Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ie Pops Up Even Though I Use Firefox


  • Please log in to reply
15 replies to this topic

#1 D_Man

D_Man

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 09 August 2008 - 11:33 AM

Well it seems as though my PC has picked up something. I have done as much as I can to try and get most of everything, but now it looks like I have to turn to the experts. Thanx in advance. Now for the Juicy details:

DSS Main.txt

Deckard's System Scanner v20071014.68
Run by David Flores on 2008-08-09 08:54:46
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
102: 2008-08-09 15:54:54 UTC - RP1668 - Deckard's System Scanner Restore Point
101: 2008-08-09 15:42:00 UTC - RP1667 - Installed Java™ 6 Update 7
100: 2008-08-09 07:33:58 UTC - RP1666 - Windows Defender Checkpoint
99: 2008-08-09 04:58:13 UTC - RP1665 - Windows Defender Checkpoint
98: 2008-08-09 04:42:47 UTC - RP1664 - Windows Defender Checkpoint


-- First Restore Point --
1: 2008-05-12 10:10:29 UTC - RP1567 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive E: has 5.65 GiB (less than 15%) free.


-- HijackThis (run as David Flores.exe) ----------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-08-09 08:59:00
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
E:\WINDOWS\system32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Windows Defender\MsMpEng.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\BRSVC01A.EXE
E:\WINDOWS\system32\BRSS01A.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Widcomm\Bluetooth Software\bin\btwdins.exe
E:\Program Files\Yahoo!\Antivirus\iSafe.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\UStorSrv.exe
E:\Program Files\Yahoo!\Antivirus\VetMsg.exe
E:\Program Files\ResChanger XP\ResChangerXP.exe
E:\WINDOWS\system32\rundll32.exe
E:\WINDOWS\system32\rmctrl.exe
E:\Program Files\Yahoo!\browser\ybrwicon.exe
E:\Program Files\Scansoft\PaperPort\pptd40nt.exe
E:\WINDOWS\system32\spool\drivers\w32x86\3\E_S4I2F1.EXE
E:\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB.exe
E:\Program Files\Yahoo!\browser\ycommon.exe
E:\WINDOWS\iisvers.exe
E:\WINDOWS\system32\rundll32.exe
E:\Program Files\Windows Defender\MSASCui.exe
E:\WINDOWS\system32\wscntfy.exe
E:\WINDOWS\system32\rundll32.exe
E:\Program Files\Yahoo!\YOP\yop.exe
C:\program files\MusicMatch\MusicMatch Jukebox\mim.exe
C:\program files\MusicMatch\MusicMatch Jukebox\MMDiag.exe
E:\Program Files\MSI\Live Update 3\LMonitor.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Microsoft ActiveSync\wcescomm.exe
E:\Program Files\Windows Media Player\wmpnscfg.exe
C:\program files\E-Color\Common\IconMgr.exe
E:\Program Files\Microsoft ActiveSync\rapimgr.exe
E:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\program files\E-Color\E-Color Indicator\TICIcon.exe
E:\Program Files\MSI\i-Speeder\i-Speeder.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\WINDOWS\explorer.exe
E:\Program Files\AnalogX\POW\pow.exe
E:\WINDOWS\system32\msiexec.exe
E:\Documents and Settings\David Flores\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://home.microsoft.com/search/lobby/search.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: ChangerBHO Class - {0D4C7057-EAD2-44C6-AD18-9092905F28F1} - E:\WINDOWS\system32\avifil32b.dll (file missing)
O2 - BHO: (no name) - {11F12CE4-B0DF-47FB-84E8-9A2D292C3C90} - E:\WINDOWS\system32\khfCssRh.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - E:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - E:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {A8A41F74-3855-4094-9B10-80A851163366} - E:\WINDOWS\system32\pmnnMdbB.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - E:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - E:\Program Files\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O4 - HKLM\..\Run: [ResChangerXP] E:\Program Files\ResChanger XP\ResChangerXP.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [RemoteControl] E:\WINDOWS\System32\rmctrl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WinFavorites] c:\program files\winfavorites\WinFavorites.exe1
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [YBrowser] E:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "E:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [PaperPort PTD] E:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] E:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [Motive SmartBridge] E:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [wnddrv] E:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [iisvers] E:\WINDOWS\iisvers.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "E:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [CaAvTray] "E:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "E:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Windows Defender] "E:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~2\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [PRISMSVR.EXE] "E:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YOP] E:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [ZangoSA] "E:\Program Files\Zango\bin\10.0.314.0\ZangoSA.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LiveMonitor] E:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [My Global Search Uninstall] rundll32 E:\PROGRA~1\UNINST~1.DLL,O -2
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "E:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Yahoo! Pager] "E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "E:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [WMPNSCFG] E:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Skra] E:\Program Files\Skra\Skra.exe
O4 - HKCU\..\Run: [qomw] E:\Program Files\Common Files\qomw\qomwm.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "E:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "E:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: E-Color.lnk = C:\program files\E-Color\Common\IconMgr.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SmartUI.lnk = E:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
O8 - Extra context menu item: &Yahoo! Search - file:///E:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///E:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///E:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///E:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\Widcomm\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\Widcomm\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://online.musicmatch.com (HKLM)
O15 - Trusted Zone: https://turbotax.com (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/0/5...heckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - E:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O16 - DPF: {33363249-0000-0010-8000-00AA00389B71} () - http://codecs.microsoft.com/codecs/i386/i263_32.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1133454522281
O16 - DPF: {9656B666-992F-4D74-8588-8CA69E97D90C} () - http://www.commonname.com/eng/oneclick/uninstbb.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} () - http://v4.windowsupdate.microsoft.com/CAB/...7813.4484722222
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://download.yahoo.com/dl/installs/ymail/ymmapi.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - E:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - E:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - E:\Program Files\Microsoft ActiveSync\aatp.dll (file missing)
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - E:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - E:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O20 - Winlogon Notify: khfCssRh - E:\WINDOWS\system32\khfCssRh.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - E:\WINDOWS\system32\BRSVC01A.EXE
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - E:\Program Files\Widcomm\Bluetooth Software\bin\btwdins.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - E:\Program Files\Yahoo!\Antivirus\iSafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NoIPDUCService - Vitalwerks LLC - E:\Program Files\No-IP\DUC20.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: UStorage Server Service - OTi - E:\WINDOWS\system32\UStorSrv.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - E:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - E:\WINDOWS\system32\YPcservice.exe


