWS\ O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- End of file - 7249 SDFix SDFix: Version 1.170 Run by J on Mon 04/14/2008 at 01:44 AM Microsoft Windows XP [Version 5.1.2600] Running From: C:\DOCUME~1\J\MYDOCU~1\NEWFOL~1\SDFix Checking Services : Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting Checking Files : No Trojan Files Found Removing Temp Files ADS Check : Final Check : catchme 0.3.1351.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-14 01:52:34 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows" "C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"="C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe:*:Enabled:AOL System Information" "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe" "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe" "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe" "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" Remaining Files : File Backups: - C:\DOCUME~1\J\MYDOCU~1\NEWFOL~1\SDFix\backups\backups.zip Files with Hidden Attributes : Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe" Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" Tue 16 Jan 2007 56 ..SHR --- "C:\WINDOWS\system32\700041A0EC.sys" Thu 23 Aug 2007 4,426,844 A.SH. --- "C:\WINDOWS\system32\dapdnrid.tmp" Thu 23 Aug 2007 4,426,862 A.SH. --- "C:\WINDOWS\system32\dapdnrid.tmp2" Mon 21 Aug 2006 88 ..SHR --- "C:\WINDOWS\system32\F51D69283B.sys" Mon 28 Jan 2008 4,184 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys" Sun 3 Sep 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Fri 10 Aug 2007 1,640 A.SH. --- "C:\Documents and Settings\Jennifer\Application Data\Roxio\Dragon\DiscInfoCache\PHILIPS__DVD+-RW_DVD8801__4D28_300_DICV018_DRGV20100F2.TMP" Thu 12 Apr 2007 8 A..H. --- "C:\Documents and Settings\J\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp" Thu 12 Apr 2007 8 A..H. --- "C:\Documents and Settings\J\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp" Sun 15 Apr 2007 8 A..H. --- "C:\Documents and Settings\J\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp" Sun 15 Apr 2007 8 A..H. --- "C:\Documents and Settings\J\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp" Mon 9 Apr 2007 8 A..H. --- "C:\Documents and Settings\Jennifer\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp" Tue 10 Apr 2007 8 A..H. --- "C:\Documents and Settings\Jennifer\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp" Wed 11 Apr 2007 8 A..H. --- "C:\Documents and Settings\Jennifer\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp" Mon 16 Apr 2007 8 A..H. --- "C:\Documents and Settings\Jennifer\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp" Finished! ComboFix ComboFix 08-04-13.2 - J 2008-04-13 23:26:52.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.582 [GMT -5:00] Running from: C:\Documents and Settings\J\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data\salesmonitor C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007 C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\Abbr C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\ProductCode C:\Documents and Settings\J\Application Data\WinAntiSpyware 2007 Free C:\Documents and Settings\J\Application Data\WinAntiSpyware 2007 Free\DownloadUWAS7.url C:\Documents and Settings\J\Application Data\WinAntiSpyware 2007 C:\Documents and Settings\J\Application Data\winantispyware 2007\Logs\update.log C:\Documents and Settings\Jennifer\Application Data\WinAntiSpyware 2007 C:\Documents and Settings\Jennifer\Application Data\WinAntiSpyware 2007\Logs\update.log C:\Temp\1cb C:\Temp\fse C:\WINDOWS\cookies.ini C:\WINDOWS\pskt.ini C:\WINDOWS\system32\cgvckmuv.ini C:\WINDOWS\system32\configs C:\WINDOWS\system32\djbhavho.ini C:\WINDOWS\system32\driver C:\WINDOWS\system32\drivers\fopn.sys C:\WINDOWS\system32\f10WtR C:\WINDOWS\system32\hjjlm.bak1 C:\WINDOWS\system32\hjjlm.bak2 C:\WINDOWS\system32\hjjlm.ini C:\WINDOWS\system32\hjjlm.ini2 C:\WINDOWS\system32\hjjlm.tmp C:\WINDOWS\system32\hsebvrjk.ini C:\WINDOWS\system32\umctjpmy.ini C:\WINDOWS\tk58.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_DOMAINSERVICE -------\Legacy_FOPN ((((((((((((((((((((((((( Files Created from 2008-03-14 to 2008-04-14 ))))))))))))))))))))))))))))))) . 2008-04-13 22:22 . 2008-04-13 22:22 <DIR> d-------- C:\Documents and Settings\J\Application Data\Malwarebytes 2008-04-13 22:21 . 2008-04-13 22:21 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-04-13 22:21 . 2008-04-13 22:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-04-13 21:45 . 2008-04-13 21:45 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7 2008-04-13 21:45 . 2008-04-13 22:00 <DIR> d-------- C:\Documents and Settings\J\Application Data\AVG7 2008-04-13 21:45 . 2008-04-13 21:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-04-13 21:45 . 2008-04-13 22:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7 2008-04-13 21:27 . 2008-04-13 21:27 3,648 --a------ C:\WINDOWS\system32\syirdbdg.dll 2008-04-13 21:24 . 2008-04-13 21:24 95,296 --------- C:\WINDOWS\system32\uhbkragl.dll_old 2008-04-13 20:59 . 2008-04-13 21:34 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-04-13 20:59 . 2008-04-13 21:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-04-13 20:53 . 