Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected: Bloodhound.packed.jmp, Infostealer.gampass, Psw.win32.onlinegames.xxx


  • This topic is locked This topic is locked
5 replies to this topic

#1 qtmagoo

qtmagoo

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:07 AM

Posted 04 April 2008 - 09:04 PM

Hi there - my Norton AV software recently started popping up alerts for bloodhound.packed.jmp and infostealer.gampass. I also found two alerts in my risk history for hacktool.rootkit, but that seems to have stopped popping up. NAV says that it's cleaned, usually by deletion, but it detects them when I next start up my computer. My NAV software is fully updated with all the most recent virus defintions, but I cant' seem to get rid of these infections. Any help in removing these would be very much appreciated!

I've run the Kaspersky online virus scanner, and it found a couple of other trojans. Specifically, the PSW.Win32.Onlinegames.XXX where XXX is wec, yxd, yxf, and yxc. I've included the scan results in this post. I also ran DSS, and have included the HijackThis report, and the extra report generated.

Unfortunately, I didn't read everything thoroughly, and prior to finding this site, I ran the ComboFix program =( I haven't included those logs in this post, and I hope this doesn't cause any problems - only after I ran it did I read the instructions not to run that until requested. I do apologize =(

Thank you very much - any help with this would be really appreciated. Thank you in advance!
Chris.

--------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, April 04, 2008 9:30:04 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 4/04/2008
Kaspersky Anti-Virus database records: 682361


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\

Scan Statistics
Total number of scanned objects 160462
Number of viruses found 4
Number of infected objects 29
Number of suspicious objects 0
Duration of the scan process 02:16:50

Infected Object Name Virus Name Last Action
C:\af9rgm8h.bat Infected: Trojan-PSW.Win32.OnLineGames.wec skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09780000\4FFAEA3B.VBN Infected: Trojan-PSW.Win32.OnLineGames.wec skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09A00000\4FF6960F.VBN Infected: Trojan-PSW.Win32.OnLineGames.yxd skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09C00000\4FF12A2C.VBN Infected: Trojan-PSW.Win32.OnLineGames.wec skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D580000\4FFB821F.VBN Infected: Trojan-PSW.Win32.OnLineGames.yxd skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E640000.VBN Infected: Trojan-PSW.Win32.OnLineGames.yxd skipped

C:\Documents and Settings\Christopher Moraes\Application Data\Adobe\Acrobat\7.0\rover1.err Object is locked skipped

C:\Documents and Settings\Christopher Moraes\Application Data\Adobe\Acrobat\7.0\Updater\udlog.txt Object is locked skipped

C:\Documents and Settings\Christopher Moraes\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Christopher Moraes\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Christopher Moraes\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Christopher Moraes\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Christopher Moraes\Local Settings\History\History.IE5\MSHist012008040420080405\index.dat Object is locked skipped

C:\Documents and Settings\Christopher Moraes\Local Settings\Temp\AcrDD0A.tmp Object is locked skipped

C:\Documents and Settings\Christopher Moraes\Local Settings\Temp\Adobelm_Cleanup.0001.dir.0000\~efe2.tmp Object is locked skipped

C:\Documents and Settings\Christopher Moraes\Local Settings\Temp\Adobelm_Cleanup.0001.dir.0001\~efe2.tmp Object is locked skipped

C:\Documents and Settings\Christopher Moraes\Local Settings\Temp\jar_cache56900.tmp Object is locked skipped

C:\Documents and Settings\Christopher Moraes\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Christopher Moraes\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Christopher Moraes\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Ansys Inc\Shared Files\Licensing\license.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped

C:\Program Files\Symantec AntiVirus\SAVRT\0018NAV~.TMP Object is locked skipped

C:\Program Files\Symantec AntiVirus\SAVRT\0756NAV~.TMP Object is locked skipped

C:\QooBox\Quarantine\C\o.exe.vir Infected: Trojan-PSW.Win32.OnLineGames.yxf skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\kavo0.dll.vir Infected: Trojan-PSW.Win32.OnLineGames.yxc skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{F792426D-3C25-4621-B5F7-398A230316E5}\RP298\A0046805.dll Infected: Trojan-PSW.Win32.OnLineGames.wec skipped

C:\System Volume Information\_restore{F792426D-3C25-4621-B5F7-398A230316E5}\RP298\A0046807.bat Infected: Trojan-PSW.Win32.OnLineGames.wec skipped

C:\System Volume Information\_restore{F792426D-3C25-4621-B5F7-398A230316E5}\RP298\A0046808.inf Infected: Trojan-PSW.Win32.OnLineGames.wec skipped

C:\System Volume Information\_restore{F792426D-3C25-4621-B5F7-398A230316E5}\RP299\A0046898.bat Infected: Trojan-PSW.Win32.OnLineGames.wec skipped

C:\System Volume Information\_restore{F792426D-3C25-4621-B5F7-398A230316E5}\RP299\A0046899.inf Infected: Trojan-PSW.Win32.OnLineGames.wec skipped

C:\System Volume Information\_restore{F792426D-3C25-4621-B5F7-398A230316E5}\RP300\A0046901.inf Infected: Trojan-PSW.Win32.OnLineGames.wec skipped

C:\System Volume Information\_restore{F792426D-3C25-4621-B5F7-398A230316E5}\RP300\A0046985.dll Infected: Trojan-PSW.Win32.OnLineGames.wec skipped

C:\System Volume Information\_restore{F792426D-3C25-4621-B5F7-398A230316E5}\RP300\A0046988.inf Infected: Trojan-PSW.Win32.OnLineGames.wec skipped

C:\System Volume Information\_restore{F792426D-3C25-4621-B5F7-398A230316E5}\RP300\A0047031.exe Infected: Trojan-PSW.Win32.OnLineGames.yxf skipped

C:\System Volume Information\_restore{F792426D-3C25-4621-B5F7-398A230316E5}\RP301\A0047081.exe Infected: Trojan-PSW.Win32.OnLineGames.yxf skipped

C:\System Volume Information\_restore{F792426D-3C25-4621-B5F7-398A230316E5}\RP301\A0047090.dll Infected: Trojan-PSW.Win32.OnLineGames.yxc skipped

C:\System Volume Information\_restore{F792426D-3C25-4621-B5F7-398A230316E5}\RP301\A0047092.exe Infected: Trojan-PSW.Win32.OnLineGames.yxf skipped

C:\System Volume Information\_restore{F792426D-3C25-4621-B5F7-398A230316E5}\RP302\A0047147.exe Infected: Trojan-PSW.Win32.OnLineGames.yxf skipped

