Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojandownloader.xs And Coolwebsearch


  • This topic is locked This topic is locked
16 replies to this topic

#1 patmcgraw

patmcgraw

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 13 July 2008 - 10:07 AM

I am getting a Yellow Triangle with "!" along with pop-up messages telling me to perform a full scan as well as to download/install 2 spyware removal software products. My background is now a message that reads, in part, "Warning: Spyware threat has been detected on your PC".

One pop-up is a bright red "Windows Secutiry Center System Warning" that mentions "Alert details: File: cpan.dll Threat: CoolWebSearch"...this randomly pops up and lists various file names.

My system performance is sluggish and I am losing sleep, hair and stomach lining...your help will be greatly appreciated. :thumbsup:


Deckard's System Scanner v20071014.68
Run by P McGraw on 2008-07-13 10:31:10
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-07-13 14:31:13 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as P McGraw.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:35:56, on 7/13/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\CFusionMX7\runtime\bin\jrunsvc.exe
C:\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe
C:\Program Files\JHSecure\VPN Client\cvpnd.exe
C:\CFusionMX7\runtime\bin\jrun.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\CFusionMX7\verity\k2\_nti40\bin\k2server.exe
C:\CFusionMX7\verity\k2\_nti40\bin\k2index.exe
C:\WINDOWS\system32\uoyzsydz.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\SealedMedia\sealmon.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\ACT\ACT for Windows\Act.Outlook.Service.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Plaxo\3.8.1.1\PlaxoHelper_en.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Quicken\bagent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\P McGraw\Desktop\dss.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\P McGraw.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

http://us.mcafee.com/apps/msk/en-us/redir....ystempopup=true
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -

C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\uoyzsydz.exe,
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat

6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program

Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - (no file)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program

Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - (no file)
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: del.icio.us Toolbar Helper - {7AA07AE6-01EF-44EC-93CA-9D7CD41CCDB6} - C:\Program Files\del.icio.us\Internet

Explorer Buttons\dlcsIE.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat

6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program

Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: CPub Object - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program

Files\MSN\Toolbar\3.0.0311.0\msneshellx.dll
O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file

missing)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat

6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: del.icio.us - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Program Files\del.icio.us\Internet Explorer

Buttons\dlcsIE.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0311.0\msneshellx.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [sealmon] C:\Program Files\SealedMedia\sealmon.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Act.Outlook.Service] "C:\Program Files\ACT\ACT for Windows\Act.Outlook.Service.exe"
O4 - HKLM\..\Run: [Act! Preloader] "C:\Program Files\ACT\ACT for Windows\ActSage.exe" -preload
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\3.8.1.1\PlaxoHelper_en.exe -a
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [QuickenScheduledUpdates] C:\Program Files\Quicken\bagent.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
O4 - Global Startup: JHSecure VPN Client.lnk = C:\Program Files\JHSecure\VPN Client\vpngui.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file

missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file

missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.aim.com
O16 - DPF: {040F4385-8DAD-4306-94BF-B8291D841FAE} (USBAPTester Class) -

http://www.nintendowifi.com/troubleshooting/usbaptest.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) -

http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) -

http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} (PhxStudent.OeSetup15) -

https://mycampus.phoenix.edu/secure/PhxStudent15.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) -

http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {DA25EE3A-530B-4494-AA8A-AA52557E37B6} (LinkedIn Signature Control) -

http://www.linkedin.com/cab/LinkedInSignatureControl.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: ColdFusion MX 7 Application Server - Macromedia Inc. - C:\CFusionMX7\runtime\bin\jrunsvc.exe
O23 - Service: ColdFusion MX 7 Search Server - Verity, Inc. - C:\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\JHSecure\VPN Client\cvpnd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet

Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google

Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common

Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio

Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program

Files\Dell Support Center\bin\sprtsvc.exe

--
End of file - 21977 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*
.ini - inifile - shell\open\command - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1
.js - unable to read key
.js - unable to read key
.txt - unable to read key
.txt - unable to read key


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data

Communications; AEGIS Client 3.2.0.3>
R3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>

S3 RimUsb (BlackBerry Device) - c:\windows\system32\drivers\rimusb.sys (file missing)
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >
R2 ColdFusion MX 7 Application Server - "c:\cfusionmx7\runtime\bin\jrunsvc.exe" <Not Verified; Macromedia Inc.; Macromedia

JRun Application Server>
R2 ColdFusion MX 7 Search Server - "c:\cfusionmx7\verity\k2\_nti40\bin\k2admin.exe" -cfg

"c:\cfusionmx7\verity\k2\common\verity.cfg" -ntstart 1 <Not Verified; Verity, Inc.; Verity K2 Toolkit>
R2 sprtsvc_dellsupportcenter (SupportSoft Sprocket Service (dellsupportcenter)) - c:\program files\dell support

center\bin\sprtsvc.exe /service /p dellsupportcenter

S2 RoxLiveShare9 (LiveShare P2P Server 9) - "c:\program files\common files\roxio shared\9.0\sharedcom\roxliveshare9.exe"

(file missing)
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe"

<Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Linksys Wireless-G PCI Network Adapter with SpeedBooster
Device ID: PCI\VEN_14E4&DEV_4318&SUBSYS_00421737&REV_02\4&1C660DD6&0&00F0
Manufacturer: Linksys
Name: Linksys Wireless-G PCI Network Adapter with SpeedBooster
PNP Device ID: PCI\VEN_14E4&DEV_4318&SUBSYS_00421737&REV_02\4&1C660DD6&0&00F0
Service: BCM43XX

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA


-- Scheduled Tasks -------------------------------------------------------------

2008-07-12 05:50:50 362 --a------ C:\WINDOWS\Tasks\Quickclean.job
2008-07-10 22:21:05 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-07-04 01:00:03 358 --a------ C:\WINDOWS\Tasks\McQcTask.job
2008-06-30 03:18:57 356 --a------ C:\WINDOWS\Tasks\defrag.job
2008-06-15 01:13:44 356 --a------ C:\WINDOWS\Tasks\McDefragTask.job


