Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Smitfraud And Vitumonde


  • This topic is locked This topic is locked
29 replies to this topic

#1 Trailrider

Trailrider

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:03:59 AM

Posted 06 March 2008 - 02:58 PM

I'm trying to clean my daughter's infected computer, and I hope someone will be able to help me.

Spybot finds Smitfraud C and Virtumonde. AVG is finding C:\WINDOWS\system32\ddaya.exe. It keeps reappearing every time the computer is restarted.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:43:21 PM, on 3/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\JavaCore\JavaCore.exe
C:\Program Files\AIM6\aim6 .exe
C:\Program Files\JavaCore\JavaCore .exe
C:\Program Files\AIM6\aim6 .exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.screensavers.com/landing/redirect/dynapage.html
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
F3 - REG:win.ini: load=C:\WINDOWS\system32\ddaya.exe
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SM_IAN] C:\Program Files\AdvancedCleaner Free\ian_monitor .exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [24b9a683] rundll32.exe "C:\WINDOWS\system32\kjqmldtl.dll",b
O4 - HKLM\..\Run: [BM278a951f] Rundll32.exe "C:\WINDOWS\system32\mxxbohky.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kernel] C:\Program Files\kernel\kernel.exe
O4 - HKCU\..\Run: [JavaCore] C:\Program Files\JavaCore\JavaCore.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6 .exe" /d locale=en-US ee://aol/imApp /HIDEBL
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe (User 'Default user')
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab
O18 - Filter hijack: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - C:\Program Files\RcvSystem\httpdchk.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: lxcf_device - - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Security Center (wscsvc) - Unknown owner - C:\WINDOWS\C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: WUSB54Gv42SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 8916 bytes

BC AdBot (Login to Remove)

 


#2 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:59 AM

Posted 11 March 2008 - 04:48 PM

Please download Wscfix.
  • Unzip it to your desktop.
  • You will now see two files: Wscsvcfix.exe and readme.txt. Double-click Wscsvcfix.exe to run the program.
  • Click the Inspect and Fix button once, and then restart Windows for the changes to take effect.
We'll begin with ComboFix. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the combofix log and a new HijackThis log as a reply to this topic.

#3 Trailrider

Trailrider
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:03:59 AM

Posted 12 March 2008 - 12:50 PM

I ran the program Wscfix and also followed the instructions for running Combofix.

I'm trying to run Combofix now, but it has quit running after completing Stage 8. I'm sure it has locked up completely as it has just been sitting there for the at least half an hour, and the hard drive light is not flashing at all. What should I do to exit the program.....and I guess I will be in some real trouble when it does.

#4 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:59 AM

Posted 12 March 2008 - 01:22 PM

Restart your PC

The we'll try a different scanner to get more information:

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply


#5 Trailrider

Trailrider
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:03:59 AM

Posted 12 March 2008 - 02:24 PM

Thank you for your prompt reply and help.

Below are the reports from Deckard's System Scanner:


Deckard's System Scanner v20071014.68
Run by Owner on 2008-03-12 14:59:12
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
96: 2008-03-12 18:59:24 UTC - RP355 - Deckard's System Scanner Restore Point
95: 2008-03-12 16:48:38 UTC - RP354 - ComboFix created restore point
94: 2008-03-06 19:23:14 UTC - RP353 - System Checkpoint
93: 2008-03-05 16:18:12 UTC - RP352 - Spybot-S&D Spyware removal
92: 2008-03-04 21:29:09 UTC - RP351 - System Checkpoint


-- First Restore Point --
1: 2008-01-26 13:51:41 UTC - RP260 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 82% (more than 75%).
Total Physical Memory: 495 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:00, on 2008-03-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.screensavers.com/landing/redirect/dynapage.html
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
F3 - REG:win.ini: load=C:\WINDOWS\system32\ddaya.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\ddcddee.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: BndDrive2 BHO Class - {8B27CC68-110C-46a9-80D3-F3107DE6EB98} - C:\Program Files\ISM\BndDrive3.dll (file missing)
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {AF88F339-57BA-4EDC-A2BA-9601A7920108} - C:\WINDOWS\system32\ddaya.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: {76fc747f-e25e-c219-0a24-71779e3e80fd} - {df08e3e9-7717-42a0-912c-e52ef747cf67} - C:\WINDOWS\system32\dpxlincq.dll
O2 - BHO: (no name) - {E7E7AB2A-37EB-1D1A-E45D-3E76183C06C7} - C:\WINDOWS\system32\owbiaq.dll (file missing)
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SM_IAN] C:\Program Files\AdvancedCleaner Free\ian_monitor .exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [24b9a683] rundll32.exe "C:\WINDOWS\system32\cudvwwhj.dll",b
O4 - HKLM\..\Run: [BM278a951f] Rundll32.exe "C:\WINDOWS\system32\rscawplk.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kernel] C:\Program Files\kernel\kernel.exe
O4 - HKCU\..\Run: [JavaCore] C:\Program Files\JavaCore\JavaCore.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe (User 'Default user')
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab
O18 - Filter hijack: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - C:\Program Files\RcvSystem\httpdchk.dll
O20 - Winlogon Notify: ddcddee - C:\WINDOWS\SYSTEM32\ddcddee.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: lxcf_device - - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WUSB54Gv42SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 10319 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20070928-225306-562 R3 - URLSearchHook: (no name) - - (no file)
backup-20080303-142256-567 O23 - Service: Security Center (wscsvc) - Unknown owner - C:\WINDOWS\C:\WINDOWS\System32\svchost.exe (file missing)
backup-20080303-142256-649 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
backup-20080303-142331-434 O23 - Service: Security Center (wscsvc) - Unknown owner - C:\WINDOWS\C:\WINDOWS\System32\svchost.exe (file missing)

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R3 GTNDIS5 (GTNDIS5 NDIS Protocol Driver) - c:\windows\system32\gtndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
R3 SunkFilt (Alcor Micro Corp Reader) - c:\windows\system32\drivers\sunkfilt.sys <Not Verified; Alcor Micro Corp.; SunkFilt>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-03-05 20:56:14 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2006-10-12 14:32:25 366 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job


-- Files created between 2008-02-12 and 2008-03-12 -----------------------------

2008-03-12 12:47:56 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-03-12 12:47:56 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-03-12 12:47:56 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-03-12 12:47:56 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-03-12 12:47:49 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-03-12 12:36:56 344064 --a------ C:\WINDOWS\system32\ddaya.exe
2008-03-12 11:43:48 90688 --a------ C:\WINDOWS\system32\cudvwwhj.dll
2008-03-12 11:40:49 93760 --a------ C:\WINDOWS\system32\dpxlincq.dll
2008-03-12 11:40:27 89152 --a------ C:\WINDOWS\system32\rscawplk.dll
2008-03-06 10:57:43 96320 --a------ C:\WINDOWS\system32\vfrvlmfh.dll
2008-03-06 10:52:17 92736 --a------ C:\WINDOWS\system32\mxxbohky.dll
2008-03-05 16:39:02 96832 --a------ C:\WINDOWS\system32\kcdmrhap.dll
2008-03-05 16:36:01 91712 --a------ C:\WINDOWS\system32\jmjwmtvj.dll
2008-03-04 19:12:14 0 d-------- C:\Documents and Settings\Owner\Application Data\ArcSoft
2008-03-04 16:37:46 96832 --a------ C:\WINDOWS\system32\piayirxs.dll
2008-03-04 16:35:09 91712 --a------ C:\WINDOWS\system32\pvaxenth.dll
2008-03-04 11:13:51 0 d-------- C:\Program Files\AIM6
2008-03-03 16:38:18 95296 --a------ C:\WINDOWS\system32\tygbaycu.dll
2008-03-03 16:35:13 91712 --a------ C:\WINDOWS\system32\sesbtwxh.dll
2008-03-03 15:55:38 94208 --a------ C:\WINDOWS\system32\GTW32N50.dll
2008-03-03 15:55:38 15872 --a------ C:\WINDOWS\system32\GTNDIS5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2008-03-03 15:55:20 0 d-------- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor
2008-03-03 15:40:09 0 d-------- C:\Documents and Settings\Owner\Application Data\Grisoft
2008-03-03 15:39:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-03 11:24:52 0 d-------- C:\Program Files\Lavasoft
2008-02-29 08:59:01 88640 --a------ C:\WINDOWS\system32\ntilocji.dll
2008-02-29 08:57:05 91712 --a------ C:\WINDOWS\system32\jqptwebt.dll
2008-02-27 22:56:02 90176 --a------ C:\WINDOWS\system32\eqrluocw.dll
2008-02-27 22:54:35 91712 --a------ C:\WINDOWS\system32\oqompjll.dll
2008-02-25 20:12:49 90688 --a------ C:\WINDOWS\system32\bgfelwve.dll
2008-02-25 20:10:54 91712 --a------ C:\WINDOWS\system32\hdjqnxbs.dll
2008-02-22 21:08:18 89664 --a------ C:\WINDOWS\system32\jjvtmopj.dll
2008-02-22 21:05:05 91712 --a------ C:\WINDOWS\system32\olhlhrer.dll
2008-02-22 21:02:23 91712 --a------ C:\WINDOWS\system32\uotdipuh.dll
2008-02-21 20:52:54 93760 --a------ C:\WINDOWS\system32\vevtrjbm.dll
2008-02-21 20:50:07 88128 --a------ C:\WINDOWS\system32\oketcknt.dll
2008-02-21 20:49:55 91712 --a------ C:\WINDOWS\system32\avqcvcta.dll
2008-02-21 20:47:55 91712 --a------ C:\WINDOWS\system32\ktuwxrit.dll
2008-02-20 13:02:16 101376 --a------ C:\WINDOWS\b152.exe
2008-02-20 10:30:11 94784 --a------ C:\WINDOWS\system32\dgckwpeo.dll
2008-02-20 10:27:05 74304 --a------ C:\WINDOWS\system32\bnixvasa.dll
2008-02-19 10:30:57 89152 --a------ C:\WINDOWS\system32\ispanosy.dll
2008-02-19 10:25:31 74304 --a------ C:\WINDOWS\system32\jqjayyda.dll
2008-02-17 21:12:04 97344 --a------ C:\WINDOWS\system32\slqfrtls.dll
2008-02-17 21:09:45 74304 --a------ C:\WINDOWS\system32\ixeylhas.dll
2008-02-16 21:08:47 92736 --a------ C:\WINDOWS\system32\bsssjush.dll
2008-02-16 21:06:23 74304 --a------ C:\WINDOWS\system32\twgduodj.dll
2008-02-15 18:42:10 91712 --a------ C:\WINDOWS\system32\iibdvjgb.dll
2008-02-15 18:40:50 74304 --a------ C:\WINDOWS\system32\pnovhwxl.dll
2008-02-13 21:16:03 98368 --a------ C:\WINDOWS\system32\uwxrchmf.dll
2008-02-13 21:13:07 98368 --a------ C:\WINDOWS\system32\dkbpucmj.dll
2008-02-12 21:16:29 93248 --a------ C:\WINDOWS\system32\xfkhlksw.dll
2008-02-12 21:11:23 93248 --a------ C:\WINDOWS\system32\upfhvnbg.dll