C:\System Volume Information\_restore{F792426D-3C25-4621-B5F7-398A230316E5}\RP302\A0047160.dll Infected: Trojan-PSW.Win32.OnLineGames.yxc skipped

C:\System Volume Information\_restore{F792426D-3C25-4621-B5F7-398A230316E5}\RP302\A0047165.exe Infected: Trojan-PSW.Win32.OnLineGames.yxf skipped

C:\System Volume Information\_restore{F792426D-3C25-4621-B5F7-398A230316E5}\RP302\A0047179.dll Infected: Trojan-PSW.Win32.OnLineGames.yxc skipped

C:\System Volume Information\_restore{F792426D-3C25-4621-B5F7-398A230316E5}\RP302\A0047181.exe Infected: Trojan-PSW.Win32.OnLineGames.yxf skipped

C:\System Volume Information\_restore{F792426D-3C25-4621-B5F7-398A230316E5}\RP302\A0047183.exe Infected: Trojan-PSW.Win32.OnLineGames.yxf skipped

C:\System Volume Information\_restore{F792426D-3C25-4621-B5F7-398A230316E5}\RP302\A0047184.dll Infected: Trojan-PSW.Win32.OnLineGames.yxc skipped

C:\System Volume Information\_restore{F792426D-3C25-4621-B5F7-398A230316E5}\RP303\A0047195.dll Infected: Trojan-PSW.Win32.OnLineGames.yxc skipped

C:\System Volume Information\_restore{F792426D-3C25-4621-B5F7-398A230316E5}\RP303\A0047198.exe Infected: Trojan-PSW.Win32.OnLineGames.yxf skipped

C:\System Volume Information\_restore{F792426D-3C25-4621-B5F7-398A230316E5}\RP303\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{FF4E24B9-0165-4755-8173-23478DF9AF37}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped

C:\WINDOWS\system32\config\OSession.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\drivers\atapi.sys Object is locked skipped

C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

-------------------------------------------------------------------------------------------------------------------------------


Deckard's System Scanner v20071014.68
Run by Christopher Moraes on 2008-04-04 21:32:19
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
13: 2008-04-05 01:32:28 UTC - RP304 - Deckard's System Scanner Restore Point
12: 2008-04-04 21:36:32 UTC - RP303 - ComboFix created restore point
11: 2008-04-04 01:12:13 UTC - RP302 - System Checkpoint
10: 2008-04-03 00:55:36 UTC - RP301 - System Checkpoint
9: 2008-04-01 00:30:21 UTC - RP300 - Installed SmartFTP Client


-- First Restore Point --
1: 2008-03-20 16:34:19 UTC - RP292 - Software Distribution Service 3.0


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Christopher Moraes.exe) ----------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:34:46 PM, on 4/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Ansys Inc\Shared Files\Licensing\intel\ansyslmd.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Documents and Settings\Christopher Moraes\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Christopher Moraes.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [HPLJ Config] C:\Program Files\Hewlett-Packard\hp LaserJet 1150_1300\SetConfig.exe -c Network -p hpLaserJet1300n_copy_1 -pn "AMNL - 1300n PCL 6" -n 0 -l 1033 -sl 120000
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1185306624140
O16 - DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} (OCXDownloadChecker Control) - http://www.aerospace.utoronto.ca/cab/OCXChecker_8000.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANSYS FLEXlm license manager - Macrovision Corporation - C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10160 bytes

-- File Associations -----------------------------------------------------------

.scr - AutoCADScriptFile - shell\open\command - "C:\WINDOWS\system32\notepad.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 d346bus - c:\windows\system32\drivers\d346bus.sys
R0 d346prt - c:\windows\system32\drivers\d346prt.sys
R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.6.0.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.6.0.0>
R2 LBeepKE - c:\windows\system32\drivers\lbeepke.sys <Not Verified; Logitech Inc.; Logitech SetPoint>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R2 Sentinel - c:\windows\system32\drivers\sentinel.sys
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S0 cercsr6 - c:\windows\system32\drivers\cercsr6.sys <Not Verified; Adaptec, Inc.; Dell RAID Controller>
S1 OMCI - c:\windows\system32\drivers\omci.sys (file missing)
S2 DS1410D - c:\windows\system32\drivers\ds1410d.sys (file missing)
S3 UIUSys (Conexant Setup API) - c:\windows\system32\drivers\uiusys.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ANSYS FLEXlm license manager - c:\progra~1\ansysi~1\shared~1\licens~1\intel\lmgrd.exe <Not Verified; Macrovision Corporation; >
R2 NICCONFIGSVC - c:\program files\dell\quickset\nicconfigsvc.exe <Not Verified; Dell Inc.; NicConfigSvc>
R2 RegSrvc (Intel® PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel® PROSet/Wireless Registry Service>
R2 WLANKEEPER (Intel® PROSet/Wireless SSO Service) - c:\program files\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel® Corporation; SSO Service>

S4 matlabserver (MATLAB Server) - c:\progra~1\matlab7\webserver\bin\win32\matlabserver.exe


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-03-04 and 2008-04-04 -----------------------------

2008-04-04 21:34:37 0 d-------- C:\Program Files\Trend Micro
2008-04-04 18:34:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-04 18:34:42 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-04 18:34:41 0 d-------- C:\WINDOWS\LastGood
2008-04-04 17:39:04 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-04-04 17:34:46 68096 --a------ C:\WINDOWS\zip.exe
2008-04-04 17:34:46 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-04 17:34:46 98816 --a------ C:\WINDOWS\sed.exe
2008-04-04 17:34:46 80412 --a------ C:\WINDOWS\grep.exe
2008-04-04 17:34:46 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-04-04 17:34:45 49152 --a------ C:\WINDOWS\VFind.exe
2008-04-04 17:34:45 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-04 17:34:45 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-04 17:27:47 0 dr-hs---- C:\cmdcons
2008-04-04 17:27:45 0 d-------- C:\WINDOWS\setup.pss
2008-04-04 17:27:24 0 d-------- C:\WINDOWS\setupupd
2008-04-04 16:57:02 117834 -r-hs---- C:\wkcay8u.cmd
2008-03-31 20:30:24 0 d-------- C:\Program Files\SmartFTP
2008-03-31 20:29:38 0 d-------- C:\Program Files\SmartFTP Client 3.0 Setup Files
2008-03-31 14:14:49 113276 -r-hs---- C:\af9rgm8h.bat