2008-04-13 20:53 3,648 --a------ C:\WINDOWS\system32\alwgcuds.dll 2008-04-13 20:40 . 2008-04-13 20:40 3,648 --a------ C:\WINDOWS\system32\kkgrpovj.dll 2008-04-13 20:31 . 2008-04-13 20:31 3,648 --a------ C:\WINDOWS\system32\oscihtly.dll 2008-04-13 20:20 . 2008-04-13 20:20 <DIR> d-------- C:\Program Files\Trend Micro 2008-04-13 20:10 . 2008-04-13 20:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Dell 2008-04-13 20:09 . 2008-04-13 20:09 <DIR> d-------- C:\Program Files\Abexo 2008-04-13 20:09 . 2008-04-13 20:09 3,648 --a------ C:\WINDOWS\system32\rpfcakny.dll 2008-04-13 19:58 . 2008-04-13 19:58 3,648 --a------ C:\WINDOWS\system32\lxlqbppl.dll 2008-04-13 19:57 . 2008-04-13 22:58 101,156 --a------ C:\WINDOWS\BM27170dbb.xml 2008-04-13 19:40 . 2006-08-08 08:40 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec 2008-04-13 19:40 . 2008-04-13 21:45 <DIR> d-------- C:\Documents and Settings\Administrator . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-14 04:28 --------- d-----w C:\Program Files\Google 2008-04-14 04:04 --------- d-----w C:\Program Files\AWS 2008-04-14 02:50 --------- d-----w C:\Program Files\Common Files\Panda Software 2008-04-14 01:57 --------- d-----w C:\Documents and Settings\J\Application Data\Yahoo! 2008-04-14 01:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\yahoo! 2008-04-14 01:20 --------- d-----w C:\Program Files\Digital Line Detect 2008-04-14 01:20 --------- d-----w C:\Program Files\DellSupport 2008-04-14 01:20 --------- d-----w C:\Program Files\Dell Photo AIO Printer 924 2008-04-14 01:20 --------- d-----w C:\Program Files\BAE 2008-04-14 01:20 --------- d-----w C:\Program Files\Ares 2008-04-14 00:33 --------- d-----w C:\Program Files\Yahoo! 2008-04-14 00:32 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-13 23:53 --------- d-----w C:\Program Files\Dl_cats 2008-01-29 02:03 4,184 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2007-01-16 21:57 56 --sh--r C:\WINDOWS\system32\700041A0EC.sys 2006-08-21 19:48 88 --sh--r C:\WINDOWS\system32\F51D69283B.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ares"="C:\Program Files\Ares\Ares.exe" [2007-07-16 16:54 961536] "DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784] "Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 19:23 102400] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208] "DellTransferAgent"="C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [2007-11-13 16:46 135168] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 16:16 1121792] "RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2005-06-09 09:51 1695744] "dlccmon.exe"="C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-10-21 02:40 430080] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-08 08:38 98304] "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 05:20 122940] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44 81920] "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44 249856] "DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-11-01 03:12 94208] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 20:50 114688] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 20:46 77824] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 20:49 94208] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-13 21:45 579072] "BM27170dbb"="C:\WINDOWS\system32\uhbkragl.dll" [ ] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [ ] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-13 21:45 219136] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 05:44:06 29696] Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-08-08 08:35:42 24576] NkvMon.exe.lnk - C:\Program Files\Nikon\NkView5\NkvMon.exe [2006-08-19 18:33:22 233472] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljjh] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Ares\\Ares.exe"= "C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"= S3 BRGSp50;BRGSp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\BRGSp50.sys [2005-06-08 18:44] S3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\system32\PavSRK.sys [] S3 PavTPK.sys;PavTPK.sys;C:\WINDOWS\system32\PavTPK.sys [] S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-10-28 11:38] . ************************************************************************** catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-13 23:29:53 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\CTSVCCDA.EXE C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\dlcccoms.exe C:\WINDOWS\system32\wscntfy.exe . ************************************************************************** . Completion time: 2008-04-13 23:33:13 - machine was rebooted ComboFix-quarantined-files.txt 2008-04-14 04:33:10 Pre-Run: 105,986,592,768 bytes free Post-Run: 105,923,485,696 bytes free . 