-- Find3M Report ---------------------------------------------------------------

2008-03-12 14:58:49 227801 --ahs---- C:\WINDOWS\system32\ayadd.ini2
2008-03-12 12:50:39 0 d-------- C:\Program Files\Common Files
2008-03-04 15:31:47 0 d-------- C:\Program Files\The Weather Channel FW
2008-03-04 13:46:13 0 d-------- C:\Program Files\Microsoft Picture It! PhotoPub
2008-03-04 10:36:12 0 d-------- C:\Program Files\Common Files\Nullsoft
2008-03-03 22:55:04 0 d-------- C:\Program Files\Yahoo!
2008-03-03 15:55:29 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-03 11:25:15 0 d-------- C:\Documents and Settings\Owner\Application Data\Lavasoft
2008-03-02 23:34:15 2860 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-02 17:53:05 0 d-------- C:\Documents and Settings\Owner\Application Data\LimeWire
2008-02-27 22:54:17 0 d-------- C:\Program Files\Lx_cats
2008-02-17 00:22:07 1309 --a------ C:\Documents and Settings\Owner\Application Data\update.log
2008-02-13 16:13:55 0 d-------- C:\Program Files\PartyGaming
2008-02-12 20:48:12 0 d-------- C:\Program Files\MySpace
2008-02-11 21:09:04 93248 --a------ C:\WINDOWS\system32\yqrcuxxy.dll
2008-02-11 21:07:41 93248 --a------ C:\WINDOWS\system32\akhrhalw.dll
2008-02-11 11:54:13 93248 --a------ C:\WINDOWS\system32\udlxoxjj.dll
2008-02-11 11:52:01 93248 --a------ C:\WINDOWS\system32\magfddsy.dll
2008-02-10 17:22:21 93248 --a------ C:\WINDOWS\system32\nufrxlma.dll
2008-02-10 17:19:26 93248 --a------ C:\WINDOWS\system32\eavuesxa.dll
2008-02-09 20:29:31 0 d-------- C:\Program Files\QuickTime
2008-02-09 20:12:27 0 d-------- C:\Program Files\LimeWire
2008-02-09 17:21:04 93760 --a------ C:\WINDOWS\system32\gfqhofsb.dll
2008-02-09 17:18:43 93760 --a------ C:\WINDOWS\system32\dwoilppn.dll
2008-02-08 17:30:08 94784 --a------ C:\WINDOWS\system32\jjkqhmhy.dll
2008-02-08 17:20:59 94784 --a------ C:\WINDOWS\system32\nldiafqx.dll
2008-02-07 17:24:57 95808 --a------ C:\WINDOWS\system32\icvaoqhe.dll
2008-02-07 17:21:36 95808 --a------ C:\WINDOWS\system32\yiwnscso.dll
2008-02-06 20:39:12 0 d-------- C:\Program Files\Common Files\uqmu
2008-02-06 17:20:54 92224 --a------ C:\WINDOWS\system32\voqfhrqd.dll
2008-02-06 17:20:44 92224 --a------ C:\WINDOWS\system32\qyymvdlq.dll
2008-02-05 10:40:11 94272 --a------ C:\WINDOWS\system32\gkmnxvjx.dll
2008-02-05 10:39:48 94272 --a------ C:\WINDOWS\system32\sdsdmrsv.dll
2008-02-04 21:26:21 0 d-------- C:\Program Files\RcvSystem
2008-02-02 20:21:07 36864 --a------ C:\WINDOWS\17PHolmes72.exe
2008-02-02 20:19:19 41984 --a------ C:\WINDOWS\system32\mljhgec.dll
2008-01-26 20:28:43 0 d-------- C:\Program Files\EA SPORTS
2008-01-26 09:51:21 340480 --a------ C:\WINDOWS\system32\ddaya.dll
2008-01-26 09:46:01 39936 --a------ C:\WINDOWS\system32\ddcddee.dll
2008-01-24 08:49:46 224256 --a------ C:\WINDOWS\b116.exe
2008-01-23 15:36:16 36864 -ra------ C:\WINDOWS\mrofinu11.exe
2008-01-16 15:21:47 0 d-------- C:\Documents and Settings\Owner\Application Data\??stem32
2008-01-16 11:01:25 224256 --a------ C:\WINDOWS\b128.exe
2008-01-15 08:26:38 2 --a------ C:\WINDOWS\system32\wnsintsv32.exe
2008-01-07 22:08:46 41724 ---hs---- C:\Program Files\Common Files\Yazzle1560OinUninstaller.exe
2007-12-31 12:21:19 53760 --a------ C:\WINDOWS\b122.exe
2007-12-25 11:31:28 1283174 --a------ C:\Install
2007-12-20 05:04:32 293888 --a------ C:\WINDOWS\b148.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
2008-01-26 09:46 39936 --a------ C:\WINDOWS\system32\ddcddee.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8B27CC68-110C-46a9-80D3-F3107DE6EB98}]
C:\Program Files\ISM\BndDrive3.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF88F339-57BA-4EDC-A2BA-9601A7920108}]
2008-01-26 09:51 340480 --a------ C:\WINDOWS\system32\ddaya.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{df08e3e9-7717-42a0-912c-e52ef747cf67}]
2008-03-12 11:40 93760 --a------ C:\WINDOWS\system32\dpxlincq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E7E7AB2A-37EB-1D1A-E45D-3E76183C06C7}]
C:\WINDOWS\system32\owbiaq.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LXCFCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll" [2005-07-20 13:47]
"SM_IAN"="C:\Program Files\AdvancedCleaner Free\ian_monitor .exe" []
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"24b9a683"="C:\WINDOWS\system32\cudvwwhj.dll" [2008-03-12 11:43]
"BM278a951f"="C:\WINDOWS\system32\rscawplk.dll" [2008-03-12 11:40]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00]
"kernel"="C:\Program Files\kernel\kernel.exe" []
"JavaCore"="C:\Program Files\JavaCore\JavaCore.exe" []
"Aim6"="" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"FlashPlayerUpdate"=C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"= C:\WINDOWS\system32\ddcddee.dll [2008-01-26 09:46 39936]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcddee]
ddcddee.dll 2008-01-26 09:46 39936 C:\WINDOWS\system32\ddcddee.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ddaya

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Install Pending Files.LNK]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Install Pending Files.LNK
backup=C:\WINDOWS\pss\Install Pending Files.LNKCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
"C:\Program Files\America Online 9.0\AOL.EXE" -b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLAspSunset2]
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
"C:\Program Files\BearShare\BearShare.exe" /pause

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1158266030\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Insider]
C:\Program Files\Insider\Insider.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]
C:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBInstall]
C:\DOCUME~1\Owner\LOCALS~1\Temp\MBDownloader_876923.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
"C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask .exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
%WINDIR%\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegPowerClean]
"C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sady]
C:\Program Files\MSN Gaming Zone\sady77798.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurePCCleaner]
C:\Program Files\SecurePCCleaner\GDC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SfKg6w]
C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\rayiou.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
"C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM]
C:\Program Files\Digital Media Reader\shwiconem.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uqmu]
C:\PROGRA~1\COMMON~1\uqmu\uqmum.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URLLSTCK.exe]
C:\Program Files\Norton Internet Security\UrlLstCk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAble]
C:\Program Files\WinAble\winable.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTouch]
C:\Documents and Settings\Owner\Application Data\WinTouch\WinTouch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Words]
C:\Program Files\Words\Words.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
"C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\_AntiSpyware]
c:\progra~1\mcafee\MCAFEE~1\MssCli.exe

*Newly Created Service* - GTNDIS5



-- End of Deckard's System Scanner: finished at 2008-03-12 15:02:29 ------------




Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Celeron® CPU 2.93GHz
Percentage of Memory in Use: 81%
Physical Memory (total/avail): 494.73 MiB / 90.84 MiB
Pagefile Memory (total/avail): 1156.34 MiB / 824.31 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1924.9 MiB

C: is Fixed (NTFS) - 88.44 GiB total, 33.18 GiB free.
D: is Fixed (FAT32) - 4.7 GiB total, 2.24 GiB free.
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ST3100011A - 93.16 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 88.44 GiB - C:
\PARTITION1 - Unknown - 4.71 GiB - D:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: Norton Internet Security v2005 (Symantec Corporation)
AV: Norton Internet Security v2005 (Symantec Corporation) Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Morpheus\\Morpheus.exe"="C:\\Program Files\\Morpheus\\Morpheus.exe:*:Enabled:Morpheus"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1158266030\\EE\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1158266030\\EE\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe:*:Disabled:BearShare"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Disabled:Yahoo! Messenger"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=YOUR-7408D4454C
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\YOUR-7408D4454C
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=YOUR-7408D4454C
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.7 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AOL Coach Version 1.0(Build:20040229.1 en) --> C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe
AOL Coach Version 2.0(Build:20041026.5 en) --> C:\Program Files\Common Files\AolCoach\en_en\AolCInUn.exe -lang=en_en -ext=UDP
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
AOL You've Got Pictures Screensaver --> C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe
Apple Mobile Device Support --> MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ArcSoft PhotoStudio 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.EXE" -l0x9
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
BigFix --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\BigFix\Uninst.isu" -c"C:\Program Files\BigFix\Lib\UninstallHelper.dll"
Canon MP Navigator 3.0 --> "C:\Program Files\Canon\MP Navigator 3.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 3.0\uninst.ini
Canon MP160 --> "C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160 /L0x0009
Canon MP160 User Registration --> C:\Program Files\Canon\IJEREG\MP160\UNINST.EXE
Canon My Printer --> C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
CC_ccProxyExt --> MsiExec.exe /I{DA42FDCA-7C5A-43EF-9A05-CCE148ADF919}
ccCommon --> MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
ccPxyCore --> MsiExec.exe /I{FC08587A-4F01-4188-819F-F55880022917}
Deer Hunter 3 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Deer Hunter 3\Uninst.isu"
Digital Media Reader --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}
Easy-WebPrint --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
GTAIII --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{92B94569-6683-4617-8C54-EB27A1B51B30}\Setup.exe" -l0x9
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Intel® Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
JavaCore --> C:\Program Files\JavaCore\UnInstall.exe
kernel --> "C:\Program Files\kernel\kernel.exe" -uninstall
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
Lexmark 730 Series --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxcfUNST.EXE -NOLICENSE
LimeWire 4.17.3 --> "C:\Program Files\LimeWire\uninstall.exe"
Linksys Wireless-G USB Network Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C7EEF2B9-8C16-4A04-B98D-B1A952A47E55}\setup.exe" -l0x9
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VCSetup.exe /REMOVE
LiveUpdate 2.5 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Digital Image Starter Edition 2006 --> "C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=TRIAL VERSION=11
Microsoft Money 2005 --> C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Picture It! Publishing 2001 --> MsiExec.exe /I{15D9EB74-998E-4A04-B468-51C2E7B32182}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\Owner\Application Data\Move Networks\ie_bin\Uninst.exe
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSRedist --> MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
Myth II --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Myth II\Uninst.isu"
Nero BurnRights --> C:\WINDOWS\UNNeroBurnRights.exe /UNINSTALL
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Norton AntiSpam --> MsiExec.exe /I{3B29A786-5803-4e9e-9B58-3014A5B4E519}
Norton AntiSpam --> MsiExec.exe /I{5677563D-0CB1-485f-9E18-C5025306BB3F}
Norton AntiVirus 2005 --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton Internet Security --> MsiExec.exe /I{12E2B9E9-05B1-407d-B0FD-B5F350535125}
Norton Internet Security --> MsiExec.exe /I{449F3A9E-9903-4a0d-A209-08030D45A935}
Norton Internet Security --> MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B}
Norton Internet Security --> MsiExec.exe /I{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F}
Norton Internet Security --> MsiExec.exe /I{A93C9E60-29B6-49da-BA21-F70AC6AADE20}
Norton Internet Security --> MsiExec.exe /I{C9D599E1-6B68-4a1f-8A4F-A1DB433DB1BF}
Norton Internet Security --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Internet Security --> MsiExec.exe /I{FC2C0536-583C-46c0-844A-62CECAE01F22}
Norton Internet Security 2005 (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\SymSetup\{A93C9E60-29B6-49da-BA21-F70AC6AADE20}.exe /X
Norton WMI Update --> MsiExec.exe /X{E85FA9A1-C241-4698-893B-DD99509B8DB0}
Norton WMI Update --> MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4}
PartyPoker --> "C:\Program Files\PartyGaming\PartyPoker\Uninstall.exe" "C:\Program Files\PartyGaming\PartyPoker\install.log"
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
ScanSoft OmniPage SE 4.0 --> MsiExec.exe /I{29D851C2-048C-4B5E-8D1F-25D473342BB5}
Screensavers Installer Version 2 --> "C:\Program Files\Screensavers.com\SSSInst\bin\SSSUninst.exe"
SeaStorm 3D Screensaver (remove only) --> "C:\Program Files\SeaStorm 3D Screensaver\Uninstall.exe"
Security Update for Step By Step Interactive Training (KB898458) -->
SoftV92 Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1\HXFSETUP.EXE -U -IURSLST5K.inf
SPBBC --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spybot - Search & Destroy 1.3 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Symantec Script Blocking Installer --> MsiExec.exe /I{D327AFC9-7BAA-473A-8319-6EB7A0D40138}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
TaxACT 2006 --> C:\PROGRA~1\2NDSTO~1\TAXACT~1\Unta06.exe C:\PROGRA~1\2NDSTO~1\TAXACT~1\Install.log
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Wal-Mart Digital Photo Manager --> MsiExec.exe /X{C1771DDC-BEA1-4375-B2A2-B46F43ACB476}
Webcam Basic --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{02984DCC-D4E0-4353-8487-3FB492717C93} /l1033
Windows Backup Utility --> MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Yahoo! Anti-Spy --> C:\PROGRA~1\Yahoo!\Common\unypsr.exe
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Search Protection --> C:\PROGRA~1\Yahoo!\SEARCH~1\UNINST~1.EXE
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type10245 / Error
Event Submitted/Written: 03/06/2008 03:39:45 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16608, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type10234 / Error
Event Submitted/Written: 03/06/2008 11:31:11 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16608, faulting module unknown, version 0.0.0.0, fault address 0x00000011.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type10233 / Error
Event Submitted/Written: 03/06/2008 11:29:32 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16608, faulting module unknown, version 0.0.0.0, fault address 0x00000011.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type10232 / Error
Event Submitted/Written: 03/06/2008 11:28:57 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16608, faulting module unknown, version 0.0.0.0, fault address 0x00000011.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type10231 / Error
Event Submitted/Written: 03/06/2008 11:27:59 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16608, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type50232 / Error
Event Submitted/Written: 03/12/2008 00:35:33 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1053" attempting to start the service lxcf_device with arguments ""
in order to run the server:
{323CE21C-A448-40AA-BA74-7FCF1E44106F}

