Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Security Deluxe


  • Please log in to reply
16 replies to this topic

#1 StanS

StanS

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:30 PM

Posted 16 July 2008 - 11:05 AM

While surfing the internet I recently got a pop-up that said if I had a slow computer that I should try Internet Security Deluxe to remove any malware. Then another pop-up came up with a warning about my computer being infested with malware and that I should purchase Internet Security Deluxe immediately.

I promptly shut down Internet Explorer and deleted my temporary files and internet cache. I have not gotten any pop-ups since the first one, but my internet access is very, very slow. I downloaded Smitfraud and ran it but not in Safe Mode with no results. I do not think the Kaspersky results relating to Thunderbird are valid since some of the indicated files are zero length and are the basic files for e-mail file storage.

In going through my computer I found a file called History_Cleanup.rtf. I don't think I did a history Cleanup, but I may have. The information in the file very closely matches the time frame and web site, www.leadercall.com, that I got the pop-up on. I am listing it first. Then the Kaspersky and DSS files.

History_Cleaner.rtf


Final Report:



Category: History
Report Time: Thursday, July 10, 2008 11:31 PM
Number of Items to Delete: 5
Items Successfully Deleted: 5
Deletion Item Description:

<http://www.leadercall.com/>
<http://rs6.net/tn.jsp?e=00124k3Y42IWE9HXGw7Gpg2WHyVlFsZ9Y9AfCkQJ8BA4f06o2wu2su18WpvZFibo9w2Iyki20GNN3oYgkemv-0xVHougSeyIPXpbEhd7ZGgBJ7cAi4nNajhZ_QTHUD3KQAgyrX3IRMZLa2fG7f6qht48ZvdH2ZQGL2geQ_gDsZ8YmmSQrzNOhYEYQ==>
res://wizardui.dll/Wiz4Intro.htm
<http://cp20.com/Tracking/t.c?15uj-1ogN-3FNCH1>
Stan@http://www.leadercall.com



Kaspersky File


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, July 15, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, July 15, 2008 20:18:26
Records in database: 957114
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan statistics:
Files scanned: 198871
Threat name: 7
Infected objects: 15
Suspicious objects: 22
Duration of the scan: 02:34:32


File name / Threat name / Threats count
C:\Documents and Settings\All Users\Application Data\AOL Downloads\lpaolcom_setupSTUS\comps\toolbar\toolbr.exe Infected: not-a-virus:AdWare.Win32.SearchIt.t 1
C:\Documents and Settings\Stan\Application Data\Thunderbird\Profiles\jubcfb01.default\Mail\Local Folders\Unsent Messages Suspicious: Email-Worm.Win32.Bagle.mail 4
C:\Documents and Settings\Stan\Application Data\Thunderbird\Profiles\jubcfb01.default\Mail\Local Folders\Unsent Messages Infected: Email-Worm.Win32.Bagle.gen 4
C:\Documents and Settings\Stan\Application Data\Thunderbird\Profiles\jubcfb01.default\Mail\Local Folders\Unsent Messages Suspicious: Trojan-Spy.HTML.Fraud.gen 6
C:\Documents and Settings\Stan\Application Data\Thunderbird\Profiles\jubcfb01.default\Mail\Local Folders\Unsent Messages Infected: Email-Worm.Win32.Warezov.v 1
C:\Documents and Settings\Stan\Application Data\Thunderbird\Profiles\jubcfb01.default\Mail\mail.bellsouth-2.net\Inbox Infected: Backdoor.Win32.Haxdoor.ga 1
C:\Documents and Settings\Stan\Application Data\Thunderbird\Profiles\jubcfb01.default\Mail\mail.bellsouth-2.net\Inbox Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\Stan\Application Data\Thunderbird\Profiles\jubcfb01.default\Mail\mail.bellsouth-2.net\Sent Infected: Backdoor.Win32.Haxdoor.ga 1
C:\Documents and Settings\Stan\Application Data\Thunderbird\Profiles\jubcfb01.default\Mail\mail.bellsouth-2.net\Sent Suspicious: Trojan-Spy.HTML.Fraud.gen 6
C:\Documents and Settings\Stan\Application Data\Thunderbird\Profiles\jubcfb01.default\Mail\mail.bellsouth-3.net\Sent Infected: Email-Worm.Win32.Warezov.v 1
C:\Documents and Settings\Stan\Application Data\Thunderbird\Profiles\jubcfb01.default\Mail\mail.bellsouth.net\Sent Suspicious: Email-Worm.Win32.Bagle.mail 4
C:\Documents and Settings\Stan\Application Data\Thunderbird\Profiles\jubcfb01.default\Mail\mail.bellsouth.net\Sent Infected: Email-Worm.Win32.Bagle.gen 4
C:\Documents and Settings\Stan\Application Data\Thunderbird\Profiles\jubcfb01.default\Mail\mail.bellsouth.net\Sent Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\Stan\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\Documents and Settings\Stan\Desktop\SmitfraudFix.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1

The selected area was scanned.