-- Files created between 2008-06-13 and 2008-07-13 -----------------------------

2008-07-13 06:34:53 0 d-------- C:\Program Files\Trend Micro
2008-07-13 02:44:19 19200 --a------ C:\WINDOWS\iexplorer.exe
2008-07-13 02:32:23 29184 --a------ C:\WINDOWS\y.exe
2008-07-13 02:32:21 15616 --a------ C:\WINDOWS\xplugin.dll
2008-07-13 02:32:20 19712 --a------ C:\WINDOWS\x.exe
2008-07-13 02:32:20 15360 --a------ C:\WINDOWS\winmgnt.exe
2008-07-13 02:32:20 28160 --a------ C:\WINDOWS\window.exe
2008-07-13 02:32:19 17664 --a------ C:\WINDOWS\winajbm.dll
2008-07-13 02:32:18 18432 --a------ C:\WINDOWS\win64.exe
2008-07-13 02:32:18 26112 --a------ C:\WINDOWS\win32e.exe
2008-07-13 02:32:17 30976 --a------ C:\WINDOWS\waol.exe
2008-07-13 02:32:15 29696 --a------ C:\WINDOWS\users32.exe
2008-07-13 02:32:14 32000 --a------ C:\WINDOWS\time.exe
2008-07-13 02:32:11 8960 --a------ C:\WINDOWS\systemcritical.exe
2008-07-13 02:32:10 16640 --a------ C:\WINDOWS\systeem.exe
2008-07-13 02:32:09 15616 --a------ C:\WINDOWS\olehelp.exe
2008-07-13 02:32:09 24320 --a------ C:\WINDOWS\notepad32.exe
2008-07-13 02:32:08 15360 --a------ C:\WINDOWS\mtwirl32.dll
2008-07-13 02:32:07 31232 --a------ C:\WINDOWS\loader.exe
2008-07-13 02:32:05 29440 --a------ C:\WINDOWS\cpan.dll
2008-07-13 02:32:03 19200 --a------ C:\WINDOWS\clrssn.exe
2008-07-13 02:32:02 13824 --a------ C:\WINDOWS\avpcc.dll
2008-07-13 02:32:01 13568 --a------ C:\WINDOWS\accesss.exe
2008-07-13 02:20:29 0 d-------- C:\ComboFix1
2008-07-13 01:42:43 5970 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-13 01:41:54 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-13 01:41:54 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-07-13 01:41:54 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-07-13 01:41:54 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-07-13 01:41:54 53248 --a------ C:\WINDOWS\system32\Process.exe
2008-07-13 01:41:54 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-07-13 01:41:54 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-13 01:41:54 81920 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-07-13 00:40:47 14848 --a------ C:\WINDOWS\svchost32.exe
2008-07-13 00:40:47 11776 --a------ C:\WINDOWS\rundll16.exe
2008-07-13 00:40:46 19968 --a------ C:\WINDOWS\quicken.exe
2008-07-13 00:40:46 11008 --a------ C:\WINDOWS\msupdate.exe
2008-07-13 00:40:46 25600 --a------ C:\WINDOWS\mssys.exe
2008-07-13 00:40:45 14080 --a------ C:\WINDOWS\msconfd.dll
2008-07-13 00:40:45 14848 --a------ C:\WINDOWS\internet.exe
2008-07-13 00:40:44 29952 --a------ C:\WINDOWS\iedll.exe
2008-07-13 00:40:44 16640 --a------ C:\WINDOWS\editpad.exe
2008-07-12 19:52:46 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-12 19:51:37 0 d-------- C:\Program Files\Spyware Doctor
2008-07-12 19:51:37 0 d-------- C:\Documents and Settings\P McGraw\Application Data\PC Tools
2008-07-12 19:51:29 0 d-------- C:\Program Files\Common Files\Download Manager
2008-07-12 19:46:49 0 d-------- C:\Program Files\Enigma Software Group
2008-07-12 17:56:59 0 d-------- C:\Program Files\AntispyStorm
2008-07-12 10:36:12 0 d-------- C:\Program Files\SpyMaxx
2008-07-12 07:19:04 27648 --a------ C:\WINDOWS\svcinit.exe
2008-07-12 07:19:03 11008 --a------ C:\WINDOWS\sistem.exe
2008-07-12 07:19:03 15104 --a------ C:\WINDOWS\searchword.dll
2008-07-12 07:19:02 29440 --a------ C:\WINDOWS\qttasks.exe
2008-07-12 07:19:01 27136 --a------ C:\WINDOWS\mswsc20.dll
2008-07-12 07:19:01 16896 --a------ C:\WINDOWS\mswsc10.dll
2008-07-12 07:19:00 11008 --a------ C:\WINDOWS\msspi.dll
2008-07-12 07:18:59 10240 --a------ C:\WINDOWS\inetinf.exe
2008-07-12 07:18:59 16896 --a------ C:\WINDOWS\helpcvs.exe
2008-07-12 07:18:59 15360 --a------ C:\WINDOWS\gfmnaaa.dll
2008-07-12 07:18:58 17408 --a------ C:\WINDOWS\funny.exe
2008-07-12 07:18:58 20736 --a------ C:\WINDOWS\funniest.exe
2008-07-12 07:18:58 8704 --a------ C:\WINDOWS\explorer32.exe
2008-07-12 07:18:58 31744 --a------ C:\WINDOWS\explore.exe
2008-07-12 07:18:56 24576 --a------ C:\WINDOWS\dnsrelay.dll
2008-07-12 07:18:56 17664 --a------ C:\WINDOWS\directx32.exe
2008-07-12 07:18:55 22272 --a------ C:\WINDOWS\ctrlpan.dll
2008-07-12 07:18:55 17920 --a------ C:\WINDOWS\ctfmon32.exe
2008-07-12 06:26:32 4 --a------ C:\WINDOWS\system32\hljwugsf.bin
2008-07-12 06:26:16 89559 --a------ C:\WINDOWS\system32\uoyzsydz.exe <Not Verified; Microsoft; XML Media>
2008-07-12 04:49:50 0 d-------- C:\Documents and Settings\P McGraw\Application Data\Download Manager
2008-07-11 04:56:24 0 d-------- C:\Program Files\iTunes
2008-07-04 09:01:02 0 d-------- C:\Documents and Settings\P McGraw\Application Data\CyberLink
2008-07-04 08:03:40 0 d-------- C:\Documents and Settings\All Users\Application Data\TechSmith
2008-07-04 08:03:32 0 d-------- C:\Program Files\TechSmith
2008-06-28 12:20:25 0 d-------- C:\Program Files\Opera
2008-06-28 11:15:46 0 d-------- C:\Documents and Settings\P McGraw\Application Data\McGraw-HillLicensing
2008-06-18 20:37:15 0 d-------- C:\Program Files\Microsoft Office Outlook Connector
2008-06-18 18:11:57 0 d-------- C:\WINDOWS\Prefetch
2008-06-18 07:18:54 0 d-------- C:\WINDOWS\system32\scripting
2008-06-18 07:18:54 0 d-------- C:\WINDOWS\l2schemas
2008-06-18 07:18:53 0 d-------- C:\WINDOWS\system32\en
2008-06-18 07:18:52 0 d-------- C:\WINDOWS\system32\bits
2008-06-18 07:16:01 0 d-------- C:\WINDOWS\ServicePackFiles
2008-06-18 07:07:18 0 d-------- C:\WINDOWS\EHome
2008-06-14 05:40:04 0 d-------- C:\Documents and Settings\P McGraw\Application Data\Opera
2008-06-14 05:34:31 0 d-------- C:\McGraw-Hill


-- Find3M Report ---------------------------------------------------------------

2008-07-13 10:25:18 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-13 09:17:06 0 d-------- C:\Documents and Settings\P McGraw\Application Data\Adobe
2008-07-13 08:52:40 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-07-13 08:52:25 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-07-13 08:37:36 0 d-------- C:\Program Files\Common Files
2008-07-13 08:28:48 256 --a------ C:\WINDOWS\system32\pool.bin
2008-07-13 08:28:44 5642 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-07-13 08:26:09 0 d-------- C:\Program Files\Plaxo
2008-07-12 17:48:45 0 d-------- C:\Program Files\Mozilla Sunbird
2008-07-12 17:46:44 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-12 16:55:35 0 d-------- C:\Program Files\Common Files\AOL
2008-07-12 15:48:12 0 d-------- C:\Program Files\Bradbury
2008-07-12 15:46:21 0 d-------- C:\Program Files\Quicken Legal Business Pro 2007
2008-07-12 06:06:21 0 d-------- C:\Program Files\eNewsletter Manager v2
2008-07-11 04:56:44 0 d-------- C:\Program Files\iPod
2008-07-11 04:48:23 0 d-------- C:\Program Files\QuickTime
2008-07-10 20:06:39 0 d-------- C:\Documents and Settings\P McGraw\Application Data\FileZilla
2008-07-03 15:49:22 0 d-------- C:\Documents and Settings\P McGraw\Application Data\AdobeUM
2008-06-21 02:18:20 0 d-------- C:\Program Files\Yahoo!
2008-06-19 17:55:58 0 d-------- C:\Program Files\Google
2008-06-18 20:36:03 0 d-------- C:\Program Files\MSECache
2008-06-18 18:18:41 8224 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2008-06-18 18:11:26 0 d-------- C:\Program Files\Messenger
2008-06-18 07:18:52 0 d-------- C:\Program Files\Movie Maker
2008-06-18 07:15:45 0 d-------- C:\Program Files\Windows NT
2008-06-17 00:53:23 0 d-------- C:\Program Files\The Weather Channel FW
2008-06-01 07:18:55 0 d-------- C:\Program Files\Canon
2008-06-01 07:15:34 0 d-------- C:\Program Files\Common Files\Canon
2008-05-30 11:02:45 0 d-------- C:\Program Files\Quicken
2008-05-28 06:29:58 0 d-------- C:\Documents and Settings\P McGraw\Application Data\Skype
2008-05-26 12:37:46 0 d-------- C:\Program Files\FileZilla Client
2008-05-25 06:20:12 0 d-------- C:\Documents and Settings\P McGraw\Application Data\Snapfish