-- Find3M Report ---------------------------------------------------------------

2008-04-04 18:57:39 0 d-------- C:\Program Files\Symantec AntiVirus
2008-04-02 15:09:09 0 d-------- C:\Program Files\Paint Shop Pro 7
2008-03-31 15:30:15 0 d-------- C:\Documents and Settings\Christopher Moraes\Application Data\U3
2008-03-16 14:13:37 79464 --a------ C:\Documents and Settings\Christopher Moraes\Application Data\GDIPFONTCACHEV1.DAT
2008-02-28 18:40:02 0 d-------- C:\Documents and Settings\Christopher Moraes\Application Data\SolidWorks
2008-02-24 15:21:12 0 d-------- C:\Program Files\SPSS
2008-02-15 23:53:43 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-02-15 23:53:09 0 d-------- C:\Program Files\Symantec
2008-02-15 22:05:11 0 d-------- C:\Documents and Settings\Christopher Moraes\Application Data\Adobe
2008-02-08 18:06:45 0 d-------- C:\Program Files\LEdit83


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [07/14/2006 06:04 PM]
"SigmatelSysTrayApp"="stsystra.exe" [03/24/2006 06:30 PM C:\WINDOWS\stsystra.exe]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [08/03/2006 07:51 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [03/08/2006 01:48 PM]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [07/15/2005 05:48 PM]
"HPLJ Config"="C:\Program Files\Hewlett-Packard\hp LaserJet 1150_1300\SetConfig.exe" [03/31/2003 05:32 PM]
"StatusClient"="C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [12/16/2002 04:51 PM]
"TomcatStartup"="C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [03/31/2003 06:28 PM]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [10/18/2006 06:04 PM]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [10/18/2006 05:58 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [07/19/2006 08:26 PM]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [09/27/2006 09:33 PM]
"Logitech Hardware Abstraction Layer"="C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [07/19/2006 01:03 PM]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [07/19/2006 01:03 PM C:\WINDOWS\KHALMNPR.Exe]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [07/14/2006 06:07 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [07/14/2006 06:08 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/22/2007 01:01 PM]

C:\Documents and Settings\Christopher Moraes\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 8:16:50 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [12/25/2006 12:14:21 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
"C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSVolFE.exe]
"C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
"C:\Program Files\D-Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\MSMSGS.EXE" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
"C:\Program Files\Dell\MediaDirect\PCMService.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"TapiSrv"=3 (0x3)
"RDSessMgr"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"mnmsrvc"=3 (0x3)
"matlabserver"=2 (0x2)
"gusvc"=3 (0x3)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{07b98b82-8a1f-11db-9390-0015c572f789}]
AutoRun\command- E:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{107bd71c-a404-11db-bbc6-0015c572f789}]
Auto\command- setup.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4316d06e-e3c3-11dc-beec-0015c572f789}]
Auto\command- setup.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c9dd906-92d2-11dc-be65-0015c572f789}]
AutoRun\command- E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{812cdbae-9487-11dc-be6a-0015c572f789}]
AutoRun\command- D:\wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82e92af1-88c7-11db-937c-d78c6981e9b8}]
Auto\command- Cn911.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae6b7031-3923-11dc-bd88-0015c572f789}]
Auto\command- Cn911.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aea5512f-fe26-11db-bcdc-0015c572f789}]
AutoRun\command- E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aea55133-fe26-11db-bcdc-0015c572f789}]
AutoRun\command- E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{caa36b24-ff2b-11dc-bf10-0015c572f789}]
AutoRun\command- F:\af9rgm8h.bat
explore\Command- F:\af9rgm8h.bat
open\Command- F:\af9rgm8h.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f526dba8-9a46-11dc-be7d-0015c572f789}]
AutoRun\command- E:\wkcay8u.cmd
explore\Command- E:\wkcay8u.cmd
open\Command- E:\wkcay8u.cmd




-- End of Deckard's System Scanner: finished at 2008-04-04 21:35:35 ------------


---------------------------------------------------------------------------------------------------------------------------------------------------------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 CPU T5200 @ 1.60GHz
CPU 1: Intel® Core™2 CPU T5200 @ 1.60GHz
Percentage of Memory in Use: 50%
Physical Memory (total/avail): 1526.37 MiB / 761.2 MiB
Pagefile Memory (total/avail): 3422.71 MiB / 2841.79 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1917.09 MiB

C: is Fixed (NTFS) - 109.74 GiB total, 30.97 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - FUJITSU MHV2120BH - 111.79 GiB - 3 partitions
\PARTITION0 - Unknown - 47.03 MiB
\PARTITION1 (bootable) - Installable File System - 109.74 GiB - C:
\PARTITION2 - Extended w/Extended Int 13 - 2.01 GiB



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntivirusOverride is set.