DSS File



Deckard's System Scanner v20071014.68
Run by Stan on 2008-07-16 00:53:45
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Stan.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:53:46, on 7/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
F:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVANQU~1\SYSTEM~1\MXTask.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\sstray.exe
C:\Program Files\Common Files\AOL\1112335509\ee\AOLSoftware.exe
F:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
F:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
F:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe
C:\Program Files\Pantone\huey\hueyTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\AVANQU~1\SYSTEM~1\mxtask.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\hpoipm07.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
F:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Stan\Desktop\dss.exe
C:\DOCUME~1\Stan\Desktop\Stan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.att.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - F:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - F:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\Avanquest\SystemSuite\LinkScannerIE.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\system32\IETie.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Fix-It AV] C:\Program Files\Avanquest\SystemSuite\MemCheck.exe
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1112335509\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] F:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] F:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [VirusScannerPro] C:\PROGRA~1\AVANQU~1\SYSTEM~1\MemCheck.exe
O4 - HKLM\..\Run: [hpqSRMon] F:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "F:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HPAiODevice(hp officejet 7100 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe
O4 - Global Startup: hueyTray.lnk = C:\Program Files\Pantone\huey\hueyTray.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - F:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - F:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.jjonline.com
O15 - Trusted Zone: http://portal.samford.edu
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1214282523843
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD42/JSCDL/jr...ows-i586-jc.cab
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (MSN Games Hearts) - http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab70018.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - F:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - F:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: SystemSuite Task Manager - Avanquest Software USA, Inc. - C:\PROGRA~1\AVANQU~1\SYSTEM~1\MXTask.exe

--
End of file - 10631 bytes

-- Files created between 2008-06-16 and 2008-07-16 -----------------------------

2008-07-16 00:32:36 0 d-------- C:\Documents and Settings\dad\Application Data\Macromedia
2008-07-16 00:32:35 0 d-------- C:\Documents and Settings\dad\Application Data\HPAppData
2008-07-16 00:32:35 0 d-------- C:\Documents and Settings\dad\Application Data\Adobe
2008-07-16 00:29:23 0 d-------- C:\Documents and Settings\dad\Application Data\Logitech
2008-07-16 00:29:19 0 d-------- C:\Documents and Settings\dad\Application Data\Pantone
2008-07-16 00:29:19 0 d-------- C:\Documents and Settings\dad\Application Data\Avanquest
2008-07-16 00:29:06 0 d-------- C:\Documents and Settings\dad\Application Data\Identities
2008-07-16 00:28:17 0 d--h----- C:\Documents and Settings\dad\Templates
2008-07-16 00:28:17 0 dr------- C:\Documents and Settings\dad\Start Menu
2008-07-16 00:28:17 0 dr-h----- C:\Documents and Settings\dad\SendTo
2008-07-16 00:28:17 0 dr-h----- C:\Documents and Settings\dad\Recent
2008-07-16 00:28:17 0 d--h----- C:\Documents and Settings\dad\PrintHood
2008-07-16 00:28:17 1048576 --ah----- C:\Documents and Settings\dad\NTUSER.DAT
2008-07-16 00:28:17 0 d--h----- C:\Documents and Settings\dad\NetHood
2008-07-16 00:28:17 0 dr------- C:\Documents and Settings\dad\My Documents
2008-07-16 00:28:17 0 d--h----- C:\Documents and Settings\dad\Local Settings
2008-07-16 00:28:17 0 dr------- C:\Documents and Settings\dad\Favorites
2008-07-16 00:28:17 0 d-------- C:\Documents and Settings\dad\Desktop
2008-07-16 00:28:17 0 d--hs---- C:\Documents and Settings\dad\Cookies
2008-07-16 00:28:17 0 dr-h----- C:\Documents and Settings\dad\Application Data
2008-07-16 00:28:17 0 d-------- C:\Documents and Settings\dad\Application Data\VCOM
2008-07-16 00:28:17 0 d---s---- C:\Documents and Settings\dad\Application Data\Microsoft
2008-07-15 14:42:31 0 d-------- C:\WINDOWS\BDOSCAN8
2008-07-15 13:37:02 0 d-------- C:\Documents and Settings\Stan\Application Data\HouseCall 6.6
2008-07-11 01:20:50 4198 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-11 01:20:28 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-11 01:20:28 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-07-11 01:20:28 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-07-11 01:20:28 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-07-11 01:20:28 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-07-11 01:20:28 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-07-11 01:20:28 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-11 01:20:28 81920 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-06-27 01:13:33 0 d-------- C:\Program Files\Common Files\Java


-- Find3M Report ---------------------------------------------------------------

2008-07-16 00:29:06 0 d-------- C:\Program Files\Web Publish
2008-07-15 16:52:02 0 d-------- C:\Documents and Settings\Stan\Application Data\VCOMAntiSpam
2008-07-11 00:20:28 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-06-27 23:27:06 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-27 01:15:15 0 d-------- C:\Program Files\Java
2008-06-27 01:13:33 0 d-------- C:\Program Files\Common Files
2008-05-16 13:28:49 0 d-------- C:\Program Files\Common Files\Pure Networks Shared


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
03/02/2007 17:52 1298024 -ra------ F:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
03/02/2007 17:52 177768 -ra------ F:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [02/22/2005 22:05]
"Fix-It AV"="C:\Program Files\Avanquest\SystemSuite\MemCheck.exe" [02/01/2008 03:05]
"nForce Tray Options"="sstray.exe" [08/12/2003 23:25 C:\WINDOWS\system32\sstray.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [05/10/2006 10:48 C:\WINDOWS\KHALMNPR.Exe]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/12/2006 17:40]
"HostManager"="C:\Program Files\Common Files\AOL\1112335509\ee\AOLSoftware.exe" [05/25/2007 12:16]
"DiscWizardMonitor.exe"="F:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe" [04/19/2007 21:24]
"AcronisTimounterMonitor"="F:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe" [04/19/2007 21:38]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe" [04/19/2007 21:29]
"VirusScannerPro"="C:\PROGRA~1\AVANQU~1\SYSTEM~1\MemCheck.exe" [02/01/2008 03:05]
"hpqSRMon"="F:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [08/22/2007 17:31]
"nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [01/08/2008 17:20]
"nmapp"="F:\Program Files\Pure Networks\Network Magic\nmapp.exe" [01/18/2008 10:32]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [12/11/2007 11:56]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 22:16]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [10/4/2004 1:12:18 AM]
HP Digital Imaging Monitor.lnk - F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [3/11/2007 10:26:24 PM]
HPAiODevice(hp officejet 7100 series) - 1.lnk - C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe [6/25/2003 12:23:40 AM]
hueyTray.lnk - C:\Program Files\Pantone\huey\hueyTray.exe [1/9/2008 12:44:02 AM]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [1/5/2007 11:40:43 PM]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
"C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Launchpad]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1112335509\EE\AOLHostManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]
"C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)
"AOL TopSpeedMonitor"=2 (0x2)
"AOL ACS"=2 (0x2)
"AOLService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc

*Newly Created Service* - MAILSCAN



-- End of Deckard's System Scanner: finished at 2008-07-16 00:54:05 ------------

Deactivated links. ~ OB

Edited by Orange Blossom, 20 July 2008 - 01:11 AM.