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
06/03/2008 16:17 86032 --a------ C:\Program Files\MSN\Toolbar\3.0.0311.0\msneshellx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 05:25]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [10/14/2004 21:42]
"sealmon"="C:\Program Files\SealedMedia\sealmon.exe" [03/15/2006 03:20]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [07/12/2005 21:05]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [09/11/2006 05:40]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [09/11/2006 05:40]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [09/20/2005 09:35]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [09/20/2005 09:36]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [09/20/2005 09:32]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe" [03/26/2003 01:19]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [02/23/2005 18:19]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [01/27/2005 03:02]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [12/06/2004 03:05]
"DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [12/02/2002 21:56]
"Act.Outlook.Service"="C:\Program Files\ACT\ACT for Windows\Act.Outlook.Service.exe" [03/28/2007 09:43]
"Act! Preloader"="C:\Program Files\ACT\ACT for Windows\ActSage.exe" [03/28/2007 09:38]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [11/15/2007 10:24]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [10/25/2007 17:33]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [10/25/2007 17:37]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [01/28/2008 23:26]
"CXMon"="C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe" [08/27/2001 11:52]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe" [07/03/2001 10:11]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [11/15/2007 10:23]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [05/08/2007 16:24]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [07/10/2008 09:47]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [05/27/2008 10:50]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [07/10/2008 10:51]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [04/10/2008 15:14]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 20:12]
"PlaxoUpdate"="C:\Program Files\Plaxo\3.8.1.1\PlaxoHelper_en.exe" [02/11/2008 11:48]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [04/13/2008 20:12]
"QuickenScheduledUpdates"="C:\Program Files\Quicken\bagent.exe" [04/21/2008 18:53]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/27/2007 19:41]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 11:09]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [11/15/2007 10:23]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [09/11/2006 05:40]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 18:43]
"DW6"="C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" [06/10/2008 16:18]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [10/24/2003 12:37:56 AM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [12/10/2005 5:28:55 AM]
Google Calendar Sync.lnk - C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe [5/27/2008 12:48:52 PM]
JHSecure VPN Client.lnk - C:\Program Files\JHSecure\VPN Client\vpngui.exe [9/9/2006 8:34:56 AM]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[1/17/2008 11:36:41 AM]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [8/18/2006 9:38:20 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [08/18/2006 21:38

276992]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\uoyzsydz.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- End of Deckard's System Scanner: finished at 2008-07-13 10:42:04 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: Intel® Celeron® CPU 2.53GHz
Percentage of Memory in Use: 53%
Physical Memory (total/avail): 1533.98 MiB / 711.48 MiB
Pagefile Memory (total/avail): 2155.68 MiB / 1073.85 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1887.65 MiB

C: is Fixed (NTFS) - 145.96 GiB total, 104.56 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD1600JB-75GVC0 - 149.01 GiB - 3 partitions
\PARTITION0 - Unknown - 39.19 MiB
\PARTITION1 (bootable) - Installable File System - 145.96 GiB - C:
\PARTITION2 - Unknown - 3 GiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\P McGraw\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CLIENTNAME=Console
COLLECTIONID=COL8143
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PMACRULES
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HMSERVER=https://wwss1proa.cce.hp.com/wuss/servlet/WUSSServlet
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\P McGraw
ITEMID=dj-22741-15
LANG=1033
LOGONSERVER=\\PMACRULES
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
OSVER=winXPH
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\CFusionMX7\verity\k2\_nti40

\bin;C:\Program Files\Microsoft SQL Server\80\Tools\Binn;C:\Documents and Settings\P

McGraw\Local Settings\Temp\{66563AD8-637B-407F-BCA7-0233A16891AB};c:\Program

Files\Microsoft SQL Server\90\Tools\binn;C:\Program Files\Common Files\Roxio

Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared;C:\Program

Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
SESSIONID=1134697826978htx6060f5bad0:1083142904e:-418b
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SWUTVER=1.0.1.1
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\PMCGRA~1\LOCALS~1\Temp
TIMEOUT=0
TMP=C:\DOCUME~1\PMCGRA~1\LOCALS~1\Temp
TOOLPATH=/C:\Program%20Files\Hewlett-Packard\HP%20Software%20Update\install.htm
UPDATEDIR=C:\DOCUME~1\PMCGRA~1\LOCALS~1\Temp\radEC0FF.tmp
USERDOMAIN=PMACRULES
USERNAME=P McGraw
USERPROFILE=C:\Documents and Settings\P McGraw
VERITY_CFG=C:\CFusionMX7\verity\k2\common\verity.cfg
VERSION=3.0.5.001
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

P McGraw (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
--> MsiExec.exe /X{09959E11-AD5D-408E-96AF-E3346954D6B8}
--> MsiExec.exe /X{64F3B15C-24C7-4B2B-9B72-65CCBBD7F06B}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132

C:\WINDOWS\INF\PCHealth.inf
ACT! Standard 9.0 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe

/M{F231B54A-05F3-46A8-9122-01180D55ECBA}
Adobe Acrobat - Reader 6.0.2 Update --> MsiExec.exe

/I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Acrobat 6.0.1 Professional --> MsiExec.exe /I{AC76BA86-1033-0000-7760-000000000001}
Adobe Acrobat and Reader 6.0.3 Update --> MsiExec.exe

/I{AC76BA86-0000-7EC8-7489-000000000603}
Adobe Acrobat and Reader 6.0.4 Update --> MsiExec.exe

/I{AC76BA86-0000-7EC8-7489-000000000604}
Adobe Acrobat and Reader 6.0.5 Update --> MsiExec.exe

/I{AC76BA86-0000-7EC8-7489-000000000605}
Adobe Acrobat and Reader 6.0.6 Update --> MsiExec.exe

/I{AC76BA86-0000-7EC8-7489-000000000606}
Adobe Atmosphere Player for Acrobat and Adobe Reader --> C:\WINDOWS\atmoUn.exe
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE

C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AnswerWorks 5.0 English Runtime --> RunDll32

C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup

"C:\Program Files\InstallShield Installation

Information\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}\setup.exe" -l0x9 -uninst -removeonly
AOLIcon --> MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
APA-Style Helper 5 --> RunDll32

C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup

"C:\Program Files\InstallShield Installation

Information\{0B9964E0-A3B4-4B2F-91F7-CA7EF95B957E}\setup.exe" -l0x9 -removeonly
APA-Style Helper 5.1 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe

/M{E2C96D88-7571-4E1E-860D-ED3951E7C67A}
Apple Mobile Device Support --> MsiExec.exe /I{35B91753-5789-4517-9CF1-2CCE3A8CF4F1}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Ask Toolbar --> rundll32 C:\PROGRA~1\AskPBar\bar\1.bin\AskPBar.dll,O
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
BookSmart™ 1.8 1.8 --> C:\Program Files\BookSmart\uninstall.exe
Canon Camera Access Library --> "C:\Program Files\Common

Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library --> "C:\Program Files\Common

Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon G.726 WMP-Decoder --> "C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe"

"C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX --> "C:\Program Files\Common

Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser

EX\Program\MVWUninst.ini"
Canon RAW Image Task for ZoomBrowser EX --> "C:\Program Files\Common

Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon Utilities CameraWindow --> "C:\Program Files\Common

Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program

Files\Canon\CameraWindow\CameraWindowLauncher\Uninst.ini"
Canon Utilities CameraWindow DC --> "C:\Program Files\Common

Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program

Files\Canon\CameraWindow\CameraWindowDC\Uninst.ini"
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX --> "C:\Program Files\Common

Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program

Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX --> "C:\Program Files\Common

Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program

Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Utilities MyCamera --> "C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe"

"C:\Program Files\Canon\CameraWindow\MyCamera\Uninst.ini"
Canon Utilities MyCamera DC --> "C:\Program Files\Common

Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program

Files\Canon\CameraWindow\MyCameraDC\Uninst.ini"
Canon Utilities RemoteCapture DC --> "C:\Program Files\Common

Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program

Files\Canon\CameraWindow\RemoteCaptureDC\Uninst.ini"
Canon Utilities RemoteCapture Task for ZoomBrowser EX --> "C:\Program Files\Common

Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask

DC\Uninst.ini"
Canon Utilities ZoomBrowser EX --> "C:\Program Files\Common

Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser

EX\Program\Uninst.ini"
Canon ZoomBrowser EX Memory Card Utility --> "C:\Program Files\Common

Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX MCU\Uninst.ini"
Compatibility Pack for the 2007 Office system --> MsiExec.exe

/X{90120000-0020-0409-0000-0000000FF1CE}
Conexant D850 56K V.9x DFVc Modem --> C:\Program

Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U

-Idel200fk.inf
Creative Commons Add-in for Microsoft Office --> MsiExec.exe

/I{EC719582-B6B4-436A-922B-67094106AB81}
del.icio.us Buttons for Internet Explorer --> MsiExec.exe

/I{08F7CCA6-8590-4401-8B44-CEB09A909AAB}
Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe

/s
Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Game Console --> "C:\Program Files\WildTangent\Apps\Dell Game Console\Uninstall.exe"
Dell Media Experience --> MsiExec.exe /I{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}
Dell Support Center --> MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
DesignPro 5.0 Limited Edition -->

C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe

/M{97AE00A8-1336-410F-B467-1C6623127BD6}
Digital Content Portal --> MsiExec.exe /I{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}
Digital Line Detect --> RunDll32

