Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Adsldpo.dll And Comreplc.dll In Ie And Symantec Antivirus Disabled


  • This topic is locked This topic is locked
4 replies to this topic

#1 mcannady

mcannady

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:12 PM

Posted 24 November 2007 - 12:27 AM

IE was being hijacked to a particular ip address whenever you tried to google something. I found adsldpo.dll and comreplc.dll as BHO and disabled them. Symantec Anti-Virus boots up as auto-protect disabled.

The guy who uses this computer needs to travel in three days.
I tried the following programs:
Ad-Aware 2007 - found nothing but cookies
Spybot - Found nothing
Stinger - Nothing
Symantec Anti-Virus offline - nothing
Symantec Anti-Virus online - nothing
Housecall - Memmaker
BitWare Defender - Nothing
Comodo Malware -Nothing
Comodo Anti-Virus - Nothing

Here is my hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:18:55 AM, on 11/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\bmwebcfg.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\dlcxcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Comodo\Comodo AntiVirus\cavse.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Hewlett-Packard\HP Business Inkjet 2800 series\Toolbox\HPWPTBX.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Comodo\Comodo AntiVirus\cavse.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Comodo\CBOClean\BOC425.exe
C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Comodo\Comodo AntiVirus\Cavaud.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
C:\Program Files\COMODO\Firewall\cfpsbmit.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\hijack\HiJackThis.exe
C:\Program Files\Comodo\Comodo AntiVirus\CAVSubmit.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070216
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070216
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {19B6E817-99D9-4617-8136-DCE50182EECD} - C:\WINDOWS\system32\comreplc.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {91341CA8-ED47-4986-ADA9-31B721A43817} - c:\windows\system32\adsldpo.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [HPWPTOOLBOX] C:\Program Files\Hewlett-Packard\HP Business Inkjet 2800 series\Toolbox\HPWPTBX.exe "-i"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -s
O4 - HKLM\..\Run: [BOC-425] C:\PROGRA~1\Comodo\CBOClean\BOC425.exe
O4 - HKLM\..\Run: [cnfgCav] "C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe"
O4 - HKLM\..\Run: [ccApp] -
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: AutoCAD LT Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1184952697562
O16 - DPF: {BE71A78B-77DB-451C-A761-59B37022D544} (AOL Newport Downloader Ctrl) - http://o.aolcdn.com/pictures/ap/Resources/...ns.10.6.0.6.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = headquarters.aqci.com
O17 - HKLM\Software\..\Telephony: DomainName = headquarters.aqci.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = headquarters.aqci.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = headquarters.aqci.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = headquarters.aqci.com
O20 - AppInit_DLLs: wxvault.dll C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: hfarbimb - C:\WINDOWS\SYSTEM32\adsldpo.dll
O20 - Winlogon Notify: monln - C:\WINDOWS\SYSTEM32\monln.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\system32\bmwebcfg.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Comodo Anti-Virus and Anti-Spyware Service - Comodo Inc. - C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: dlcx_device - - C:\WINDOWS\system32\dlcxcoms.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 15479 bytes

Please help, I have tried everything

Attached Files



BC AdBot (Login to Remove)

 


m

#2 mcannady

mcannady
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:12 PM

Posted 25 November 2007 - 01:03 PM

Spyware Doctor indicated I had Winfixer. I ran Vundofixer and Virtmundobegone but they found nothing. I believe I have a new variant because when I ran virtmundobegone, I noticed that it looked for adsldpo and comreplc in winlogon\notify. The dlls on my system are sitting at windows\system32.

Does this help?

#3 mcannady

mcannady
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:12 PM

Posted 25 November 2007 - 04:12 PM

Ran Prevx which correctly found the adsldpo.dll and diagnosed as Virtumonde. I had run tools before against it but they did not diagnose the dll or the virus except Spyware Doctor who diagnosed it as Winfixer.

Ran Combofix and it found the virus and reported it as dead. After a reboot I ran DSS and it reported clean. Ran Combofix again and it appears clean. Here are the logs.

Combofix after cleaning and reboot:
ComboFix 07-11-19.3 - BWagner 2007-11-25 15:01:38.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1365 [GMT -5:00]
Running from: C:\Documents and Settings\BWagner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-10-25 to 2007-11-25 )))))))))))))))))))))))))))))))
.