Event Record #/Type50231 / Error
Event Submitted/Written: 03/12/2008 00:35:23 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The lxcf_device service failed to start due to the following error:
%%1053

Event Record #/Type50230 / Error
Event Submitted/Written: 03/12/2008 00:35:23 PM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the lxcf_device service to connect.

Event Record #/Type50229 / Error
Event Submitted/Written: 03/12/2008 00:35:22 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1053" attempting to start the service lxcf_device with arguments ""
in order to run the server:
{323CE21C-A448-40AA-BA74-7FCF1E44106F}

Event Record #/Type50196 / Error
Event Submitted/Written: 03/12/2008 00:22:35 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The lxcf_device service failed to start due to the following error:
%%1053



-- End of Deckard's System Scanner: finished at 2008-03-12 15:02:29 ------------

#6 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:59 AM

Posted 13 March 2008 - 07:34 AM

  • Please download VundoFix.exe by Atribune from Atribune and save it to your desktop.
  • Double click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Fix Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HijackThis log.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

If you receive this error - "Run-time error '339': Component 'comdlg32.ocx' or one its dependencies not correctly registered: a file is missing or invalid" , please download this file and save it to your desktop.
  • Right click on Comdlg32.zip and select Extract All....
  • Click Next on seeing the Welcome to the Compressed (zipped) Folders Extraction Wizard.
  • On the text box above the Browse button, copy and paste in C:\Windows\system32.
  • Click OK.
  • Uncheck (untick) the Show extracted files box and click Finish.
  • Click on Start > Run and copy and paste in the following into the Run box:

    REGSVR32 C:\Windows\system32\comdlg32.ocx
  • Press Enter.
  • You should receive this message - "DllRegisterServer in C:\Windows\system32\comdlg32.ocx succeeded."
  • Click OK and restart your computer. Then try running VundoFix again.


#7 Trailrider

Trailrider
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:03:59 AM

Posted 13 March 2008 - 12:39 PM

Below are the results of the VundoFix scan and a new HGT log.


VundoFix V7.0.3

Scan started at 12:20:50 2008-03-13

Listing files found while scanning....

C:\WINDOWS\system32\ddcddee.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ddcddee.dll
C:\WINDOWS\system32\ddcddee.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Performing Repairs to the registry.
Done!




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:56, on 2008-03-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.screensavers.com/landing/redirect/dynapage.html
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
F3 - REG:win.ini: load=C:\WINDOWS\system32\ddaya.exe
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SM_IAN] C:\Program Files\AdvancedCleaner Free\ian_monitor .exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [24b9a683] rundll32.exe "C:\WINDOWS\system32\pucrwfem.dll",b
O4 - HKLM\..\Run: [BM278a951f] Rundll32.exe "C:\WINDOWS\system32\gfjntgft.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kernel] C:\Program Files\kernel\kernel.exe
O4 - HKCU\..\Run: [JavaCore] C:\Program Files\JavaCore\JavaCore.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe (User 'Default user')
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab
O18 - Filter hijack: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - C:\Program Files\RcvSystem\httpdchk.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: lxcf_device - - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WUSB54Gv42SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 8350 bytes

#8 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:59 AM

Posted 13 March 2008 - 05:13 PM

  • Download UnDLL by ESET from here
  • Unzip/extact it to a folder on the desktop
  • Double click on UNDLL.EXE to start UnDLL
  • Click on Select infected DLL
  • Locate and select this file:
    C:\WINDOWS\SYSTEM32\ddcddee.dll
  • Click Open
  • UnDLL will now attempt to delete the DLL file
  • If asked to restart your PC, click Yes
Go to Start > Run... and copy/paste the text below into the Runbox:

"%userprofile%\desktop\dss.exe" /config

A window will open. Click on Check All, then click Scan!.

When it has finished, Deckard's System Scanner will open two Notepad files: main.txt and extra.txt- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply

#9 Trailrider

Trailrider
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:03:59 AM

Posted 13 March 2008 - 06:34 PM

UnDLL successfully deleted the file ddcddee.dll. No reboot was required.

Below are the results of the Deckard's System Scan:

Deckard's System Scanner v20071014.68
Run by Owner on 2008-03-13 19:06:30
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 5 Restore Point(s) --
96: 2008-03-12 18:59:24 UTC - RP355 - Deckard's System Scanner Restore Point
95: 2008-03-12 16:48:38 UTC - RP354 - ComboFix created restore point
94: 2008-03-06 19:23:14 UTC - RP353 - System Checkpoint
93: 2008-03-05 16:18:12 UTC - RP352 - Spybot-S&D Spyware removal
92: 2008-03-04 21:29:09 UTC - RP351 - System Checkpoint


-- First Restore Point --
1: 2008-01-26 13:51:41 UTC - RP260 - System Checkpoint


Performed disk cleanup.

Percentage of Memory in Use: 82% (more than 75%).
Total Physical Memory: 495 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:06, on 2008-03-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.screensavers.com/landing/redirect/dynapage.html
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
F3 - REG:win.ini: load=C:\WINDOWS\system32\ddaya.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: {ca41c4dd-4741-f9b9-68a4-1356f425ff07} - {70ff524f-6531-4a86-9b9f-1474dd4c14ac} - C:\WINDOWS\system32\arrhioiv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: BndDrive2 BHO Class - {8B27CC68-110C-46a9-80D3-F3107DE6EB98} - C:\Program Files\ISM\BndDrive3.dll (file missing)
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D45E1169-ADE1-4159-832D-EA97BE276027} - C:\WINDOWS\system32\ddaya.dll
O2 - BHO: (no name) - {E7E7AB2A-37EB-1D1A-E45D-3E76183C06C7} - C:\WINDOWS\system32\owbiaq.dll (file missing)
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SM_IAN] C:\Program Files\AdvancedCleaner Free\ian_monitor .exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [24b9a683] rundll32.exe "C:\WINDOWS\system32\pucrwfem.dll",b
O4 - HKLM\..\Run: [BM278a951f] Rundll32.exe "C:\WINDOWS\system32\gfjntgft.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kernel] C:\Program Files\kernel\kernel.exe
O4 - HKCU\..\Run: [JavaCore] C:\Program Files\JavaCore\JavaCore.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe (User 'Default user')
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab
O18 - Filter hijack: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - C:\Program Files\RcvSystem\httpdchk.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: lxcf_device - - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WUSB54Gv42SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 10157 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20070928-225306-562 R3 - URLSearchHook: (no name) - - (no file)
backup-20080303-142256-567 O23 - Service: Security Center (wscsvc) - Unknown owner - C:\WINDOWS\C:\WINDOWS\System32\svchost.exe (file missing)
backup-20080303-142256-649 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
backup-20080303-142331-434 O23 - Service: Security Center (wscsvc) - Unknown owner - C:\WINDOWS\C:\WINDOWS\System32\svchost.exe (file missing)

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R3 GTNDIS5 (GTNDIS5 NDIS Protocol Driver) - c:\windows\system32\gtndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
R3 SunkFilt (Alcor Micro Corp Reader) - c:\windows\system32\drivers\sunkfilt.sys <Not Verified; Alcor Micro Corp.; SunkFilt>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Process Modules -------------------------------------------------------------

C:\WINDOWS\explorer.exe (pid 320)
2008-01-26 09:51:21 340480 --a------ C:\WINDOWS\system32\ddaya.dll
2005-06-23 12:24:13 77824 --a------ C:\Program Files\Common Files\aolshare\aolshcpy.dll <Not Verified; America Online Inc.; aolshcpy Module>
2008-03-13 11:42:02 90176 --a------ C:\WINDOWS\system32\gfjntgft.dll
2008-03-13 11:45:01 86080 --a------ C:\WINDOWS\system32\pucrwfem.dll
2008-03-13 11:48:01 93760 --a------ C:\WINDOWS\system32\arrhioiv.dll
2006-12-22 16:28:14 271360 --a------ C:\WINDOWS\system32\mscoree.dll <Not Verified; Microsoft Corporation; Microsoft® .NET Framework>
2003-02-20 22:09:34 253952 --a------ C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\shfusion.dll <Not Verified; Microsoft Corporation; Microsoft .NET Framework>
2004-05-12 04:03:00 744960 --a------ C:\Program Files\Spybot - Search & Destroy\SDHelper.dll <Not Verified; Safer Networking Limited; Spybot - Search & Destroy>

C:\WINDOWS\system32\rundll32.exe (pid 3912)
2008-03-13 11:45:01 86080 --a------ C:\WINDOWS\system32\pucrwfem.dll
2008-03-13 11:42:02 90176 --a------ C:\WINDOWS\system32\gfjntgft.dll

C:\WINDOWS\system32\rundll32.exe (pid 3920)
2008-03-13 11:42:02 90176 --a------ C:\WINDOWS\system32\gfjntgft.dll
2008-03-13 11:45:01 86080 --a------ C:\WINDOWS\system32\pucrwfem.dll


-- Scheduled Tasks -------------------------------------------------------------

2008-03-12 19:56:04 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2006-10-12 14:32:25 366 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job