--
End of file - 14672 bytes

-- HijackThis Fixed Entries (C:\unzipped\HIJACK~1\backups\) --------------------

backup-20050724-224925-118 O2 - BHO: brdg Class - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - E:\WINDOWS\System32\bridge.dll
backup-20050724-224925-201 R3 - URLSearchHook: AutoSearch Class - {1E432263-6841-4653-8F02-366A2F77E339} - E:\PROGRA~1\WINDOW~4\WinSB1.dll
backup-20050724-224925-491 O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
backup-20050724-224925-523 O16 - DPF: {2119776A-F1AD-4FCD-9548-F1E1C615350C} - http://www.stop-sign.com/pub/download/stop-sign_fs2.cab
backup-20050724-224925-701 O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
backup-20050724-224925-886 O4 - HKLM\..\Run: [RunDLL] rundll32.exe "E:\WINDOWS\System32\bridge.dll",Load

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 giveio - e:\windows\system32\giveio.sys
R0 speedfan - e:\windows\system32\speedfan.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R1 ati1xbxxx - e:\windows\system32\drivers\ati1xbxxx.sys
R1 Cdr4_2K - e:\windows\system32\drivers\cdr4_2k.sys <Not Verified; Adaptec; Adaptec's CD-R Helper Drivers>
R1 VETFDDNT (VET Floppy Boot Sector Monitor) - e:\windows\system32\drivers\vetfddnt.sys <Not Verified; Computer Associates International, Inc.; Computer Associates Antivirus>
R1 VET-FILT (VET File System Filter) - e:\windows\system32\drivers\vet-filt.sys <Not Verified; Computer Associates International, Inc.; Computer Associates Antivirus>
R1 VETMONNT (VET File Monitor) - e:\windows\system32\drivers\vetmonnt.sys <Not Verified; Computer Associates International, Inc.; Computer Associates Antivirus>
R1 VET-REC (VET File System Recognizer) - e:\windows\system32\drivers\vet-rec.sys <Not Verified; Computer Associates International, Inc.; Computer Associates Antivirus>
R2 BTSERIAL (Bluetooth Serial Driver) - e:\windows\system32\drivers\btserial.sys
R2 BTSLBCSP (Bluetooth Port Client Driver) - e:\windows\system32\drivers\btslbcsp.sys <Not Verified; WIDCOMM, Inc.; Bluetooth Software 1.4.2 Build 10>
R2 IOPort - e:\windows\system32\drivers\ioport.sys <Not Verified; Erik Salaj; IOPort>
R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.9) - e:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.9>
R3 tbhsd (Tunebite High-Speed Dubbing) - e:\windows\system32\drivers\tbhsd.sys <Not Verified; RapidSolution Software AG; Tunebite High-Speed Dubbing>

S3 GMSIPCI - d:\install\gmsipci.sys (file missing)
S3 HwIOctl - e:\program files\setup files\ms-6728 v2.50\hwioctl.sys (file missing)
S3 Memctl - e:\program files\setup files\ms-6728 v2.50\memctl.sys (file missing)
S3 PCAMPR5 (PCAMPR5 NDIS Protocol Driver) - e:\windows\system32\pcampr5.sys (file missing)
S3 PLCNDIS5 (PLCNDIS5 NDIS Protocol Driver) - e:\windows\system32\plcndis5.sys <Not Verified; Intellon, Inc.; PCAUSA Rawether for Windows>
S3 wceusbsh (Windows CE USB Serial Host Driver) - e:\windows\system32\drivers\wceusbsh.sys <Not Verified; Microsoft Corporation; Windows CE USB Serial Host Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "e:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 UStorage Server Service - e:\windows\system32\ustorsrv.exe /service <Not Verified; OTi; OTi Content Service>

S2 NoIPDUCService - e:\program files\no-ip\duc20.exe -service <Not Verified; Vitalwerks LLC; DUC v2.2.1.0>
S3 YPCService - e:\windows\system32\ypcser~1.exe <Not Verified; Yahoo! Inc.; YPCService Module>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-08-09 07:47:13 330 --ah----- E:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-08-08 16:00:04 412 --ah----- E:\WINDOWS\Tasks\{B73221EB-7285-47CF-8380-35B7D1383E6C}_DFLORES-01_David Flores.job
2008-08-08 16:00:04 412 --ah----- E:\WINDOWS\Tasks\{365C68CC-BA57-4AFF-B4B5-C3B9DA568879}_DFLORES-01_David Flores.job
2008-08-08 09:00:03 412 --ah----- E:\WINDOWS\Tasks\{0C03FD4E-C55E-46CF-A939-238AA9F02CE2}_DFLORES-01_David Flores.job
2008-08-06 19:02:00 284 --a------ E:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-07-09 and 2008-08-09 -----------------------------

