Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Command Service & Network Monitor Infection


  • This topic is locked This topic is locked
2 replies to this topic

#1 Tpetty5

Tpetty5

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 26 April 2008 - 08:10 PM

I've been infected with a variety of malware and adware including command service and network monitor. Adaware and spybot find them and clean them but then they regenerate upon starting. My task manager has been disabled and my Windows wallpaper is changed to a blue screen which says "Warning: Spyware threat has been detected on your PC" and "Click Here to Scan Your PC for Spyware". Also an icon hs been added to systray which has random pop ups about slow computer, malware, etc. In addition there are numerous pop-ups. Here are my DSS reports:

Deckard's System Scanner v20071014.68
Run by tom on 2008-04-26 20:49:20
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
66: 2008-04-27 00:49:34 UTC - RP488 - Deckard's System Scanner Restore Point
65: 2008-04-26 21:56:07 UTC - RP487 - Last known good configuration
64: 2008-04-26 21:55:58 UTC - RP486 - Restore Operation
63: 2008-04-26 21:55:57 UTC - RP485 - Last known good configuration
62: 2008-04-26 21:55:55 UTC - RP484 - System Checkpoint


-- First Restore Point --
1: 2008-04-26 21:55:52 UTC - RP423 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-26 20:52:53
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\wintab32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\scardsvr.exe
C:\WINDOWS\IA\command.exe
C:\WINDOWS\system32\digtizer.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\winself.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\o2flash.exe
C:\Program Files\Softex\OmniPass\OmniServ.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Timberline Office\Shared\Sage.ServiceHost.Host.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\WINDOWS\system32\wisptis.exe
C:\WINDOWS\system32\tabbtnu.exe
C:\WINDOWS\system32\wmsdkns.exe
C:\WINDOWS\system32\alg.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\tcserver.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\tabtip.exe
C:\Program Files\Fujitsu\Utils\FjDspMon.exe
C:\Program Files\Fujitsu\Utils\FjEvents.exe
C:\Program Files\Fujitsu\Utils\FjMnuIco.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\Program Files\Network Associates\VirusScan\shstat.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ccwtup32.exe
C:\WINDOWS\system32\drivers\spools.exe
C:\Program Files\Apoint2K\Hidfind.exe
C:\WINDOWS\mrofinu72.exe
C:\Program Files\Apoint2K\ApntEx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Pvsw\Bin\w3dbsmgr.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\WINDOWS\system32\ocntnkdn.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Tom.CTCHARLOTTE\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wmsdkns.exe,
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {1D0B1B2F-4D44-48DC-AE5A-F4BBBAE2A83F} - C:\WINDOWS\system32\opnomMGv.dll
O2 - BHO: (no name) - {30176963-2CA0-480C-946E-E3E6BCE8854E} - C:\WINDOWS\system32\byXRjjHa.dll
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: Search Assistant MySidesearch - {6156A32A-C512-4e23-AA9A-2315F4265681} - C:\WINDOWS\system32\myss_sb.dll
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: gooochi browser optimizer - {aa013f87-c8bc-b176-3c31-3882ba989c91} - C:\WINDOWS\system32\{bd243371-9bd7-702a-0dd9-9fd7dd5a9a1d}.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll (file missing)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar3.dll
O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [FjDspMon] c:\Program Files\Fujitsu\Utils\FjDspMon.exe
O4 - HKLM\..\Run: [FjEvents] c:\Program Files\Fujitsu\Utils\fjevents.exe
O4 - HKLM\..\Run: [Fujitsu Menu] c:\Program Files\Fujitsu\Utils\FjMnuIco.exe
O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe
O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CalCompUtil] ccwtup32.exe
O4 - HKLM\..\Run: [GTCO.wtxpload] C:\WINDOWS\GTCO\wtxpload.exe GTCO
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\Tom.CTCHARLOTTE\cftmon.exe
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\ocntnkdn.exe DWram
O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{bd243371-9bd7-702a-0dd9-9fd7dd5a9a1d}.dll" DllInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKCU\..\Run: [autoload] C:\Documents and Settings\Tom.CTCHARLOTTE\cftmon.exe
O4 - HKUS\S-1-5-19\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [autoload] C:\Documents and Settings\LocalService\cftmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [autoload] C:\Documents and Settings\LocalService\cftmon.exe (User 'Default user')
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\ocntnkdn.exe
O4 - Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\jmwnw64l.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
O4 - Global Startup: Pervasive.SQL Workgroup Engine.lnk = C:\Pvsw\Bin\w3dbsmgr.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {6EB2AA45-3F30-40e1-9864-45EB153C6EDC} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: (no name) - {F37F00B3-19B2-4a69-B923-7A24AF07EE68} - (no file)
O9 - Extra 'Tools' menuitem: Send to OneNote Settings - {F37F00B3-19B2-4a69-B923-7A24AF07EE68} - (no file)
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://ameritrade.com (HKCU)
O15 - Trusted Zone: https://www.excite.com (HKCU)
O15 - Trusted Zone: https://secure.patientwire.com (HKCU)
O15 - Trusted Zone: https://tdameritrade.com (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc3.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://mwmus.webex.com/client/v_mywebex-mw...bex/ieatgpc.cab
O17 - HKLM\Software\..\Telephony: DomainName = CTCHARLOTTE.COM
O17 - HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: Domain = CTCHARLOTTE.COM
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: Domain = CTCHARLOTTE.COM
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: opnomMGv - C:\WINDOWS\system32\opnomMGv.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\IA\command.exe
O23 - Service: Digitizer Service (Digitizer) - WACOM - C:\WINDOWS\system32\digtizer.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\winself.exe
O23 - Service: MSSQLSERVER - Unknown owner - C:\Program Files\Microsoft
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe service
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\OmniServ.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sage Service Host v1.0 (Sage.ServiceHost.Host.1.0) - Unknown owner - C:\Program Files\TIMBERLINE
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe
O23 - Service: SQLSERVERAGENT - Unknown owner - C:\Program Files\Microsoft
O23 - Service: Wintab32 - Unknown owner - C:\WINDOWS\system32\wintab32.exe