-- Files created between 2008-02-13 and 2008-03-13 -----------------------------

2008-03-13 12:20:50 0 d-------- C:\VundoFix Backups
2008-03-13 11:48:00 93760 --a------ C:\WINDOWS\system32\arrhioiv.dll
2008-03-13 11:45:00 86080 --a------ C:\WINDOWS\system32\pucrwfem.dll
2008-03-13 11:42:01 90176 --a------ C:\WINDOWS\system32\gfjntgft.dll
2008-03-12 12:47:56 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-03-12 12:47:56 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-03-12 12:47:56 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-03-12 12:47:56 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-03-12 12:47:49 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-03-12 12:36:56 344064 --a------ C:\WINDOWS\system32\ddaya.exe
2008-03-12 11:40:49 93760 --a------ C:\WINDOWS\system32\dpxlincq.dll
2008-03-12 11:40:27 89152 --a------ C:\WINDOWS\system32\rscawplk.dll
2008-03-06 10:57:43 96320 --a------ C:\WINDOWS\system32\vfrvlmfh.dll
2008-03-06 10:52:17 92736 --a------ C:\WINDOWS\system32\mxxbohky.dll
2008-03-05 16:39:02 96832 --a------ C:\WINDOWS\system32\kcdmrhap.dll
2008-03-05 16:36:01 91712 --a------ C:\WINDOWS\system32\jmjwmtvj.dll
2008-03-04 19:12:14 0 d-------- C:\Documents and Settings\Owner\Application Data\ArcSoft
2008-03-04 16:37:46 96832 --a------ C:\WINDOWS\system32\piayirxs.dll
2008-03-04 16:35:09 91712 --a------ C:\WINDOWS\system32\pvaxenth.dll
2008-03-04 11:13:51 0 d-------- C:\Program Files\AIM6
2008-03-03 16:38:18 95296 --a------ C:\WINDOWS\system32\tygbaycu.dll
2008-03-03 16:35:13 91712 --a------ C:\WINDOWS\system32\sesbtwxh.dll
2008-03-03 15:55:38 94208 --a------ C:\WINDOWS\system32\GTW32N50.dll
2008-03-03 15:55:38 15872 --a------ C:\WINDOWS\system32\GTNDIS5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2008-03-03 15:55:20 0 d-------- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor
2008-03-03 15:40:09 0 d-------- C:\Documents and Settings\Owner\Application Data\Grisoft
2008-03-03 15:39:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-03 11:24:52 0 d-------- C:\Program Files\Lavasoft
2008-02-29 08:59:01 88640 --a------ C:\WINDOWS\system32\ntilocji.dll
2008-02-29 08:57:05 91712 --a------ C:\WINDOWS\system32\jqptwebt.dll
2008-02-27 22:56:02 90176 --a------ C:\WINDOWS\system32\eqrluocw.dll
2008-02-27 22:54:35 91712 --a------ C:\WINDOWS\system32\oqompjll.dll
2008-02-25 20:12:49 90688 --a------ C:\WINDOWS\system32\bgfelwve.dll
2008-02-25 20:10:54 91712 --a------ C:\WINDOWS\system32\hdjqnxbs.dll
2008-02-22 21:08:18 89664 --a------ C:\WINDOWS\system32\jjvtmopj.dll
2008-02-22 21:05:05 91712 --a------ C:\WINDOWS\system32\olhlhrer.dll
2008-02-22 21:02:23 91712 --a------ C:\WINDOWS\system32\uotdipuh.dll
2008-02-21 20:52:54 93760 --a------ C:\WINDOWS\system32\vevtrjbm.dll
2008-02-21 20:50:07 88128 --a------ C:\WINDOWS\system32\oketcknt.dll
2008-02-21 20:49:55 91712 --a------ C:\WINDOWS\system32\avqcvcta.dll
2008-02-21 20:47:55 91712 --a------ C:\WINDOWS\system32\ktuwxrit.dll
2008-02-20 13:02:16 101376 --a------ C:\WINDOWS\b152.exe
2008-02-20 10:30:11 94784 --a------ C:\WINDOWS\system32\dgckwpeo.dll
2008-02-20 10:27:05 74304 --a------ C:\WINDOWS\system32\bnixvasa.dll
2008-02-19 10:30:57 89152 --a------ C:\WINDOWS\system32\ispanosy.dll
2008-02-19 10:25:31 74304 --a------ C:\WINDOWS\system32\jqjayyda.dll
2008-02-17 21:12:04 97344 --a------ C:\WINDOWS\system32\slqfrtls.dll
2008-02-17 21:09:45 74304 --a------ C:\WINDOWS\system32\ixeylhas.dll
2008-02-16 21:08:47 92736 --a------ C:\WINDOWS\system32\bsssjush.dll
2008-02-16 21:06:23 74304 --a------ C:\WINDOWS\system32\twgduodj.dll
2008-02-15 18:42:10 91712 --a------ C:\WINDOWS\system32\iibdvjgb.dll
2008-02-15 18:40:50 74304 --a------ C:\WINDOWS\system32\pnovhwxl.dll
2008-02-13 21:16:03 98368 --a------ C:\WINDOWS\system32\uwxrchmf.dll
2008-02-13 21:13:07 98368 --a------ C:\WINDOWS\system32\dkbpucmj.dll


-- Find3M Report ---------------------------------------------------------------

2008-03-13 19:07:21 231454 --ahs---- C:\WINDOWS\system32\ayadd.ini2
2008-03-13 10:29:36 0 d-------- C:\Program Files\Lx_cats
2008-03-12 12:50:39 0 d-------- C:\Program Files\Common Files
2008-03-04 15:31:47 0 d-------- C:\Program Files\The Weather Channel FW
2008-03-04 13:46:13 0 d-------- C:\Program Files\Microsoft Picture It! PhotoPub
2008-03-04 10:36:12 0 d-------- C:\Program Files\Common Files\Nullsoft
2008-03-03 22:55:04 0 d-------- C:\Program Files\Yahoo!
2008-03-03 15:55:29 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-03 11:25:15 0 d-------- C:\Documents and Settings\Owner\Application Data\Lavasoft
2008-03-02 23:34:15 2860 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-02 17:53:05 0 d-------- C:\Documents and Settings\Owner\Application Data\LimeWire
2008-02-17 00:22:07 1309 --a------ C:\Documents and Settings\Owner\Application Data\update.log
2008-02-13 16:13:55 0 d-------- C:\Program Files\PartyGaming
2008-02-12 21:16:42 93248 --a------ C:\WINDOWS\system32\xfkhlksw.dll
2008-02-12 21:11:23 93248 --a------ C:\WINDOWS\system32\upfhvnbg.dll
2008-02-12 20:48:12 0 d-------- C:\Program Files\MySpace
2008-02-11 21:09:04 93248 --a------ C:\WINDOWS\system32\yqrcuxxy.dll
2008-02-11 21:07:41 93248 --a------ C:\WINDOWS\system32\akhrhalw.dll
2008-02-11 11:54:13 93248 --a------ C:\WINDOWS\system32\udlxoxjj.dll
2008-02-11 11:52:01 93248 --a------ C:\WINDOWS\system32\magfddsy.dll
2008-02-10 17:22:21 93248 --a------ C:\WINDOWS\system32\nufrxlma.dll
2008-02-10 17:19:26 93248 --a------ C:\WINDOWS\system32\eavuesxa.dll
2008-02-09 20:29:31 0 d-------- C:\Program Files\QuickTime
2008-02-09 20:12:27 0 d-------- C:\Program Files\LimeWire
2008-02-09 17:21:04 93760 --a------ C:\WINDOWS\system32\gfqhofsb.dll
2008-02-09 17:18:43 93760 --a------ C:\WINDOWS\system32\dwoilppn.dll
2008-02-08 17:30:08 94784 --a------ C:\WINDOWS\system32\jjkqhmhy.dll
2008-02-08 17:20:59 94784 --a------ C:\WINDOWS\system32\nldiafqx.dll
2008-02-07 17:24:57 95808 --a------ C:\WINDOWS\system32\icvaoqhe.dll
2008-02-07 17:21:36 95808 --a------ C:\WINDOWS\system32\yiwnscso.dll
2008-02-06 20:39:12 0 d-------- C:\Program Files\Common Files\uqmu
2008-02-06 17:20:54 92224 --a------ C:\WINDOWS\system32\voqfhrqd.dll
2008-02-06 17:20:44 92224 --a------ C:\WINDOWS\system32\qyymvdlq.dll
2008-02-05 10:40:11 94272 --a------ C:\WINDOWS\system32\gkmnxvjx.dll
2008-02-05 10:39:48 94272 --a------ C:\WINDOWS\system32\sdsdmrsv.dll
2008-02-04 21:26:21 0 d-------- C:\Program Files\RcvSystem
2008-02-02 20:21:07 36864 --a------ C:\WINDOWS\17PHolmes72.exe
2008-02-02 20:19:19 41984 --a------ C:\WINDOWS\system32\mljhgec.dll
2008-01-26 20:28:43 0 d-------- C:\Program Files\EA SPORTS
2008-01-26 09:51:21 340480 --a------ C:\WINDOWS\system32\ddaya.dll
2008-01-24 08:49:46 224256 --a------ C:\WINDOWS\b116.exe
2008-01-23 15:36:16 36864 -ra------ C:\WINDOWS\mrofinu11.exe
2008-01-16 15:21:47 0 d-------- C:\Documents and Settings\Owner\Application Data\??stem32
2008-01-16 11:01:25 224256 --a------ C:\WINDOWS\b128.exe
2008-01-15 08:26:38 2 --a------ C:\WINDOWS\system32\wnsintsv32.exe
2008-01-07 22:08:46 41724 ---hs---- C:\Program Files\Common Files\Yazzle1560OinUninstaller.exe
2007-12-31 12:21:19 53760 --a------ C:\WINDOWS\b122.exe
2007-12-25 11:31:28 1283174 --a------ C:\Install
2007-12-20 05:04:32 293888 --a------ C:\WINDOWS\b148.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{70ff524f-6531-4a86-9b9f-1474dd4c14ac}]
2008-03-13 11:48 93760 --a------ C:\WINDOWS\system32\arrhioiv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8B27CC68-110C-46a9-80D3-F3107DE6EB98}]
C:\Program Files\ISM\BndDrive3.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D45E1169-ADE1-4159-832D-EA97BE276027}]
2008-01-26 09:51 340480 --a------ C:\WINDOWS\system32\ddaya.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E7E7AB2A-37EB-1D1A-E45D-3E76183C06C7}]
C:\WINDOWS\system32\owbiaq.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LXCFCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll" [2005-07-20 13:47]
"SM_IAN"="C:\Program Files\AdvancedCleaner Free\ian_monitor .exe" []
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"24b9a683"="C:\WINDOWS\system32\pucrwfem.dll" [2008-03-13 11:45]
"BM278a951f"="C:\WINDOWS\system32\gfjntgft.dll" [2008-03-13 11:42]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00]
"kernel"="C:\Program Files\kernel\kernel.exe" []
"JavaCore"="C:\Program Files\JavaCore\JavaCore.exe" []
"Aim6"="" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"FlashPlayerUpdate"=C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytools"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ddaya

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Install Pending Files.LNK]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Install Pending Files.LNK
backup=C:\WINDOWS\pss\Install Pending Files.LNKCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
"C:\Program Files\America Online 9.0\AOL.EXE" -b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLAspSunset2]
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
"C:\Program Files\BearShare\BearShare.exe" /pause

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1158266030\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Insider]
C:\Program Files\Insider\Insider.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]
C:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBInstall]
C:\DOCUME~1\Owner\LOCALS~1\Temp\MBDownloader_876923.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
"C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask .exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
%WINDIR%\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegPowerClean]
"C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sady]
C:\Program Files\MSN Gaming Zone\sady77798.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurePCCleaner]
C:\Program Files\SecurePCCleaner\GDC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SfKg6w]
C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\rayiou.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
"C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM]
C:\Program Files\Digital Media Reader\shwiconem.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uqmu]
C:\PROGRA~1\COMMON~1\uqmu\uqmum.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URLLSTCK.exe]
C:\Program Files\Norton Internet Security\UrlLstCk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAble]
C:\Program Files\WinAble\winable.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTouch]
C:\Documents and Settings\Owner\Application Data\WinTouch\WinTouch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Words]
C:\Program Files\Words\Words.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
"C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\_AntiSpyware]
c:\progra~1\mcafee\MCAFEE~1\MssCli.exe




-- End of Deckard's System Scanner: finished at 2008-03-13 19:09:16 ------------



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Celeron® CPU 2.93GHz
Percentage of Memory in Use: 82%
Physical Memory (total/avail): 494.73 MiB / 87.16 MiB
Pagefile Memory (total/avail): 1156.34 MiB / 808.9 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1916.9 MiB