2007-11-25 14:54 <DIR> d-------- C:\Deckard
2007-11-25 14:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2007-11-25 14:16 <DIR> d-------- C:\Temp
2007-11-25 12:36 <DIR> d-------- C:\Program Files\Norton Security Scan
2007-11-25 11:16 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-25 11:06 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-11-25 11:06 <DIR> d-------- C:\Documents and Settings\BWagner\Application Data\PC Tools
2007-11-25 11:06 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-11-25 11:06 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-11-25 11:06 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-11-25 11:06 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-11-25 10:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2007-11-25 01:52 264,224 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-11-25 01:52 3,740 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-11-25 01:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-11-25 01:48 75,248 --a------ C:\WINDOWS\zllsputility.exe
2007-11-25 01:48 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-11-25 01:47 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-11-25 01:47 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-11-25 01:47 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-11-25 01:47 353,247 --a------ C:\WINDOWS\system32\vsconfig.xml
2007-11-25 01:38 107,696 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-11-25 01:20 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-11-25 01:20 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2007-11-25 00:28 <DIR> d-------- C:\VundoFix Backups
2007-11-24 23:22 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-11-24 17:56 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-11-24 17:56 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-11-24 16:27 <DIR> d-------- C:\Program Files\Symantec
2007-11-24 12:42 15,544 --a------ C:\WINDOWS\system32\drivers\sbhr.sys
2007-11-24 12:34 <DIR> d-------- C:\Documents and Settings\BWagner\Application Data\Sunbelt Software
2007-11-24 12:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software
2007-11-24 12:31 <DIR> d-------- C:\Program Files\Sunbelt Software
2007-11-24 12:15 327,680 --a------ C:\WINDOWS\system32\nvrsar.dll
2007-11-24 12:15 303,104 --a------ C:\WINDOWS\system32\nvwrstr.dll
2007-11-24 12:15 282,624 --a------ C:\WINDOWS\system32\nvwrsar.dll
2007-11-24 12:15 253,952 --a------ C:\WINDOWS\system32\nvrstr.dll
2007-11-24 12:15 180,224 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-11-24 11:21 <DIR> d-------- C:\Program Files\Yahoo!
2007-11-24 11:19 <DIR> d-------- C:\Program Files\CCleaner
2007-11-24 11:01 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-11-23 23:38 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2007-11-23 23:37 <DIR> d-------- C:\Program Files\MSECACHE
2007-11-23 21:29 <DIR> d-------- C:\Program Files\MSBuild
2007-11-23 21:26 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-11-23 21:24 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-11-23 21:10 116,736 --------- C:\WINDOWS\system32\aaclient.dll
2007-11-23 18:53 <DIR> d-------- C:\Program Files\Lavasoft
2007-11-23 10:26 434,252 --a------ C:\WINDOWS\system32\MSVCRTD.DLL
2007-11-23 10:26 216,576 --a------ C:\WINDOWS\system32\monln.dll
2007-11-23 10:18 235,008 --a------ C:\WINDOWS\UNBOC.EXE
2007-11-23 10:18 208,896 --a------ C:\WINDOWS\CMDLIC.DLL
2007-11-23 10:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BOC425
2007-11-23 09:29 <DIR> d-------- C:\Program Files\COMODO
2007-11-23 09:29 <DIR> d-------- C:\Documents and Settings\BWagner\Application Data\Comodo
2007-11-23 09:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2007-11-23 09:29 139,008 --a------ C:\WINDOWS\system32\guard32.dll
2007-11-22 04:13 5,387 --a------ C:\WINDOWS\system32\jupdate-1.6.0_03-b05.log
2007-11-22 02:25 <DIR> d-------- C:\xp
2007-11-22 02:15 771,581 --a------ C:\WINDOWS\system32\dllcache\winacisa.sys
2007-11-22 02:15 604,253 --a------ C:\WINDOWS\system32\dllcache\vmodem.sys
2007-11-22 02:15 156,672 --a------ C:\WINDOWS\system32\dllcache\winzm.ime
2007-11-22 02:15 156,672 --a------ C:\WINDOWS\system32\dllcache\winsp.ime
2007-11-22 02:15 156,672 --a------ C:\WINDOWS\system32\dllcache\winpy.ime
2007-11-22 02:15 154,624 --a------ C:\WINDOWS\system32\dllcache\wlluc48.sys
2007-11-22 02:15 79,360 --a------ C:\WINDOWS\system32\dllcache\winar30.ime
2007-11-22 02:15 69,120 --a------ C:\WINDOWS\system32\dllcache\wingb.ime
2007-11-22 02:15 65,536 --a------ C:\WINDOWS\system32\dllcache\winime.ime
2007-11-22 02:15 53,760 --a------ C:\WINDOWS\system32\dllcache\wiamsmud.dll
2007-11-22 02:15 34,890 --a------ C:\WINDOWS\system32\dllcache\wlandrv2.sys
2007-11-22 02:14 69,632 --a------ C:\WINDOWS\system32\dllcache\umaxu12.dll
2007-11-22 02:14 50,688 --a------ C:\WINDOWS\system32\dllcache\umaxscan.dll
2007-11-22 02:14 26,624 --a------ C:\WINDOWS\system32\dllcache\umaxu22.dll
2007-11-22 02:13 10,240 --a------ C:\WINDOWS\system32\dllcache\tmigrate.dll
2007-11-22 02:11 285,760 --a------ C:\WINDOWS\system32\dllcache\stlnata.sys
2007-11-22 02:11 35,913 --a------ C:\WINDOWS\system32\dllcache\smcirda.sys
2007-11-22 02:11 24,576 --a------ C:\WINDOWS\system32\dllcache\smc8000n.sys
2007-11-22 02:11 16,896 --a------ C:\WINDOWS\system32\dllcache\stcusb.sys