--
End of file - 17565 bytes

-- File Associations -----------------------------------------------------------

.exe - exefile - shell\open\command - C:\WINDOWS\system32\drivers\spools.exe "%1" %*
.scr - DWGTrueViewScriptFile - shell\open\command - "" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 FJGPNV - c:\windows\system32\drivers\fjgpnv.sys <Not Verified; FUJITSU LIMITED; FJGPNV>
R1 rdpdrr - c:\windows\system32\drivers\rdpdrr.sys
R1 Tosrfcom (Bluetooth RFCOMM from TOSHIBA) - c:\windows\system32\drivers\tosrfcom.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFCOMM Driver>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.1.6.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.1.6.0>
R2 BtnHnd - c:\program files\fujitsu\btnhnd\btnhnd.sys <Not Verified; FUJITSU LIMITED; Button handler>
R2 FlashDrv - c:\program files\fujitsu\flashaid\flashdrv.sys <Not Verified; FUJITSU LIMITED; FlashAid>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 DX02 - c:\windows\system32\drivers\dx02.sys <Not Verified; Knowles Acoustics; DX.02 Speech Enhancement>
R3 tosporte (Bluetooth Port Driver from Toshiba) - c:\windows\system32\drivers\tosporte.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Bluetooth Port Emulation Driver>
R3 Tosrfbd (Bluetooth RFBUS from TOSHIBA) - c:\windows\system32\drivers\tosrfbd.sys <Not Verified; TOSHIBA CORPORATION; Bluetooth BUS Driver(WindowsXP,Windows2000)>
R3 Tosrfbnp (Bluetooth RFBNEP from TOSHIBA) - c:\windows\system32\drivers\tosrfbnp.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFBNEP Driver from TOSHIBA>
R3 Tosrfhid (Bluetooth RFHID from TOSHIBA) - c:\windows\system32\drivers\tosrfhid.sys <Not Verified; TOSHIBA Corporation.; Bluetooth HID Driver from TOSHIBA>
R3 tosrfnds (Bluetooth Personal Area Network from TOSHIBA) - c:\windows\system32\drivers\tosrfnds.sys <Not Verified; TOSHIBA Corporation.; Bluetooth BNEP Driver from TOSHIBA>
R3 Tosrfusb (Bluetooth USB Controller) - c:\windows\system32\drivers\tosrfusb.sys <Not Verified; TOSHIBA CORPORATION; Bluetooth USB Miniport Driver(Windows2000,WindowsXP)>
R3 W2gtco - c:\windows\system32\drivers\w2gtco.sys <Not Verified; LCS/Telegraphics; GTCO Type 5 Driver>
R3 Wtcls2k - c:\windows\system32\drivers\wtcls2k.sys <Not Verified; LCS/Telegraphics; Wintab Class Driver for Windows 2000/XP>

S3 ADVNTDRV - c:\windows\system32\drivers\advntdrv.sys <Not Verified; FUJITSU LIMITED.; Microsoft® Windows NT™ Operating System>
S3 bioschk (FPC BIOS Check Driver) - c:\windows\system32\drivers\bioschk.sys <Not Verified; Fujitsu PC Corporation; Fujitsu BIOS Configuration>
S3 CO_Mon - c:\windows\system32\drivers\co_mon.sys
S3 FjGenIo (FPC Generic I/O Driver) - c:\windows\system32\drivers\fjgenio.sys <Not Verified; Fujitsu PC Corporation; Generic I/O Driver>
S3 SMNDIS5 (SMNDIS5 NDIS Protocol Driver) - c:\program files\verizon wireless\vzaccess manager\smndis5.sys <Not Verified; Smith Micro Software, Inc.; QuickLink Wi-Fi>
S3 SNTNLUSB (Rainbow USB SuperPro) - c:\windows\system32\drivers\sntnlusb.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 cmdService (Command Service) - c:\windows\ia\command.exe (file missing)
R2 Digitizer (Digitizer Service) - c:\windows\system32\digtizer.exe <Not Verified; WACOM; WACOM TabletPC Driver>
R2 McAfeeFramework (McAfee Framework Service) - c:\program files\network associates\common framework\frameworkservice.exe /servicestart <Not Verified; Network Associates, Inc.; McAfee Common Framework>
R2 McTaskManager (Network Associates Task Manager) - "c:\program files\network associates\virusscan\vstskmgr.exe" <Not Verified; Network Associates, Inc.; VirusScan Enterprise>
R2 MsSecurity1.209.4 (MsSecurity Updated) - c:\windows\winself.exe service
R2 MSSQLSERVER - c:\program files\microsoft sql server\mssql\binn\sqlservr.exe -smssqlserver
R2 O2Flash (O2Micro Flash Memory) - c:\windows\system32\o2flash.exe
R2 RegSrvc - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; RegSrvc Module>
R2 Sage.ServiceHost.Host.1.0 (Sage Service Host v1.0) - c:\program files\timberline office\shared\sage.servicehost.host.exe
R2 Wintab32 - c:\windows\system32\wintab32.exe