BC AdBot (Login to Remove)

 


#2 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:05:30 AM

Posted 05 August 2008 - 01:48 PM

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today.
As you can probably see our HijackThis Team is incredibly busy at the moment, but I apologise for the delay you have experienced. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:
Preparation Guide For Use Before Posting A HijackThis Log
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#3 StanS

StanS
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:30 PM

Posted 06 August 2008 - 11:37 PM

I am attaching a new run of the output form DSS. I have done a good bit of system cleanup and run several cleanup programs without removing the malware. The only thing I have noticed is that in Task Manager th3e MXtask program from System Suite 8 utilizes 90+ percent of the CPU when running IE7. I believe this is the Trend Micro virus scanner. I did not run Kaspersky again since it didn't really find much the last time. However, I could reinstall Thunderbird if necessary. Also, please note the first file I posted in my original message.



Deckard's System Scanner v20071014.68
Run by Stan on 2008-08-06 23:19:22
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Stan.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:19:49, on 8/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
F:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\dllhost.exe
C:\PROGRA~1\AVANQU~1\SYSTEM~1\MXTask.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVANQU~1\SYSTEM~1\mxtask.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\AOL\1112335509\ee\AOLSoftware.exe
F:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
F:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
F:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Stan\Desktop\dss.exe
C:\DOCUME~1\Stan\Desktop\Stan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.att.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - F:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - F:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\Avanquest\SystemSuite\LinkScannerIE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\system32\IETie.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Fix-It AV] C:\Program Files\Avanquest\SystemSuite\MemCheck.exe
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1112335509\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] F:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] F:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [VirusScannerPro] C:\PROGRA~1\AVANQU~1\SYSTEM~1\MemCheck.exe
O4 - HKLM\..\Run: [hpqSRMon] F:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "F:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HPAiODevice(hp officejet 7100 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe
O4 - Global Startup: hueyTray.lnk = C:\Program Files\Pantone\huey\hueyTray.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - F:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - F:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.jjonline.com
O15 - Trusted Zone: http://portal.samford.edu
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1214282523843
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD42/JSCDL/jr...ows-i586-jc.cab
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (MSN Games Hearts) - http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab70018.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - F:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - F:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: SystemSuite Task Manager - Avanquest Software USA, Inc. - C:\PROGRA~1\AVANQU~1\SYSTEM~1\MXTask.exe

--
End of file - 10455 bytes

-- Files created between 2008-07-06 and 2008-08-06 -----------------------------

2008-08-06 20:21:01 0 d-------- C:\WINDOWS\LastGood
2008-07-26 16:52:15 0 d-------- C:\WINDOWS\ERUNT
2008-07-23 00:58:47 0 dr------- C:\Documents and Settings\Stan\Copy of Favorites
2008-07-20 23:08:01 0 d-------- C:\Program Files\Lavasoft
2008-07-20 23:08:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-20 21:02:58 0 d-------- C:\Documents and Settings\Stan\Application Data\Malwarebytes
2008-07-20 21:02:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-20 21:02:04 0 d-------- C:\Program Files\Common Files\Download Manager
2008-07-17 22:55:19 0 d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-07-16 00:32:36 0 d-------- C:\Documents and Settings\dad\Application Data\Macromedia
2008-07-16 00:32:35 0 d-------- C:\Documents and Settings\dad\Application Data\HPAppData
2008-07-16 00:32:35 0 d-------- C:\Documents and Settings\dad\Application Data\Adobe
2008-07-16 00:29:23 0 d-------- C:\Documents and Settings\dad\Application Data\Logitech
2008-07-16 00:29:19 0 d-------- C:\Documents and Settings\dad\Application Data\Pantone
2008-07-16 00:29:19 0 d-------- C:\Documents and Settings\dad\Application Data\Avanquest
2008-07-16 00:29:06 0 d-------- C:\Documents and Settings\dad\Application Data\Identities
2008-07-16 00:28:17 0 d--h----- C:\Documents and Settings\dad\Templates
2008-07-16 00:28:17 0 dr------- C:\Documents and Settings\dad\Start Menu
2008-07-16 00:28:17 0 dr-h----- C:\Documents and Settings\dad\SendTo
2008-07-16 00:28:17 0 dr-h----- C:\Documents and Settings\dad\Recent
2008-07-16 00:28:17 0 d--h----- C:\Documents and Settings\dad\PrintHood
2008-07-16 00:28:17 1048576 --ah----- C:\Documents and Settings\dad\NTUSER.DAT
2008-07-16 00:28:17 0 d--h----- C:\Documents and Settings\dad\NetHood
2008-07-16 00:28:17 0 dr------- C:\Documents and Settings\dad\My Documents
2008-07-16 00:28:17 0 d--h----- C:\Documents and Settings\dad\Local Settings
2008-07-16 00:28:17 0 dr------- C:\Documents and Settings\dad\Favorites
2008-07-16 00:28:17 0 d-------- C:\Documents and Settings\dad\Desktop
2008-07-16 00:28:17 0 d--hs---- C:\Documents and Settings\dad\Cookies
2008-07-16 00:28:17 0 dr-h----- C:\Documents and Settings\dad\Application Data
2008-07-16 00:28:17 0 d-------- C:\Documents and Settings\dad\Application Data\VCOM
2008-07-16 00:28:17 0 d---s---- C:\Documents and Settings\dad\Application Data\Microsoft
2008-07-11 01:20:50 4198 --a------ C:\WINDOWS\system32\tmp.reg