2007-11-22 02:10 18,400 --a------ C:\WINDOWS\system32\dllcache\sgsmld.sys
2007-11-22 02:08 899,146 --a------ C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2007-11-22 02:08 182,272 --a------ C:\WINDOWS\system32\dllcache\s3mt3d.dll
2007-11-22 02:08 166,720 --a------ C:\WINDOWS\system32\dllcache\s3m.sys
2007-11-22 02:08 65,664 --a------ C:\WINDOWS\system32\dllcache\s3legacy.sys
2007-11-22 02:08 62,496 --a------ C:\WINDOWS\system32\dllcache\s3mtrio.dll
2007-11-22 02:08 41,216 --a------ C:\WINDOWS\system32\dllcache\s3mt3d.sys
2007-11-22 02:07 68,608 --a------ C:\WINDOWS\system32\dllcache\plugin.ocx
2007-11-22 01:58 15,872 --a------ C:\WINDOWS\system32\dllcache\padrs404.dll
2007-11-22 01:57 7,552 --a------ C:\WINDOWS\system32\dllcache\nsmmc.sys
2007-11-22 01:56 229,439 --a------ C:\WINDOWS\system32\dllcache\multibox.dll
2007-11-22 01:55 37,888 --a------ C:\WINDOWS\system32\dllcache\md5filt.dll
2007-11-22 01:54 8,704 --a------ C:\WINDOWS\system32\dllcache\kbdjpn.dll
2007-11-22 01:53 91,136 --a------ C:\WINDOWS\system32\dllcache\icam4com.dll
2007-11-22 01:53 61,952 --a------ C:\WINDOWS\system32\dllcache\icam4ext.dll
2007-11-22 01:52 5,760 --a------ C:\WINDOWS\system32\dllcache\hpt4qic.sys
2007-11-22 01:50 442,240 --a------ C:\WINDOWS\system32\dllcache\fpnpbase.sys
2007-11-22 01:50 94,208 --a------ C:\WINDOWS\system32\dllcache\fpencode.dll
2007-11-22 01:50 18,503 --a------ C:\WINDOWS\system32\dllcache\epro4.sys
2007-11-22 01:50 7,680 --a------ C:\WINDOWS\system32\dllcache\ftpctrs2.dll
2007-11-22 01:50 6,144 --a------ C:\WINDOWS\system32\dllcache\ftpmib.dll
2007-11-22 01:50 6,144 --a------ C:\WINDOWS\system32\dllcache\ftlx041e.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-25 17:37 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-25 17:30 --------- d-----w C:\Program Files\Symantec AntiVirus
2007-11-25 16:41 --------- d-----w C:\Program Files\Google
2007-11-25 06:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-11-24 15:24 5,106 ----a-w C:\WINDOWS\system32\tmp.reg
2007-11-22 09:13 --------- d-----w C:\Program Files\Java
2007-11-20 15:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-14 02:28 --------- d-----w C:\Program Files\Dell
2007-11-01 21:25 21,275 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-24 11:43 --------- d-----w C:\Documents and Settings\BWagner\Application Data\U3
2007-10-15 23:51 24,179 ----a-w C:\WINDOWS\system32\drivers\FD.sys
2007-09-26 13:01 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-09-25 11:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2007-08-27 16:26 27,120 ----a-w C:\WINDOWS\system32\SBBD.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-19 06:13]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 03:24]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2006-08-28 22:57]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 17:30 C:\WINDOWS\stsystra.exe]
"nwiz"="nwiz.exe" [2006-05-01 15:46 C:\WINDOWS\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [2006-05-01 15:46 C:\WINDOWS\system32\nvhotkey.dll]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 06:00 C:\WINDOWS\system32\rundll32.exe]
"MemoryCardManager"="C:\Program Files\Dell Photo AIO Printer 926\memcard.exe" [2006-11-03 17:04]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 12:55]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 12:56]
"HPWPTOOLBOX"="C:\Program Files\Hewlett-Packard\HP Business Inkjet 2800 series\Toolbox\HPWPTBX.exe" [2004-10-21 02:31]
"FaxCenterServer"="C:\Program Files\Dell PC Fax\fm3032.exe" [2006-11-03 17:09]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 21:29]
"Document Manager"="C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [2006-05-16 13:35]
"dlcxmon.exe"="C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 11:57]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 06:20]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-06-29 13:13]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2006-02-09 17:34]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 13:13]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 21:46]
"DLCXCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 01:31]
"BOC-425"="C:\PROGRA~1\Comodo\CBOClean\BOC425.exe" [2007-08-08 19:49]
"SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" [2007-08-27 12:09]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" []
"ccApp"="-" []
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-06-15 01:40]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 16:14]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-10-02 16:27]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-11-25 11:42]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AutoCAD LT Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe [2006-03-05 07:43:54]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-02-16 10:08:29]
EMBASSY Trust Suite Secure Update.lnk - C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe [2006-01-30 18:11:48]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-11-25 10:13:03]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
C:\WINDOWS\system32\NavLogon.dll 2006-06-15 01:40 43760 C:\WINDOWS\system32\NavLogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wxvault.dll C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