S3 SQLSERVERAGENT - c:\program files\microsoft sql server\mssql\binn\sqlagent.exe -i mssqlserver
S4 Network Monitor - c:\program files\network monitor\netmon.exe service (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-03-26 and 2008-04-26 -----------------------------

2008-04-26 20:10:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-26 20:10:45 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-26 20:10:44 0 d-------- C:\WINDOWS\LastGood
2008-04-26 17:51:44 0 d-------- C:\Program Files\webHancer
2008-04-26 17:51:33 0 d-------- C:\Program Files\PokerMom
2008-04-26 17:51:32 0 d-------- C:\WINDOWS\system32\LogFiles
2008-04-26 17:51:16 0 d-------- C:\Program Files\Network Monitor
2008-04-26 17:51:04 0 dr-h----- C:\Documents and Settings\Tom\Recent
2008-04-26 17:11:12 0 d-------- C:\WINDOWS\ERUNT
2008-04-26 16:20:56 0 d-------- C:\Program Files\RogueRemover FREE
2008-04-26 15:18:22 0 d-------- C:\Program Files\smitRem
2008-04-26 13:34:22 0 d-------- C:\WINDOWS\system32\GroupPolicy
2008-04-26 12:25:13 1680 --a------ C:\WINDOWS\system32\clbcfg.dat
2008-04-26 11:57:22 11008 --a------ C:\WINDOWS\mssvr.exe
2008-04-26 11:57:18 32512 --a------ C:\WINDOWS\ntnut.exe
2008-04-26 11:55:27 19712 --a------ C:\WINDOWS\stcloader.exe
2008-04-26 11:55:26 28160 --a------ C:\WINDOWS\bokja.exe
2008-04-26 11:09:32 5242880 --a------ C:\Documents and Settings\Tom.CTCHARLOTTE\ntuser.dat
2008-04-26 11:09:31 3801088 --a------ C:\Documents and Settings\Tom\ntuser.dat
2008-04-26 11:07:17 7128 --ahs---- C:\WINDOWS\system32\aHjjRXyb.ini2
2008-04-26 11:07:16 401616 --a------ C:\WINDOWS\system32\g78.exe
2008-04-26 11:07:13 283136 --a------ C:\WINDOWS\system32\byXRjjHa.dll
2008-04-26 11:06:15 89070 --a------ C:\WINDOWS\system32\myss_sb_uninstall.exe
2008-04-26 11:04:07 14592 --a------ C:\WINDOWS\voiceip.dll
2008-04-26 11:04:07 16896 --a------ C:\WINDOWS\swin32.dll
2008-04-26 11:04:07 24064 --a------ C:\WINDOWS\cdsm32.dll
2008-04-26 11:04:05 27392 --a------ C:\WINDOWS\mspphe.dll
2008-04-26 11:04:05 12288 --a------ C:\WINDOWS\bjam.dll
2008-04-26 11:04:04 19200 --a------ C:\WINDOWS\2020search2.dll
2008-04-26 11:04:04 11008 --a------ C:\WINDOWS\2020search.dll
2008-04-26 11:03:59 11776 --a------ C:\WINDOWS\saiemod.dll
2008-04-26 11:03:58 10496 --a------ C:\WINDOWS\msapasrc.dll
2008-04-26 11:03:58 10496 --a------ C:\WINDOWS\msa64chk.dll
2008-04-26 11:03:57 32000 --a------ C:\WINDOWS\shdocpl.dll
2008-04-26 11:03:56 28160 --a------ C:\WINDOWS\shdocpe.dll
2008-04-26 11:03:55 32256 --a------ C:\WINDOWS\winsb.dll
2008-04-26 11:03:54 10496 --a------ C:\WINDOWS\browserad.dll
2008-04-26 11:03:54 23296 --a------ C:\WINDOWS\aviwrap32.dll
2008-04-26 11:03:54 29440 --a------ C:\WINDOWS\avisynthex32.dll
2008-04-26 11:03:53 19200 --a------ C:\WINDOWS\avifile32.dll
2008-04-26 11:03:53 28928 --a------ C:\WINDOWS\autodisc32.dll
2008-04-26 11:03:52 24320 --a------ C:\WINDOWS\audiosrv32.dll
2008-04-26 11:03:52 16896 --a------ C:\WINDOWS\ati2dvag32.dll
2008-04-26 11:03:52 21248 --a------ C:\WINDOWS\ati2dvaa32.dll
2008-04-26 11:03:52 15360 --a------ C:\WINDOWS\athprxy32.dll
2008-04-26 11:03:51 11264 --a------ C:\WINDOWS\changeurl_30.dll
2008-04-26 11:03:51 8704 --a------ C:\WINDOWS\asycfilt32.dll
2008-04-26 11:03:51 19456 --a------ C:\WINDOWS\asferror32.dll
2008-04-26 11:03:51 24832 --a------ C:\WINDOWS\apphelp32.dll
2008-04-26 11:03:47 863 --a------ C:\WINDOWS\system32\winpfz33.sys
2008-04-26 11:00:55 12288 --a------ C:\Documents and Settings\Tom\cftmon.exe
2008-04-26 11:00:01 12288 --a------ C:\Documents and Settings\LocalService\cftmon.exe
2008-04-26 10:57:09 39424 --a------ C:\WINDOWS\system32\qoMDsPhi.dll
2008-04-26 10:57:05 88961 --a------ C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
2008-04-26 10:57:02 200768 --a------ C:\WINDOWS\system32\ocntnkdn.exe
2008-04-26 10:56:59 298311 --a------ C:\WINDOWS\system32\gside.exe
2008-04-26 10:56:54 0 d-------- C:\Documents and Settings\LocalService\Application Data\NetMon
2008-04-26 10:56:50 86144 --a------ C:\WINDOWS\system32\drivers\rdpdrr.sys
2008-04-26 10:56:48 0 d-------- C:\WINDOWS\system32\x4
2008-04-26 10:56:48 0 d-------- C:\WINDOWS\system32\wTMP
2008-04-26 10:56:48 0 d-------- C:\WINDOWS\system32\n3
2008-04-26 10:56:48 0 d-------- C:\WINDOWS\system32\b1
2008-04-26 10:56:47 39424 --a------ C:\WINDOWS\system32\awtuvUNg.dll
2008-04-26 10:56:45 0 d-------- C:\WINDOWS\system32\pnVes06
2008-04-26 10:56:45 0 d-------- C:\Temp
2008-04-26 10:56:15 37376 -ra------ C:\WINDOWS\mrofinu72.exe
2008-04-26 10:56:15 37376 --a------ C:\WINDOWS\17PHolmes72.exe
2008-04-26 10:56:10 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-04-26 10:56:05 39424 --a------ C:\WINDOWS\system32\jkkihEXP.dll
2008-04-26 10:56:02 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google
2008-04-26 10:56:01 12288 --a------ C:\WINDOWS\system32\drivers\spools.exe
2008-04-26 10:56:01 12288 --a------ C:\Documents and Settings\Tom.CTCHARLOTTE\cftmon.exe
2008-04-26 10:56:00 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-04-26 10:55:57 88491 --a------ C:\WINDOWS\system32\wmsdkns.exe <Not Verified; Microsoft; XML Media>
2008-04-26 10:55:57 88491 --a------ C:\WINDOWS\lfn.exe <Not Verified; Microsoft; XML Media>
2008-04-26 10:55:55 39424 --a------ C:\WINDOWS\system32\rQhiihii.dll
2008-04-26 10:55:49 29696 --a------ C:\WINDOWS\winself.exe
2008-04-26 10:55:48 39424 --a------ C:\WINDOWS\system32\opnomMGv.dll
2008-04-26 10:55:48 39424 --a------ C:\WINDOWS\system32\nnNHxuvW.dll
2008-04-25 14:09:33 56832 --a------ C:\WINDOWS\system32\000070.exe
2008-04-11 11:46:26 334848 --a------ C:\WINDOWS\system32\myss_sb.dll
2008-04-07 12:27:34 330240 --a------ C:\WINDOWS\system32\{bd243371-9bd7-702a-0dd9-9fd7dd5a9a1d}.dll
2008-03-27 12:36:53 0 d-------- C:\Program Files\PokerStars.NET
2008-03-26 11:11:30 77383 --a------ C:\WINDOWS\system32\atasnt40.dll <Not Verified; WebEx Communications, Inc; WebEx Application Sharing>