C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program

Files\InstallShield Installation

Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
FileZilla Client 3.0.10 --> C:\Program Files\FileZilla Client\uninstall.exe
FLV Player 1.3.3 --> "C:\Program Files\FLVPlayer\uninstall.exe"
GNU Privacy Guard --> "C:\Program Files\GNU\GnuPG\uninst-gnupg.exe"
Google Calendar Sync --> "C:\Program Files\Google\Google Calendar Sync\uninstall.exe"
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program

files\google\googletoolbar4.dll"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) -->

"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
hp deskjet 5600 --> msiexec /x{8CDC6712-AF80-459E-911F-F1E156CB0AB0}
hp deskjet 5600 series --> rundll32 hpzcon08.dll,VendorJettison hp deskjet 5600 series
HP Memories Disc --> MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
HP Photo and Imaging 2.0 - Deskjet Series --> MsiExec.exe

/I{E0828692-FD9D-459F-9312-C645C3CA6650}
HP Photo Imaging Software --> C:\WINDOWS\IsUninst.exe -f"C:\Program

Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Uninstall.isu" -c"C:\Program

Files\Hewlett-Packard\PhotoSmart\Photo Imaging\hpiunCX.dll
HP Photo Printing Software --> C:\WINDOWS\IsUninst.exe -f"C:\Program

Files\Hewlett-Packard\PhotoSmart\Photo Printing\Uninstall.isu" -c"C:\Program

Files\Hewlett-Packard\PhotoSmart\Photo Printing\hpiunPC.dll
hp print screen utility --> C:\Program Files\Hewlett-Packard\hp print screen

utility\UnInstall\prnunins.exe
HP Share-to-Web --> RunDll32

C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program

Files\InstallShield Installation

Information\{748F4870-8350-11D3-B0BF-080009FB4A19}\Setup.exe" --MAIN -l9
HP Update --> MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
Intel® Extreme Graphics 2 Driver --> RUNDLL32.EXE

C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
Intel® PROSet for Wired Connections --> MsiExec.exe

/I{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}
Internet Explorer Default Page --> MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
iPod for Windows 2006-03-23 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel

32\IDriver.exe /M{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB} /l1033
iTunes --> MsiExec.exe /I{EF6C4600-306D-4F6A-A119-C2A877D25B4A}
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe

/I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe

/I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe

/I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe

/I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java 2 Runtime Environment, SE v1.4.2_06 --> MsiExec.exe

/I{7148F0A8-6813-11D6-A77B-00B0D0142060}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe

/I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LADSPA_plugins-win-0.4.15 --> "C:\Program Files\Audacity\Plug-Ins\unins000.exe"
LinkedIn Outlook Toolbar --> C:\Program Files\LinkedIn\Outlook

Toolbar\2.2.0.1435\Uninstall.exe
Linksys Wireless-G PCI Network Adapter with SpeedBooster --> RunDll32

C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program

Files\InstallShield Installation

Information\{EAE4A00B-D290-4B65-8287-B82A80FC0619}\setup.exe" -l0x9
List Builder Add-in for Microsoft Office Publisher 2003 --> RunDll32.exe advpack.dll,

LaunchINFSection C:\WINDOWS\INF\PubListBuilderAddIn.inf,Uninstall
Logitech Desktop Messenger --> RunDll32

C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup

"C:\Program Files\InstallShield Installation

Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x9 UNINSTALL
Logitech QuickCam --> MsiExec.exe /X{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}
Logitech QuickCam Driver Package --> "C:\Program Files\Common

Files\LogiShrd\LogiDriverStore\lvdrivers\11.50.1145\LgDrvInst.exe" -remove

-instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=2000

-enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall

-arpregkey"lvdrivers_11.50" /clone_wait /hide_progress
Macromedia ColdFusion MX 7 --> "C:\CFusionMX7\uninstall\Uninstall Macromedia ColdFusion MX

7.exe"
Macromedia Contribute 3.11 --> MsiExec.exe /I{4B9535BF-CC90-4158-AF32-CAF57A8820CA}
Macromedia Dreamweaver 8 --> MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Fireworks 8 --> MsiExec.exe /I{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}
Macromedia Flash 8 --> MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
Macromedia Flash 8 Video Encoder --> MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Macromedia HomeSite+ --> RunDll32

C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program

Files\InstallShield Installation

Information\{8D3562E7-C795-4B5D-A091-6DAA3FF0DF3B}\Setup.exe"
Marketing Plan Pro 6.0 --> MsiExec.exe /X{2F7C3742-BAB4-41EF-A997-D718DF96509C}
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
McGraw-Hill EZ Test Desktop --> "C:\McGraw-Hill\MH_EZTest\uninstall.exe"
MCU --> MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
Microsoft Compression Client Pack 1.0 for Windows XP -->

"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office 2003 Primary Interop Assemblies --> MsiExec.exe

/X{91490409-6000-11D3-8CFE-0150048383C9}
Microsoft Office 2003 Web Components --> MsiExec.exe

/I{90A40409-6000-11D3-8CFE-0150048383C9}
Microsoft Office FrontPage 2003 --> MsiExec.exe /I{91170409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Outlook 2003 Calendar Views Add-in --> MsiExec.exe

/I{8DB2C22D-A23A-4C0E-9A56-7D10440B9B40}
Microsoft Office Outlook Connector --> MsiExec.exe /I{95120000-011C-0409-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003 --> MsiExec.exe

/I{91110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Project MUI (English) 2007 --> MsiExec.exe

/X{90120000-00B4-0409-0000-0000000FF1CE}
Microsoft Office Project Standard 2007 --> MsiExec.exe

/X{91120000-003A-0000-0000-0000000FF1CE}
Microsoft Office Project Standard 2007 Trial --> "C:\Program Files\Common Files\Microsoft

Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PRJSTDR /dll OSETUP.DLL
Microsoft Office Proof (English) 2007 --> MsiExec.exe

/X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe

/X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe

/X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe

/X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe

/X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe

/X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word Viewer 2003 --> MsiExec.exe /I{90850409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Primary Interop Assemblies --> MsiExec.exe

/X{75F52629-711D-4500-A532-78B793667289}
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe

/X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 --> "c:\Program Files\Microsoft SQL Server\90\Setup

Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server 2005 Express Edition (ACT7) --> MsiExec.exe

/I{6DEF11C0-35FF-4160-A543-FDD336C4DAE5}
Microsoft SQL Server 2005 Tools Express Edition --> MsiExec.exe

/I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
Microsoft SQL Server Native Client --> MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Microsoft SQL Server Setup Support Files (English) --> MsiExec.exe

/X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer --> MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}
Microsoft User-Mode Driver Framework Feature Pack 1.0 -->

"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Video Email add-in for Outlook 2003 --> MsiExec.exe

/X{05383BE9-DB28-4BAE-9177-A2BC21CAF625}
Microsoft Visio Standard 2002 [English] --> MsiExec.exe

/I{90530409-6D54-11D4-BEE3-00C04F990354}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe

/X{7299052b-02a4-4627-81f2-1818da5d550d}
Modem Helper --> RunDll32

C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program

Files\InstallShield Installation

Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Mozilla Firefox (2.0.0.15) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
MSN Toolbar --> MsiExec.exe /I{3B438F0E-21BE-4E80-B921-5A9AA4DAA402}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
NetWaiting --> RunDll32

C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program

Files\InstallShield Installation

Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Nvu 1.0 --> "C:\Program Files\Nvu\unins000.exe"
Opera 9.50 --> MsiExec.exe /X{70B96CD0-FDF2-489E-8FA0-0F92ED599368}
Perseus SurveySolutions Professional 4.0 -->

C:\PROGRA~1\Perseus\SURVEY~1.0\Reserved\UNWISE.EXE

C:\PROGRA~1\Perseus\SURVEY~1.0\Reserved\INSTALL.LOG
Photo Click --> MsiExec.exe /I{6E179C77-7335-458D-9537-4F4EAC0181ED}
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
Plaxo Toolbar for Windows --> C:\Program Files\Plaxo\3.8.1.1\uninstall_en.exe
PowerDVD 5.5 --> RunDll32

C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program

Files\InstallShield Installation

Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Quicken 2008 --> MsiExec.exe /X{3B0F52AC-EF5C-4831-B221-06C782E41280}
QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe

RealNetworks|RealPlayer|6.0
Rhapsody Player Engine --> MsiExec.exe /I{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}
Safari --> MsiExec.exe /I{0AFC9710-5DD6-4C6A-BA52-91AE992B2C9D}
SealedMedia Unsealer 5.0.2.12 --> RunDll32