2008-08-09 08:01:43 225280 --a------ E:\Program Files\Uninstall My Global Search Bar.dll <Not Verified; My Global Search; My Global Search Bar for Internet Explorer and FireFox>
2008-08-09 07:58:25 0 d-------- E:\WINDOWS\LastGood
2008-08-09 00:08:50 2048 --a------ E:\WINDOWS\system32\qnvsnmom.exe
2008-08-08 00:40:47 86144 --a------ E:\WINDOWS\system32\drivers\ati1xbxxx.sys
2008-08-08 00:40:44 0 d-------- E:\WINDOWS\system32\gps
2008-08-08 00:40:44 0 d-------- E:\WINDOWS\system32\fx
2008-08-08 00:40:29 26112 --a------ E:\WINDOWS\system32\tuvVOGwT.dll
2008-08-08 00:40:28 0 d-------- E:\WINDOWS\system32\kBin19
2008-08-08 00:40:28 26112 --a------ E:\WINDOWS\system32\cbXpOFxw.dll
2008-08-08 00:07:03 2048 --a------ E:\WINDOWS\system32\yxecldfp.exe
2008-08-08 00:06:35 89088 --a------ E:\WINDOWS\system32\xofgqfsr.dll
2008-08-08 00:00:16 41724 ---hs---- E:\Program Files\Common Files\Yazzle1560OinUninstaller.exe
2008-08-07 23:44:55 0 d-------- E:\Program Files\Webtools
2008-08-07 23:39:53 0 d-------- E:\Program Files\Mjcore
2008-08-07 00:06:39 2048 --a------ E:\WINDOWS\system32\edlsator.exe
2008-08-07 00:06:35 107008 --a------ E:\WINDOWS\system32\yovvdltr.dll
2008-08-07 00:06:35 107008 --a------ E:\WINDOWS\system32\sdrqko.dll
2008-08-06 22:04:28 107008 --a------ E:\WINDOWS\system32\ufetny.dll
2008-08-06 22:04:26 107008 --a------ E:\WINDOWS\system32\ktksfybx.dll
2008-08-06 22:03:34 874758 --ahs---- E:\WINDOWS\system32\BbdMnnmp.ini2
2008-08-06 22:03:29 312320 --a------ E:\WINDOWS\system32\pmnnMdbB.dll
2008-08-06 21:58:25 26112 --a------ E:\WINDOWS\system32\pmnkHXqR.dll
2008-08-06 21:58:23 26112 --a------ E:\WINDOWS\system32\yayxyxXn.dll
2008-08-06 21:58:23 26112 --a------ E:\WINDOWS\system32\xxywWpqP.dll
2008-08-06 21:58:23 26112 --a------ E:\WINDOWS\system32\khfCssRh.dll
2008-08-05 04:39:18 439808 --a------ E:\WINDOWS\b158.exe
2008-08-04 07:59:48 64512 --a------ E:\WINDOWS\b152.exe
2008-07-28 10:06:12 56832 --a------ E:\WINDOWS\b155.exe