-- Find3M Report ---------------------------------------------------------------

2008-04-26 18:14:50 256 --a------ C:\WINDOWS\system32\pool.bin
2008-04-26 17:51:33 0 d-------- C:\Program Files\PeckJoin
2008-04-23 16:13:31 0 d-------- C:\Program Files\SureTrak
2008-04-17 11:46:19 0 d-------- C:\Program Files\On-Screen Takeoff 3
2008-04-09 12:38:44 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-03-05 11:57:05 0 d-------- C:\Program Files\SourceTec
2008-02-27 11:14:32 101 --a------ C:\WINDOWS\system32\prsgrc.dll
2008-02-27 11:14:16 34 --a------ C:\WINDOWS\A~
2008-02-27 07:50:50 0 d-------- C:\Documents and Settings\Tom.CTCHARLOTTE\Application Data\Eos Group
2008-02-27 07:34:46 0 d-------- C:\Program Files\Common Files
2008-02-27 07:34:46 0 d-------- C:\Program Files\Common Files\SafeNet Sentinel
2008-02-27 07:33:58 0 d-------- C:\Program Files\Timberline Office
2008-02-27 07:33:58 0 d-------- C:\Program Files\Crystal Decisions
2008-02-27 07:33:58 0 d-------- C:\Program Files\Common Files\Sage
2008-02-27 07:33:58 0 d-------- C:\Program Files\Common Files\Crystal Decisions
2008-02-27 07:32:14 0 d-------- C:\Program Files\Microsoft SQL Server
2008-02-27 07:28:20 0 d-------- C:\Program Files\Common Files\Pervasive Software Shared