AV: Symantec AntiVirus Corporate Edition v10.1.5.5000 (Symantec Corporation) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\ANSYS.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\ANSYS.exe:*:Enabled:ANSYS.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\ans_admin.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\ans_admin.exe:*:Enabled:ans_admin.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\ls970.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\ls970.exe:*:Enabled:ls970.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\ls970_DP.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\ls970_DP.exe:*:Enabled:ls970_DP.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\lspost.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\lspost.exe:*:Enabled:lspost.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\lsprepostd.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\lsprepostd.exe:*:Enabled:lsprepostd.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\mpitest.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\mpitest.exe:*:Enabled:mpitest.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\mpitestmpich.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\mpitestmpich.exe:*:Enabled:mpitestmpich.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\sxpost.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\sxpost.exe:*:Enabled:sxpost.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\tclsh.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\tclsh.exe:*:Enabled:tclsh.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\wish.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\wish.exe:*:Enabled:wish.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\DANSYS\\ANSYS.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\DANSYS\\ANSYS.exe:*:Enabled:ANSYS.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\DANSYSMPICH\\ANSYS.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\DANSYSMPICH\\ANSYS.exe:*:Enabled:ANSYS.exe"
"C:\\Program Files\\Ansys Inc\\v90\\CommonFiles\\TCL\\bin\\Intel\\tclsh.exe"="C:\\Program Files\\Ansys Inc\\v90\\CommonFiles\\TCL\\bin\\Intel\\tclsh.exe:*:Enabled:tclsh.exe"
"C:\\Program Files\\Ansys Inc\\v90\\CommonFiles\\TCL\\bin\\Intel\\wish.exe"="C:\\Program Files\\Ansys Inc\\v90\\CommonFiles\\TCL\\bin\\Intel\\wish.exe:*:Enabled:wish.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\catia\\Intel\\ac4catia.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\catia\\Intel\\ac4catia.exe:*:Enabled:ac4catia.exe"
"C:\\Program Files\\Ansys Inc\\v90\\CommonFiles\\CATIAV5\\Intel\\code\\bin\\ac4catia5.exe"="C:\\Program Files\\Ansys Inc\\v90\\CommonFiles\\CATIAV5\\Intel\\code\\bin\\ac4catia5.exe:*:Enabled:ac4catia5.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\para\\Intel\\ac4para.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\para\\Intel\\ac4para.exe:*:Enabled:ac4para.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\pro\\Intel\\ac4pro.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\pro\\Intel\\ac4pro.exe:*:Enabled:ac4pro.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\sat\\Intel\\ac4sat.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\sat\\Intel\\ac4sat.exe:*:Enabled:ac4sat.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\ug10\\Intel\\ansconug10.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\ug10\\Intel\\ansconug10.exe:*:Enabled:ansconug10.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\ug190\\Intel\\ansconug20.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\ug190\\Intel\\ansconug20.exe:*:Enabled:ansconug20.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\ug20\\Intel\\ansconug30.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\ug20\\Intel\\ansconug30.exe:*:Enabled:ansconug30.exe"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"="C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\ANSYS.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\ANSYS.exe:*:Enabled:ANSYS.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\ans_admin.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\ans_admin.exe:*:Enabled:ans_admin.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\ls970.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\ls970.exe:*:Enabled:ls970.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\ls970_DP.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\ls970_DP.exe:*:Enabled:ls970_DP.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\lspost.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\lspost.exe:*:Enabled:lspost.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\lsprepostd.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\lsprepostd.exe:*:Enabled:lsprepostd.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\mpitest.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\mpitest.exe:*:Enabled:mpitest.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\mpitestmpich.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\mpitestmpich.exe:*:Enabled:mpitestmpich.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\sxpost.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\sxpost.exe:*:Enabled:sxpost.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\tclsh.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\tclsh.exe:*:Enabled:tclsh.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\wish.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\wish.exe:*:Enabled:wish.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\DANSYS\\ANSYS.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\DANSYS\\ANSYS.exe:*:Enabled:ANSYS.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\DANSYSMPICH\\ANSYS.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\DANSYSMPICH\\ANSYS.exe:*:Enabled:ANSYS.exe"
"C:\\Program Files\\Ansys Inc\\v90\\CommonFiles\\TCL\\bin\\Intel\\tclsh.exe"="C:\\Program Files\\Ansys Inc\\v90\\CommonFiles\\TCL\\bin\\Intel\\tclsh.exe:*:Enabled:tclsh.exe"
"C:\\Program Files\\Ansys Inc\\v90\\CommonFiles\\TCL\\bin\\Intel\\wish.exe"="C:\\Program Files\\Ansys Inc\\v90\\CommonFiles\\TCL\\bin\\Intel\\wish.exe:*:Enabled:wish.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\catia\\Intel\\ac4catia.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\catia\\Intel\\ac4catia.exe:*:Enabled:ac4catia.exe"
"C:\\Program Files\\Ansys Inc\\v90\\CommonFiles\\CATIAV5\\Intel\\code\\bin\\ac4catia5.exe"="C:\\Program Files\\Ansys Inc\\v90\\CommonFiles\\CATIAV5\\Intel\\code\\bin\\ac4catia5.exe:*:Enabled:ac4catia5.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\para\\Intel\\ac4para.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\para\\Intel\\ac4para.exe:*:Enabled:ac4para.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\pro\\Intel\\ac4pro.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\pro\\Intel\\ac4pro.exe:*:Enabled:ac4pro.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\sat\\Intel\\ac4sat.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\sat\\Intel\\ac4sat.exe:*:Enabled:ac4sat.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\ug10\\Intel\\ansconug10.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\ug10\\Intel\\ansconug10.exe:*:Enabled:ansconug10.exe"
"C:\\Program Files\\ImageJ\\jre\\bin\\javaw.exe"="C:\\Program Files\\ImageJ\\jre\\bin\\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"C:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"="C:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe:*:Enabled:javaw"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Program Files\\SmartFTP\\SmartFTP.exe"="C:\\Program Files\\SmartFTP\\SmartFTP.exe:*:Enabled:SmartFTP Client 3.0"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