-- Find3M Report ---------------------------------------------------------------

2008-08-06 20:27:45 147616 --a------ C:\WINDOWS\hpoins21.dat
2008-07-23 01:52:46 0 d-------- C:\Documents and Settings\Stan\Application Data\Move Networks
2008-07-21 00:34:39 0 d-------- C:\Documents and Settings\Stan\Application Data\VCOMAntiSpam
2008-07-20 23:07:32 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-20 21:02:04 0 d-------- C:\Program Files\Common Files
2008-07-20 18:21:48 0 d-------- C:\Documents and Settings\Stan\Application Data\Lavasoft
2008-07-17 23:05:08 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-07-16 00:29:06 0 d-------- C:\Program Files\Web Publish
2008-06-27 23:27:06 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-27 01:15:15 0 d-------- C:\Program Files\Java
2008-06-27 01:13:33 0 d-------- C:\Program Files\Common Files\Java


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
03/02/2007 17:52 1298024 -ra------ F:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
03/02/2007 17:52 177768 -ra------ F:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [02/22/2005 22:05]
"Fix-It AV"="C:\Program Files\Avanquest\SystemSuite\MemCheck.exe" [02/01/2008 03:05]
"nForce Tray Options"="sstray.exe" [08/12/2003 23:25 C:\WINDOWS\system32\sstray.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [05/10/2006 10:48 C:\WINDOWS\KHALMNPR.Exe]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/12/2006 17:40]
"HostManager"="C:\Program Files\Common Files\AOL\1112335509\ee\AOLSoftware.exe" [05/25/2007 12:16]
"DiscWizardMonitor.exe"="F:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe" [04/19/2007 21:24]
"AcronisTimounterMonitor"="F:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe" [04/19/2007 21:38]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe" [04/19/2007 21:29]
"VirusScannerPro"="C:\PROGRA~1\AVANQU~1\SYSTEM~1\MemCheck.exe" [02/01/2008 03:05]
"hpqSRMon"="F:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [08/22/2007 17:31]
"nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [01/08/2008 17:20]
"nmapp"="F:\Program Files\Pure Networks\Network Magic\nmapp.exe" [01/18/2008 10:32]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 22:16]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [10/4/2004 1:12:18 AM]
HP Digital Imaging Monitor.lnk - F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [3/11/2007 10:26:24 PM]
HPAiODevice(hp officejet 7100 series) - 1.lnk - C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe [6/25/2003 12:23:40 AM]
hueyTray.lnk - C:\Program Files\Pantone\huey\hueyTray.exe [1/9/2008 12:44:02 AM]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [1/5/2007 11:40:43 PM]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
"C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Launchpad]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1112335509\EE\AOLHostManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]
"C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)
"AOL TopSpeedMonitor"=2 (0x2)
"AOL ACS"=2 (0x2)
"AOLService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc
HPService HPSLPSVC

*Newly Created Service* - HPSLPSVC



-- End of Deckard's System Scanner: finished at 2008-08-06 23:20:15 ------------

#4 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:05:30 AM

Posted 07 August 2008 - 03:42 PM

Do you know the location of the History_Cleaner.rtf file?

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#5 StanS

StanS
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:30 PM

Posted 07 August 2008 - 04:08 PM

My mistake in the file name. It is History_Cleanup.rtf and is in the My Documents folder. Apparently I ran the History Cleanup function in System Suite 8 and History_Cleanup.rtf is the log file that I saved. So, the entries in the file represent the history that was deleted immediately after the popups started. This might provide some insight.

#6 StanS

StanS
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:30 PM

Posted 07 August 2008 - 08:09 PM

I killed the MXTask program that was utilizing the CPU so much and it turned out to be the firewall in System Suite 8.

#7 StanS

StanS
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:30 PM

Posted 08 August 2008 - 12:59 PM

.

Edited by StanS, 08 August 2008 - 01:46 PM.


#8 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:05:30 AM

Posted 08 August 2008 - 03:08 PM

Oh okay, are you still having the problem with it?

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#9 StanS

StanS
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:30 PM

Posted 08 August 2008 - 03:19 PM

Yes, I am still having trouble.

#10 StanS

StanS
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:30 PM

Posted 08 August 2008 - 06:19 PM

Listed below is an entry from the Windows Error Log that System Suite 8 keeps. I just happened to look at it this afternoon and found this entry in the log. It is the log entry for the message that the popup put up on my system.


07/10/2008 11:11:57 PM

User Name: Stan
Process Description: Internet Explorer
Process Name: C:\Program Files\Internet Explorer\iexplore.exe
Module Description: Windows XP USER API Client DLL
Module Name: C:\WINDOWS\system32\USER32.dll
Dialog Caption: Windows Internet Explorer
Dialog Text: NOTICE: If your computer has been running slower than normal, it may be stored with Adwares, Spywares or Malwares. InternetSecurityDeluxe can perform a quick and completely FREE scan of your system for malicious software. Download InternetSecurityDeluxe FREE now!

#11 StanS

StanS
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:30 PM

Posted 08 August 2008 - 06:25 PM

Also, I just realized that I didn't tell you that MXTask.exe is the background task program for System Suite 8. So, when I killed MXTask.exe it simply killed the firewall prigram that was running in the background.

One thing that I saw happen once when I had the computer disconnected from the network and opened IE7 was that it opened one tab after another endlessly.