C: is Fixed (NTFS) - 88.44 GiB total, 33.19 GiB free.
D: is Fixed (FAT32) - 4.7 GiB total, 2.24 GiB free.
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ST3100011A - 93.16 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 88.44 GiB - C:
\PARTITION1 - Unknown - 4.71 GiB - D:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: Norton Internet Security v2005 (Symantec Corporation)
AV: Norton Internet Security v2005 (Symantec Corporation) Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Morpheus\\Morpheus.exe"="C:\\Program Files\\Morpheus\\Morpheus.exe:*:Enabled:Morpheus"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1158266030\\EE\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1158266030\\EE\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe:*:Disabled:BearShare"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Disabled:Yahoo! Messenger"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=YOUR-7408D4454C
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\YOUR-7408D4454C
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=YOUR-7408D4454C
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.7 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AOL Coach Version 1.0(Build:20040229.1 en) --> C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe
AOL Coach Version 2.0(Build:20041026.5 en) --> C:\Program Files\Common Files\AolCoach\en_en\AolCInUn.exe -lang=en_en -ext=UDP
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
AOL You've Got Pictures Screensaver --> C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe
Apple Mobile Device Support --> MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ArcSoft PhotoStudio 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.EXE" -l0x9
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
BigFix --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\BigFix\Uninst.isu" -c"C:\Program Files\BigFix\Lib\UninstallHelper.dll"
Canon MP Navigator 3.0 --> "C:\Program Files\Canon\MP Navigator 3.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 3.0\uninst.ini
Canon MP160 --> "C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160 /L0x0009
Canon MP160 User Registration --> C:\Program Files\Canon\IJEREG\MP160\UNINST.EXE
Canon My Printer --> C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
CC_ccProxyExt --> MsiExec.exe /I{DA42FDCA-7C5A-43EF-9A05-CCE148ADF919}
ccCommon --> MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
ccPxyCore --> MsiExec.exe /I{FC08587A-4F01-4188-819F-F55880022917}
Deer Hunter 3 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Deer Hunter 3\Uninst.isu"
Digital Media Reader --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}
Easy-WebPrint --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
GTAIII --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{92B94569-6683-4617-8C54-EB27A1B51B30}\Setup.exe" -l0x9
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Intel® Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
JavaCore --> C:\Program Files\JavaCore\UnInstall.exe
kernel --> "C:\Program Files\kernel\kernel.exe" -uninstall
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
Lexmark 730 Series --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxcfUNST.EXE -NOLICENSE
LimeWire 4.17.3 --> "C:\Program Files\LimeWire\uninstall.exe"
Linksys Wireless-G USB Network Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C7EEF2B9-8C16-4A04-B98D-B1A952A47E55}\setup.exe" -l0x9
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VCSetup.exe /REMOVE
LiveUpdate 2.5 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Digital Image Starter Edition 2006 --> "C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=TRIAL VERSION=11
Microsoft Money 2005 --> C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Picture It! Publishing 2001 --> MsiExec.exe /I{15D9EB74-998E-4A04-B468-51C2E7B32182}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\Owner\Application Data\Move Networks\ie_bin\Uninst.exe
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSRedist --> MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
Myth II --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Myth II\Uninst.isu"
Nero BurnRights --> C:\WINDOWS\UNNeroBurnRights.exe /UNINSTALL
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Norton AntiSpam --> MsiExec.exe /I{3B29A786-5803-4e9e-9B58-3014A5B4E519}
Norton AntiSpam --> MsiExec.exe /I{5677563D-0CB1-485f-9E18-C5025306BB3F}
Norton AntiVirus 2005 --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton Internet Security --> MsiExec.exe /I{12E2B9E9-05B1-407d-B0FD-B5F350535125}
Norton Internet Security --> MsiExec.exe /I{449F3A9E-9903-4a0d-A209-08030D45A935}
Norton Internet Security --> MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B}
Norton Internet Security --> MsiExec.exe /I{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F}
Norton Internet Security --> MsiExec.exe /I{A93C9E60-29B6-49da-BA21-F70AC6AADE20}
Norton Internet Security --> MsiExec.exe /I{C9D599E1-6B68-4a1f-8A4F-A1DB433DB1BF}
Norton Internet Security --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Internet Security --> MsiExec.exe /I{FC2C0536-583C-46c0-844A-62CECAE01F22}
Norton Internet Security 2005 (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\SymSetup\{A93C9E60-29B6-49da-BA21-F70AC6AADE20}.exe /X
Norton WMI Update --> MsiExec.exe /X{E85FA9A1-C241-4698-893B-DD99509B8DB0}
Norton WMI Update --> MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4}
PartyPoker --> "C:\Program Files\PartyGaming\PartyPoker\Uninstall.exe" "C:\Program Files\PartyGaming\PartyPoker\install.log"
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
ScanSoft OmniPage SE 4.0 --> MsiExec.exe /I{29D851C2-048C-4B5E-8D1F-25D473342BB5}
Screensavers Installer Version 2 --> "C:\Program Files\Screensavers.com\SSSInst\bin\SSSUninst.exe"
SeaStorm 3D Screensaver (remove only) --> "C:\Program Files\SeaStorm 3D Screensaver\Uninstall.exe"
Security Update for Step By Step Interactive Training (KB898458) -->
SoftV92 Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1\HXFSETUP.EXE -U -IURSLST5K.inf
SPBBC --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spybot - Search & Destroy 1.3 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Symantec Script Blocking Installer --> MsiExec.exe /I{D327AFC9-7BAA-473A-8319-6EB7A0D40138}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
TaxACT 2006 --> C:\PROGRA~1\2NDSTO~1\TAXACT~1\Unta06.exe C:\PROGRA~1\2NDSTO~1\TAXACT~1\Install.log
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Wal-Mart Digital Photo Manager --> MsiExec.exe /X{C1771DDC-BEA1-4375-B2A2-B46F43ACB476}
Webcam Basic --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{02984DCC-D4E0-4353-8487-3FB492717C93} /l1033
Windows Backup Utility --> MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Yahoo! Anti-Spy --> C:\PROGRA~1\Yahoo!\Common\unypsr.exe
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Search Protection --> C:\PROGRA~1\Yahoo!\SEARCH~1\UNINST~1.EXE
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type10341 / Error
Event Submitted/Written: 03/13/2008 01:41:50 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16608, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type10245 / Error
Event Submitted/Written: 03/06/2008 03:39:45 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16608, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type10234 / Error
Event Submitted/Written: 03/06/2008 11:31:11 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16608, faulting module unknown, version 0.0.0.0, fault address 0x00000011.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type10233 / Error
Event Submitted/Written: 03/06/2008 11:29:32 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16608, faulting module unknown, version 0.0.0.0, fault address 0x00000011.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type10232 / Error
Event Submitted/Written: 03/06/2008 11:28:57 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16608, faulting module unknown, version 0.0.0.0, fault address 0x00000011.
Processing media-specific event for [iexplore.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type50424 / Error
Event Submitted/Written: 03/13/2008 02:48:30 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1053" attempting to start the service lxcf_device with arguments ""
in order to run the server:
{323CE21C-A448-40AA-BA74-7FCF1E44106F}

Event Record #/Type50423 / Error
Event Submitted/Written: 03/13/2008 02:48:20 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The lxcf_device service failed to start due to the following error:
%%1053

Event Record #/Type50422 / Error
Event Submitted/Written: 03/13/2008 02:48:20 PM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the lxcf_device service to connect.

Event Record #/Type50421 / Error
Event Submitted/Written: 03/13/2008 02:48:20 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1053" attempting to start the service lxcf_device with arguments ""
in order to run the server:
{323CE21C-A448-40AA-BA74-7FCF1E44106F}

Event Record #/Type50393 / Error
Event Submitted/Written: 03/13/2008 00:52:14 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1053" attempting to start the service lxcf_device with arguments ""
in order to run the server:
{323CE21C-A448-40AA-BA74-7FCF1E44106F}



-- End of Deckard's System Scanner: finished at 2008-03-13 19:09:16 ------------

#10 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:59 AM

Posted 14 March 2008 - 01:36 PM

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
  • Open a new notepad window (Start>All Programs>Accessories>Notepad)
  • Copy & paste the contents of the following codebox into the notepad window
    dir /a /s "C:\* .exe" > spacedexe.txt
    notepad spacedexe.txt
  • Click File > Save as
  • In the box labelled File name copy and paste search.bat
  • Change Save as type to All Files
  • Save it to your desktop
  • Close the notepad window
  • Double click on search.bat
  • Once it has finished, a notepad window will open. Copy and paste the contents of that window as a reply to this topic.


#11 Trailrider

Trailrider
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:03:59 AM

Posted 14 March 2008 - 07:47 PM

Thank you for your continuing help.

Below are the scan reports and HGT log:


SDFix: Version 1.157

Run by Owner on 2008-03-14 at 19:48

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\41.TMP - Deleted
C:\42.TMP - Deleted
C:\46.TMP - Deleted
C:\47.TMP - Deleted
C:\PROGRA~1\MSNGAM~1\SADY77~1.EXE - Deleted
C:\Documents and Settings\Owner\Application Data\SecurePCCleaner\Logs\update.log - Deleted
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt - Deleted
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt - Deleted
C:\Program Files\Common Files\Yazzle1122OinAdmin.exe - Deleted
C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe - Deleted
C:\Program Files\Common Files\Yazzle1560OinAdmin.exe - Deleted
C:\Program Files\Common Files\Yazzle1560OinUninstaller.exe - Deleted
C:\U.exe - Deleted
C:\WINDOWS\17PHolmes72.exe - Deleted
C:\WINDOWS\b103.exe - Deleted
C:\WINDOWS\b104.exe - Deleted
C:\WINDOWS\b111.exe - Deleted
C:\WINDOWS\b116.exe - Deleted
C:\WINDOWS\b122.exe - Deleted
C:\WINDOWS\b128.exe - Deleted
C:\WINDOWS\b138.exe - Deleted
C:\WINDOWS\b143.exe - Deleted
C:\WINDOWS\b147.exe - Deleted
C:\WINDOWS\b148.exe - Deleted
C:\WINDOWS\b151.exe - Deleted
C:\WINDOWS\b152.exe - Deleted
C:\WINDOWS\mrofinu11.exe - Deleted
C:\WINDOWS\mrofinu72.exe.tmp - Deleted
C:\WINDOWS\tsitra11.exe.tmp - Deleted
C:\Documents and Settings\Owner\Application Data\installer_en[1].exe - Deleted



Folder C:\Documents and Settings\Owner\Application Data\SecurePCCleaner - Removed
Folder C:\Documents and Settings\LocalService\Application Data\NetMon - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-14 19:59:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Morpheus\\Morpheus.exe"="C:\\Program Files\\Morpheus\\Morpheus.exe:*:Enabled:Morpheus"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1158266030\\EE\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1158266030\\EE\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe:*:Disabled:BearShare"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Disabled:Yahoo! Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Thu 2 Mar 2006 8,913 A..H. --- "C:\My Backup -- 06-09-14 1248PM\TEMP\t4.bak"
Thu 23 Jun 2005 54,872 A..H. --- "C:\Program Files\America Online 9.0\AOLphx.exe"
Thu 23 Jun 2005 31,832 A..H. --- "C:\Program Files\America Online 9.0\rbm.exe"
Fri 7 May 2004 54,384 A..H. --- "C:\Program Files\America Online 9.0a\aolphx.exe"
Fri 7 May 2004 156,784 A..H. --- "C:\Program Files\America Online 9.0a\aoltray.exe"
Fri 7 May 2004 31,344 A..H. --- "C:\Program Files\America Online 9.0a\RBM.exe"
Sat 21 Oct 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 4 Aug 2004 93,184 A.SH. --- "C:\My Backup -- 06-09-14 1248PM\Program Files\Internet Explorer\IEXPLORE.EXE"
Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\My Backup -- 06-09-14 1248PM\Program Files\Messenger\msmsgs.exe"
Wed 4 Aug 2004 60,416 A.SH. --- "C:\My Backup -- 06-09-14 1248PM\Program Files\Outlook Express\msimn.exe"
Wed 4 Aug 2004 4,639 A.SH. --- "C:\My Backup -- 06-09-14 1248PM\Program Files\Windows Media Player\mplayer2.exe"
Wed 11 Aug 2004 73,728 A.SH. --- "C:\My Backup -- 06-09-14 1248PM\Program Files\Windows Media Player\wmplayer.exe"
Tue 17 Oct 2006 304,736 A..H. --- "C:\Program Files\Canon\MP Navigator 3.0\Maint.exe"
Tue 17 Oct 2006 61,440 A..H. --- "C:\Program Files\Canon\MP Navigator 3.0\uinstrsc.dll"
Wed 21 Nov 2007 329 A..H. --- "C:\Program Files\InterActual\InterActual Player\itiF3.tmp"
Sun 16 Sep 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Mon 2 Jan 2006 4,348 ..SH. --- "C:\My Backup -- 06-09-14 1248PM\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 2 Sep 2006 1,090 A..H. --- "C:\My Backup -- 06-09-14 1248PM\Program Files\InterActual\InterActual Player\iti187.tmp"
Sun 23 Dec 2007 634 A..H. --- "C:\Program Files\Common Files\AOL\IPHSend\IPH.BAK"
Sat 21 Oct 2006 4,348 ...H. --- "C:\Documents and Settings\Owner\My Documents\My Music\License Backup\drmv1key.bak"
Sun 26 Nov 2006 20 A..H. --- "C:\Documents and Settings\Owner\My Documents\My Music\License Backup\drmv1lic.bak"
Fri 20 Oct 2006 400 A.SH. --- "C:\Documents and Settings\Owner\My Documents\My Music\License Backup\drmv2key.bak"
Sat 4 Mar 2006 1,333 A..H. --- "C:\My Backup -- 06-09-14 1248PM\Program Files\Common Files\AOL\IPHSend\IPH.BAK"
Wed 28 Nov 2007 593,216,736 A.SH. --- "C:\Deckard\System Scanner\20080313190539\backup\WINDOWS\temp\geonbi2v.TMP"
Mon 2 Jan 2006 4,348 ...H. --- "C:\My Backup -- 06-09-14 1248PM\Documents and Settings\Owner\My Documents\My Music\License Backup\drmv1key.bak"
Sat 4 Mar 2006 20 A..H. --- "C:\My Backup -- 06-09-14 1248PM\Documents and Settings\Owner\My Documents\My Music\License Backup\drmv1lic.bak"
Mon 2 Jan 2006 400 A.SH. --- "C:\My Backup -- 06-09-14 1248PM\Documents and Settings\Owner\My Documents\My Music\License Backup\drmv2key.bak"
Wed 9 Aug 2006 0 A..H. --- "C:\My Backup -- 06-09-14 1248PM\WINDOWS\SoftwareDistribution\Download\S-1-5-18\fa6a8b6ef758224c8bfe859aa426f0c7\BIT278.tmp"

Finished!