R0 PBADRV;PBADRV;C:\WINDOWS\system32\drivers\pbadrv.sys
R0 SBHR;SBHR;C:\WINDOWS\system32\drivers\sbhr.sys
R1 FD;FD;C:\WINDOWS\system32\drivers\FD.sys
R2 dlcx_device;dlcx_device;C:\WINDOWS\system32\dlcxcoms.exe -service
R3 BOCDRIVE;BOClean Kernel Monitor.;\??\C:\Program Files\Comodo\CBOClean\BOCDRIVE.sys
R3 SBAPIFS;SBAPIFS;\??\C:\WINDOWS\system32\drivers\sbapifs.sys
R3 TcUsb;TC USB Kernel Driver;C:\WINDOWS\system32\Drivers\tcusb.sys
R3 USBCCID;USB Smart Card reader;C:\WINDOWS\system32\DRIVERS\usbccid.sys
S3 ACGPRS;Sierra Wireless 3G Adapter;C:\WINDOWS\system32\DRIVERS\acgprs.sys
S3 GoogleDesktopManager-093007-112848;Google Desktop Manager 5.5.709.30344;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe"
S3 PCTINDIS5;PCTINDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\PCTINDIS5.SYS

*Newly Created Service* - SBAPIFS
.
Contents of the 'Scheduled Tasks' folder
"2007-11-25 17:36:22 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2007-11-25 12:00:01 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-25 15:03:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-25 15:04:35
C:\ComboFix2.txt ... 2007-11-25 14:39
.
--- E O F ---


DSS Log (Main):
Deckard's System Scanner v20071014.68
Run by BWagner on 2007-11-25 14:55:12
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 2 Restore Point(s) --
2: 2007-11-25 19:55:17 UTC - RP2 - Deckard's System Scanner Restore Point
1: 2007-11-25 19:35:03 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as BWagner.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:56:33 PM, on 11/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\bmwebcfg.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\dlcxcoms.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Hewlett-Packard\HP Business Inkjet 2800 series\Toolbox\HPWPTBX.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Documents and Settings\BWagner\Desktop\dss.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\hijack\BWagner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070216
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [HPWPTOOLBOX] C:\Program Files\Hewlett-Packard\HP Business Inkjet 2800 series\Toolbox\HPWPTBX.exe "-i"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [BOC-425] C:\PROGRA~1\Comodo\CBOClean\BOC425.exe
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [ccApp] -
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: AutoCAD LT Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1184952697562
O16 - DPF: {BE71A78B-77DB-451C-A761-59B37022D544} (AOL Newport Downloader Ctrl) - http://o.aolcdn.com/pictures/ap/Resources/...ns.10.6.0.6.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = headquarters.aqci.com
O17 - HKLM\Software\..\Telephony: DomainName = headquarters.aqci.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = headquarters.aqci.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = headquarters.aqci.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = headquarters.aqci.com
O20 - AppInit_DLLs: wxvault.dll C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\system32\bmwebcfg.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: dlcx_device - - C:\WINDOWS\system32\dlcxcoms.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 15366 bytes

-- File Associations -----------------------------------------------------------

.scr - AutoCADLTScriptFile - shell\open\command - "C:\WINDOWS\system32\NOTEPAD.EXE" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 PBADRV - c:\windows\system32\drivers\pbadrv.sys <Not Verified; Dell Inc; PBA Driver>
R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
R1 FD - c:\windows\system32\drivers\fd.sys <Not Verified; ; FD for Windows NT/2K>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.9.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.9.0>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 catchme - c:\docume~1\bwagner\locals~1\temp\catchme.sys (file missing)
R3 SBAPIFS - c:\windows\system32\drivers\sbapifs.sys (file missing)

S1 AvgArCln (Avg Anti-Rootkit Clean Driver) - c:\windows\system32\drivers\avgarcln.sys (file missing)
S1 SAVRT - - (file missing)
S3 DSproct - c:\program files\dell support\gtaction\triggers\dsproct.sys <Not Verified; GTek Technologies Ltd.; processt>
S3 PCTINDIS5 (PCTINDIS5 NDIS Protocol Driver) - c:\windows\system32\pctindis5.sys <Not Verified; PCTEL Inc.; PCTEL Rawether for Windows>
S4 AVG Anti-Rootkit - c:\windows\system32\drivers\avgarkt.sys (file missing)
S4 SYMTDI - - (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 bmwebcfg (Bytemobile Web Configurator) - "c:\windows\system32\bmwebcfg.exe" <Not Verified; Bytemobile, Inc.; Bytemobile Optimization Client>
R2 BOCore - c:\program files\comodo\cboclean\bocore.exe <Not Verified; COMODO; COMODO BOClean - Anti-Malware>
R2 DataSvr2 - "c:\program files\wave systems corp\common\dataserver.exe" <Not Verified; Wave Systems Corp.; Authentication Manager>
R2 NICCONFIGSVC - c:\program files\dell\quickset\nicconfigsvc.exe <Not Verified; Dell Inc.; NicConfigSvc>
R2 RegSrvc (Intel® PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel® PROSet/Wireless Registry Service>
R2 tcsd_win32.exe (NTRU Hybrid TSS v2.0.25 TCS) - "c:\program files\ntru cryptosystems\ntru hybrid tss v2.0.25\bin\tcsd_win32.exe"
R2 WLANKEEPER (Intel® PROSet/Wireless SSO Service) - c:\program files\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel® Corporation; SSO Service>
R3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>

S4 ccEvtMgr (Symantec Event Manager) - - (file missing)
S4 SNDSrvc (Symantec Network Drivers Service) - - (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\2E18C561394FC000
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\2E18C561394FC000
Service: NIC1394


-- Scheduled Tasks -------------------------------------------------------------

2007-11-25 12:36:22 412 --a------ C:\WINDOWS\Tasks\Norton Security Scan.job
2007-11-25 07:00:01 310 --a------ C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job