ANSYS90_DIR=C:\Program Files\Ansys Inc\v90\ANSYS
ANSYSLIC_DIR=C:\Program Files\Ansys Inc\Shared Files\Licensing
ANSYS_SYSDIR=Intel
APPDATA=C:\Documents and Settings\Christopher Moraes\Application Data
CADOE_DOCDIR90=C:\Program Files\Ansys Inc\v90\CommonFiles\help\en-us\solviewer
CADOE_LIBDIR90=C:\Program Files\Ansys Inc\v90\CommonFiles\Language\en-us
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ROVER1
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Christopher Moraes
KMP_STACKSIZE=4m
LOGONSERVER=\\ROVER1
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\Common Files\Autodesk Shared;C:\Progra~1\Matlab7\bin\win32;
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramFiles=C:\Program Files
PROMPT=$P$G
P_SCHEMA=C:\Program Files\Ansys Inc\v90\ANSYS\ac4\schema
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp
USERDOMAIN=ROVER1
USERNAME=Christopher Moraes
USERPROFILE=C:\Documents and Settings\Christopher Moraes
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Christopher Moraes (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> MsiExec.exe /I{56CA5D3B-3002-4E7B-90FE-071D8FDF3814}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7875FD9-6ADB-4D4B-A756-3A2306A3D5E1}\setup.exe" -l0x9 anything
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7E9BE6D1-680B-49B2-A2B0-CBC32D20DF04}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{943884D4-B604-496F-B132-DFA9C63FAF6A}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 7.0.9 Professional --> msiexec /I {AC76BA86-1033-0000-7760-000000000002}
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Illustrator CS2 --> msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}
Adobe Photoshop 6.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 6.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 6.0\Uninst.dll"
Adobe Premiere Pro --> RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{084709F7-38C5-4609-B55F-2417939315EB}\setup.exe"
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Ahead Nero Burning ROM --> C:\Program Files\NeroBurning\nero\uninstall\UNNERO.exe /UNINSTALL
ANSYS 9.0 SP1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B232ECDC-6689-4FFB-8C66-13DEE2B657CE}\setup.exe" -l0x9 -uninst
AutoCAD 2006 - English --> MsiExec.exe /I{5783F2D7-4001-0409-0002-0060B0CE6BBA}
Autodesk DWF Viewer --> C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove
Broadcom 440x 10/100 Integrated Controller --> MsiExec.exe /X{9C9D0F85-5658-4A5E-95A9-65F7DB2916EE}
Conexant HDA D110 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028p.inf
Dell Resource CD --> MsiExec.exe /X{FCD9CD52-7222-4672-94A0-A722BA702FD0}
Dr. DivX 2.0 OSS --> C:\Program Files\DivX\Dr. DivX 2.0 OSS\Remove.exe
EndNote X.0.2 Upgrade Edition --> MsiExec.exe /I{FE4BD9BD-4A26-4F39-B12C-19336204B101}
ffdshow [rev 1004] [2007-03-06] --> "C:\Program Files\ffdshow\unins000.exe"
GanttProject --> "C:\Program Files\GanttProject\uninstall.exe"
Gas Properties --> C:\WINDOWS\system32\javaws.exe -uninstall "http://phet.colorado.edu/sims/ideal-gas/gas-properties.jnlp"
Google Gmail Notifier --> "C:\Program Files\Google\Gmail Notifier\UninstallGmail.exe"
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
hp LaserJet 1150 / 1300 --> MsiExec.exe /x {1485B7CD-4CBD-4039-8EAE-5A22993D7F54}
ImageJ 1.36b --> "C:\Program Files\ImageJ\unins000.exe"
Intel® Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
ISI ResearchSoft - Export Helper --> C:\PROGRA~1\COMMON~1\Risxtd\_UNINST.EXE
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
K-Lite Mega Codec Pack 1.67 --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
KhalSetup --> MsiExec.exe /I{EE7B9A8D-19F0-450D-8E94-3E391E6044CD}
LiveUpdate 3.1 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Logitech SetPoint --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9 -removeonly
MATLAB Family of Products Release 14 --> C:\Progra~1\Matlab7\uninstall\uninstall.exe C:\Progra~1\Matlab7\
mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver --> MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
mDrWiFi --> MsiExec.exe /I{90CC4231-94AC-45CD-991A-0253BFAC0650}
MediaDirect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\Setup.exe" -l0x9 -cluninstall
mHlpDell --> MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Project MUI (English) 2007 --> MsiExec.exe /X{90120000-00B4-0409-0000-0000000FF1CE}
Microsoft Office Project Professional 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PRJPROR /dll OSETUP.DLL
Microsoft Office Project Professional 2007 --> MsiExec.exe /X{91120000-003B-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
Mixer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7E9BE6D1-680B-49B2-A2B0-CBC32D20DF04}\setup.exe" -l0x9 /remove
mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (2.0.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSSO --> MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mWMI --> MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Paint Shop Pro 7 Try And Buy --> MsiExec.exe /I{D6DE02C7-1F47-11D4-9515-00105AE4B89A}
PSRemote --> "C:\Program Files\PSRemote\Uninstall.exe" "C:\Program Files\PSRemote\install.log" -u
QuickSet --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 APPDRVNT4
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Office 2007 (KB934062) --> msiexec /package {91120000-003B-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {91120000-003B-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
Sentinel System Driver --> MsiExec.exe /I{791CAF6C-90A3-11D4-8306-00D0B72E1DB9}
SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Skype™ 3.2 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SmartFTP Client --> MsiExec.exe /I{6F23C1A3-9F62-470C-BD12-B83F04E67865}
SmartFTP Client 3.0 Setup Files (remove only) --> C:\Program Files\SmartFTP Client 3.0 Setup Files\uninst-sftp.exe
SolidWorks 2005 SP0 --> MsiExec.exe /I{B7FFC71C-CD9C-4A48-8DD1-12BC9B43B2BB}
Sonic Foundry Sound Forge 6.0a --> MsiExec.exe /I{6CDC68BB-C997-4ADC-9BA0-6293FB88521E}
Sound Blaster ADVANCED MB Drivers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{943884D4-B604-496F-B132-DFA9C63FAF6A}\setup.exe" -l0x9 /remove
Symantec AntiVirus --> MsiExec.exe /I{33CFCF98-F8D6-4549-B469-6F4295676D83}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Tanner L-Edit Pro v8.30 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\LEdit83\L-Edit Pro v8.30.isu"
Tanner License Installer --> C:\WINDOWS\IsUninst.exe -f"c:\program files\ledit83\license\Uninst.isu"
TMPGEnc Plus 2.5 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{C489B6E0-56CB-4B0F-B2E6-FF4C3D9FAE4F}
Update for Office 2007 (KB932080) --> msiexec /package {91120000-003B-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
ViewMate 9.4.73 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D321C027-7AF4-4D16-9EF6-ECD8991A7FC4}\setup.exe" -l0x9 -removeonly
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Driver Package - Ricoh Company Memorystick Host Controller (07/09/2005 1.00.01.12) --> C:\PROGRA~1\DIFX\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\rimsptsk_469677EEC4F8D39ABD61046D242B2A1651DE8AEF\rimsptsk.inf
Windows Driver Package - Ricoh Company MMC Host Controller (07/14/2005 1.00.00.06) --> C:\PROGRA~1\DIFX\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\rimmptsk_EA24AF82DAB6BA6CF6FB1A3004EE91F51D3FDCF9\rimmptsk.inf
Windows Driver Package - Ricoh Company xD-Picture Card/SmartMedia Host Controller (07/14/2005 1.00.02.04) --> C:\PROGRA~1\DIFX\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\rixdptsk_30B42BE4DA4D11DB80E5D3DD10180621BA0A53DD\rixdptsk.inf
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XML Paper Specification Shared Components Pack 1.0 -->