2007-09-12 19:14:52 --- E O F --- MBAM Malwarebytes' Anti-Malware 1.11 Database version: 622 Scan type: Quick Scan Objects scanned: 32767 Time elapsed: 5 minute(s), 20 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 95 Registry Values Infected: 4 Registry Data Items Infected: 0 Folders Infected: 14 Files Infected: 12 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> No action taken. HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> No action taken. HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> No action taken. HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> No action taken. HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken. HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> No action taken. HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> No action taken. HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> No action taken. HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{cf46bfb3-2acc-441b-b82b-36b9562c7ff1} (Trojan.Vundo) -> No action taken. HKEY_CLASSES_ROOT\hbcoresrv.dynamicprop (Adware.Hotbar) -> No action taken. HKEY_CLASSES_ROOT\hbcoresrv.dynamicprop.1 (Adware.Hotbar) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{1e0004ec-5df0-48c7-a8f0-fbb0488a3d94} (Adware.Hotbar) -> No action taken. HKEY_CLASSES_ROOT\Interface\{00b77587-be1b-4201-b8e9-09fcf50ab771} (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\Interface\{067c6a37-72ea-4437-863a-5be20c246f3c} (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\hostie.bho (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\hostie.bho.1 (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\Interface\{34e29700-0d13-46aa-b9a5-ace68e21a091} (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\Interface\{3661af2d-c27b-499c-9bcf-66c8502a3806} (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\Interface\{99123ac9-7dda-4c82-b252-44c2804bf392} (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\Typelib\{08755390-f46d-4d09-968c-3430166b3189} (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\Interface\{5a4737a8-b92a-4e54-970e-c2891d98ce3f} (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\Interface\{ace99e77-aa2a-43c2-8c9d-caf2020fdf2b} (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\Interface\{e0fb1610-b25b-49f6-be20-751b2f230e6f} (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\Typelib\{087c4054-0a2b-4f35-b0db-bed3e21650f4} (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\Interface\{3f0915b8-b238-4c2d-ad1e-60db1e14d27a} (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\Interface\{ea58c2ea-be26-49dd-9b9a-c8e4e5ca7791} (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\Interface\{fca28ac5-c1e1-4d67-a5ae-c44d6c374d9f} (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\Typelib\{0923208c-e259-4ed5-a778-cb607da350ad} (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\Interface\{1230cf51-6bc4-4a23-b3f1-c7cf0afed619} (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\Interface\{1a2af056-1fe1-47ca-993d-5d09d18e674e} (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\Interface\{2e623b96-b166-4c70-8169-820761794299} (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\Interface\{4e8b851b-05b0-4baf-b24d-d0dfe88dded3} (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\Interface\{50c3e2b3-4fd7-4cb9-91f9-641a6e6b3689} (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\Interface\{62b0b239-f9ac-4a5b-bfae-62c7a23f7627} (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\Interface\{726f0ab9-b842-4ae4-90c7-230e233e6a99} (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\Interface\{b9cc2b92-5611-453f-8381-8b6f72d9c0b8} (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\Interface\{c4543e64-1498-410d-8e72-4744eea99ab9} (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\Typelib\{229d2451-a617-4b30-b5e8-8138694240cb} (Adware.Zango) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{54a3f8b7-228e-4ed8-895b-de832b2c3959} (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\srv.coreservices (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\srv.coreservices.1 (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{7138f250-5b72-48dd-adfb-9a83b429dd9e} (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\hostol.mailanim (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\hostol.mailanim.1 (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{8971cb48-9fca-445a-be77-e8e8a4cc9df7} (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\hbmain.commband (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\hbmain.commband.1 (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{93b0fa7b-50f6-41b4-ac7e-612a72ce8c3c} (Adware.Zango) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{93b0fa7b-50f6-41b4-ac7e-612a72ce8c3c} (Adware.Zango) -> No action taken. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{93b0fa7b-50f6-41b4-ac7e-612a72ce8c3c} (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\coresrv.lfgax (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\coresrv.lfgax.1 (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{b0cb585f-3271-4e42-88d9-ae5c9330d554} (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\Interface\{b247f5bf-bd9d-4ecd-8fc1-365f36a1fda1} (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\hostol.webmailsend (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\hostol.webmailsend.1 (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{b88e4484-3ff6-4ea9-815b-a54fe20d4387} (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\Interface\{bbbfb891-98ae-4678-86f3-bd5a2eed86c9} (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{bf1bf02c-5a86-4ecf-adac-472c54c4d21e} (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\coresrv.coreservices (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\coresrv.coreservices.1 (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{d2221ccb-f2bb-4858-aad4-57c754153603} (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\hbr.hbmain (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\hbr.hbmain.1 (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{ea0b6a1a-6a59-4a58-9c41-9966504898a5} (Adware.Zango) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eddbb5ee-bb64-4bfc-9dbe-e7c85941335b} (Adware.Zango) -> No action taken. HKEY_CURRENT_USER\Software\Microsoft\Installer\Features\9ee2330ae5f4470cac801baac83818c9 (Adware.Zango) -> No action taken. HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\568267acfc5644dab06f058006ddbae3 (Adware.Zango) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> No action taken. HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> No action taken. HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> No action taken. HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> No action taken. HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> No action taken. HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken. HKEY_CLASSES_ROOT\mywebsearchwbbar.settingsplugin (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\mywebsearchwbbar.settingsplugin.1 (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\mywebsearchwbbar.toolbarplugin (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\mywebsearchwbbar.toolbarplugin.1 (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\mywebsearchwbtoolbar.temperaturebarbutton (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\mywebsearchwbtoolbar.temperaturebarbutton.1 (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ApiMon (Rogue.WinAntiSpyware) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DomainService (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DomainService (Trojan.Agent) -> No action taken. Registry Values Infected: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> No action taken. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\24243e27 (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM27170dbb (Trojan.Agent) -> No action taken. Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Program Files\Common Files\DriveCleaner Freeware (Rogue.DriveCleaner) -> No action taken. C:\Documents and Settings\All Users\Application Data\SalesMonitor (Rogue.Multiple) -> No action taken. C:\Documents and Settings\All Users\Application Data\SalesMonitor\Data (Rogue.Multiple) -> No action taken. C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007 (Rogue.WinAntiSpyware) -> No action taken. C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data (Rogue.WinAntiSpyware) -> No action taken. C:\Documents and Settings\Jennifer\Application Data\WinAntiSpyware 2007 (Rogue.WinAntiSpyware) -> No action taken. C:\Documents and Settings\Jennifer\Application Data\WinAntiSpyware 2007\Logs (Rogue.WinAntiSpyware) -> No action taken. C:\Documents and Settings\J\Application Data\WinAntiSpyware 2007 (Rogue.WinAntiSpyware) -> No action taken. C:\Documents and Settings\J\Application Data\WinAntiSpyware 2007\Logs (Rogue.WinAntiSpyware) -> No action taken. C:\Documents and Settings\J\Application Data\WinAntiSpyware 2007 Free (Rogue.WinAntiSpyware) -> No action taken. C:\Documents and Settings\Jennifer\Application Data\Seekmo (AdWare.Agent) -> No action taken. C:\Documents and Settings\Jennifer\Application Data\Seekmo\IESkins (AdWare.Agent) -> No action taken. C:\Documents and Settings\J\Application Data\Seekmo (AdWare.Agent) -> No action taken. C:\Documents and Settings\J\Application Data\Seekmo\IESkins (AdWare.Agent) -> No action taken. Files Infected: C:\WINDOWS\system32\ywlhidht.dll (Trojan.Vundo) -> No action taken. C:\WINDOWS\system32\thdihlwy.ini (Trojan.Vundo) -> No action taken. C:\WINDOWS\system32\drivers\FOPN.sys (Rogue.WinAntiSpyware) -> No action taken. C:\Program Files\Common Files\DriveCleaner Freeware\dcsm.exe (Rogue.DriveCleaner) -> No action taken. C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\Abbr (Rogue.WinAntiSpyware) -> No action taken. C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\ProductCode (Rogue.WinAntiSpyware) -> No action taken. C:\Documents and Settings\Jennifer\Application Data\WinAntiSpyware 2007\Logs\update.log (Rogue.WinAntiSpyware) -> No action taken. C:\Documents and Settings\J\Application Data\WinAntiSpyware 2007\Logs\update.log (Rogue.WinAntiSpyware) -> No action taken. C:\Documents and Settings\J\Application Data\WinAntiSpyware 2007 Free\DownloadUWAS7.url (Rogue.WinAntiSpyware) -> No action taken. C:\WINDOWS\system32\uhbkragl.dll (Trojan.Agent) -> No action taken. C:\WINDOWS\tk58.exe (Trojan.Agent) -> No action taken. C:\WINDOWS\retadpu1000106.exe (Trojan.Agent) -> No action taken.
  15. Hey Juliet sorry I haven't responded yet. I'm actually on my other computer, the newest one, that was worse than the other one.I'm trying to clean this one up too following all of your suggestions for the first one. I'll do everything and post tonight for the one we started. Thanks so much I appreciate all of your help I'm sure my computer does too!...Jennifer
×
×
  • Create New...