Volume in drive C has no label.
Volume Serial Number is 24B9-A62C

Directory of C:\Program Files\AIM6

2008-03-12 12:38 50,528 aim6 .exe
2008-03-12 12:36 419,840 aim6 .exe
2008-03-06 09:03 50,528 aim6 .exe
3 File(s) 520,896 bytes

Directory of C:\Program Files\Common Files\AOL\1158266030\EE

2008-03-03 15:30 50,736 AOLSoftware .exe
1 File(s) 50,736 bytes

Directory of C:\Program Files\Grisoft\AVG Anti-Spyware 7.5

2008-03-12 12:26 6,731,312 avgas .exe
2008-03-12 12:24 7,481,856 avgas .exe
2 File(s) 14,213,168 bytes

Directory of C:\Program Files\Java\jre1.6.0_03\bin

2008-03-03 15:30 132,496 jusched .exe
1 File(s) 132,496 bytes

Directory of C:\Program Files\QuickTime

2008-02-09 20:29 286,720 qttask .exe
2008-02-09 20:27 657,920 qttask .exe
2008-02-09 20:14 657,920 qttask .exe
2008-02-09 11:52 657,920 qttask .exe
2008-02-08 22:00 657,920 qttask .exe
2008-02-08 16:42 657,920 qttask .exe
2008-02-08 08:07 657,920 qttask .exe
2008-02-07 14:27 657,920 qttask .exe
2008-02-07 08:46 657,920 qttask .exe
2008-02-06 21:59 657,920 qttask .exe
2008-02-06 20:52 657,920 qttask .exe
2008-02-06 20:40 657,920 qttask .exe
2008-02-06 20:29 657,920 qttask .exe
2008-02-06 20:10 657,920 qttask .exe
2008-02-06 17:14 657,920 qttask .exe
2008-02-05 14:55 657,920 qttask .exe
2008-02-05 10:33 657,920 qttask .exe
2008-02-04 21:23 657,920 qttask .exe
2008-02-04 12:15 657,920 qttask .exe
2008-02-03 20:25 657,920 qttask .exe
2008-02-03 17:41 657,920 qttask .exe
2008-02-02 21:51 657,920 qttask .exe
2008-02-02 20:27 657,920 qttask .exe
2008-02-02 00:37 657,920 qttask .exe
2008-02-01 11:57 657,920 qttask .exe
2008-01-31 21:22 657,920 qttask .exe
2008-01-30 18:21 657,920 qttask .exe
2008-01-29 21:55 657,920 qttask .exe
2008-01-28 21:26 657,920 qttask .exe
2008-01-26 17:11 657,920 qttask .exe
30 File(s) 19,366,400 bytes

Directory of C:\WINDOWS\system32

2008-03-14 19:41 15,360 ctfmon .exe
2008-03-03 15:30 118,784 hkcmd .exe
2008-03-03 15:30 155,648 igfxtray .exe
3 File(s) 289,792 bytes

Total Files Listed:
40 File(s) 34,573,488 bytes
0 Dir(s) 35,545,124,864 bytes free



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:19, on 2008-03-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.screensavers.com/landing/redirect/dynapage.html
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [24b9a683] rundll32.exe "C:\WINDOWS\system32\gibqfklo.dll",b
O4 - HKLM\..\Run: [BM278a951f] Rundll32.exe "C:\WINDOWS\system32\sfqmbxbv.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe (User 'Default user')
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab
O18 - Filter hijack: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - C:\Program Files\RcvSystem\httpdchk.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: lxcf_device - - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WUSB54Gv42SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 8047 bytes

#12 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:59 AM

Posted 15 March 2008 - 06:00 AM

It looks like the forum messed up the formatting a bit, could you post the spacedexe.txt file as an attachment?

Edited by random/random, 15 March 2008 - 06:00 AM.


#13 Trailrider

Trailrider
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:03:59 AM

Posted 15 March 2008 - 08:50 AM

Attached File  spacedexe.txt   3.12KB   6 downloadsHere is the attachment you requested.

#14 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:59 AM

Posted 15 March 2008 - 04:18 PM

  • Open a new notepad window (Start>All Programs>Accessories>Notepad)
  • Copy & paste the contents of the following codebox into the notepad window
    attrib -r -h -s "C:\Program Files\AIM6\aim6.exe"
    attrib -r -h -s "C:\Program Files\Common Files\AOL\1158266030\EE\AOLSoftware.exe"
    attrib -r -h -s "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe"
    attrib -r -h -s "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    attrib -r -h -s "C:\Program Files\QuickTime\qttask.exe"
    attrib -r -h -s "C:\WINDOWS\system32\hkcmd.exe"
    attrib -r -h -s "C:\WINDOWS\system32\igfxtray.exe"
    attrib -r -h -s "C:\Program Files\AIM6\aim6   .exe"
    attrib -r -h -s "C:\Program Files\Common Files\AOL\1158266030\EE\AOLSoftware .exe"
    attrib -r -h -s "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas  .exe"
    attrib -r -h -s "C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe"
    attrib -r -h -s "C:\Program Files\QuickTime\qttask							  .exe"
    attrib -r -h -s "C:\WINDOWS\system32\hkcmd .exe"
    attrib -r -h -s "C:\WINDOWS\system32\igfxtray .exe"
    COPY /Y "C:\Program Files\AIM6\aim6   .exe" "C:\Program Files\AIM6\aim6.exe"
    COPY /Y "C:\Program Files\Common Files\AOL\1158266030\EE\AOLSoftware .exe" "C:\Program Files\Common Files\AOL\1158266030\EE\AOLSoftware.exe"
    COPY /Y "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas  .exe" "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe"
    COPY /Y "C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe" "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    COPY /Y "C:\Program Files\QuickTime\qttask							  .exe" "C:\Program Files\QuickTime\qttask.exe"
    COPY /Y "C:\WINDOWS\system32\hkcmd .exe" "C:\WINDOWS\system32\hkcmd.exe"
    COPY /Y "C:\WINDOWS\system32\igfxtray .exe" "C:\WINDOWS\system32\igfxtray.exe"
    dir /a /s "C:\Program Files\AIM6\aim6*.exe >> spacedexe2.txt
    dir /a /s "C:\Program Files\Common Files\AOL\1158266030\EE\AOLSoftware*.exe >> spacedexe2.txt
    dir /a /s "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas*.exe >> spacedexe2.txt
    dir /a /s "C:\Program Files\Java\jre1.6.0_03\bin\jusched*.exe >> spacedexe2.txt
    dir /a /s "C:\Program Files\QuickTime\qttask*.exe >> spacedexe2.txt
    dir /a /s "C:\WINDOWS\system32\hkcmd*.exe >> spacedexe2.txt
    dir /a /s "C:\WINDOWS\system32\igfxtray*.exe >> spacedexe2.txt
  • Click File > Save as
  • In the box labelled File name copy and paste cleanup.bat
  • Change Save as type to All Files
  • Save it to your desktop
  • Close the notepad window
  • Double click on cleanup.bat
  • Once it has finished, please post the spacedexe2.txt file that it created as an attachment in your next post.
Go to Start > Run... and copy/paste the text below into the Runbox:

"%userprofile%\desktop\dss.exe" /config

A window will open. Click on Check All, then click Scan!.

When it has finished, Deckard's System Scanner will open two Notepad files: main.txt and extra.txt- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply

#15 Trailrider

Trailrider
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:03:59 AM

Posted 15 March 2008 - 06:59 PM

I think I may have done something incorrectly in this last procedure. I created and ran the cleanup.bat file, and it opened a window and seemed to run correctly. When it finished I could not find a new spacedexe2.txt file. I searched the whole computer, and the only one it found was the last one that I sent to you.

Below are the main.txt and extra.txt from Deckard's System Scanner:


Main.txt


Deckard's System Scanner v20071014.68
Run by Owner on 2008-03-15 19:16:45
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
99: 2008-03-15 23:17:00 UTC - RP358 - Deckard's System Scanner Restore Point
98: 2008-03-15 01:06:18 UTC - RP357 - System Checkpoint
97: 2008-03-13 23:52:52 UTC - RP356 - System Checkpoint
96: 2008-03-12 18:59:24 UTC - RP355 - Deckard's System Scanner Restore Point
95: 2008-03-12 16:48:38 UTC - RP354 - ComboFix created restore point


-- First Restore Point --
1: 2008-01-26 13:51:41 UTC - RP260 - System Checkpoint


Performed disk cleanup.

Percentage of Memory in Use: 92% (more than 75%).
Total Physical Memory: 495 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:17, on 2008-03-15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Owner\desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.screensavers.com/landing/redirect/dynapage.html
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: BndDrive2 BHO Class - {8B27CC68-110C-46a9-80D3-F3107DE6EB98} - C:\Program Files\ISM\BndDrive3.dll (file missing)
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {E7E7AB2A-37EB-1D1A-E45D-3E76183C06C7} - C:\WINDOWS\system32\owbiaq.dll (file missing)
O2 - BHO: {2a6bec5b-4027-f43b-0e54-4857cc6b4b3f} - {f3b4b6cc-7584-45e0-b34f-7204b5ceb6a2} - C:\WINDOWS\system32\niordpbi.dll
O2 - BHO: (no name) - {FAC55AAC-4228-4D16-BBC9-86ABD4028C6B} - C:\WINDOWS\system32\ddaya.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [BM278a951f] Rundll32.exe "C:\WINDOWS\system32\hlwdlkme.dll",s
O4 - HKLM\..\Run: [24b9a683] rundll32.exe "C:\WINDOWS\system32\aamjbmhn.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe (User 'Default user')
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab
O18 - Filter hijack: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - C:\Program Files\RcvSystem\httpdchk.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: lxcf_device - - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WUSB54Gv42SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 9838 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20070928-225306-562 R3 - URLSearchHook: (no name) - - (no file)
backup-20080303-142256-567 O23 - Service: Security Center (wscsvc) - Unknown owner - C:\WINDOWS\C:\WINDOWS\System32\svchost.exe (file missing)
backup-20080303-142256-649 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
backup-20080303-142331-434 O23 - Service: Security Center (wscsvc) - Unknown owner - C:\WINDOWS\C:\WINDOWS\System32\svchost.exe (file missing)

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R3 GTNDIS5 (GTNDIS5 NDIS Protocol Driver) - c:\windows\system32\gtndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
R3 SunkFilt (Alcor Micro Corp Reader) - c:\windows\system32\drivers\sunkfilt.sys <Not Verified; Alcor Micro Corp.; SunkFilt>

S3 catchme - c:\docume~1\owner\locals~1\temp\catchme.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Process Modules -------------------------------------------------------------