C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program

Files\InstallShield Installation

Information\{B11BF9FF-7A12-42D5-BE71-9C3C05833D89}\Setup.exe" -l0x9
Security Update for CAPICOM (KB931906) --> MsiExec.exe

/I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe

/X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Office 2007 (KB934062) --> msiexec /package

{91120000-003A-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Step By Step Interactive Training (KB898458) -->

"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) -->

"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package

{91120000-003A-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SnagIt 9 --> MsiExec.exe /I{59991D18-A988-45AB-B1BF-5ADE6E64CD3F}
SnapKast Media Center 2.0 (P McGraw) --> "C:\Documents and Settings\P McGraw\Application

Data\SnapKast\unins000.exe"
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic MyDVD LE --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
TBS WMP Plug-in --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe

/M{DB5F474C-B584-417F-810B-DEBBC1893C2A}
The Weather Channel Desktop 6 --> C:\Program Files\The Weather Channel

FW\Desktop\TheWeatherChannelCustomUninstall.exe
Trillian --> C:\Program Files\Trillian\trillian.exe /uninstall
TurboTax ItsDeductible 2006 --> MsiExec.exe /X{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}
Update for Office 2007 (KB932080) --> msiexec /package

{91120000-003A-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB946691) --> msiexec /package

{91120000-003A-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience

Technology\mtsAxInstaller.exe /u
VPN Client --> RunDll32

C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program

Files\InstallShield Installation

Information\{5624C000-B109-11D4-9DB4-00E0290FCAC5}\Setup.exe" -l0x9 VpnUninstall
VST Bridge 1.1 --> "C:\Program Files\Audacity\Plug-ins\VST Bridge\unins000.exe"
Weather Services --> C:\WINDOWS\system32\control.exe

C:\PROGRA~1\THEWEA~1\Framework\wxfw.cpl,4
WebCyberCoach 3.2 Dell --> "C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe"

"WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg

"enginecf.inf,RealUninstallSection,,4"
WexTech AnswerWorks --> RunDll32

C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup

"C:\Program Files\InstallShield Installation

Information\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}\SETUP.EXE" -l0x9 -eliminate
Windows Desktop Search --> "C:\WINDOWS\$NtUninstallKB917013$\spuninst\spuninst.exe"
Windows Media Format 11 runtime -->

"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U

C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type43625 / Error
Event Submitted/Written: 07/13/2008 10:30:06 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16674, hang module hungapp, version

0.0.0.0, hang address 0x00000000.

Event Record #/Type43624 / Error
Event Submitted/Written: 07/13/2008 10:29:28 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application OUTLOOK.EXE, version 11.0.8217.0, hang module hungapp, version 0.0.0.0,

hang address 0x00000000.

Event Record #/Type43623 / Error
Event Submitted/Written: 07/13/2008 10:29:28 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application OUTLOOK.EXE, version 11.0.8217.0, hang module hungapp, version 0.0.0.0,

hang address 0x00000000.

Event Record #/Type43622 / Error
Event Submitted/Written: 07/13/2008 10:29:28 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application OUTLOOK.EXE, version 11.0.8217.0, hang module hungapp, version 0.0.0.0,

hang address 0x00000000.

Event Record #/Type43621 / Error
Event Submitted/Written: 07/13/2008 10:29:28 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application OUTLOOK.EXE, version 11.0.8217.0, hang module hungapp, version 0.0.0.0,

hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type149965 / Error
Event Submitted/Written: 07/13/2008 09:11:05 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126

Event Record #/Type149962 / Error
Event Submitted/Written: 07/13/2008 09:11:05 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126

Event Record #/Type149959 / Error
Event Submitted/Written: 07/13/2008 09:11:05 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126

Event Record #/Type149956 / Error
Event Submitted/Written: 07/13/2008 09:11:05 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126

Event Record #/Type149953 / Error
Event Submitted/Written: 07/13/2008 09:11:05 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126



-- End of Deckard's System Scanner: finished at 2008-07-13 10:42:04 ------------

BC AdBot (Login to Remove)

 


m

#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:01 AM

Posted 13 July 2008 - 07:14 PM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

Please visit this page for instructions to download and use Combofix.

How to use Combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.
Please post the log from Combofix here in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 patmcgraw

patmcgraw
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 14 July 2008 - 03:08 AM

Sam,

thanks...here is the ComboFix log.
Pat



ComboFix 08-07-13.9 - P McGraw 2008-07-14 3:28:45.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.730 [GMT -4:00]
Running from: C:\Documents and Settings\P McGraw\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\P McGraw\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\AntispyStorm
C:\Program Files\AntispyStorm\AntispyStorm.exe.MANIFEST
C:\Program Files\AntispyStorm\parser_done
C:\Program Files\AntispyStorm\stat.bin
C:\Program Files\AntispyStorm\uninstall.exe
C:\Program Files\AntispyStorm\uninstall.log
C:\Program Files\SpyMaxx
C:\Program Files\SpyMaxx\SpyMaxx.exe.MANIFEST
C:\Program Files\SpyMaxx\stat.bin
C:\Program Files\SpyMaxx\uninstall.exe
C:\Program Files\SpyMaxx\uninstall.log
C:\WINDOWS\accesss.exe
C:\WINDOWS\astctl32.ocx
C:\WINDOWS\avpcc.dll
C:\WINDOWS\clrssn.exe
C:\WINDOWS\cpan.dll
C:\WINDOWS\ctfmon32.exe
C:\WINDOWS\ctrlpan.dll
C:\WINDOWS\default.htm
C:\WINDOWS\directx32.exe
C:\WINDOWS\dnsrelay.dll
C:\WINDOWS\editpad.exe
C:\WINDOWS\explore.exe
C:\WINDOWS\explorer32.exe
C:\WINDOWS\funniest.exe
C:\WINDOWS\funny.exe
C:\WINDOWS\gfmnaaa.dll
C:\WINDOWS\helpcvs.exe
C:\WINDOWS\iedll.exe
C:\WINDOWS\iexplorer.exe
C:\WINDOWS\inetinf.exe
C:\WINDOWS\internet.exe
C:\WINDOWS\loader.exe
C:\WINDOWS\msconfd.dll
C:\WINDOWS\msspi.dll
C:\WINDOWS\mssys.exe
C:\WINDOWS\msupdate.exe
C:\WINDOWS\mswsc10.dll
C:\WINDOWS\mswsc20.dll
C:\WINDOWS\mtwirl32.dll
C:\WINDOWS\notepad32.exe
C:\WINDOWS\olehelp.exe
C:\WINDOWS\qttasks.exe
C:\WINDOWS\quicken.exe
C:\WINDOWS\rundll16.exe
C:\WINDOWS\rundll32.vbe
C:\WINDOWS\searchword.dll
C:\WINDOWS\sistem.exe
C:\WINDOWS\svchost32.exe
C:\WINDOWS\svcinit.exe
C:\WINDOWS\systeem.exe
C:\WINDOWS\system32\hljwugsf.bin
C:\WINDOWS\system32\uoyzsydz.exe
C:\WINDOWS\systemcritical.exe
C:\WINDOWS\time.exe
C:\WINDOWS\users32.exe
C:\WINDOWS\waol.exe
C:\WINDOWS\win32e.exe
C:\WINDOWS\win64.exe
C:\WINDOWS\winajbm.dll
C:\WINDOWS\window.exe
C:\WINDOWS\winmgnt.exe
C:\WINDOWS\x.exe
C:\WINDOWS\xplugin.dll
C:\WINDOWS\xxxvideo.hta
C:\WINDOWS\y.exe

.
((((((((((((((((((((((((( Files Created from 2008-06-14 to 2008-07-14 )))))))))))))))))))))))))))))))
.