-- Application Event Log -------------------------------------------------------

Event Record #/Type14771 / Error
Event Submitted/Written: 04/04/2008 05:49:00 PM
Event ID/Source: 5 / Symantec AntiVirus
Event Description:
Risk Found!Risk: Bloodhound.Packed.Jmp in File: by: Auto-Protect scan. Action: Clean succeeded : Access allowed. Action Description: The file was repaired successfully.

Event Record #/Type14770 / Error
Event Submitted/Written: 04/04/2008 05:49:00 PM
Event ID/Source: 5 / Symantec AntiVirus
Event Description:
Risk Found!Risk: Bloodhound.Packed.Jmp in File: by: Auto-Protect scan. Action: Clean succeeded : Access allowed. Action Description: The file was repaired successfully.

Event Record #/Type14769 / Error
Event Submitted/Written: 04/04/2008 05:49:00 PM
Event ID/Source: 5 / Symantec AntiVirus
Event Description:
Risk Found!Risk: Bloodhound.Packed.Jmp in File: by: Auto-Protect scan. Action: Clean succeeded : Access allowed. Action Description: The file was repaired successfully.

Event Record #/Type14753 / Error
Event Submitted/Written: 04/04/2008 04:57:23 PM
Event ID/Source: 51 / Symantec AntiVirus
Event Description:
Security Risk Found!Risk: Bloodhound.Packed.Jmp in File: C:\Documents and Settings\Christopher Moraes\Local Settings\Temp\pef.dll by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description:

Event Record #/Type14752 / Error
Event Submitted/Written: 04/04/2008 04:57:23 PM
Event ID/Source: 5 / Symantec AntiVirus
Event Description:
Risk Found!Risk: Bloodhound.Packed.Jmp in File: C:\Documents and Settings\Christopher Moraes\Local Settings\Temp\pef.dll by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description:



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type422476 / Error
Event Submitted/Written: 04/04/2008 09:35:29 PM
Event ID/Source: 10009 / DCOM
Event Description:
DCOM was unable to communicate with the computer AMNL-5 using any of the configured
protocols.

Event Record #/Type422475 / Error
Event Submitted/Written: 04/04/2008 09:35:27 PM
Event ID/Source: 10009 / DCOM
Event Description:
DCOM was unable to communicate with the computer AMNL-7 using any of the configured
protocols.

Event Record #/Type422474 / Error
Event Submitted/Written: 04/04/2008 09:35:25 PM
Event ID/Source: 10009 / DCOM
Event Description:
DCOM was unable to communicate with the computer AMNL-TONG using any of the configured
protocols.

Event Record #/Type422473 / Error
Event Submitted/Written: 04/04/2008 09:35:21 PM
Event ID/Source: 10009 / DCOM
Event Description:
DCOM was unable to communicate with the computer CRAIG1 using any of the configured
protocols.

Event Record #/Type422472 / Error
Event Submitted/Written: 04/04/2008 09:35:19 PM
Event ID/Source: 10009 / DCOM
Event Description:
DCOM was unable to communicate with the computer AMNL-COMMON using any of the configured
protocols.



-- End of Deckard's System Scanner: finished at 2008-04-04 21:35:35 ------------

-------------------------------------------------------------------------------------------------------------------------------------------

BC AdBot (Login to Remove)

 


m

#2 Carolyn

Carolyn

    Bleepin' kitten


  • Members
  • 2,131 posts
  • OFFLINE
  •  
  • Local time:11:07 PM

Posted 16 April 2008 - 07:15 AM

Hello and Welcome to the forums!

My name is Carolyn and I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens.

Please reply to this thread, do not start another.
Please tell me about any problems that have occurred during the fix.
Please tell me of any other symptoms you may be having as these can help also.
Please try as much as possible not to run anything while executing a fix.

As I am still in training, everything that I post to you must be checked by one of the teachers. Thus, there may be a bit of a delay between posts, but it shouldn't be too long.

If you follow these instructions, everything should go smoothly.

I am sorry that we were unable to reply to your post sooner. The forums have been very busy.

If you are still in need of assistance, please do the following:

Download and Run HijackThis
Download HJTInstall.exe to your Desktop.
  • Doubleclick HJTInstall.exe to install it.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Copy/Paste the log to your next reply please.
Don't use the Analyse This button, its findings are dangerous if misinterpreted.
Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

Also, please make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in your next reply.

Post the fresh HijackThis log and the uninstall list in the body of your next reply.

If you still have the ComboFix log, please post that as well. Note: I do not want you to run ComboFix again to obtain a log. I would like to see the log from the first time you ran ComboFix, if it is available.
Member of ASAP (Alliance of Security Analysis Professionals)
Posted Image

#3 qtmagoo

qtmagoo
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:07 AM

Posted 17 April 2008 - 12:21 AM

Hi Carolyn - thank you very much for taking the time to look at this for me. Since my last post I've run Spybot, Malaware and Kaspersky (trial) clean, and I no longer get constant popups indicating found viruses - however, if you could look it over and see if I still have a problem, it'd be very much appreciated

HIJACK THIS LOG FILE
---------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:06:26 AM, on 4/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Ansys Inc\Shared Files\Licensing\intel\ansyslmd.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroTray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\USER NAME\Desktop\HiJackThis.exe
C:\WINDOWS\system32\HPBPRO.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SpybotSD\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [HPLJ Config] C:\Program Files\Hewlett-Packard\hp LaserJet 1150_1300\SetConfig.exe -c Network -p hpLaserJet1300n_copy_1 -pn "AMNL - 1300n PCL 6" -n 0 -l 1033 -sl 120000
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: AutorunsDisabled
O4 - Global Startup: AutorunsDisabled
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SpybotSD\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SpybotSD\SDHelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1185306624140
O16 - DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} - http://www.aerospace.utoronto.ca/cab/OCXChecker_8000.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANSYS FLEXlm license manager - Macrovision Corporation - C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9558 bytes


--------------------------------------------------------------------
HIJACK THIS UNINSTALL FILE
--------------------------------------------------------------------


Adobe Acrobat 7.0.9 Professional
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player ActiveX
Adobe Help Center 1.0
Adobe Illustrator CS2
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
Ahead Nero Burning ROM
ANSYS 9.0 SP1
AutoCAD 2006 - English
Autodesk DWF Viewer
Broadcom 440x 10/100 Integrated Controller
CCleaner (remove only)
Conexant HDA D110 MDC V.92 Modem
Dell Resource CD
EndNote X.0.2 Upgrade Edition
ffdshow [rev 1004] [2007-03-06]
GanttProject
Google Gmail Notifier
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB926239)
hp LaserJet 1150 / 1300
ImageJ 1.36b
Intel® Graphics Media Accelerator Driver
Intel® PROSet/Wireless Software
Java™ 6 Update 5
KhalSetup
K-Lite Mega Codec Pack 1.67
LiveUpdate 3.1 (Symantec Corporation)
Logitech SetPoint
MATLAB Family of Products Release 14
mCore
mDriver
mDrWiFi
MediaDirect
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Project MUI (English) 2007
Microsoft Office Project Professional 2007
Microsoft Office Project Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office XP Professional with FrontPage
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
mIWA
Mixer
mLogView
mMHouse
Mozilla Firefox (2.0.0.13)
mPfMgr
mPfWiz
mProSafe
mSSO
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
mWlsSafe
mWMI
mXML
mZConfig
Paint Shop Pro 7 Try And Buy
PSRemote
QuickSet
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Office 2007 (KB934062)
Security Update for the 2007 Microsoft Office System (KB936960)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Sentinel System Driver
SigmaTel Audio
Skype™ 3.2
SmartFTP Client
SmartFTP Client 3.0 Setup Files (remove only)
SolidWorks 2005 SP0
Sonic Foundry Sound Forge 6.0a
Sound Blaster ADVANCED MB Drivers
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
Symantec AntiVirus
Synaptics Pointing Device Driver
Tanner L-Edit Pro v8.30
Tanner License Installer
TMPGEnc Plus 2.5
Update for Office 2007 (KB932080)
Update for Office 2007 (KB946691)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
ViewMate 9.4.73
Viewpoint Media Player
Winamp (remove only)
Windows Communication Foundation
Windows Driver Package - Ricoh Company Memorystick Host Controller (07/09/2005 1.00.01.12)
Windows Driver Package - Ricoh Company MMC Host Controller (07/14/2005 1.00.00.06)
Windows Driver Package - Ricoh Company xD-Picture Card/SmartMedia Host Controller (07/14/2005 1.00.02.04)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver


--------------------------------------------------------------
COMBOFIX FILE from my earlier scan
-------------------------------------------------------------
ComboFix 08-04-03.5 - USER NAME 2008-04-04 17:36:49.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.893 [GMT -4:00]
Running from: C:\Documents and Settings\USER NAME\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\o.exe
C:\WINDOWS\system32\kavo.exe
C:\WINDOWS\system32\kavo0.dll
C:\WINDOWS\system32\kavo1.dll
C:\WINDOWS\system32\lsprst7.dll

.
((((((((((((((((((((((((( Files Created from 2008-03-04 to 2008-04-04 )))))))))))))))))))))))))))))))
.

2008-04-04 16:57 . 2008-04-04 16:56 117,834 -r-hs---- C:\wkcay8u.cmd
2008-03-31 20:30 . 2008-03-31 20:30 <DIR> d-------- C:\Program Files\SmartFTP
2008-03-31 20:29 . 2008-03-31 20:29 <DIR> d-------- C:\Program Files\SmartFTP Client 3.0 Setup Files
2008-03-31 14:14 . 2008-03-20 09:04 113,276 -r-hs---- C:\af9rgm8h.bat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-04 21:17 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-04-02 19:09 --------- d-----w C:\Program Files\Paint Shop Pro 7
2008-03-31 19:30 --------- d-----w C:\Documents and Settings\USER NAME\Application Data\U3
2008-03-16 18:13 79,464 ----a-w C:\Documents and Settings\USER NAME\Application Data\GDIPFONTCACHEV1.DAT
2008-02-28 22:40 --------- d-----w C:\Documents and Settings\USER NAME\Application Data\SolidWorks
2008-02-24 19:21 --------- d-----w C:\Program Files\SPSS
2008-02-16 03:53 --------- d-----w C:\Program Files\Symantec
2008-02-16 03:53 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-16 03:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-08 22:06 --------- d-----w C:\Program Files\LEdit83
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-22 13:01 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-07-14 18:04 77824]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 18:30 282624 C:\WINDOWS\stsystra.exe]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-08-03 19:51 1032192]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 13:48 761947]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 17:48 479232]
"HPLJ Config"="C:\Program Files\Hewlett-Packard\hp LaserJet 1150_1300\SetConfig.exe" [2003-03-31 17:32 28672]
"StatusClient"="C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 16:51 36864]
"TomcatStartup"="C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 18:28 155648]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 18:04 802816]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 17:58 696320]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 20:26 52896]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-09-27 21:33 125168]
"Logitech Hardware Abstraction Layer"="C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2006-07-19 13:03 94208]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-07-19 13:03 94208 C:\WINDOWS\KHALMNPR.Exe]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-07-14 18:07 94208]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-07-14 18:08 118784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-12-25 00:14:21 671744]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"SENTINEL"= snti386.dll
"vidc.mpg2"= C:\WINDOWS\mpg4c32.dll
"vidc.mpg3"= C:\WINDOWS\mpg4c32.dll
"vidc.GEOX"= C:\WINDOWS\system32\GeoCodec.dll
"vidc.GEOV"= C:\WINDOWS\system32\GeoCodec.dll
"vidc.G264"= C:\WINDOWS\system32\GX264.dll
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.I420"= lvcodec2.dll
"vidc.yv12"= yv12vfw.dll
"msacm.ac3acm"= ac3acm.acm
"msacm.lameacm"= lameACM.acm
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"msacm.imc"= imc32.acm
"VIDC.wmv3"= wmv9vcm.dll
"MSVideo"= vfwwdm32.dll
"MSVideo8"= VfWWDM32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
--a------ 2006-01-12 21:52 483328 C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSVolFE.exe]
--------- 2005-02-23 16:57 57344 C:\Program Files\Creative\Mixer\CTSVolFE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
--a------ 2004-03-12 23:43 81920 C:\Program Files\D-Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2003-04-14 20:05 1498032 C:\Program Files\Messenger\MSMSGS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--a------ 2001-07-09 03:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--------- 2006-08-22 16:32 184320 C:\Program Files\Dell\MediaDirect\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-11-10 14:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"TapiSrv"=3 (0x3)
"RDSessMgr"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"mnmsrvc"=3 (0x3)
"matlabserver"=2 (0x2)
"gusvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\ANSYS.exe"=
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\ans_admin.exe"=
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\ls970.exe"=
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\ls970_DP.exe"=
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\lspost.exe"=
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\lsprepostd.exe"=
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\mpitest.exe"=
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\mpitestmpich.exe"=
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\sxpost.exe"=
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\tclsh.exe"=
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\wish.exe"=
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\DANSYS\\ANSYS.exe"=
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\DANSYSMPICH\\ANSYS.exe"=
"C:\\Program Files\\Ansys Inc\\v90\\CommonFiles\\TCL\\bin\\Intel\\tclsh.exe"=
"C:\\Program Files\\Ansys Inc\\v90\\CommonFiles\\TCL\\bin\\Intel\\wish.exe"=
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\catia\\Intel\\ac4catia.exe"=
"C:\\Program Files\\Ansys Inc\\v90\\CommonFiles\\CATIAV5\\Intel\\code\\bin\\ac4catia5.exe"=
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\para\\Intel\\ac4para.exe"=
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\pro\\Intel\\ac4pro.exe"=
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\sat\\Intel\\ac4sat.exe"=
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\ug10\\Intel\\ansconug10.exe"=
"C:\\Program Files\\ImageJ\\jre\\bin\\javaw.exe"=
"C:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\SmartFTP\\SmartFTP.exe"=