C:\WINDOWS\explorer.exe (pid 484)
2008-01-26 09:51:21 340480 --a------ C:\WINDOWS\system32\ddaya.dll
2005-06-23 12:24:13 77824 --a------ C:\Program Files\Common Files\aolshare\aolshcpy.dll <Not Verified; America Online Inc.; aolshcpy Module>
2006-12-22 16:28:14 271360 --a------ C:\WINDOWS\system32\mscoree.dll <Not Verified; Microsoft Corporation; Microsoft® .NET Framework>
2007-04-14 00:57:58 86016 --a------ C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorie.dll <Not Verified; Microsoft Corporation; Microsoft .NET Framework>
2007-04-14 00:58:00 102400 --a------ C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll <Not Verified; Microsoft Corporation; Microsoft .NET Framework>
2008-03-15 18:49:44 98368 --a------ C:\WINDOWS\system32\hlwdlkme.dll
2008-03-15 18:43:50 98368 --a------ C:\WINDOWS\system32\gohfyrbw.dll
2008-03-15 18:52:44 94272 --a------ C:\WINDOWS\system32\aamjbmhn.dll
2008-03-15 18:52:47 98368 --a------ C:\WINDOWS\system32\niordpbi.dll
2003-02-20 22:09:34 253952 --a------ C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\shfusion.dll <Not Verified; Microsoft Corporation; Microsoft .NET Framework>

C:\WINDOWS\system32\rundll32.exe (pid 3388)
2008-03-15 18:49:44 98368 --a------ C:\WINDOWS\system32\hlwdlkme.dll
2008-03-15 18:52:44 94272 --a------ C:\WINDOWS\system32\aamjbmhn.dll

C:\WINDOWS\system32\rundll32.exe (pid 2264)
2008-03-15 18:52:44 94272 --a------ C:\WINDOWS\system32\aamjbmhn.dll
2008-03-15 18:49:44 98368 --a------ C:\WINDOWS\system32\hlwdlkme.dll


-- Scheduled Tasks -------------------------------------------------------------

2008-03-12 19:56:04 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2006-10-12 14:32:25 366 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job


-- Files created between 2008-02-15 and 2008-03-15 -----------------------------

2008-03-15 18:52:46 98368 --a------ C:\WINDOWS\system32\niordpbi.dll
2008-03-15 18:52:43 94272 --a------ C:\WINDOWS\system32\aamjbmhn.dll
2008-03-15 18:49:44 98368 --a------ C:\WINDOWS\system32\hlwdlkme.dll
2008-03-15 18:43:49 98368 --a------ C:\WINDOWS\system32\gohfyrbw.dll
2008-03-15 18:43:41 98368 --a------ C:\WINDOWS\system32\bbkkwcqv.dll
2008-03-15 15:48:17 98368 --a------ C:\WINDOWS\system32\xoxmjloj.dll
2008-03-15 15:45:17 94272 -----n--- C:\WINDOWS\system32\gdogvmqb.dll
2008-03-15 15:42:17 98368 --a------ C:\WINDOWS\system32\ivgqwvtx.dll
2008-03-15 14:45:17 98368 --a------ C:\WINDOWS\system32\lktlsxah.dll
2008-03-15 14:42:17 98368 --a------ C:\WINDOWS\system32\cqasdsdw.dll
2008-03-15 13:48:17 98368 --a------ C:\WINDOWS\system32\ukjibgbb.dll
2008-03-15 13:42:17 98368 --a------ C:\WINDOWS\system32\vjcumcjj.dll
2008-03-15 12:45:17 98368 --a------ C:\WINDOWS\system32\pxebaxlt.dll
2008-03-15 12:42:17 98368 --a------ C:\WINDOWS\system32\feavlnlb.dll
2008-03-15 11:48:17 98368 --a------ C:\WINDOWS\system32\noglvbar.dll
2008-03-15 11:42:17 98368 --a------ C:\WINDOWS\system32\prlfdsvn.dll
2008-03-15 10:45:17 98368 --a------ C:\WINDOWS\system32\vjfuaoil.dll
2008-03-15 10:39:26 98368 --a------ C:\WINDOWS\system32\wlmeteew.dll
2008-03-15 09:39:18 98368 --a------ C:\WINDOWS\system32\hemjattg.dll
2008-03-15 09:38:56 98368 --a------ C:\WINDOWS\system32\jdghxhus.dll
2008-03-14 21:41:36 98368 --a------ C:\WINDOWS\system32\esevnagg.dll
2008-03-14 21:35:36 96832 --a------ C:\WINDOWS\system32\oomoneyl.dll
2008-03-14 20:38:36 98368 --a------ C:\WINDOWS\system32\sljchwjn.dll
2008-03-14 20:35:37 96832 --a------ C:\WINDOWS\system32\ltivghps.dll
2008-03-14 20:05:37 98368 --a------ C:\WINDOWS\system32\jygcwthp.dll
2008-03-14 19:44:16 0 d-------- C:\WINDOWS\ERUNT
2008-03-14 18:34:58 98368 --a------ C:\WINDOWS\system32\sqdymqjw.dll
2008-03-14 18:33:30 96832 --a------ C:\WINDOWS\system32\sfqmbxbv.dll
2008-03-13 12:20:50 0 d-------- C:\VundoFix Backups
2008-03-13 11:48:00 93760 --a------ C:\WINDOWS\system32\arrhioiv.dll
2008-03-13 11:42:01 90176 --a------ C:\WINDOWS\system32\gfjntgft.dll
2008-03-12 12:47:56 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-03-12 12:47:56 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-03-12 12:47:56 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-03-12 12:47:56 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-03-12 12:47:49 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-03-12 12:36:56 344064 --a------ C:\WINDOWS\system32\ddaya.exe
2008-03-12 11:40:49 93760 --a------ C:\WINDOWS\system32\dpxlincq.dll
2008-03-12 11:40:27 89152 --a------ C:\WINDOWS\system32\rscawplk.dll
2008-03-06 10:57:43 96320 --a------ C:\WINDOWS\system32\vfrvlmfh.dll
2008-03-06 10:52:17 92736 --a------ C:\WINDOWS\system32\mxxbohky.dll
2008-03-05 16:39:02 96832 --a------ C:\WINDOWS\system32\kcdmrhap.dll
2008-03-05 16:36:01 91712 --a------ C:\WINDOWS\system32\jmjwmtvj.dll
2008-03-04 19:12:14 0 d-------- C:\Documents and Settings\Owner\Application Data\ArcSoft
2008-03-04 16:37:46 96832 --a------ C:\WINDOWS\system32\piayirxs.dll
2008-03-04 16:35:09 91712 --a------ C:\WINDOWS\system32\pvaxenth.dll
2008-03-04 11:13:51 0 d-------- C:\Program Files\AIM6
2008-03-03 16:38:18 95296 --a------ C:\WINDOWS\system32\tygbaycu.dll
2008-03-03 16:35:13 91712 --a------ C:\WINDOWS\system32\sesbtwxh.dll
2008-03-03 15:55:38 94208 --a------ C:\WINDOWS\system32\GTW32N50.dll
2008-03-03 15:55:38 15872 --a------ C:\WINDOWS\system32\GTNDIS5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2008-03-03 15:55:20 0 d-------- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor
2008-03-03 15:40:09 0 d-------- C:\Documents and Settings\Owner\Application Data\Grisoft
2008-03-03 15:39:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-03 11:24:52 0 d-------- C:\Program Files\Lavasoft
2008-02-29 08:59:01 88640 --a------ C:\WINDOWS\system32\ntilocji.dll
2008-02-29 08:57:05 91712 --a------ C:\WINDOWS\system32\jqptwebt.dll
2008-02-27 22:56:02 90176 --a------ C:\WINDOWS\system32\eqrluocw.dll
2008-02-27 22:54:35 91712 --a------ C:\WINDOWS\system32\oqompjll.dll
2008-02-25 20:12:49 90688 --a------ C:\WINDOWS\system32\bgfelwve.dll
2008-02-25 20:10:54 91712 --a------ C:\WINDOWS\system32\hdjqnxbs.dll
2008-02-22 21:08:18 89664 --a------ C:\WINDOWS\system32\jjvtmopj.dll
2008-02-22 21:05:05 91712 --a------ C:\WINDOWS\system32\olhlhrer.dll
2008-02-22 21:02:23 91712 --a------ C:\WINDOWS\system32\uotdipuh.dll
2008-02-21 20:52:54 93760 --a------ C:\WINDOWS\system32\vevtrjbm.dll
2008-02-21 20:50:07 88128 --a------ C:\WINDOWS\system32\oketcknt.dll
2008-02-21 20:49:55 91712 --a------ C:\WINDOWS\system32\avqcvcta.dll
2008-02-21 20:47:55 91712 --a------ C:\WINDOWS\system32\ktuwxrit.dll
2008-02-20 10:30:11 94784 --a------ C:\WINDOWS\system32\dgckwpeo.dll
2008-02-20 10:27:05 74304 --a------ C:\WINDOWS\system32\bnixvasa.dll
2008-02-19 10:30:57 89152 --a------ C:\WINDOWS\system32\ispanosy.dll
2008-02-19 10:25:31 74304 --a------ C:\WINDOWS\system32\jqjayyda.dll
2008-02-17 21:12:04 97344 --a------ C:\WINDOWS\system32\slqfrtls.dll
2008-02-17 21:09:45 74304 --a------ C:\WINDOWS\system32\ixeylhas.dll
2008-02-16 21:08:47 92736 --a------ C:\WINDOWS\system32\bsssjush.dll
2008-02-16 21:06:23 74304 --a------ C:\WINDOWS\system32\twgduodj.dll
2008-02-15 18:42:10 91712 --a------ C:\WINDOWS\system32\iibdvjgb.dll
2008-02-15 18:40:50 74304 --a------ C:\WINDOWS\system32\pnovhwxl.dll


-- Find3M Report ---------------------------------------------------------------

2008-03-15 19:17:00 233144 --ahs---- C:\WINDOWS\system32\ayadd.ini2
2008-03-14 19:54:38 0 d-------- C:\Program Files\Common Files
2008-03-14 19:54:33 0 d-------- C:\Program Files\MSN Gaming Zone
2008-03-13 10:29:36 0 d-------- C:\Program Files\Lx_cats
2008-03-04 15:31:47 0 d-------- C:\Program Files\The Weather Channel FW
2008-03-04 13:46:13 0 d-------- C:\Program Files\Microsoft Picture It! PhotoPub
2008-03-04 10:36:12 0 d-------- C:\Program Files\Common Files\Nullsoft
2008-03-03 22:55:04 0 d-------- C:\Program Files\Yahoo!
2008-03-03 15:55:29 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-03 11:25:15 0 d-------- C:\Documents and Settings\Owner\Application Data\Lavasoft
2008-03-02 23:34:15 2860 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-02 17:53:05 0 d-------- C:\Documents and Settings\Owner\Application Data\LimeWire
2008-02-17 00:22:07 1309 --a------ C:\Documents and Settings\Owner\Application Data\update.log
2008-02-13 21:16:14 98368 --a------ C:\WINDOWS\system32\uwxrchmf.dll
2008-02-13 21:13:17 98368 --a------ C:\WINDOWS\system32\dkbpucmj.dll
2008-02-13 16:13:55 0 d-------- C:\Program Files\PartyGaming
2008-02-12 21:16:42 93248 --a------ C:\WINDOWS\system32\xfkhlksw.dll
2008-02-12 21:11:23 93248 --a------ C:\WINDOWS\system32\upfhvnbg.dll
2008-02-12 20:48:12 0 d-------- C:\Program Files\MySpace
2008-02-11 21:09:04 93248 --a------ C:\WINDOWS\system32\yqrcuxxy.dll
2008-02-11 21:07:41 93248 --a------ C:\WINDOWS\system32\akhrhalw.dll
2008-02-11 11:54:13 93248 --a------ C:\WINDOWS\system32\udlxoxjj.dll
2008-02-11 11:52:01 93248 --a------ C:\WINDOWS\system32\magfddsy.dll
2008-02-10 17:22:21 93248 --a------ C:\WINDOWS\system32\nufrxlma.dll
2008-02-10 17:19:26 93248 --a------ C:\WINDOWS\system32\eavuesxa.dll
2008-02-09 20:29:31 0 d-------- C:\Program Files\QuickTime
2008-02-09 20:12:27 0 d-------- C:\Program Files\LimeWire
2008-02-09 17:21:04 93760 --a------ C:\WINDOWS\system32\gfqhofsb.dll
2008-02-09 17:18:43 93760 --a------ C:\WINDOWS\system32\dwoilppn.dll
2008-02-08 17:30:08 94784 --a------ C:\WINDOWS\system32\jjkqhmhy.dll
2008-02-08 17:20:59 94784 --a------ C:\WINDOWS\system32\nldiafqx.dll
2008-02-07 17:24:57 95808 --a------ C:\WINDOWS\system32\icvaoqhe.dll
2008-02-07 17:21:36 95808 --a------ C:\WINDOWS\system32\yiwnscso.dll
2008-02-06 20:39:12 0 d-------- C:\Program Files\Common Files\uqmu
2008-02-06 17:20:54 92224 --a------ C:\WINDOWS\system32\voqfhrqd.dll
2008-02-06 17:20:44 92224 --a------ C:\WINDOWS\system32\qyymvdlq.dll
2008-02-05 10:40:11 94272 --a------ C:\WINDOWS\system32\gkmnxvjx.dll
2008-02-05 10:39:48 94272 --a------ C:\WINDOWS\system32\sdsdmrsv.dll
2008-02-04 21:26:21 0 d-------- C:\Program Files\RcvSystem
2008-02-02 20:19:19 41984 --a------ C:\WINDOWS\system32\mljhgec.dll
2008-01-26 20:28:43 0 d-------- C:\Program Files\EA SPORTS
2008-01-26 09:51:21 340480 --a------ C:\WINDOWS\system32\ddaya.dll
2008-01-16 15:21:47 0 d-------- C:\Documents and Settings\Owner\Application Data\??stem32
2008-01-15 08:26:38 2 --a------ C:\WINDOWS\system32\wnsintsv32.exe
2007-12-25 11:31:28 1283174 --a------ C:\Install