2008-07-13 06:37 . 2008-07-13 06:37 <DIR> d-------- C:\Deckard
2008-07-13 06:34 . 2008-07-13 06:34 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-13 02:20 . 2008-07-13 02:21 <DIR> d-------- C:\ComboFix1
2008-07-13 01:42 . 2008-07-13 02:29 5,970 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-13 01:41 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-07-13 01:41 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-07-13 01:41 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-07-13 01:41 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-07-13 01:41 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-07-13 01:41 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-07-13 01:41 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-13 01:41 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-12 19:52 . 2008-07-14 03:27 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-12 19:51 . 2008-07-13 15:19 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-07-12 19:51 . 2008-07-12 19:51 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-07-12 19:51 . 2008-07-12 19:51 <DIR> d-------- C:\Documents and Settings\P McGraw\Application Data\PC Tools
2008-07-12 19:51 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-07-12 19:51 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-07-12 19:51 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-07-12 19:51 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-07-12 19:51 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-07-12 19:46 . 2008-07-13 02:51 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-07-12 04:49 . 2008-07-12 05:18 <DIR> d-------- C:\Documents and Settings\P McGraw\Application Data\Download Manager
2008-07-11 04:56 . 2008-07-11 04:57 <DIR> d-------- C:\Program Files\iTunes
2008-07-04 09:01 . 2008-07-04 09:01 <DIR> d-------- C:\Documents and Settings\P McGraw\Application Data\CyberLink
2008-07-04 08:03 . 2008-07-04 08:03 <DIR> d-------- C:\Program Files\TechSmith
2008-07-04 08:03 . 2008-07-04 08:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TechSmith
2008-06-28 12:20 . 2008-06-28 12:20 <DIR> d-------- C:\Program Files\Opera
2008-06-28 11:15 . 2008-06-28 11:33 <DIR> d-------- C:\Documents and Settings\P McGraw\Application Data\McGraw-HillLicensing
2008-06-20 13:46 . 2008-06-20 13:46 245,248 --------- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 13:46 . 2008-06-20 13:46 147,968 --------- C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 07:51 . 2008-06-20 07:51 361,600 --------- C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 07:40 . 2008-06-20 07:40 138,496 --------- C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 07:08 . 2008-06-20 07:08 225,856 --------- C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-18 20:37 . 2008-06-18 20:37 <DIR> d-------- C:\Program Files\Microsoft Office Outlook Connector
2008-06-18 07:18 . 2008-06-18 07:18 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-06-18 07:18 . 2008-06-18 07:18 <DIR> d-------- C:\WINDOWS\system32\en
2008-06-18 07:18 . 2008-06-18 07:18 <DIR> d-------- C:\WINDOWS\system32\bits
2008-06-18 07:18 . 2008-06-18 07:18 <DIR> d-------- C:\WINDOWS\l2schemas
2008-06-18 07:16 . 2008-06-18 07:16 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-06-18 07:07 . 2008-06-18 07:07 <DIR> d-------- C:\WINDOWS\EHome
2008-06-18 06:58 . 2008-04-13 20:12 276,992 --------- C:\WINDOWS\system32\wmphoto.dll
2008-06-18 06:58 . 2008-04-13 20:12 69,120 --------- C:\WINDOWS\system32\wlanapi.dll
2008-06-18 06:56 . 2008-04-13 20:12 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll
2008-06-18 06:55 . 2008-04-13 20:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2008-06-14 05:34 . 2008-06-14 05:34 <DIR> d-------- C:\McGraw-Hill

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-14 07:09 5,590 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-07-14 06:58 --------- d-----w C:\Program Files\Plaxo
2008-07-14 06:56 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2008-07-14 06:56 0 ----a-w C:\WINDOWS\system32\drivers\logiflt.iad
2008-07-13 14:25 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-13 12:52 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-07-13 12:52 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-07-13 12:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Roxio
2008-07-13 11:08 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-07-13 11:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-12 21:48 --------- d-----w C:\Program Files\Mozilla Sunbird
2008-07-12 21:46 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-12 20:55 --------- d-----w C:\Program Files\Common Files\AOL
2008-07-12 20:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-07-12 19:48 --------- d-----w C:\Program Files\Bradbury
2008-07-12 19:46 --------- d-----w C:\Program Files\Quicken Legal Business Pro 2007
2008-07-12 10:06 --------- d-----w C:\Program Files\eNewsletter Manager v2
2008-07-11 08:56 --------- d-----w C:\Program Files\iPod
2008-07-11 08:48 --------- d-----w C:\Program Files\QuickTime
2008-07-11 00:06 --------- d-----w C:\Documents and Settings\P McGraw\Application Data\FileZilla
2008-07-03 19:49 --------- d-----w C:\Documents and Settings\P McGraw\Application Data\AdobeUM
2008-06-21 06:18 --------- d-----w C:\Program Files\Yahoo!
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-19 21:55 --------- d-----w C:\Program Files\Google
2008-06-19 00:36 --------- d-----w C:\Program Files\MSECache
2008-06-17 04:53 --------- d-----w C:\Program Files\The Weather Channel FW
2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-01 11:18 --------- d-----w C:\Program Files\Canon
2008-06-01 11:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-06-01 11:15 --------- d-----w C:\Program Files\Common Files\Canon
2008-05-30 15:02 --------- d-----w C:\Program Files\Quicken
2008-05-28 10:29 --------- d-----w C:\Documents and Settings\P McGraw\Application Data\Skype
2008-05-26 16:37 --------- d-----w C:\Program Files\FileZilla Client
2008-05-25 10:20 --------- d-----w C:\Documents and Settings\P McGraw\Application Data\Snapfish
2008-05-09 10:53 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:53 90,112 ------w C:\WINDOWS\system32\dllcache\wshext.dll
2008-05-09 10:53 512,000 ------w C:\WINDOWS\system32\dllcache\jscript.dll
2008-05-09 10:53 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:53 430,080 ------w C:\WINDOWS\system32\dllcache\vbscript.dll
2008-05-09 10:53 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:53 180,224 ------w C:\WINDOWS\system32\dllcache\scrobj.dll
2008-05-09 10:53 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
2008-05-09 10:53 172,032 ------w C:\WINDOWS\system32\dllcache\scrrun.dll
2008-05-08 14:02 203,136 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
2008-05-08 11:24 155,648 ------w C:\WINDOWS\system32\dllcache\wscript.exe
2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
2008-05-07 09:07 135,168 ------w C:\WINDOWS\system32\dllcache\cscript.exe
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:12 1,288,192 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-24 02:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:40 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-04-14 09:42 985,088 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 09:42 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-14 09:41 423,936 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-14 00:25 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 00:16 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 00:13 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 00:13 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 00:13 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 00:11 997,376 ----a-w C:\WINDOWS\system32\msgina.dll
2008-04-14 00:10 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 00:10 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2007-12-25 23:18 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2006-11-02 17:57 630,784 ----a-w C:\Documents and Settings\P McGraw\chatlnk.exe
2004-08-04 11:00 94,784 --sh--w C:\WINDOWS\twain.dll
2006-11-06 12:54 88 --sh--r C:\WINDOWS\system32\72EA87C11C.sys
2005-12-17 19:10 56 --sh--r C:\WINDOWS\system32\AEA728B6A7.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]
"PlaxoUpdate"="C:\Program Files\Plaxo\3.8.1.1\PlaxoHelper_en.exe" [2008-02-11 11:48 283719]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-13 20:12 1695232]
"QuickenScheduledUpdates"="C:\Program Files\Quicken\bagent.exe" [2008-04-21 18:53 87328]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 19:41 68856]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 05:40 218032]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 18:43 4670704]
"DW6"="C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2008-06-10 16:18 785520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 21:42 1404928]
"sealmon"="C:\Program Files\SealedMedia\sealmon.exe" [2006-03-15 03:20 94208]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 21:05 1117184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 05:40 86960]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 05:40 218032]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 09:35 94208]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 09:36 114688]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 09:32 77824]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-26 01:19 172032]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 18:19 53248]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 03:02 86016]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 03:05 127035]
"DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 21:56 40960]
"Act.Outlook.Service"="C:\Program Files\ACT\ACT for Windows\Act.Outlook.Service.exe" [2007-03-28 09:43 9728]
"Act! Preloader"="C:\Program Files\ACT\ACT for Windows\ActSage.exe" [2007-03-28 09:38 1015808]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24 16384]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 17:33 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 17:37 2178832]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-28 23:26 185896]
"CXMon"="C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe" [2001-08-27 11:52 45056]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 10:11 57344]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-04-10 15:14 1107848]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 09:01 437160]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 17:18 443968]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-24 00:37:56 217194]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-12-10 05:28:55 24576]
Google Calendar Sync.lnk - C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2008-05-27 12:48:52 542192]
JHSecure VPN Client.lnk - C:\Program Files\JHSecure\VPN Client\vpngui.exe [2006-09-09 08:34:56 1524776]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-01-17 11:36:41 66864]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2006-08-18 21:38:20 74752]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-08-18 21:38 276992]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Documents and Settings\\P McGraw\\My Documents\\My Downloads\\iPodSetup.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Documents and Settings\\P McGraw\\My Documents\\My Downloads\\WinGizmoInstall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R2 ColdFusion MX 7 Application Server;ColdFusion MX 7 Application Server;C:\CFusionMX7\runtime\bin\jrunsvc.exe [2005-01-24 12:59]
R2 ColdFusion MX 7 Search Server;ColdFusion MX 7 Search Server;C:\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe -cfg C:\CFusionMX7\verity\k2\common\verity.cfg []
R2 MSSQL$ACT7;SQL Server (ACT7);C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2006-06-28 20:48]
S1 lusbaudio;Logitech USB Microphone;C:\WINDOWS\system32\drivers\OVSound2.sys [2001-08-17 15:05]
S3 QCEmerald;Logitech QuickCam Web;C:\WINDOWS\system32\DRIVERS\OVCE.sys [2001-08-17 15:05]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-07-11 02:21:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-07-14 07:00:08 C:\WINDOWS\Tasks\defrag.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2008-06-15 05:13:44 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2008-07-04 05:00:03 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2008-07-14 07:00:12 C:\WINDOWS\Tasks\Quickclean.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-14 03:38:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-14 3:43:54
ComboFix-quarantined-files.txt 2008-07-14 07:43:11

Pre-Run: 112,780,550,144 bytes free
Post-Run: 112,967,299,072 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

326 --- E O F --- 2008-07-12 10:18:49

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:01 AM

Posted 14 July 2008 - 10:08 AM

Well done! :thumbsup:
Couple more steps for you.