-- Find3M Report ---------------------------------------------------------------

2008-08-09 08:44:20 0 d-------- E:\Program Files\Java
2008-08-09 08:29:33 0 dr-h----- E:\Documents and Settings\David Flores\Application Data\yahoo!
2008-08-08 00:20:57 0 d-------- E:\Program Files\Common Files\qomw
2008-08-08 00:00:16 0 d-------- E:\Program Files\Common Files
2008-07-10 20:38:55 0 d-------- E:\Documents and Settings\David Flores\Application Data\uTorrent
2008-06-29 18:18:45 0 d-------- E:\Program Files\MSI
2008-06-29 18:16:56 0 d-------- E:\Program Files\Setup Files
2008-05-30 06:21:43 38416 --a------ E:\Documents and Settings\David Flores\Application Data\GDIPFONTCACHEV1.DAT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D4C7057-EAD2-44C6-AD18-9092905F28F1}]
E:\WINDOWS\system32\avifil32b.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11F12CE4-B0DF-47FB-84E8-9A2D292C3C90}]
08/06/2008 09:58 PM 26112 --a------ E:\WINDOWS\system32\khfCssRh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A8A41F74-3855-4094-9B10-80A851163366}]
08/06/2008 10:03 PM 312320 --a------ E:\WINDOWS\system32\pmnnMdbB.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
07/28/2008 03:46 AM 160496 --a------ E:\Program Files\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ResChangerXP"="E:\Program Files\ResChanger XP\ResChangerXP.exe" [02/14/2002 11:33 AM]
"Cmaudio"="cmicnfg.cpl" []
"RemoteControl"="E:\WINDOWS\System32\rmctrl.exe" [10/16/2000 09:37 AM]
"NvCplDaemon"="E:\WINDOWS\system32\NvCpl.dll" [10/22/2006 01:22 PM]
"WinFavorites"="c:\program files\winfavorites\WinFavorites.exe1" []
"NeroFilterCheck"="E:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 03:50 AM]
"YBrowser"="E:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [07/21/2006 05:19 PM]
"IPInSightMonitor 01"="E:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe" [07/14/2003 12:30 PM]
"PaperPort PTD"="E:\Program Files\Scansoft\PaperPort\pptd40nt.exe" [08/12/2002 10:33 AM]
"IndexSearch"="E:\Program Files\Scansoft\PaperPort\IndexSearch.exe" [08/12/2002 11:07 AM]
"EPSON Stylus Photo R300 Series"="E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.exe" [06/04/2003 03:00 AM]
"Motive SmartBridge"="E:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [08/18/2006 06:13 PM]
"wnddrv"="E:\WINDOWS\svchost.exe" []
"iisvers"="E:\WINDOWS\iisvers.exe" [02/13/2005 11:28 PM]
"Adobe Photo Downloader"="E:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/06/2005 11:46 PM]
"CaAvTray"="E:\Program Files\Yahoo!\Antivirus\CAVTray.exe" [09/13/2005 11:15 PM]
"CAVRID"="E:\Program Files\Yahoo!\Antivirus\CAVRID.exe" [09/13/2005 11:15 PM]
"BluetoothAuthenticationAgent"="bthprops.cpl" [08/04/2004 12:56 AM E:\WINDOWS\system32\bthprops.cpl]
"Windows Defender"="E:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"MimBoot"="C:\PROGRA~2\MUSICM~1\MUSICM~1\mimboot.exe" [11/07/2006 04:41 PM]
"MMTray"="C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe" [11/07/2006 04:41 PM]