-- Files created between 2007-10-25 and 2007-11-25 -----------------------------

2007-11-25 14:17:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2007-11-25 14:16:48 0 d-------- C:\Temp
2007-11-25 12:36:18 0 d-------- C:\Program Files\Norton Security Scan
2007-11-25 11:16:25 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-25 11:06:27 0 d-------- C:\Program Files\Spyware Doctor
2007-11-25 11:06:27 0 d-------- C:\Documents and Settings\BWagner\Application Data\PC Tools
2007-11-25 10:13:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2007-11-25 01:52:03 258080 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-11-25 01:48:26 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-11-25 01:48:20 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-11-25 01:47:53 0 d-------- C:\WINDOWS\system32\ZoneLabs
2007-11-25 01:47:00 0 d-------- C:\WINDOWS\Internet Logs
2007-11-25 01:20:45 0 d-------- C:\Program Files\SpywareBlaster
2007-11-25 01:05:41 0 dr-h----- C:\Documents and Settings\BWagner\Recent
2007-11-25 00:28:34 0 d-------- C:\VundoFix Backups
2007-11-24 16:27:29 0 d-------- C:\Program Files\Symantec
2007-11-24 14:17:05 0 --a------ C:\WINDOWS\system32\SBRC.dat
2007-11-24 14:17:05 0 --a------ C:\WINDOWS\system32\SBFC.dat
2007-11-24 12:34:32 0 d-------- C:\Documents and Settings\BWagner\Application Data\Sunbelt Software
2007-11-24 12:32:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software
2007-11-24 12:31:37 0 d-------- C:\Program Files\Sunbelt Software
2007-11-24 11:21:08 0 d-------- C:\Program Files\Yahoo!
2007-11-24 11:19:41 0 d-------- C:\Program Files\CCleaner
2007-11-24 11:01:32 0 d-------- C:\Program Files\MSXML 6.0
2007-11-24 10:24:43 5106 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-23 23:38:15 0 d-------- C:\Program Files\Windows Installer Clean Up
2007-11-23 23:37:36 0 d-------- C:\Program Files\MSECACHE
2007-11-23 21:29:17 0 d-------- C:\Program Files\MSBuild
2007-11-23 21:26:04 0 d-------- C:\WINDOWS\system32\XPSViewer
2007-11-23 21:24:59 0 d-------- C:\Program Files\Reference Assemblies
2007-11-23 21:23:00 0 d-------- C:\bd7f8bcaf745a13380fc0c28b038
2007-11-23 18:53:52 0 d-------- C:\Program Files\Lavasoft
2007-11-23 10:26:59 216576 --a------ C:\WINDOWS\system32\monln.dll <Not Verified; Comodo Inc.; Comodo Anti-Viruspyware>
2007-11-23 10:18:49 235008 --a------ C:\WINDOWS\UNBOC.EXE <Not Verified; COMODO; COMODO BOClean - Anti-Malware>
2007-11-23 10:18:48 208896 --a------ C:\WINDOWS\CMDLIC.DLL <Not Verified; COMODO; COMODO BOClean - AntiMalware>
2007-11-23 10:17:55 0 d-------- C:\Documents and Settings\All Users\Application Data\BOC425
2007-11-23 09:29:30 0 d-------- C:\Documents and Settings\BWagner\Application Data\Comodo
2007-11-23 09:29:28 0 d-------- C:\Documents and Settings\All Users\Application Data\comodo
2007-11-23 09:29:27 0 d-------- C:\Program Files\COMODO
2007-11-22 02:25:29 0 d-------- C:\xp
2007-11-22 00:35:32 0 d-------- C:\hijack
2007-11-22 00:21:29 0 d-------- C:\Program Files\ewido anti-spyware 4.0
2007-11-21 23:16:26 0 d-------- C:\Program Files\RogueRemover FREE
2007-11-21 19:23:14 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-21 19:01:49 0 d-------- C:\Documents and Settings\BWagner\Application Data\Bytemobile
2007-11-21 10:52:53 0 d-------- C:\WINDOWS\pss
2007-11-20 14:42:20 0 d-------- C:\Documents and Settings\BWagner\.housecall6.6
2007-11-20 13:37:06 0 d-------- C:\WINDOWS\system32\appmgmt
2007-11-20 11:37:05 0 d-------- C:\WINDOWS\BDOSCAN8