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000250-0320-4dd4-be4f-7566d2314352}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{13197ace-6851-45c3-a7ff-c281324d5489}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15651c7c-e812-44a2-a9ac-b467a2233e7d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1D0B1B2F-4D44-48DC-AE5A-F4BBBAE2A83F}]
04/26/2008 10:55 AM 39424 --a------ C:\WINDOWS\system32\opnomMGv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30176963-2CA0-480C-946E-E3E6BCE8854E}]
04/26/2008 11:07 AM 283136 --a------ C:\WINDOWS\system32\byXRjjHa.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5dafd089-24b1-4c5e-bd42-8ca72550717b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5fa6752a-c4a0-4222-88c2-928ae5ab4966}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6156A32A-C512-4e23-AA9A-2315F4265681}]
04/11/2008 11:46 AM 334848 --a------ C:\WINDOWS\system32\myss_sb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{622cc208-b014-4fe0-801b-874a5e5e403a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8674aea0-9d3d-11d9-99dc-00600f9a01f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{965a592f-8efa-4250-8630-7960230792f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9c5b2f29-1f46-4639-a6b4-828942301d3e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{aa013f87-c8bc-b176-3c31-3882ba989c91}]
04/07/2008 12:27 PM 330240 --a------ C:\WINDOWS\system32\{bd243371-9bd7-702a-0dd9-9fd7dd5a9a1d}.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c900b400-cdfe-11d3-976a-00e02913a9e0}]
C:\Program Files\webHancer\programs\whiehlpr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765728274}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fc3a74e5-f281-4f10-ae1e-733078684f3c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ffff0001-0002-101a-a3c9-08002b2f49fb}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TabletWizard"="C:\WINDOWS\help\SplshWrp.exe" [08/04/2004 08:00 AM]
"TabletTip"="C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" [04/25/2005 11:10 PM]
"AGRSMMSG"="AGRSMMSG.exe" [06/10/2005 04:00 PM C:\WINDOWS\AGRSMMSG.exe]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [07/02/2004 07:48 AM]
"FjDspMon"="c:\Program Files\Fujitsu\Utils\FjDspMon.exe" [10/14/2004 06:56 PM]
"FjEvents"="c:\Program Files\Fujitsu\Utils\fjevents.exe" [12/16/2004 07:08 PM]
"Fujitsu Menu"="c:\Program Files\Fujitsu\Utils\FjMnuIco.exe" [12/16/2004 07:10 PM]
"ATSwpNav"="C:\Program Files\Fingerprint Sensor\ATSwpNav -run" []
"IndicatorUtility"="C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [02/28/2005 01:20 PM]
"LoadBtnHnd"="C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe" [08/20/2003 09:24 PM]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [02/18/2005 10:10 AM]
"FJUPDNV_Chitose"="C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe" [02/11/2005 08:10 PM]
"OmniPass"="C:\Program Files\Softex\OmniPass\scureapp.exe" [07/13/2005 09:24 PM]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [09/29/2003 10:10 AM]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [04/07/2004 06:12 AM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [11/03/2005 03:22 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [11/03/2005 03:26 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [12/25/2006 01:46 PM]
"CalCompUtil"="ccwtup32.exe" [10/18/2001 02:09 AM C:\WINDOWS\system32\ccwtup32.exe]
"GTCO.wtxpload"="C:\WINDOWS\GTCO\wtxpload.exe" [10/18/2001 02:09 AM]
"@"="" []
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [03/26/2007 08:07 AM]
"webHancer Agent"="C:\Program Files\webHancer\Programs\whagent.exe" []
"ntuser"="C:\WINDOWS\system32\drivers\spools.exe" [04/26/2008 10:55 AM]
"autoload"="C:\Documents and Settings\Tom.CTCHARLOTTE\cftmon.exe" [04/26/2008 10:55 AM]
"ExploreUpdSched"="C:\WINDOWS\system32\ocntnkdn.exe" [04/26/2008 10:57 AM]
"spa_start"="C:\WINDOWS\system32\{bd243371-9bd7-702a-0dd9-9fd7dd5a9a1d}.dll" [04/07/2008 12:27 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/14/2007 07:46 AM]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [09/11/2006 05:40 AM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 04:45 PM]
"ntuser"="C:\WINDOWS\system32\drivers\spools.exe" [04/26/2008 10:55 AM]
"autoload"="C:\Documents and Settings\Tom.CTCHARLOTTE\cftmon.exe" [04/26/2008 10:55 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"TabletWizard"=%windir%\help\wizard.hta
"ntuser"=C:\WINDOWS\system32\drivers\spools.exe
"autoload"=C:\Documents and Settings\LocalService\cftmon.exe

C:\Documents and Settings\Tom.CTCHARLOTTE\Start Menu\Programs\Startup\
Deewoo.lnk - C:\WINDOWS\system32\ocntnkdn.exe [4/26/2008 10:57:02 AM]
Desktop Manager.lnk - C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe [3/28/2007 12:32:56 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{1D0B1B2F-4D44-48DC-AE5A-F4BBBAE2A83F}"= C:\WINDOWS\system32\opnomMGv.dll [04/26/2008 10:55 AM 39424]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wmsdkns.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 02/18/2005 10:08 AM 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]
C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll 08/04/2004 08:00 AM 47104 C:\Program Files\Common Files\Microsoft Shared\Ink\LoginKey.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnomMGv]
opnomMGv.dll 04/26/2008 10:55 AM 39424 C:\WINDOWS\system32\opnomMGv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
C:\Program Files\Softex\OmniPass\opxpgina.dll 07/13/2005 08:02 PM 49152 C:\Program Files\Softex\OmniPass\OPXPGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL]
TabBtnWL.dll 08/29/2002 06:41 AM 11776 C:\WINDOWS\system32\tabbtnwl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]
tpgwlnot.dll 08/04/2004 08:00 AM 30208 C:\WINDOWS\system32\tpgwlnot.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\byXRjjHa