"PRISMSVR.EXE"="E:\WINDOWS\system32\PRISMSVR.exe" []
"nwiz"="nwiz.exe" [10/22/2006 01:22 PM E:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="E:\WINDOWS\system32\NvMcTray.dll" [10/22/2006 01:22 PM]
"TkBellExe"="E:\Program Files\Common Files\Real\Update_OB\realsched.exe" [10/11/2006 11:50 PM]
"YOP"="E:\PROGRA~1\Yahoo!\YOP\yop.exe" [07/21/2006 11:43 AM]
"ZangoSA"="E:\Program Files\Zango\bin\10.0.314.0\ZangoSA.exe" [11/14/2007 02:36 PM]
"QuickTime Task"="E:\Program Files\QuickTime\QTTask.exe" [11/15/2007 12:43 AM]
"iTunesHelper"="E:\Program Files\iTunes\iTunesHelper.exe" [11/15/2007 02:11 PM]
"Adobe Reader Speed Launcher"="E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"LiveMonitor"="E:\Program Files\MSI\Live Update 3\LMonitor.exe" [04/30/2008 06:30 PM]
"SunJavaUpdateSched"="E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="E:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"Spyware Doctor"="E:\Program Files\Spyware Doctor\swdoctor.exe" []
"@"="" []
"Yahoo! Pager"="E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [03/01/2007 06:11 PM]
"H/PC Connection Agent"="E:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [11/13/2006 02:39 PM]
"WMPNSCFG"="E:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 09:05 PM]
"Skra"="E:\Program Files\Skra\Skra.exe" []
"qomw"="E:\Program Files\Common Files\qomw\qomwm.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"My Global Search Uninstall"=rundll32 E:\PROGRA~1\UNINST~1.DLL,O -2

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="E:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

E:\Documents and Settings\All Users\Start Menu\Programs\Startup\
E-Color.lnk - C:\program files\E-Color\Common\IconMgr.exe [7/11/2003 5:01:20 AM]
Microsoft Office.lnk - E:\Program Files\Microsoft Office\Office\OSA9.EXE [1/21/2000 1:15:54 AM]
SmartUI.lnk - E:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe [8/12/2002 10:00:40 AM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{11F12CE4-B0DF-47FB-84E8-9A2D292C3C90}"= E:\WINDOWS\system32\khfCssRh.dll [08/06/2008 09:58 PM 26112]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfCssRh]
khfCssRh.dll 08/06/2008 09:58 PM 26112 E:\WINDOWS\system32\khfCssRh.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 E:\WINDOWS\system32\pmnnMdbB

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=E:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]
path=E:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk
backup=E:\WINDOWS\pss\BTTray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^David Flores^Start Menu^Programs^Startup^No-IP DUC.lnk]
path=E:\Documents and Settings\David Flores\Start Menu\Programs\Startup\No-IP DUC.lnk
backup=E:\WINDOWS\pss\No-IP DUC.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"E:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tunebite.exe]
E:\Program Files\tunebite\tunebite.exe -hidden