2007-11-20 10:57:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-20 10:37:40 0 d-------- C:\WIN32
2007-11-20 10:29:37 0 d-------- C:\Documents and Settings\BWagner\Application Data\Sierra Wireless
2007-11-20 10:29:30 0 d-------- C:\Documents and Settings\BWagner\Application Data\Cingular
2007-11-20 10:23:34 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Bytemobile
2007-11-20 10:22:13 0 d-------- C:\Documents and Settings\LocalService\Application Data\Bytemobile
2007-11-20 10:21:41 89728 --a------ C:\WINDOWS\system32\drivers\usbvsp.sys <Not Verified; Atmel Corporation; Atmel USB Serial Adapter>
2007-11-20 10:21:15 0 d-------- C:\NoDirectory
2007-11-20 10:20:27 0 d-------- C:\Program Files\Cingular
2007-11-20 10:20:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Cingular
2007-11-20 08:33:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-20 08:20:24 36096 --a------ C:\WINDOWS\system32\uopokfms.dat
2007-11-20 08:20:24 41728 --a------ C:\WINDOWS\system32\otteppzd.dat
2007-11-20 08:20:24 35072 --a------ C:\WINDOWS\system32\nmbstshn.dat
2007-11-20 08:20:24 741632 --a------ C:\WINDOWS\system32\neayipia.dat
2007-11-20 08:20:24 246545 --a------ C:\WINDOWS\system32\libssl32.dll <Not Verified; OpenSSL <www.openssl.org>; OpenSSL>
2007-11-20 08:20:24 1188375 --a------ C:\WINDOWS\system32\libeay32.dll <Not Verified; OpenSSL <www.openssl.org>; OpenSSL>
2007-11-20 07:22:00 0 d-------- C:\Documents and Settings\LocalService\Desktop
2007-11-19 15:46:34 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-11-19 08:13:36 120064 --a------ C:\WINDOWS\system32\vchmgfrv.dat
2007-11-19 08:07:16 0 d-------- C:\WINDOWS\system32\AppCert
2007-11-15 18:13:04 88 -r-hs---- C:\WINDOWS\system32\E950121318.sys
2007-11-14 17:01:32 0 d-------- C:\Documents and Settings\BWagner\Application Data\DellFaxCtr
2007-11-14 16:14:33 0 d-------- C:\WINDOWS\system32\Dell
2007-11-13 21:38:02 0 d-------- C:\Documents and Settings\BWagner\Application Data\Corel Photo Album
2007-11-13 21:37:48 3766 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-11-13 21:37:48 56 -----n--- C:\WINDOWS\system32\18131250E9.sys
2007-11-13 21:32:30 0 d-------- C:\Documents and Settings\BWagner\Application Data\Corel
2007-11-13 21:30:13 0 d-------- C:\Program Files\Corel
2007-11-13 21:30:13 0 d-------- C:\Program Files\Common Files\Corel
2007-11-13 21:28:52 0 d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint
2007-11-13 21:27:37 45056 --a------ C:\WINDOWS\system32\DLPRMON.DLL <Not Verified; ; Dell Fax Solutions Software>
2007-11-13 21:27:37 32768 --a------ C:\WINDOWS\system32\DLPMONUI.DLL <Not Verified; ; Dell Fax Solutions Software>
2007-11-13 21:27:17 98345 --a------ C:\WINDOWS\system32\IMHOST32.DLL <Not Verified; Data Techniques, Inc.; ImageMan Image Processing Toolkit>
2007-11-13 21:27:17 339968 --a------ C:\WINDOWS\system32\IMGMAN32.DLL <Not Verified; Data Techniques, Inc.; ImageMan Image Processing Toolkit>
2007-11-13 21:27:16 0 d-------- C:\Documents and Settings\All Users\Application Data\DellFaxCtr
2007-11-13 21:26:42 0 d-------- C:\Program Files\Dell PC Fax
2007-11-13 21:26:17 274432 --a------ C:\WINDOWS\system32\dlcxinst.dll
2007-11-13 21:26:17 0 d-------- C:\Program Files\Dell Photo AIO Printer 926
2007-11-13 21:26:16 323584 --a------ C:\WINDOWS\system32\dlcxhcp.dll <Not Verified; ; Printer Communication System>
2007-11-13 20:34:42 0 d-------- C:\Program Files\dl_Cats
2007-10-25 10:26:48 53248 --a------ C:\WINDOWS\bdoscandel.exe