You are running an older version of Java. This can be a security risk so let's get you the latest version.
Upgrading Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 7.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u7-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.

================



Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Please post a new log from DSS.
How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 patmcgraw

patmcgraw
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 15 July 2008 - 02:02 AM

Damn, Kapersky took 7 hrs! :thumbsup:

Oh, and I hope it was alright - but I went ahead and deleted:
C:\Documents and Settings\P McGraw\My Documents\My Downloads\homersimpsonss.exe
C:\Documents and Settings\P McGraw\My Documents\My Downloads\spymaxx_setup.exe
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, July 15, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, July 14, 2008 22:33:50
Records in database: 953481
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 153424
Threat name: 11
Infected objects: 13
Suspicious objects: 0
Duration of the scan: 06:59:00


File name / Threat name / Threats count
C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL/C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.a 1
C:\Deckard\System Scanner\backup\DOCUME~1\PMCGRA~1\LOCALS~1\Temp\DRDld\5.1.0.272f-5.1.0.272-sdregnow.exe Infected: not-a-virus:FraudTool.Win32.SpyNoMore.g 1
C:\Documents and Settings\P McGraw\Application Data\SnapKast\runhide.exe Infected: not-a-virus:RiskTool.Win32.HideRun.c 1
C:\Documents and Settings\P McGraw\My Documents\My Downloads\homersimpsonss.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1
C:\Documents and Settings\P McGraw\My Documents\My Downloads\homersimpsonss.exe Infected: not-a-virus:AdWare.Win32.EZula.cp 1
C:\Documents and Settings\P McGraw\My Documents\My Downloads\homersimpsonss.exe Infected: not-a-virus:AdWare.Win32.Gator.3103 1
C:\Documents and Settings\P McGraw\My Documents\My Downloads\homersimpsonss.exe Infected: Trojan-Dropper.Win32.Small.ff 1
C:\Documents and Settings\P McGraw\My Documents\My Downloads\homersimpsonss.exe Infected: not-a-virus:AdWare.Win32.Sidesearch.e 1
C:\Documents and Settings\P McGraw\My Documents\My Downloads\spymaxx_setup.exe Infected: not-a-virus:FraudTool.Win32.SpyAway.p 1
C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.a 1
C:\QooBox\Quarantine\C\Program Files\AntispyStorm\uninstall.exe.vir Infected: not-a-virus:FraudTool.Win32.SpyAway.q 1
C:\QooBox\Quarantine\C\Program Files\SpyMaxx\uninstall.exe.vir Infected: not-a-virus:FraudTool.Win32.SpyAway.p 1
C:\QooBox\Quarantine\C\WINDOWS\system32\uoyzsydz.exe.vir Infected: Hoax.Win32.Renos.vajj 1

The selected area was scanned.

_________________________________________________________
Deckard's System Scanner v20071014.68
Run by P McGraw on 2008-07-15 02:55:04
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as P McGraw.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:55:33, on 7/15/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\CFusionMX7\runtime\bin\jrunsvc.exe
C:\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe
C:\Program Files\JHSecure\VPN Client\cvpnd.exe
C:\CFusionMX7\runtime\bin\jrun.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
C:\CFusionMX7\verity\k2\_nti40\bin\k2server.exe
C:\CFusionMX7\verity\k2\_nti40\bin\k2index.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\SealedMedia\sealmon.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\ACT\ACT for Windows\Act.Outlook.Service.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Plaxo\3.8.1.1\PlaxoHelper_en.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Quicken\bagent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\P McGraw\Local Settings\Temp\jkos-P McGraw\binaries\ScanningProcess.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
C:\Program Files\Adobe\Acrobat 6.0\Acrobat\Acrobat.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\P McGraw\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\PMCGRA~1.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/apps/msk/en-us/redir....ystempopup=true
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: del.icio.us Toolbar Helper - {7AA07AE6-01EF-44EC-93CA-9D7CD41CCDB6} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0311.0\msneshellx.dll
O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing)
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: del.icio.us - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0311.0\msneshellx.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [sealmon] C:\Program Files\SealedMedia\sealmon.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Act.Outlook.Service] "C:\Program Files\ACT\ACT for Windows\Act.Outlook.Service.exe"
O4 - HKLM\..\Run: [Act! Preloader] "C:\Program Files\ACT\ACT for Windows\ActSage.exe" -preload
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\3.8.1.1\PlaxoHelper_en.exe -a
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [QuickenScheduledUpdates] C:\Program Files\Quicken\bagent.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
O4 - Global Startup: JHSecure VPN Client.lnk = C:\Program Files\JHSecure\VPN Client\vpngui.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.aim.com
O16 - DPF: {040F4385-8DAD-4306-94BF-B8291D841FAE} (USBAPTester Class) - http://www.nintendowifi.com/troubleshooting/usbaptest.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} (PhxStudent.OeSetup15) - https://mycampus.phoenix.edu/secure/PhxStudent15.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {DA25EE3A-530B-4494-AA8A-AA52557E37B6} (LinkedIn Signature Control) - http://www.linkedin.com/cab/LinkedInSignatureControl.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: ColdFusion MX 7 Application Server - Macromedia Inc. - C:\CFusionMX7\runtime\bin\jrunsvc.exe
O23 - Service: ColdFusion MX 7 Search Server - Verity, Inc. - C:\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\JHSecure\VPN Client\cvpnd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

--
End of file - 20142 bytes

-- Files created between 2008-06-15 and 2008-07-15 -----------------------------

2008-07-14 19:39:36 0 d-------- C:\Program Files\Sun
2008-07-14 18:52:58 0 d-------- C:\Documents and Settings\P McGraw\.SunDownloadManager
2008-07-14 03:25:51 0 d-------- C:\cmdcons
2008-07-14 03:14:46 68096 --a------ C:\WINDOWS\zip.exe
2008-07-14 03:14:46 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-14 03:14:45 98816 --a------ C:\WINDOWS\sed.exe
2008-07-14 03:14:45 80412 --a------ C:\WINDOWS\grep.exe
2008-07-14 03:14:44 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-14 03:14:43 49152 --a------ C:\WINDOWS\VFind.exe
2008-07-14 03:14:43 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-14 03:14:42 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-13 06:34:53 0 d-------- C:\Program Files\Trend Micro
2008-07-13 02:20:29 0 d-------- C:\ComboFix1
2008-07-13 01:42:43 5970 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-13 01:41:54 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-13 01:41:54 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-07-13 01:41:54 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-07-13 01:41:54 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-07-13 01:41:54 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-07-13 01:41:54 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-13 01:41:54 81920 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-07-12 19:52:46 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-12 19:51:37 0 d-------- C:\Program Files\Spyware Doctor
2008-07-12 19:51:37 0 d-------- C:\Documents and Settings\P McGraw\Application Data\PC Tools
2008-07-12 19:51:29 0 d-------- C:\Program Files\Common Files\Download Manager
2008-07-12 19:46:49 0 d-------- C:\Program Files\Enigma Software Group
2008-07-12 04:49:50 0 d-------- C:\Documents and Settings\P McGraw\Application Data\Download Manager
2008-07-11 04:56:24 0 d-------- C:\Program Files\iTunes
2008-07-04 09:01:02 0 d-------- C:\Documents and Settings\P McGraw\Application Data\CyberLink
2008-07-04 08:03:40 0 d-------- C:\Documents and Settings\All Users\Application Data\TechSmith
2008-07-04 08:03:32 0 d-------- C:\Program Files\TechSmith
2008-06-28 12:20:25 0 d-------- C:\Program Files\Opera
2008-06-28 11:15:46 0 d-------- C:\Documents and Settings\P McGraw\Application Data\McGraw-HillLicensing
2008-06-18 20:37:15 0 d-------- C:\Program Files\Microsoft Office Outlook Connector
2008-06-18 18:11:57 0 d-------- C:\WINDOWS\Prefetch
2008-06-18 07:18:54 0 d-------- C:\WINDOWS\system32\scripting
2008-06-18 07:18:54 0 d-------- C:\WINDOWS\l2schemas
2008-06-18 07:18:53 0 d-------- C:\WINDOWS\system32\en
2008-06-18 07:18:52 0 d-------- C:\WINDOWS\system32\bits
2008-06-18 07:16:01 0 d-------- C:\WINDOWS\ServicePackFiles
2008-06-18 07:07:18 0 d-------- C:\WINDOWS\EHome