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
E:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zango]
"e:\program files\zango\zango.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ




-- End of Deckard's System Scanner: finished at 2008-08-09 09:00:43 ------------





Extra.txt


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.40GHz
CPU 1: Intel® Pentium® 4 CPU 2.40GHz
Percentage of Memory in Use: 32%
Physical Memory (total/avail): 2047.48 MiB / 1390.73 MiB
Pagefile Memory (total/avail): 2664.83 MiB / 2180.02 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1930.76 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 39.06 GiB total, 5.67 GiB free.
D: is CDROM (No Media)
E: is Fixed (NTFS) - 72.69 GiB total, 5.65 GiB free.
F: is Fixed (FAT32) - 37.26 GiB total, 19.73 GiB free.
G: is CDROM (No Media)
H: is Removable (FAT32)
I: is Fixed (FAT32) - 232.83 GiB total, 193.26 GiB free.

\\.\PHYSICALDRIVE1 - ST340823A - 37.27 GiB - 1 partition
\PARTITION0 (bootable) - Unknown - 37.27 GiB - F:

\\.\PHYSICALDRIVE0 - WDC WD1200JB-75CRA0 - 111.76 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 39.06 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 72.69 GiB - E:

\\.\PHYSICALDRIVE2 - Apple iPod USB Device - 5.72 GiB - 1 partition
\PARTITION0 - Unknown - 5.68 GiB - H:

\\.\PHYSICALDRIVE3 - WD 2500BEV External USB Device - 232.88 GiB - 1 partition
\PARTITION0 - Unknown - 232.88 GiB - I:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: Anti-Virus - SBC Yahoo! Online Protection v7.0.7.4 (Computer Associates) Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="E:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"E:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="E:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"E:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="E:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YPAGER.EXE"="E:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YPAGER.EXE:*:Enabled:Yahoo! Messenger"
"E:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"="E:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe:*:Enabled:Yahoo! FT Server"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="E:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:*:Enabled:Connection Manager"
"E:\\Program Files\\DietPower 4.0\\Diet.exe"="E:\\Program Files\\DietPower 4.0\\Diet.exe:*:Enabled:DietPower"
"E:\\Program Files\\MSI\\i-Speeder\\i-Speeder.exe"="E:\\Program Files\\MSI\\i-Speeder\\i-Speeder.exe:*:Enabled:i-Speeder"
"E:\\Program Files\\BearShare\\BearShare.exe"="E:\\Program Files\\BearShare\\BearShare.exe:*:Enabled:BearShare"
"E:\\Program Files\\BitTorrent\\bittorrent.exe"="E:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"E:\\Program Files\\BearFlix\\bearflix.exe"="E:\\Program Files\\BearFlix\\bearflix.exe:*:Enabled:BearFlix"
"E:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="E:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\\Program Files\\iTunes\\iTunes.exe"="E:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"E:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="E:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"E:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="E:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"E:\\Program Files\\uTorrent\\uTorrent.exe"="E:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"E:\\Program Files\\TurboTax\\Basic 2007\\32bit\\ttax.exe"="E:\\Program Files\\TurboTax\\Basic 2007\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"E:\\Program Files\\TurboTax\\Basic 2007\\32bit\\updatemgr.exe"="E:\\Program Files\\TurboTax\\Basic 2007\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=E:\Documents and Settings\All Users
APPDATA=E:\Documents and Settings\David Flores\Application Data
CLASSPATH=.;E:\Program Files\Java\j2re1.4.2\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=E:\Program Files\Common Files
COMPUTERNAME=DFLORES-01
ComSpec=E:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=E:
HOMEPATH=\Documents and Settings\David Flores
LOGONSERVER=\\DFLORES-01
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=E:\WINDOWS\system32;E:\WINDOWS;E:\WINDOWS\System32\Wbem;E:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=E:\Program Files
PROMPT=$P$G
QTJAVA=E:\Program Files\Java\j2re1.4.2\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=E:
SystemRoot=E:\WINDOWS
TEMP=E:\DOCUME~1\DAVIDF~1\LOCALS~1\Temp
TMP=E:\DOCUME~1\DAVIDF~1\LOCALS~1\Temp
USERDOMAIN=DFLORES-01
USERNAME=David Flores
USERPROFILE=E:\Documents and Settings\David Flores
windir=E:\WINDOWS