-- Find3M Report ---------------------------------------------------------------

2007-11-25 12:37:45 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-11-25 12:30:53 0 d-------- C:\Program Files\Symantec AntiVirus
2007-11-25 11:41:32 0 d-------- C:\Program Files\Google
2007-11-24 22:57:19 11879 --a------ C:\WINDOWS\system32\nvModes.dat
2007-11-24 18:18:13 0 d-------- C:\Program Files\Common Files
2007-11-22 04:13:58 0 d-------- C:\Program Files\Java
2007-11-20 10:21:41 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-13 21:28:27 0 d-------- C:\Program Files\Dell
2007-10-24 06:43:45 0 d-------- C:\Documents and Settings\BWagner\Application Data\U3
2007-09-26 08:01:41 0 d-------- C:\Program Files\Windows Media Connect 2
2007-09-25 10:26:24 0 d-------- C:\Documents and Settings\BWagner\Application Data\Help


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"SigmatelSysTrayApp"="stsystra.exe" [03/24/2006 05:30 PM C:\WINDOWS\stsystra.exe]
"nwiz"="nwiz.exe" [05/01/2006 03:46 PM C:\WINDOWS\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [05/01/2006 03:46 PM C:\WINDOWS\system32\nvhotkey.dll]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/01/2006 03:46 PM]
"MemoryCardManager"="C:\Program Files\Dell Photo AIO Printer 926\memcard.exe" [11/03/2006 05:04 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [06/10/2005 10:44 AM]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [06/10/2005 10:44 AM]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [12/28/2005 12:55 PM]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [12/28/2005 12:56 PM]
"HPWPTOOLBOX"="C:\Program Files\Hewlett-Packard\HP Business Inkjet 2800 series\Toolbox\HPWPTBX.exe" [10/21/2004 02:31 AM]
"FaxCenterServer"="C:\Program Files\Dell PC Fax\fm3032.exe" [11/03/2006 05:09 PM]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [12/09/2005 09:29 PM]
"Document Manager"="C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [05/16/2006 01:35 PM]
"dlcxmon.exe"="C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe" [01/12/2007 11:57 AM]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [09/08/2005 06:20 AM]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [06/29/2006 01:13 PM]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [02/09/2006 05:34 PM]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [10/07/2005 01:13 PM]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [05/10/2007 09:46 PM]
"DLCXCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [10/16/2006 01:31 AM]
"BOC-425"="C:\PROGRA~1\Comodo\CBOClean\BOC425.exe" [08/08/2007 07:49 PM]
"SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" [08/27/2007 12:09 PM]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" []
"ccApp"="-" []
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [06/15/2006 01:40 AM]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [09/06/2007 04:14 PM]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [10/02/2007 04:27 PM]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [11/25/2007 11:42 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/19/2007 06:13 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [09/10/2003 03:24 AM]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [08/28/2006 10:57 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 06:00 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AutoCAD LT Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe [3/5/2006 7:43:54 AM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2/16/2007 10:08:29 AM]
EMBASSY Trust Suite Secure Update.lnk - C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe [1/30/2006 6:11:48 PM]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [11/25/2007 10:13:03 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wxvault.dll C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBCSSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"


*Newly Created Service* - SBAPIFS



-- End of Deckard's System Scanner: finished at 2007-11-25 14:57:08 ------------

DSS extra log:
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 CPU T7200 @ 2.00GHz
CPU 1: Intel® Core™2 CPU T7200 @ 2.00GHz
Percentage of Memory in Use: 33%
Physical Memory (total/avail): 2046.05 MiB / 1370.52 MiB
Pagefile Memory (total/avail): 3938.57 MiB / 3302.23 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1928.52 MiB

C: is Fixed (NTFS) - 111.73 GiB total, 92.04 GiB free.
D: is CDROM (UDF)

\\.\PHYSICALDRIVE0 - SAMSUNG HM120JI - 111.79 GiB - 2 partitions
\PARTITION0 - Unknown - 62.72 MiB
\PARTITION1 (bootable) - Installable File System - 111.73 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: ZoneAlarm Firewall v7.0.408.000 (Check Point, LTD.) Disabled
AV: Symantec AntiVirus Corporate Edition v10.1.4.4000 (Symantec Corporation) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\BWagner\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=BWAGNERLT2
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\BWagner
LOGONSERVER=\\BWAGNERLT2
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Wave Systems Corp\Dell Preboot Manager\Access Client\v5\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\BWagner\LOCALS~1\Temp
TMP=C:\DOCUME~1\BWagner\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=BWAGNERLT2
USERNAME=BWagner
USERPROFILE=C:\Documents and Settings\BWagner
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