R0 d346bus;d346bus;C:\WINDOWS\system32\DRIVERS\d346bus.sys [2004-03-12 23:41]
R0 d346prt;d346prt;C:\WINDOWS\system32\Drivers\d346prt.sys [2004-03-12 23:41]
R2 ANSYS FLEXlm license manager;ANSYS FLEXlm license manager;C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe [2005-05-05 10:30]
R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-09-01 13:32]
S3 bacc;1394 Basler Virtual Device;C:\WINDOWS\system32\DRIVERS\bacc.sys [2006-07-06 11:57]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{07b98b82-8a1f-11db-9390-0015c572f789}]
\Shell\AutoRun\command - E:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{107bd71c-a404-11db-bbc6-0015c572f789}]
\Shell\Auto\command - setup.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4316d06e-e3c3-11dc-beec-0015c572f789}]
\Shell\Auto\command - setup.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c9dd906-92d2-11dc-be65-0015c572f789}]
\Shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{812cdbae-9487-11dc-be6a-0015c572f789}]
\Shell\AutoRun\command - D:\wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82e92af1-88c7-11db-937c-d78c6981e9b8}]
\Shell\Auto\command - Cn911.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae6b7031-3923-11dc-bd88-0015c572f789}]
\Shell\Auto\command - Cn911.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aea5512f-fe26-11db-bcdc-0015c572f789}]
\Shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aea55133-fe26-11db-bcdc-0015c572f789}]
\Shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{caa36b24-ff2b-11dc-bf10-0015c572f789}]
\Shell\AutoRun\command - F:\af9rgm8h.bat
\Shell\explore\Command - F:\af9rgm8h.bat
\Shell\open\Command - F:\af9rgm8h.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f526dba8-9a46-11dc-be7d-0015c572f789}]
\Shell\AutoRun\command - E:\wkcay8u.cmd
\Shell\explore\Command - E:\wkcay8u.cmd
\Shell\open\Command - E:\wkcay8u.cmd

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-04 17:38:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-04 17:39:03
ComboFix-quarantined-files.txt 2008-04-04 21:38:53
Pre-Run: 33,080,135,680 bytes free
Post-Run: 33,068,294,144 bytes free
.
2008-03-16 20:48:04 --- E O F ---

Thanks again!

#4 Carolyn

Carolyn

    Bleepin' kitten


  • Members
  • 2,131 posts
  • OFFLINE
  •  
  • Local time:11:07 PM

Posted 17 April 2008 - 04:24 PM

I see that Viewpoint is installed. Viewpoint, Viewpoint Manager, Viewpoint Media Player are Viewpoint components which are installed as a side effect of installing other software, most notably AOL and AOL Instant Messenger (AIM). Viewpoint Manager is responsible for managing and updating Viewpoint Media Player’s components. You can disable this using the Viewpoint Manager Control Panel found in the Windows Control Panel menu. By selecting Disable auto-updating for the Viewpoint Manager -- the player will no longer attempt to check for updates. Anything that is installed without your consent is suspect. Read what Viewpoint says and make your own decision.

To provide a satisfying consumer experience and to operate effectively, the Viewpoint Media Player periodically sends information to servers at Viewpoint. Each installation of the Viewpoint Media Player is identifiable to Viewpoint via a Customer Unique Identifier (CUID), an alphanumeric identifier embedded in the Viewpoint Media Player. The Viewpoint Media Player randomly generates the CUID during installation and uses it to indicate a unique installation of the product. A CUID is never connected to a user's name, email address, or other personal contact information. CUIDs are used for the sole purpose of filtering redundant information. Each of these information exchanges occurs anonymously.

Viewpoint Manager is considered as foistware instead of malware since it is installed without user's approval but doesn't spy or do anything "bad". This may change, read Viewpoint to Plunge Into Adware.
I recommend that you remove the Viewpoint products; however, decide for yourself. To uninstall the the Viewpoint components (Viewpoint, Viewpoint Manager, Viewpoint Media Player):
  • Click Start, point to Settings, and then click Control Panel.
  • In Control Panel, double-click Add or Remove Programs.
  • In Add or Remove Programs, highlight >>Viewpoint component<< , click Remove.
  • Do the same for each Viewpoint component.
This is the item to fix in HijackThis.

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe


Please download Malwarebytes' Anti-Malware and save it to a convenient location.
  • Double click on mbam-setup.exe to install it.
  • Before clicking the Finish button, make sure that these 2 boxes are checked (ticked):
    • Update Malwarebytes' Anti-Malware
      Launch Malwarebytes' Anti-Malware
  • Malwarebytes' Anti-Malware will now check for updates. If your firewall prompts, please allow it. If you can't update it, select the Update tab. Under Update Mirror, select one of the websites and click on Check for Updates.
  • Select the Scanner tab. Click on Perform full scan, then click on Scan.
  • Leave the default options as it is and click on Start Scan.
  • When done, you will be prompted. Click OK, then click on Show Results.
  • Checked (ticked) all items and click on Remove Selected.
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest.

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt in your reply.

Run Kaspersky Online AV Scanner
Using Internet Explorer Go to http://www.kaspersky.com/kos/eng/partner/d...kavwebscan.html and click the Accept button at the end of the page.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
  • Read the Requirements and limitations before you click Accept.
  • Allow the ActiveX download if necessary.
  • Once the database has downloaded, click Next.
  • Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
  • Click on "My Computer" and then put the kettle on!
  • When the scan has completed, click Save Report As...
  • Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
  • Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

Please post the Malewarebytes' Anti-Malware log along with the contents of main.txt and extra.txt, the Kaspersky log and a description of how your computer is behaving.
Member of ASAP (Alliance of Security Analysis Professionals)
Posted Image

#5 Carolyn

Carolyn

    Bleepin' kitten


  • Members
  • 2,131 posts
  • OFFLINE
  •  
  • Local time:11:07 PM

Posted 28 April 2008 - 11:15 AM

It's been several days. Are you still in need of assistance?
Member of ASAP (Alliance of Security Analysis Professionals)
Posted Image

#6 Carolyn

Carolyn

    Bleepin' kitten


  • Members
  • 2,131 posts
  • OFFLINE
  •  
  • Local time:11:07 PM

Posted 08 May 2008 - 11:59 AM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Member of ASAP (Alliance of Security Analysis Professionals)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users