-- User Profiles ---------------------------------------------------------------

David Flores (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "E:\Program Files\SBC Yahoo!\umuninst.exe" /S
--> C:\PROGRA~1\SBCSEL~1\CustomUninstall.exe SBC
--> E:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
--> E:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 E:\WINDOWS\INF\PCHealth.inf
µTorrent --> "E:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
2Wire Wireless Client --> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{A3BC5D37-30F9-4CF7-BD5C-0DFF063E4B6D}\Setup.exe" -l0x9 -L0x9
3Deep --> E:\WINDOWS\IsUninst.exe -f"C:\Program Files\E-Color\3Deep\TDPunins.isu" -c"C:\PROGRA~2\E-Color\3Deep\tdpunins.dll" ProdName3Deep
Adobe Acrobat 5.0 --> E:\WINDOWS\ISUNINST.EXE -f"E:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"E:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player Plugin --> E:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Reader 8.1.2 Security Update 1 (KB403742) -->
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Adobe® Photoshop® Album Starter Edition 3.0.1 --> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{C9618743-1A5C-461E-91C4-E013A3D70F3C}\Setup.exe" -l0x9
AnalogX POW! --> E:\Program Files\AnalogX\POW\powu.exe
AnswerWorks 4.0 Runtime - English --> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AT&T Yahoo! Applications --> E:\PROGRA~1\Yahoo!\Common\uninstall.exe
AT&T Yahoo! High Speed Internet Home Networking Installer --> E:\Program Files\2Wire\Uninstaller.exe
AvantGo Client --> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{E938E6C4-269B-4FA8-860F-BC23BA665B15}\Setup.exe" -uninst
BearFlix --> E:\PROGRA~1\BearFlix\UNWISE.EXE E:\PROGRA~1\BearFlix\INSTALL.LOG
BearShare --> E:\PROGRA~1\BEARSH~1\\UNWISE.EXE E:\PROGRA~1\BEARSH~1\\INSTALL.LOG
BitTorrent 5.0.9 --> "E:\Program Files\BitTorrent\uninstall.exe"
Brother MFL Pro Suite --> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{0C3FCE48-6984-11D5-90F8-00E029591716}\Setup.exe" bruninst.dll
BSPlayer --> "E:\Program Files\BSPlayer\uninstall.exe"
C-Media 3D Audio --> E:\WINDOWS\CMIUnInstall.exe
C-Media WDM Audio Driver --> E:\WINDOWS\system32\cmirmdrv.exe
Canon IXY 200a, PowerShot S200, IXUS v2 WIA Driver --> E:\WINDOWS\IsUninst.exe -f"E:\Program Files\Canon\IXY200A PSS200 IXUSV2 WIA\Uninst.isu" -c"E:\Program Files\Canon\IXY200A PSS200 IXUSV2 WIA\UNSTE116.dll"
Canon PhotoRecord --> E:\WINDOWS\IsUninst.exe -f"E:\Program Files\Canon\PhotoRecord\Uninst.isu" -c"E:\Program Files\Canon\PhotoRecord\Program\uninstdll.dll"
Canon Utilities PhotoStitch 3.1 --> E:\WINDOWS\IsUninst.exe -f"E:\Program Files\Canon\PhotoStitch\Uninst.isu"
Canon Utilities RAW Image Converter2 --> E:\WINDOWS\IsUninst.exe -f"E:\Program Files\Canon\RAW Image Converter2\Uninst.isu"
Canon Utilities RemoteCapture 2.4 --> E:\WINDOWS\IsUninst.exe -f"E:\Program Files\Canon\RemoteCapture\Uninst.isu"
Canon Utilities ZoomBrowser EX --> E:\WINDOWS\IsUninst.exe -f"E:\Program Files\Canon\ZoomBrowser EX\Uninst.isu" -c"E:\Program Files\Canon\ZoomBrowser EX\Program\uninstallutilities.dll"
ClickArt® 360,000 Premier Image Pak --> E:\WINDOWS\UNINST.EXE -f"E:\PROGRA~1\BRODER~1\CLICKA~1\DeIsL1.isu"
ClickArt® Gallery --> E:\WINDOWS\UNINST.EXE -f"E:\PROGRA~1\BRODER~1\CLICKA~2\DeIsL1.isu"
CNetX ezyUnZIP (Pocket PC Edition) --> "E:\Program Files\Microsoft ActiveSync\CNetX\ezyUnZIP\uInstall.exe" E:\Program Files\Microsoft ActiveSync\CNetX\ezyUnZIP\ppcSetup.uil