mcannady (admin)
BWagner (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 6.0 Sprint --> MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Adobe Acrobat 8.1.1 Standard --> msiexec /I {AC76BA86-1033-0000-BA7E-000000000003}
ALPS Touch Pad Driver --> C:\Program Files\Apoint\Uninstap.exe ADDREMOVE
AOL Pictures Tools (version 10.6.0.6) --> C:\Program Files\AOL Pictures\10_6_0_6a\aolpInstaller.exe /u
AutoCAD LT 2007 - English --> MsiExec.exe /I{5783F2D7-5009-0409-0002-0060B0CE6BBA}
Autodesk DWF Viewer --> C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove /q0
BOClean --> C:\WINDOWS\UNBOC.EXE
Broadcom Advanced Control Suite --> MsiExec.exe /X{26E1BFB0-E87E-4696-9F89-B467F01F81E5}
Broadcom TPM Driver Installer --> MsiExec.exe /X{35748B06-FCFC-4700-8285-DAD41689E4FE}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Cingular Communication Manager --> MsiExec.exe /X{A3F77919-2B1F-4319-9140-EE3633A7CAA3}
Conexant HDA D110 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028p.inf
Corel Paint Shop Pro X --> MsiExec.exe /I{1A15507A-8551-4626-915D-3D5FA095CC1B}
Corel Photo Album 6 --> MsiExec.exe /X{8A9B8148-DDD7-448F-BD6C-358386D32354}
Dell Embassy Trust Suite by Wave Systems --> C:\WINDOWS\Downloaded Installations\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}\Installer.exe
Dell PC Fax --> C:\Program Files\Dell PC Fax\Install\x86\Uninst.exe /R:faxunst
Dell Photo AIO Printer 926 --> C:\Program Files\Dell Photo AIO Printer 926\Install\x86\Uninst.exe
Dell Support 3.2.1 --> MsiExec.exe /X{CEE2252C-4035-4B27-8EC6-0B085DD3A413}
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Document Manager Lite --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2} /l1033
EMBASSY Security Center --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{EEAFE1E5-076B-430A-96D9-B567792AFA88}
EMBASSY Trust Suite by Wave Systems --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F1802FA6-54E9-4B24-BD2A-B50866819795}\setup.exe" -l0x9
ETS Launch Pad --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{DD41AC25-61B2-4FC9-90AA-672F32139AC3} /l1033
ETS Upgrade --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{72FECEA1-E87F-4192-89FA-D0FBF92885BB}
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Google Video Player --> "C:\Program Files\Google\Google Video Player\Uninstall.exe"
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\hijack\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Business Inkjet 2800 --> msiexec /x{4C136A31-7338-45CD-8B1E-09627C0B9BF0}
HP Business Inkjet 2800 series --> C:\Program Files\Hewlett-Packard\hp business inkjet 2800 series\Installer\setup.exe /x
Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mHlpDell --> MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Project MUI (English) 2007 --> MsiExec.exe /X{90120000-00B4-0409-0000-0000000FF1CE}
Microsoft Office Project Standard 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PRJSTD /dll OSETUP.DLL
Microsoft Office Project Standard 2007 --> MsiExec.exe /X{90120000-003A-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
mSSO --> MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mWMI --> MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Nokia Connectivity Adapter Cable DKU-5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F1BA3CD5-89DC-4273-8603-A75F33E9B335}\Setup.exe" -l0x9
Norton Security Scan --> MsiExec.exe /I{3A4FFB84-D070-4DA5-AB7B-D41D87FD8D19}
NTRU Hybrid TSS v2.0.25 --> MsiExec.exe /I{0BA2A0BA-7F4D-4B7B-AE94-5F0233AC8A5A}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
PowerDVD 5.7 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Preboot Manager --> MsiExec.exe /I{8CE90089-DCC9-4393-A535-802072333C35}
Private Information Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{0B0A2153-58A6-4244-B458-25EDF5FCD809} /l1033
QuickSet --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 APPDRVNT4
Roxio DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Roxio Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Secure Update --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D1E829E9-88B8-47C6-A75E-0D40E2C09D50} /l1033
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Office 2007 (KB934062) --> msiexec /package {90120000-003A-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {90120000-003A-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
Security Wizards --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4} /l1033
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Spyware Doctor 5.1 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Symantec AntiVirus --> MsiExec.exe /I{78D891EF-9E2D-4FC8-A71F-E6F897BA1B21}
Update for Office 2007 (KB932080) --> msiexec /package {90120000-003A-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
upekmsi --> MsiExec.exe /I{D648B20B-A789-407E-8CA4-9BDDBBE342C8}
Wave Infrastructure Installer --> MsiExec.exe /I{F2B8F8EE-4811-4A28-9305-6640CD007115}
Wave Support Software --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{07D618CD-B016-438A-ADC9-A75BD23F85CE} /l1033
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer Clean Up --> MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
XML Paper Specification Shared Components Pack 1.0 -->
Yahoo! Toolbar -->
ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type4741 / Error
Event Submitted/Written: 11/23/2007 09:34:28 AM
Event ID/Source: 1054 / Userenv
Event Description:
Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Event Record #/Type4732 / Error
Event Submitted/Written: 11/21/2007 11:25:44 PM
Event ID/Source: 100 / AVG7
Event Description:
2007-11-22 04:25:44,187 BWAGNERLT2 [001532:001568] ERROR 000 AVG7.CORE DeviceIoControl failed, err=2

Event Record #/Type4731 / Error
Event Submitted/Written: 11/21/2007 10:52:38 PM
Event ID/Source: 28 / WinMgmt
Event Description:
WinMgmt could not initialize the core parts. This could be due to a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient disk space or insufficient memory.

Event Record #/Type4730 / Error
Event Submitted/Written: 11/21/2007 10:52:36 PM
Event ID/Source: 100 / AVG7
Event Description:
2007-11-22 03:52:36,171 BWAGNERLT2 [001532:001568] ERROR 000 AVG7.CORE DeviceIoControl failed, err=2

Event Record #/Type4729 / Error
Event Submitted/Written: 11/21/2007 10:52:35 PM
Event ID/Source: 100 / AVG7
Event Description:
2007-11-22 03:52:35,671 BWAGNERLT2 [001532:001568] ERROR 000 AVG7.CORE DeviceIoControl failed, err=2



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type10623 / Error
Event Submitted/Written: 11/24/2007 10:44:31 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
AvgArCln

Event Record #/Type10621 / Error
Event Submitted/Written: 11/24/2007 10:42:59 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The IPSEC Services service terminated with the following error:
%%10022

Event Record #/Type10619 / Error
Event Submitted/Written: 11/24/2007 10:42:07 AM
Event ID/Source: 5719 / NETLOGON
Event Description:
No Domain Controller is available for domain AQCHQ due to the following:
%%1311.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.

Event Record #/Type10618 / Warning
Event Submitted/Written: 11/24/2007 10:41:25 AM / 11/24/2007 10:41:53 AM
Event ID/Source: 4 / b57w2k
Event Description:
Broadcom NetXtreme 57xx Gigabit Controller: The network link is down. Check to make sure the network cable is properly connected.

Event Record #/Type10613 / Error
Event Submitted/Written: 11/24/2007 10:40:42 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}



-- End of Deckard's System Scanner: finished at 2007-11-25 14:57:08 ------------

Please review and let me know if you think it is clean

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,395 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:12 PM

Posted 11 December 2007 - 01:01 PM

I have to agree...the log looks completely clean. Sorry we could not review it sooner, but looks like you got it clean on your own!

#5 mcannady

mcannady
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:12 PM

Posted 08 January 2008 - 02:30 PM

Grinler,
Thanks for the review. Case Closed.
Sorry I did not reply sooner, the message about your reply in my junk email box.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users