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8B27CC68-110C-46a9-80D3-F3107DE6EB98}]
C:\Program Files\ISM\BndDrive3.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E7E7AB2A-37EB-1D1A-E45D-3E76183C06C7}]
C:\WINDOWS\system32\owbiaq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f3b4b6cc-7584-45e0-b34f-7204b5ceb6a2}]
2008-03-15 18:52 98368 --a------ C:\WINDOWS\system32\niordpbi.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FAC55AAC-4228-4D16-BBC9-86ABD4028C6B}]
2008-01-26 09:51 340480 --a------ C:\WINDOWS\system32\ddaya.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LXCFCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll" [2005-07-20 13:47]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"BM278a951f"="C:\WINDOWS\system32\hlwdlkme.dll" [2008-03-15 18:49]
"24b9a683"="C:\WINDOWS\system32\aamjbmhn.dll" [2008-03-15 18:52]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00]
"Aim6"="" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"FlashPlayerUpdate"=C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ddaya

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Install Pending Files.LNK]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Install Pending Files.LNK
backup=C:\WINDOWS\pss\Install Pending Files.LNKCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
"C:\Program Files\America Online 9.0\AOL.EXE" -b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLAspSunset2]
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
"C:\Program Files\BearShare\BearShare.exe" /pause

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1158266030\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Insider]
C:\Program Files\Insider\Insider.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]
C:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBInstall]
C:\DOCUME~1\Owner\LOCALS~1\Temp\MBDownloader_876923.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
"C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask .exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
%WINDIR%\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegPowerClean]
"C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sady]
C:\Program Files\MSN Gaming Zone\sady77798.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurePCCleaner]
C:\Program Files\SecurePCCleaner\GDC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SfKg6w]
C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\rayiou.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
"C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM]
C:\Program Files\Digital Media Reader\shwiconem.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uqmu]
C:\PROGRA~1\COMMON~1\uqmu\uqmum.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URLLSTCK.exe]
C:\Program Files\Norton Internet Security\UrlLstCk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAble]
C:\Program Files\WinAble\winable.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTouch]
C:\Documents and Settings\Owner\Application Data\WinTouch\WinTouch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Words]
C:\Program Files\Words\Words.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
"C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\_AntiSpyware]
c:\progra~1\mcafee\MCAFEE~1\MssCli.exe




-- End of Deckard's System Scanner: finished at 2008-03-15 19:19:28 ------------




Extra.txt


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Celeron® CPU 2.93GHz
Percentage of Memory in Use: 84%
Physical Memory (total/avail): 494.73 MiB / 76.04 MiB
Pagefile Memory (total/avail): 1156.34 MiB / 715.7 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1896.9 MiB

C: is Fixed (NTFS) - 88.44 GiB total, 33.02 GiB free.
D: is Fixed (FAT32) - 4.7 GiB total, 2.24 GiB free.
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ST3100011A - 93.16 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 88.44 GiB - C:
\PARTITION1 - Unknown - 4.71 GiB - D:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: Norton Internet Security v2005 (Symantec Corporation)
AV: Norton Internet Security v2005 (Symantec Corporation) Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Morpheus\\Morpheus.exe"="C:\\Program Files\\Morpheus\\Morpheus.exe:*:Enabled:Morpheus"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1158266030\\EE\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1158266030\\EE\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe:*:Disabled:BearShare"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Disabled:Yahoo! Messenger"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=YOUR-7408D4454C
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\YOUR-7408D4454C
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=YOUR-7408D4454C
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.7 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AOL Coach Version 1.0(Build:20040229.1 en) --> C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe
AOL Coach Version 2.0(Build:20041026.5 en) --> C:\Program Files\Common Files\AolCoach\en_en\AolCInUn.exe -lang=en_en -ext=UDP
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
AOL You've Got Pictures Screensaver --> C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe
Apple Mobile Device Support --> MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ArcSoft PhotoStudio 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.EXE" -l0x9
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
BigFix --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\BigFix\Uninst.isu" -c"C:\Program Files\BigFix\Lib\UninstallHelper.dll"
Canon MP Navigator 3.0 --> "C:\Program Files\Canon\MP Navigator 3.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 3.0\uninst.ini
Canon MP160 --> "C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160 /L0x0009
Canon MP160 User Registration --> C:\Program Files\Canon\IJEREG\MP160\UNINST.EXE
Canon My Printer --> C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
CC_ccProxyExt --> MsiExec.exe /I{DA42FDCA-7C5A-43EF-9A05-CCE148ADF919}
ccCommon --> MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
ccPxyCore --> MsiExec.exe /I{FC08587A-4F01-4188-819F-F55880022917}
Deer Hunter 3 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Deer Hunter 3\Uninst.isu"
Digital Media Reader --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}
Easy-WebPrint --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
GTAIII --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{92B94569-6683-4617-8C54-EB27A1B51B30}\Setup.exe" -l0x9
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Intel® Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
Lexmark 730 Series --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxcfUNST.EXE -NOLICENSE
LimeWire 4.17.3 --> "C:\Program Files\LimeWire\uninstall.exe"
Linksys Wireless-G USB Network Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C7EEF2B9-8C16-4A04-B98D-B1A952A47E55}\setup.exe" -l0x9
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VCSetup.exe /REMOVE
LiveUpdate 2.5 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Digital Image Starter Edition 2006 --> "C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=TRIAL VERSION=11
Microsoft Money 2005 --> C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Picture It! Publishing 2001 --> MsiExec.exe /I{15D9EB74-998E-4A04-B468-51C2E7B32182}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\Owner\Application Data\Move Networks\ie_bin\Uninst.exe
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSRedist --> MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
Myth II --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Myth II\Uninst.isu"
Nero BurnRights --> C:\WINDOWS\UNNeroBurnRights.exe /UNINSTALL
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Norton AntiSpam --> MsiExec.exe /I{3B29A786-5803-4e9e-9B58-3014A5B4E519}
Norton AntiSpam --> MsiExec.exe /I{5677563D-0CB1-485f-9E18-C5025306BB3F}
Norton AntiVirus 2005 --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton Internet Security --> MsiExec.exe /I{12E2B9E9-05B1-407d-B0FD-B5F350535125}
Norton Internet Security --> MsiExec.exe /I{449F3A9E-9903-4a0d-A209-08030D45A935}
Norton Internet Security --> MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B}
Norton Internet Security --> MsiExec.exe /I{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F}
Norton Internet Security --> MsiExec.exe /I{A93C9E60-29B6-49da-BA21-F70AC6AADE20}
Norton Internet Security --> MsiExec.exe /I{C9D599E1-6B68-4a1f-8A4F-A1DB433DB1BF}
Norton Internet Security --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Internet Security --> MsiExec.exe /I{FC2C0536-583C-46c0-844A-62CECAE01F22}
Norton Internet Security 2005 (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\SymSetup\{A93C9E60-29B6-49da-BA21-F70AC6AADE20}.exe /X
Norton WMI Update --> MsiExec.exe /X{E85FA9A1-C241-4698-893B-DD99509B8DB0}
Norton WMI Update --> MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4}
PartyPoker --> "C:\Program Files\PartyGaming\PartyPoker\Uninstall.exe" "C:\Program Files\PartyGaming\PartyPoker\install.log"
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
ScanSoft OmniPage SE 4.0 --> MsiExec.exe /I{29D851C2-048C-4B5E-8D1F-25D473342BB5}
Screensavers Installer Version 2 --> "C:\Program Files\Screensavers.com\SSSInst\bin\SSSUninst.exe"
SeaStorm 3D Screensaver (remove only) --> "C:\Program Files\SeaStorm 3D Screensaver\Uninstall.exe"
Security Update for Step By Step Interactive Training (KB898458) -->
SoftV92 Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1\HXFSETUP.EXE -U -IURSLST5K.inf
SPBBC --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spybot - Search & Destroy 1.3 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Symantec Script Blocking Installer --> MsiExec.exe /I{D327AFC9-7BAA-473A-8319-6EB7A0D40138}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
TaxACT 2006 --> C:\PROGRA~1\2NDSTO~1\TAXACT~1\Unta06.exe C:\PROGRA~1\2NDSTO~1\TAXACT~1\Install.log
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Wal-Mart Digital Photo Manager --> MsiExec.exe /X{C1771DDC-BEA1-4375-B2A2-B46F43ACB476}
Webcam Basic --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{02984DCC-D4E0-4353-8487-3FB492717C93} /l1033
Windows Backup Utility --> MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Yahoo! Anti-Spy --> C:\PROGRA~1\Yahoo!\Common\unypsr.exe
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Search Protection --> C:\PROGRA~1\Yahoo!\SEARCH~1\UNINST~1.EXE
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type10422 / Error
Event Submitted/Written: 03/15/2008 06:44:49 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application explorer.exe, version 6.0.2900.3156, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type10399 / Error
Event Submitted/Written: 03/15/2008 09:41:19 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16608, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type10365 / Error
Event Submitted/Written: 03/14/2008 07:00:37 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16608, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type10353 / Error
Event Submitted/Written: 03/13/2008 09:34:17 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16608, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type10341 / Error
Event Submitted/Written: 03/13/2008 01:41:50 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16608, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type50677 / Error
Event Submitted/Written: 03/15/2008 06:45:25 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1053" attempting to start the service lxcf_device with arguments ""
in order to run the server:
{323CE21C-A448-40AA-BA74-7FCF1E44106F}

Event Record #/Type50676 / Error
Event Submitted/Written: 03/15/2008 06:45:18 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The lxcf_device service failed to start due to the following error:
%%1053

Event Record #/Type50675 / Error
Event Submitted/Written: 03/15/2008 06:45:18 PM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the lxcf_device service to connect.

Event Record #/Type50674 / Error
Event Submitted/Written: 03/15/2008 06:45:18 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1053" attempting to start the service lxcf_device with arguments ""
in order to run the server:
{323CE21C-A448-40AA-BA74-7FCF1E44106F}

Event Record #/Type50646 / Error
Event Submitted/Written: 03/15/2008 04:39:18 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1053" attempting to start the service lxcf_device with arguments ""
in order to run the server:
{323CE21C-A448-40AA-BA74-7FCF1E44106F}



-- End of Deckard's System Scanner: finished at 2008-03-15 19:19:28 ------------




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users