#12 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:05:30 AM

Posted 10 August 2008 - 03:08 PM

One more quick log please :thumbsup:
Download Silent Runners and extract it to a new folder on your Desktop.
Run the Silent Runners.vbs file.
You will receive a prompt: "Do you want to skip supplementary searches?" - click "NO."
If your antivirus has a script blocker, you will get a warning asking if you want to allow Silent Runners.vbs to run.
This script is not malicious so please allow it.
A text file will appear in the folder - it's not done, let it run. (It won't appear to be doing anything!)
Once the "All Done!" prompt flashes up, open the text file, and copy & paste it in your next reply.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#13 StanS

StanS
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:30 PM

Posted 10 August 2008 - 10:43 PM

I have to be out of town until Wednesday due to a nephew's death. I will follow your instructions as soon as I get back and update the topic with the result.

#14 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:05:30 AM

Posted 12 August 2008 - 04:08 PM

No problem, take your time; I'm not going anywhere :thumbsup:
In addition to running the new log, I'd like some details of the problems you are still having, the symptons may have changed.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#15 StanS

StanS
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:30 PM

Posted 21 August 2008 - 12:19 AM

The symptons have not really changed very much since the begnning. The system is very slow in all operations, especially when connected to the Internet. When Task Manager is running the firewall is monopolizing the CPU, anywhere from 5% to 100% and changing all of the time from low to high. There seems to be a lot of network activity and no internet activity during this time. The symptoms are much the same when the computer is not connected to the internet.


"Silent Runners.vbs", revision 58, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]
"Fix-It AV" = "C:\Program Files\Avanquest\SystemSuite\MemCheck.exe" ["Avanquest Software USA, Inc."]
"nForce Tray Options" = "sstray.exe /r" ["NVIDIA Corporation"]
"Logitech Hardware Abstraction Layer" = "KHALMNPR.EXE" ["Logitech Inc."]
"NeroFilterCheck" = "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" ["Nero AG"]
"HostManager" = "C:\Program Files\Common Files\AOL\1112335509\ee\AOLSoftware.exe" ["AOL LLC"]
"DiscWizardMonitor.exe" = "F:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe" ["Seagate"]
"AcronisTimounterMonitor" = "F:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe" ["Acronis"]
"Acronis Scheduler2 Service" = ""C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"" ["Acronis"]
"VirusScannerPro" = "C:\PROGRA~1\AVANQU~1\SYSTEM~1\MemCheck.exe" ["Avanquest Software USA, Inc."]
"hpqSRMon" = "F:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" ["Hewlett-Packard"]
"nmctxth" = ""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"" ["Pure Networks, Inc."]
"KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k"
"Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{0347C33E-8762-4905-BF09-768834316C61}\(Default) = "HP Print Enhancer"
-> {HKLM...CLSID} = "HP Print Enhancer"
\InProcServer32\(Default) = "F:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll" ["Hewlett-Packard Co."]
{053F9267-DC04-4294-A72C-58F732D338C0}\(Default) = (no title provided)
-> {HKLM...CLSID} = "HP Print Clips"
\InProcServer32\(Default) = "F:\Program Files\HP\Smart Web Printing\hpswp_framework.dll" ["Hewlett-Packard Co."]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\(Default) = "WormRadar.com IESiteBlocker.NavFilter"
-> {HKLM...CLSID} = "XPL LinkScannerIE"
\InProcServer32\(Default) = "C:\Program Files\Avanquest\SystemSuite\LinkScannerIE.dll" ["Exploit Prevention Labs, Inc."]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
{9527D42F-D666-11D3-B8DD-00600838CD5F}\(Default) = "*i" (unwritable string)
-> {HKLM...CLSID} = "IEWatchObj Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\IETie.dll" ["Tenebril Incorporated"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS]
"{BB7DF450-F119-11CD-8465-00AA00425D90}" = "Microsoft Access Custom Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office\" [file not found]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]
"{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Universal Plug and Play Devices"
-> {HKLM...CLSID} = "Universal Plug and Play Devices"
\InProcServer32\(Default) = "C:\WINDOWS\system32\upnpui.dll" [MS]
"{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C}" = "Logitech Setpoint Extension"
-> {HKLM...CLSID} = "KbLogiExt Class"
\InProcServer32\(Default) = "C:\Program Files\Logitech\SetPoint\kbcplext.dll" ["Logitech Inc."]
"{B9B9F083-2B04-452A-8691-83694AC1037B}" = "Logitech Setpoint Extension"
-> {HKLM...CLSID} = "LogiExt Class"
\InProcServer32\(Default) = "C:\Program Files\Logitech\SetPoint\mcplext.dll" ["Logitech Inc."]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{C539A15A-3AF9-4c92-B771-50CB78F5C751}" = "Acronis True Image Shell Context Menu Extension"
-> {HKLM...CLSID} = "Acronis True Image Shell Context Menu Extension"
\InProcServer32\(Default) = "F:\Program Files\Seagate\DiscWizard\tishell.dll" ["Seagate"]
"{C539A15B-3AF9-4c92-B771-50CB78F5C751}" = "Acronis True Image Shell Extension"
-> {HKLM...CLSID} = "Acronis True Image Shell Extension"
\InProcServer32\(Default) = "F:\Program Files\Seagate\DiscWizard\tishell.dll" ["Seagate"]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "F:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{C55C499D-3518-44a1-998E-796AC5FC989D}" = "NetworkMagic"
-> {HKLM...CLSID} = "Network Magic Folders"
\InProcServer32\(Default) = "F:\Program Files\Pure Networks\Network Magic\nmspce2.dll" ["Pure Networks, Inc."]
"{33F85093-44BB-4587-B25B-FFD05D5B9916}" = "NetworkMagic"
-> {HKLM...CLSID} = "Network Magic Folders"
\InProcServer32\(Default) = "F:\Program Files\Pure Networks\Network Magic\nmspce2.dll" ["Pure Networks, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
-> {HKLM...CLSID} = "WPDShServiceObj Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