-- End of Deckard's System Scanner: finished at 2008-04-26 20:53:52 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® M processor 1.73GHz
Percentage of Memory in Use: 57%
Physical Memory (total/avail): 1013.98 MiB / 433.75 MiB
Pagefile Memory (total/avail): 2440.4 MiB / 1661.45 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1902.03 MiB

C: is Fixed (NTFS) - 55.88 GiB total, 29.29 GiB free.
D: is CDROM (No Media)
H: is Network (Unformatted)

\\.\PHYSICALDRIVE0 - FUJITSU MHV2060BH - 55.89 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 55.88 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Pvsw\\Bin\\W3DBSMGR.EXE"="C:\\Pvsw\\Bin\\W3DBSMGR.EXE:*:Enabled:Database Service Manager"
"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client\\SmartFTP.exe:*:Enabled:SmartFTP Client"
"C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"="C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe:*:Disabled:Framework Service"
"C:\\Program Files\\On-Screen Takeoff 3\\OST.exe"="C:\\Program Files\\On-Screen Takeoff 3\\OST.exe:*:Enabled:On-Screen Takeoff 3"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Pvsw\\Bin\\W3DBSMGR.EXE"="C:\\Pvsw\\Bin\\W3DBSMGR.EXE:*:Enabled:Database Service Manager"
"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.5"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Tom.CTCHARLOTTE\Application Data
CLASSPATH=C:\Pvsw\BIN\PVJDBC2X.JAR;C:\Pvsw\BIN\PVJDBC2.JAR;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=R6602503
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Tom.CTCHARLOTTE
LOGONSERVER=\\CTC1
LSFORCEHOST=CTC1
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Pvsw\BIN;C:\Program Files\Timberline Office\Shared\;C:\Program Files\Timberline Office\Accounting\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Softex\OmniPass;C:\Program Files\Autodesk\DWG TrueView\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\Common Files\Crystal Decisions\2.5\bin;;
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d08
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\TOM~1.CTC\LOCALS~1\Temp
TMP=C:\DOCUME~1\TOM~1.CTC\LOCALS~1\Temp
USERDNSDOMAIN=CTCHARLOTTE.COM
USERDOMAIN=CTCHARLOTTE
USERNAME=tom
USERPROFILE=C:\Documents and Settings\Tom.CTCHARLOTTE
VSL=C:\Pvsw\BIN
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Tom (admin)
Administrator (admin)
Tom.CTCHARLOTTE (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> MsiExec.exe /I{0D397393-9B50-4C52-84D5-77E344289F87}
--> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
--> MsiExec.exe /I{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}
--> MsiExec.exe /I{83FFCFC7-88C6-41C6-8752-958A45325C82}
--> MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
--> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
--> MsiExec.exe /X{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Agere Systems AC'97 Modem --> agrsmdel
AIA Contract Documents --> MsiExec.exe /X{7DE35378-BBE8-4F1C-A37A-91A142A9A223}
ALPS Touch Pad Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL
ASIO4ALL --> C:\Program Files\ASIO4ALL v2\uninstall.exe
Autodesk DWF Viewer 7 --> MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
BlackBerry Desktop Software 4.2.2 --> MsiExec.exe /I{75D6745B-2239-4182-A31F-F95CEBB35099}
BlackBerry Desktop Software 4.2.2 --> MsiExec.exe /i{75D6745B-2239-4182-A31F-F95CEBB35099}
Bluetooth Stack for Windows by Toshiba --> MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Broadcom Gigabit Ethernet --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EC502085-5F63-41A2-A290-41F9F9574270}\Setup.exe" -l0x9 REMOVE
Command --> wscript "C:\WINDOWS\IA\KE.vbs"
Deewoo Network Manager removal --> C:\WINDOWS\system32\ocntnkdn.exe -UPop
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DWG TrueView 2007 --> MsiExec.exe /I{2CD6BBA0-17C8-4789-9B9B-B36F7E815F6A}
Enhancement Browser Tools Gooochi --> C:\WINDOWS\system32\{bd243371-9bd7-702a-0dd9-9fd7dd5a9a1d}.dll-uninst.exe
Fingerprint Sensor Minimum Install --> MsiExec.exe /I{E1D78C08-3477-470B-82B7-61BD4F63110B}
Fingerprint Sensor Minimum Install --> MsiExec.exe /I{F64394E6-46D6-48F3-9701-3629D6CDD092}
FlashAid --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5F9982B9-9C1E-45E7-B7EB-CD6E4787E39D}\setup.exe"
Fujitsu Button Driver Component --> MsiExec.exe /I{D4075EE9-BB9E-4012-9189-1211530C21F7}
Fujitsu Button Utilities --> MsiExec.exe /I{F94FD9EE-B0A7-47BE-8C96-72F693BE4299}
Fujitsu Driver Update V1.1L46 --> MsiExec.exe /X{E0FAA0BA-874E-47C8-9ECA-BB333006CF16}
Fujitsu Hotkey Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{675F445D-0944-48DC-962E-DE2E9707AE8E}\setup.exe"
Fujitsu Pen Service --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5337BED2-73A0-4EB8-A33C-91DFD4C2F82D}\Setup.exe" -l0x9 DigitizerDriver_Uninstall
Fujitsu Radio Control --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B41D74C6-886C-4406-AE27-241590A6C433}\setup.exe"
GhostFill 4 --> MsiExec.exe /I{1BF5D767-BFA9-4D96-B4D7-8B509FB068B5}
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x9 -removeonly
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"
GTCO CalComp Tablet Driver --> C:\WINDOWS\GTCO\Remove.exe
HijackThis 2.0.0 --> "C:\Documents and Settings\Tom.CTCHARLOTTE\Desktop\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
IL Download Manager --> C:\Program Files\Image-Line\Downloader\uninstall.exe
Intel® Graphics Media Accelerator Driver for Mobile --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
IntelliSonic DX --> MsiExec.exe /I{83BC3C76-E28B-4CDF-8A28-C47FDF663A10}
InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Lotus 1-2-3 97 --> C:\WINDOWS\lunin10.exe /T 123Suite /V 97.0 /I "c:\program files\lotus\minisuit.inf" /C "c:\program files\lotus\cinstall.ini" /O /L EN
Macromedia Flash Player 8 --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
McAfee VirusScan Enterprise --> MsiExec.exe /I{59224777-298D-4E9C-9AEB-4A91BDA01B27}
mCore --> MsiExec.exe /I{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}
mDriver --> MsiExec.exe /I{28DA872A-0848-48CF-B749-19A198157A2A}
mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mHelp --> MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office OneNote 2003 --> MsiExec.exe /I{91A10409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Visio Viewer 2003 (English) --> MsiExec.exe /I{90520409-6000-11D3-8CFE-0150048383C9}
Microsoft Reader --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0510E9B6-C4C9-4C1D-8FE9-89EDDAA54958}\setup.exe" -L0x9
Microsoft SQL Server Desktop Engine --> MsiExec.exe /X{689404D2-1C94-44B3-9203-BEC5594FDA7A}
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR) --> MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mIWCA --> MsiExec.exe /I{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}
mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mobile Broadband Drivers --> MsiExec.exe /X{8696ED8F-F797-40F0-A52A-CF6552E338E1}
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
MySidesearch Search Assistant Adzgalore --> C:\WINDOWS\system32\myss_sb_uninstall.exe
mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Network Monitor --> wscript "C:\WINDOWS\uninstall_nmon.vbs"
O2Micro Flash Memory Card Windows Driver --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{3BB2AA79-6623-48F4-B288-0CE1C88D40D6} /l1033
O2Micro Smartcard Driver --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{C5BED10B-42A9-4142-B4C2-008C0FDE27D5} /l1033
OmniPass --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}\SETUP.exe" -l0x9
On-Screen Takeoff --> C:\Program Files\InstallShield Installation Information\{690CEFE2-3B21-4D9D-849D-463270CC09A1}\setup.exe -runfromtemp -l0x0409
Pdf995 --> C:\Program Files\pdf995\setup.exe uninstall
Peck's Power Join --> C:\WINDOWS\ST4UNST.EXE -n "C:\Program Files\PeckJoin\ST4UNST.LOG"
Pervasive System Analyzer --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Common Files\Pervasive Software Shared\PSA\psa.isu"
Pervasive.SQL 2000 Workgroup (SP4) --> C:\WINDOWS\IsUninst.exe -fC:\Pvsw\DeIsL2.isu -c"C:\Pvsw\W32PTKUN.DLL" -mpsql.mif
Pervasive.SQL Workgroup v8.10 --> C:\WINDOWS\IsUninst.exe -fC:\Pvsw\DeIsL2.isu -a -c"C:\Pvsw\W32PTKUN.DLL" -mpsql.mif -ppWKGRP
Poker Mom for PokerStars v3.8 DEMO --> "C:\Program Files\PokerMom\unins000.exe"
PokerStars.net --> "C:\Program Files\PokerStars.NET\PokerStarsUninstall.exe" /u:PokerStars.net
Power Tab Editor 1.7 --> MsiExec.exe /I{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083} /l1033
Rapidshare Unlimited 2.0 --> C:\Program Files\Rapidshare Unlimited\Uninstall.exe
Registrar Registry Manager 5.02 --> "C:\Program Files\Registrar Registry Manager\unins000.exe"
Registrar Registry Manager 5.02 (Lite Edition) --> "C:\Program Files\Registrar Registry Manager\unwise.exe"
Roxio Media Manager --> MsiExec.exe /X{66D171AA-670F-4309-9C74-5BA7F7DBA0B3}
Sage Timberline Estimating --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{B135D220-5B92-4873-9212-8554A40D3965}
Sansa Media Converter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2A0F8F4-CE50-4857-A21C-3061682B2E87}\Setup.exe" -l0x9
Security Panel Application --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24CF0DBF-FF47-42E5-A13F-1D4D773E8AC7}\setup.exe"
Security Panel Application for Supervisor --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93444A72-EEA4-43E9-A12C-372DCC126A9B}\setup.exe"
Send to OneNote from IE Powertoy --> MsiExec.exe /I{CF3E217E-4661-4AE0-8CE0-11B7E74C2A94}
Send to OneNote from Outlook --> MsiExec.exe /I{3F412577-408A-4C7E-8B8D-9F3971E96A4E}
Sentinel System Driver --> MsiExec.exe /I{791CAF6C-90A3-11D4-8306-00D0B72E1DB9}
SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
SmartFTP Client --> MsiExec.exe /I{C169D3BB-9A27-43F5-9979-09A0D65FE95C}
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sony Media Manager 2.2 --> MsiExec.exe /X{2B5A75F0-FD85-4094-AB00-94902398D192}
Sothink Movie DVD Maker --> "C:\Program Files\SourceTec\Sothink Movie DVD Maker\unins000.exe"
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
SureTrak 2.0 --> C:\WINDOWS\UNINST16.EXE -fC:\STWIN\DeIsL1.isu
SureTrak 3.0a --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\SureTrak\Uninst.isu"
Tablet PC Tutorials for Microsoft Windows XP SP2 --> MsiExec.exe /X{0CAD092C-5D1E-48AD-A845-E1EBA9AF1AF8}
V620 Driver Setup --> MsiExec.exe /I{D744BF30-C1F8-4474-9C6A-446389738887}
VZAccess Manager --> C:\PROGRA~1\VERIZO~1\VZACCE~1\UNWISE.EXE C:\PROGRA~1\VERIZO~1\VZACCE~1\INSTALL.LOG
Windows Driver Package - Fujitsu PC Corporation (fjbtndrv) HIDClass 06/20/2003 1.000.0620.2003 --> rundll32.exe C:\WINDOWS\system32\DRVSTORE\fjbtndrv_88f5f7d550b6f9495c771d68ee8256fe01c940a5\DIFxAppA.Dll, DIFxARPUninstallDriverPackage fjbtndrv_88f5f7d550b6f9495c771d68ee8256fe01c940a5
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type12525 / Error
Event Submitted/Written: 04/26/2008 06:03:21 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application DesktopMgr.exe, version 4.2.2.12, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type12524 / Error
Event Submitted/Written: 04/26/2008 06:02:24 PM
Event ID/Source: 0 / ATSwpNavService
Event Description:
ATSwpNavService error: 1063StartServiceCtrlDispatcher failed.