-- Find3M Report ---------------------------------------------------------------

2008-07-14 22:02:09 5642 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-07-14 19:39:12 0 d-------- C:\Program Files\Java
2008-07-14 03:56:40 0 d-------- C:\Program Files\Plaxo
2008-07-13 12:03:44 4962 --a------ C:\WINDOWS\mozver.dat
2008-07-13 10:25:18 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-13 09:17:06 0 d-------- C:\Documents and Settings\P McGraw\Application Data\Adobe
2008-07-13 08:52:40 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-07-13 08:52:25 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-07-13 08:37:36 0 d-------- C:\Program Files\Common Files
2008-07-13 08:28:48 256 --a------ C:\WINDOWS\system32\pool.bin
2008-07-12 17:48:45 0 d-------- C:\Program Files\Mozilla Sunbird
2008-07-12 17:46:44 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-12 16:55:35 0 d-------- C:\Program Files\Common Files\AOL
2008-07-12 15:48:12 0 d-------- C:\Program Files\Bradbury
2008-07-12 15:46:21 0 d-------- C:\Program Files\Quicken Legal Business Pro 2007
2008-07-12 06:06:21 0 d-------- C:\Program Files\eNewsletter Manager v2
2008-07-11 04:56:44 0 d-------- C:\Program Files\iPod
2008-07-11 04:48:23 0 d-------- C:\Program Files\QuickTime
2008-07-10 20:06:39 0 d-------- C:\Documents and Settings\P McGraw\Application Data\FileZilla
2008-07-03 15:49:22 0 d-------- C:\Documents and Settings\P McGraw\Application Data\AdobeUM
2008-06-28 12:21:08 0 d-------- C:\Documents and Settings\P McGraw\Application Data\Opera
2008-06-21 02:18:20 0 d-------- C:\Program Files\Yahoo!
2008-06-19 17:55:58 0 d-------- C:\Program Files\Google
2008-06-18 20:36:03 0 d-------- C:\Program Files\MSECache
2008-06-18 18:18:41 8224 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2008-06-18 18:11:26 0 d-------- C:\Program Files\Messenger
2008-06-18 07:18:52 0 d-------- C:\Program Files\Movie Maker
2008-06-18 07:15:45 0 d-------- C:\Program Files\Windows NT
2008-06-17 00:53:23 0 d-------- C:\Program Files\The Weather Channel FW
2008-06-01 07:18:55 0 d-------- C:\Program Files\Canon
2008-06-01 07:15:34 0 d-------- C:\Program Files\Common Files\Canon
2008-05-30 11:02:45 0 d-------- C:\Program Files\Quicken
2008-05-28 06:29:58 0 d-------- C:\Documents and Settings\P McGraw\Application Data\Skype
2008-05-26 12:37:46 0 d-------- C:\Program Files\FileZilla Client
2008-05-25 06:20:12 0 d-------- C:\Documents and Settings\P McGraw\Application Data\Snapfish


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
06/03/2008 16:17 86032 --a------ C:\Program Files\MSN\Toolbar\3.0.0311.0\msneshellx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [10/14/2004 21:42]
"sealmon"="C:\Program Files\SealedMedia\sealmon.exe" [03/15/2006 03:20]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [07/12/2005 21:05]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [09/11/2006 05:40]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [09/11/2006 05:40]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [09/20/2005 09:35]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [09/20/2005 09:36]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [09/20/2005 09:32]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe" [03/26/2003 01:19]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [02/23/2005 18:19]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [01/27/2005 03:02]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [12/06/2004 03:05]
"DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [12/02/2002 21:56]
"Act.Outlook.Service"="C:\Program Files\ACT\ACT for Windows\Act.Outlook.Service.exe" [03/28/2007 09:43]
"Act! Preloader"="C:\Program Files\ACT\ACT for Windows\ActSage.exe" [03/28/2007 09:38]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [11/15/2007 10:24]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [10/25/2007 17:33]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [10/25/2007 17:37]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [01/28/2008 23:26]
"CXMon"="C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe" [08/27/2001 11:52]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe" [07/03/2001 10:11]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [11/15/2007 10:23]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [05/08/2007 16:24]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [07/10/2008 09:47]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [05/27/2008 10:50]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [07/10/2008 10:51]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 20:12]
"PlaxoUpdate"="C:\Program Files\Plaxo\3.8.1.1\PlaxoHelper_en.exe" [02/11/2008 11:48]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [04/13/2008 20:12]
"QuickenScheduledUpdates"="C:\Program Files\Quicken\bagent.exe" [04/21/2008 18:53]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/27/2007 19:41]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 11:09]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [11/15/2007 10:23]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [09/11/2006 05:40]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 18:43]
"DW6"="C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" [06/10/2008 16:18]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [10/24/2003 12:37:56 AM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [12/10/2005 5:28:55 AM]
Google Calendar Sync.lnk - C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe [5/27/2008 12:48:52 PM]
JHSecure VPN Client.lnk - C:\Program Files\JHSecure\VPN Client\vpngui.exe [9/9/2006 8:34:56 AM]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [1/17/2008 11:36:41 AM]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [8/18/2006 9:38:20 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [08/18/2006 21:38 276992]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- End of Deckard's System Scanner: finished at 2008-07-15 02:57:42 ------------

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:01 AM

Posted 15 July 2008 - 10:51 AM

It's your call, but I would want to uninstall this program as well.

Ask Toolbar



Run Hijackthis again, click scan, and Put a checkmark next to the line listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - (no file)


Aside from that your log looks good to me.
How are things on your end?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 patmcgraw

patmcgraw
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 15 July 2008 - 05:34 PM

Sam,

I think you got it done for me! No more yellow triangle with "!" and pop-ups telling me that I have been infected. The system is running much smoother/faster than before. A slight 'scare' after removing Ask Toolbar (when I rebooted, the system was slow to load and the desktop showed an error) but now everything appears to be running smoothly.

Thanks!
Pat

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:01 AM

Posted 15 July 2008 - 05:42 PM

Sounds good! :)


Let's uninstall Combofix now that we're done with it and clean up a few other things.
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK

    • Posted Image
  • When shown the disclaimer, Select "2"




Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:thumbsup: :)
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 patmcgraw

patmcgraw
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 15 July 2008 - 08:48 PM

Sam,

I tried to uninstall ComboFix as directed but I got a message saying Windows cannot find a file with that name.

As for the rest of the steps - I did the system restore disable/enable step, and all IE recommendations have been followed. I also have McAfee Security Center and PC Tools Spyware Doctor installed and operational. I had used Spybot but replaced it with Spyware Doctor. I also have a firewall set up as well as run regular Windows updates. I also update all programs on a regular basis (as prompted or, for the most used programs, I check monthly.)

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:01 AM

Posted 16 July 2008 - 08:09 AM

Make sure there is a space between the "x" and the "/"
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 patmcgraw

patmcgraw
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 17 July 2008 - 12:25 AM

I did - I tried it with the space and without the space...still nothing.

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:01 AM

Posted 17 July 2008 - 10:27 AM

Is combofix still located on your desktop or did you move into a another folder?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 patmcgraw

patmcgraw
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 17 July 2008 - 08:51 PM

Got it...it's deleted. :thumbsup:

#14 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:01 AM

Posted 18 July 2008 - 07:36 AM

:thumbsup:
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#15 patmcgraw

patmcgraw
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 19 July 2008 - 12:47 AM

Sam,

So it looks like we're done -- system is working fine. Thanks for everything!

Pat




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users