HKLM\SYSTEM\CurrentControlSet\Control\Lsa\
<<!>> "Authentication Packages" = "msv1_0"|"relog_ap"

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
Fix-It Menu\(Default) = "{A50302A0-8E15-11d2-887B-006008C1C087}"
-> {HKLM...CLSID} = "Fix-It Extension"
\InProcServer32\(Default) = "C:\Program Files\Avanquest\SystemSuite\mxctxmnu.dll" ["Avanquest Software USA, Inc."]
PowerDesk Menu\(Default) = "{26E7F081-EB97-11d3-9239-006008D2D00F}"
-> {HKLM...CLSID} = "PowerDesk ZIP Extension"
\InProcServer32\(Default) = "C:\Program Files\VCOM\PowerDesk\PDShExt.dll" ["Avanquest Publishing USA, Inc."]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
Fix-It Menu\(Default) = "{A50302A0-8E15-11d2-887B-006008C1C087}"
-> {HKLM...CLSID} = "Fix-It Extension"
\InProcServer32\(Default) = "C:\Program Files\Avanquest\SystemSuite\mxctxmnu.dll" ["Avanquest Software USA, Inc."]
PowerDesk Menu\(Default) = "{26E7F081-EB97-11d3-9239-006008D2D00F}"
-> {HKLM...CLSID} = "PowerDesk ZIP Extension"
\InProcServer32\(Default) = "C:\Program Files\VCOM\PowerDesk\PDShExt.dll" ["Avanquest Publishing USA, Inc."]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
Library\(Default) = "{54F51408-DD44-4a12-82EF-519AD2A80DE9}"
-> {HKLM...CLSID} = "Media Library Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\ATI Multimedia\mlibrary\MLShell.dll" ["ATI Technologies Inc."]


Group Policies {policy setting}:
--------------------------------

Note: detected settings may not have any effect.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\Web\Wallpaper\Bliss.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\Web\Wallpaper\Bliss.bmp"


Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

AdobePhotoshopElements5ShowPicturesOnArrival\
"Provider" = "Adobe Photoshop Elements 5.0"
"InvokeProgID" = "PhotoshopElements.Application.5"
"InvokeVerb" = "launch"
HKLM\SOFTWARE\Classes\PhotoshopElements.Application.5\shell\launch\command\(Default) = ""F:\Program Files\Adobe\Photoshop Elements 5.0\PseProxy.exe" -v "%1"" ["Adobe Systems Incorporated"]

AdobePhotoshopElementsShowPicturesOnArrival\
"Provider" = "Adobe Photoshop Elements"
"InvokeProgID" = "PhotoshopElements.Application.3"
"InvokeVerb" = "launch"
HKLM\SOFTWARE\Classes\PhotoshopElements.Application.3\shell\launch\command\(Default) = ""C:\Program Files\Adobe\Photoshop Elements 3.0\PseProxy.exe" -v "%1"" ["Adobe Systems Incorporated"]

AdobePremiereElementsCameraArrival\
"Provider" = "Adobe Premiere Elements"
"ProgID" = "Shell.HWEventHandlerShellExecute"
"InitCmdLine" = ""C:\Program Files\Adobe\Premiere Elements 1.0\Adobe Premiere Elements.exe""
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
-> {HKLM...CLSID} = "ShellExecute HW Event Handler"
\LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

BlankCDHandler\
"Provider" = "@C:\Program Files\ahead\nero\APHandler.dll,-101"
"InvokeProgID" = "APHandler.Handler.1"
"InvokeVerb" = "BlankCD"
HKLM\SOFTWARE\Classes\APHandler.Handler.1\shell\BlankCD\command\(Default) = "C:\Program Files\ahead\nero\nero.exe /BlankCD" ["Ahead Software AG Karlsbad Germany Phone: +49-7248-911-800 Fax: +49-7248-911-888 e-mail: info@nero.com"]

CDAudioHandler\
"Provider" = "@C:\Program Files\ahead\nero\APHandler.dll,-101"
"InvokeProgID" = "APHandler.Handler.1"
"InvokeVerb" = "CDAudio"
HKLM\SOFTWARE\Classes\APHandler.Handler.1\shell\CDAudio\command\(Default) = "C:\Program Files\ahead\nero\nero.exe /CDAudio" ["Ahead Software AG Karlsbad Germany Phone: +49-7248-911-800 Fax: +49-7248-911-888 e-mail: info@nero.com"]

DVDDecrypterPlayDVDMovieOnArrival\
"Provider" = "DVD Decrypter"
"InvokeProgID" = "DVDDecrypter"
"InvokeVerb" = "Decrypt using DVD Decrypter"
HKLM\SOFTWARE\Classes\DVDDecrypter\shell\Decrypt using DVD Decrypter\Command\(Default) = ""F:\Program Files\DVD Decrypter\DVDDecrypter.exe" /MODE READ /SOURCE "%1"" ["LIGHTNING UK!"]

HPAutoplayPSE\
"Provider" = "HP Photosmart Essential 2.5"
"InvokeProgID" = "HpqPSApl.Autoplay"
"InvokeVerb" = "Play"
HKLM\SOFTWARE\Classes\HpqPSApl.Autoplay\shell\Play\DropTarget\CLSID = "{A6873065-D632-4615-A3A9-C5F05EE109C1}"
-> {HKLM...CLSID} = (no title provided)
\LocalServer32\(Default) = "F:\Program Files\HP\Digital Imaging\bin\HpqPsApl.exe" ["Hewlett-Packard"]

iTunesBurnCDOnArrival\
"Provider" = "iTunes"
"InvokeProgID" = "iTunes.BurnCD"
"InvokeVerb" = "burn"
HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayBurn "%L"" ["Apple Computer, Inc."]

iTunesImportSongsOnArrival\
"Provider" = "iTunes"
"InvokeProgID" = "iTunes.ImportSongsOnCD"
"InvokeVerb" = "import"
HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayImportSongs "%L"" ["Apple Computer, Inc."]

iTunesPlaySongsOnArrival\
"Provider" = "iTunes"
"InvokeProgID" = "iTunes.PlaySongsOnCD"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /playCD "%L"" ["Apple Computer, Inc."]

iTunesShowSongsOnArrival\
"Provider" = "iTunes"
"InvokeProgID" = "iTunes.ShowSongsOnCD"
"InvokeVerb" = "showsongs"
HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayShowSongs "%L"" ["Apple Computer, Inc."]