Event Record #/Type12523 / Error
Event Submitted/Written: 04/26/2008 06:02:07 PM
Event ID/Source: 15 / AutoEnrollment
Event Description:
Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Event Record #/Type12519 / Error
Event Submitted/Written: 04/26/2008 06:01:41 PM
Event ID/Source: 1054 / Userenv
Event Description:
Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Event Record #/Type12509 / Warning
Event Submitted/Written: 04/26/2008 06:01:17 PM
Event ID/Source: 19011 / MSSQLServer
Event Description:
SuperSocket info: (SpnRegister) : Error 1355.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type33601 / Warning
Event Submitted/Written: 04/26/2008 06:03:25 PM
Event ID/Source: 8193 / LSASRV
Event Description:
The Security System could not establish a secured connection with the server DNS/prisoner.iana.org. No authentication protocol was available.

Event Record #/Type33600 / Warning
Event Submitted/Written: 04/26/2008 06:03:25 PM
Event ID/Source: 8192 / LSASRV
Event Description:
The Security System detected an attempted downgrade attack for
server DNS/prisoner.iana.org. The failure code from authentication protocol Kerberos
was "There are currently no logon servers available to service the logon request.
(0xc000005e)".

Event Record #/Type33599 / Error
Event Submitted/Written: 04/26/2008 06:02:19 PM
Event ID/Source: 10021 / DCOM
Event Description:
The launch and activation security descriptor for the COM Server application with CLSID
{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}
is invalid. It contains Access Control Entries with permissions that are invalid. The requested action was therefore not performed. This security permission can be corrected using the Component Services administrative tool.

Event Record #/Type33598 / Error
Event Submitted/Written: 04/26/2008 06:02:19 PM
Event ID/Source: 10021 / DCOM
Event Description:
The launch and activation security descriptor for the COM Server application with CLSID
{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}
is invalid. It contains Access Control Entries with permissions that are invalid. The requested action was therefore not performed. This security permission can be corrected using the Component Services administrative tool.

Event Record #/Type33597 / Error
Event Submitted/Written: 04/26/2008 06:02:19 PM
Event ID/Source: 10021 / DCOM
Event Description:
The launch and activation security descriptor for the COM Server application with CLSID
{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}
is invalid. It contains Access Control Entries with permissions that are invalid. The requested action was therefore not performed. This security permission can be corrected using the Component Services administrative tool.



-- End of Deckard's System Scanner: finished at 2008-04-26 20:53:52 ------------

BC AdBot (Login to Remove)

 


#2 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:10:55 AM

Posted 04 May 2008 - 08:05 PM

Hello Tpetty5

Welcome to the Bleeping Computer Malware Removal Forum, sorry about the delay, but the amount of people posting with infected computers is through the roof and sometimes we can't get to logs as fast as we would like to.


You have many many infections on this computer, one is a trojan backdoor that is letting this garbage in, out side of posting here you need to stay off the internet.

If you have not resolved these issues and still need assistance, post a new HJT log as your system may have changed since your original post.

Ken

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#3 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:10:55 AM

Posted 31 May 2008 - 09:48 PM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a Staff member. Include the address of this thread in your request. This applies only to the original topic starter. Should you have a new issue, please start a New Topic.

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users