IviDVDEventHandler\
"Provider" = "InterVideo WinDVD 5"
"InvokeProgID" = "Ivi.MediaFile"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\Ivi.MediaFile\shell\play\command\(Default) = ""C:\Program Files\InterVideo\DVD5\WinDVD.exe" %1" ["InterVideo Inc."]

IviVideoCameraArrival\
"Provider" = "WinDVD Creator"
"ProgID" = "Shell.HWEventHandlerShellExecute"
"InitCmdLine" = ""C:\Program Files\InterVideo\WCreator2\WCreator.exe" --capture"
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
-> {HKLM...CLSID} = "ShellExecute HW Event Handler"
\LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

IviVideoCDHandler\
"Provider" = "InterVideo WinDVD 5"
"InvokeProgID" = "Ivi.MediaFile"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\Ivi.MediaFile\shell\play\command\(Default) = ""C:\Program Files\InterVideo\DVD5\WinDVD.exe" %1" ["InterVideo Inc."]

MSWMEncVCArrival\
"Provider" = "Windows Media Encoder 9 Series"
"ProgID" = "Shell.HWEventHandlerShellExecute"
"InitCmdLine" = "C:\Program Files\Windows Media Components\Encoder\WMEnc.exe"
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
-> {HKLM...CLSID} = "ShellExecute HW Event Handler"
\LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

MSWPDShellNamespaceHandler\
"Provider" = "@%SystemRoot%\System32\WPDShextRes.dll,-501"
"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"
"InitCmdLine" = " "
-> {HKLM...CLSID} = "WPDShextAutoplay"
\LocalServer32\(Default) = "C:\WINDOWS\system32\WPDShextAutoplay.exe" [MS]

NeroAutoPlay7CDAudio\
"Provider" = "Nero Express Essentials"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "CDAudio_HandleCDBurningOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CDAudio_HandleCDBurningOnArrival\command\(Default) = "F:\Program Files\Nero\Nero 7\Core\nero.exe /New:AudioCD" ["Nero AG"]

NeroAutoPlay7CopyCD\
"Provider" = "Nero Express Essentials"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "CopyCD_PlayMusicFilesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CopyCD_PlayMusicFilesOnArrival\command\(Default) = "F:\Program Files\Nero\Nero 7\Core\nero.exe /New:DiscCopy" ["Nero AG"]

NeroAutoPlay7DataDisc\
"Provider" = "Nero Express Essentials"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "DataDisc_HandleCDBurningOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\DataDisc_HandleCDBurningOnArrival\command\(Default) = "F:\Program Files\Nero\Nero 7\Core\nero.exe /New:ISODisc" ["Nero AG"]

NeroAutoPlay7LaunchNeroStartSmart\
"Provider" = "Nero StartSmart Essentials"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "LaunchNeroStartSmart_HandleCDBurningOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\LaunchNeroStartSmart_HandleCDBurningOnArrival\command\(Default) = "F:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe /AutoPlay" ["Nero AG"]

NeroAutoPlay7PlayAudioCD\
"Provider" = "Nero ShowTime Essentials"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "PlayAudioCD_PlayMusicFilesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayAudioCD_PlayMusicFilesOnArrival\command\(Default) = "F:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"]

NeroAutoPlay7PlayDVD\
"Provider" = "Nero ShowTime Essentials"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "PlayDVD_PlayVideoFilesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayDVD_PlayVideoFilesOnArrival\command\(Default) = "F:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"]

NeroAutoPlay7TranscodeVideo\
"Provider" = "Nero Recode Essentials"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "TranscodeVideo_PlayDVDMovieOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\TranscodeVideo_PlayDVDMovieOnArrival\command\(Default) = "F:\Program Files\Nero\Nero 7\Nero Recode\Recode.exe /New:CopyDVDVideo" ["Nero AG"]

NeroAutoPlay7VideoCapture\
"Provider" = "Nero Vision Essentials"
"ProgID" = "Shell.HWEventHandlerShellExecute"
"InitCmdLine" = "/New:VideoCapture"
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
-> {HKLM...CLSID} = "ShellExecute HW Event Handler"
\LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

NeroAutoPlay7ViewPhotos\
"Provider" = "Nero PhotoSnap Viewer Essentials"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "ViewPhotos_ShowPicturesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\ViewPhotos_ShowPicturesOnArrival\command\(Default) = "F:\Program Files\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe /" ["Nero AG"]

RPCDBurningOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.CDBurn.6"
"InvokeVerb" = "open"
HKCU\Software\Classes\RealPlayer.CDBurn.6\shell\open\command\(Default) = ""C:\Program Files\Real\RealPlayer\\RealPlay.exe" /burn "%1"" ["RealNetworks, Inc."]

RPDeviceOnArrival\
"Provider" = "RealPlayer"
"ProgID" = "RealPlayer.HWEventHandler"
HKLM\SOFTWARE\Classes\RealPlayer.HWEventHandler\CLSID\(Default) = "{67E76F1D-BDE2-4052-913C-2752366192D2}"
-> {HKLM...CLSID} = "RealNetworks Scheduler"
\LocalServer32\(Default) = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -autoplay" ["RealNetworks, Inc."]

RPPlayCDAudioOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.AudioCD.6"
"InvokeVerb" = "play"
HKCU\Software\Classes\RealPlayer.AudioCD.6\shell\play\command\(Default) = ""C:\Program Files\Real\RealPlayer\\RealPlay.exe" /play %1 " ["RealNetworks, Inc."]

RPPlayDVDMovieOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.DVD.6"
"InvokeVerb" = "play"
HKCU\Software\Classes\RealPlayer.DVD.6\shell\play\command\(Default) = ""C:\Program Files\Real\RealPlayer\\RealPlay.exe" /dvd %1 " ["RealNetworks, Inc."]

RPPlayMediaOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.AutoPlay.6"
"InvokeVerb" = "open"
HKCU\Software\Classes\RealPlayer.AutoPlay.6\shell\open\command\(Default) = ""C:\Program Files\Real\RealPlayer\\RealPlay.exe" /autoplay "%1"" ["RealNetworks, Inc."]


Startup items in "Stan" & "All Users" startup folders:
------------------------------------------------------

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Adobe Gamma Loader" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"HP Digital Imaging Monitor" -> shortcut to: "F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" ["Hewlett-Packard Co."]
"HPAiODevice(hp officejet 7100 series) - 1" -> shortcut to: "C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe -DeviceID 1112369940" ["Hewlett-Packard Co."]
"hueyTray" -> shortcut to: "C:\Program Files\Pantone\huey\hueyTray.exe" ["Pantone & GretagMacbeth"]
"Logitech SetPoint" -> shortcut to: "C:\Program Files\Logitech\SetPoint\SetPoint.exe" ["Logitech Inc."]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 21
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{F2CF5485-4E02-4F68-819C-B92DE9277049}"
-> {HKLM...CLSID} = "&Links"
\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

Explorer Bars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Real.com"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Shdocvw.dll" [MS]

HKLM\SOFTWARE\Classes\CLSID\{44226DFF-747E-4EDC-B30C-78752E50CD0C}\(Default) = "&ATI TV"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL" ["ATI Technologies Inc."]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.6.0_06"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.6.0_06"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll" ["Sun Microsystems, Inc."]

{44226DFF-747E-4EDC-B30C-78752E50CD0C}\
"ButtonText" = "ATI TV"

{58ECB495-38F0-49CB-A538-10282ABF65E7}\
"ButtonText" = "HP Clipbook"
"CLSIDExtension" = "{E763472E-A716-4CD9-89BD-DBDA6122F741}"
-> {HKLM...CLSID} = "ClipBookBtn Class"
\InProcServer32\(Default) = "F:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll" ["Hewlett-Packard Co."]

{700259D7-1666-479A-93B1-3250410481E8}\
"ButtonText" = "HP Smart Select"
"CLSIDExtension" = "{A93C41D8-01F8-4F8B-B14C-DE20B117E636}"
-> {HKLM...CLSID} = "EnhSelectionBtn Class"
\InProcServer32\(Default) = "F:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll" ["Hewlett-Packard Co."]

{CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\
"ButtonText" = "Real.com"

{E2E2DD38-D088-4134-82B7-F2BA38496583}\
"MenuText" = "@xpsp3res.dll,-20001"
"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Acronis Scheduler2 Service, AcrSch2Svc, ""C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe"" ["Acronis"]
Adobe Active File Monitor V5, AdobeActiveFileMonitor5.0, "F:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe" [null data]
AOL Connectivity Service, AOL ACS, ""C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe"" ["AOL LLC"]
Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
GEARSecurity, GEARSecurity, "C:\WINDOWS\System32\GEARSec.exe" ["GEAR Software"]
HP CUE DeviceDiscovery Service, hpqddsvc, "C:\WINDOWS\system32\svchost.exe -k hpdevmgmt" {"F:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll" ["Hewlett-Packard Co."]}
HP Network Devices Support, HPSLPSVC, "C:\WINDOWS\system32\svchost.exe -k HPService" {"F:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL" ["Hewlett-Packard Co."]}
hpqcxs08, hpqcxs08, "C:\WINDOWS\system32\svchost.exe -k hpdevmgmt" {"F:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll" ["Hewlett-Packard Co."]}
Net Driver HPZ12, Net Driver HPZ12, "C:\WINDOWS\System32\svchost.exe -k HPZ12" {"C:\WINDOWS\system32\HPZinw12.dll" ["Hewlett-Packard"]}
Norton Ghost, Norton Ghost, "C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe" ["Symantec Corporation"]
Pml Driver HPZ12, Pml Driver HPZ12, "C:\WINDOWS\System32\svchost.exe -k HPZ12" {"C:\WINDOWS\system32\HPZipm12.dll" ["Hewlett-Packard"]}
Pure Networks Platform Service, nmservice, ""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"" ["Pure Networks, Inc."]
SystemSuite Task Manager, SystemSuite Task Manager, "C:\PROGRA~1\AVANQU~1\SYSTEM~1\MXTask.exe -Service" ["Avanquest Software USA, Inc."]


Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
EPSON V5 2KMonitor\Driver = "EBPMON2.DLL" ["SEIKO EPSON CORPORATION"]
EPSON V6 2KMonitor\Driver = "EBPMON24.DLL" ["SEIKO EPSON CORPORATION"]
PCL hpz3l5ha\Driver = "hpz3l5ha.dll" ["Hewlett-Packard Company"]
PCL Language Monitor\Driver = "hpz3l3xu.dll" ["Hewlett-Packard Company"]
PrimoMon\Driver = "Primomonnt.dll" [null data]


---------- (launch time: 2008-08-20 23:48:24)
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 1003 seconds.
---------- (total run time: 1114 seconds)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users