Codec Pack - All In 1 6.0.3.0 --> E:\WINDOWS\iun6002.exe "E:\Program Files\Codec Pack - All In 1\irunin.ini"
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
CopyPod (remove only) --> "E:\Program Files\CopyPod\uninstall.exe"
DietPower 4.0 --> MsiExec.exe /I{14038AAA-064F-4506-8FD4-59F2F7DF035C}
DVD Decrypter (Remove Only) --> "C:\All DVD work\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2 --> "E:\Program Files\DVD Shrink\unins000.exe"
E-Color Indicator --> E:\WINDOWS\IsUninst.exe -f"C:\Program Files\E-Color\E-Color Indicator\Uninst.isu" -c"C:\Program Files\E-Color\E-Color Indicator\TICUninstall.dll"
EPSON CardMonitor --> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{109D28C7-FB38-483A-9C91-001CB59E2699}\Setup.exe" -l0x9 uninst
EPSON PhotoStarter3.0 --> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{5983C895-DDA4-45D9-A8D1-877D5DE7693E}\Setup.exe" uninst
EPSON Print CD --> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\Setup.exe" -l0x9 -SYSTEM
EPSON Printer Software --> E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON SPR300 Reference Guide --> E:\Program Files\epson\guide\spr300_e\uninstall.exe
Film Factory --> E:\WINDOWS\IsUninst.exe -f"E:\Program Files\EPSON Software\Film Factory\Uninst.isu"
HijackThis 1.99.1 --> C:\unzipped\hijackthis\HijackThis.exe /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "E:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344) --> "E:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB910998) --> "E:\WINDOWS\$NtUninstallKB910998$\spuninst\spuninst.exe"
i-Speeder --> E:\WINDOWS\IsUninst.exe -f"E:\Program Files\MSI\i-Speeder\Uninst.isu"
Imation Disk Manager II Service --> E:\DOCUME~1\DAVIDF~1\LOCALS~1\Temp\Imation Disk Manager II.exe -u
InfoView --> E:\WINDOWS\IsUninst.exe -f"E:\Program Files\MSI\InfoView\Uninst.isu"
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
iPod for Windows 2006-03-23 --> E:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB} /l1033
iTunes --> MsiExec.exe /I{4F5CE18C-D97D-48FF-A510-A0D90C918294}
Java 2 Runtime Environment, SE v1.4.2 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
Java™ 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Macromedia Flash Player 8 --> E:\WINDOWS\system32\Macromed\Flash\UninstFl.exe
Metafile Companion --> E:\WINDOWS\UNINST.EXE -f"E:\PROGRA~1\BRODER~1\METAFI~1\DeIsL1.isu"
Microsoft ActiveSync --> MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Compression Client Pack 1.0 for Windows XP --> "E:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669 --> E:\WINDOWS\muninst.exe E:\WINDOWS\INF\KB870669.inf
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Outlook 2000 SR-1 --> MsiExec.exe /I{00160409-78E1-11D2-B60F-006097C998E7}
Microsoft Pocket Streets --> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{AEFD48FE-2A76-11D3-928B-00C04FB90523}\setup.exe" UninstReg
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "E:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Move Networks Player for Firefox --> "E:\Program Files\Mozilla Firefox\plugins\unins000.exe"
Movkit Batch Video Converter 2.8.8 --> "E:\Program Files\Movkit\Movkit Batch Video Converter\unins000.exe"
Mozilla Firefox (2.0.0.16) --> E:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSI Live Update 3 --> E:\WINDOWS\IsUninst.exe -f"E:\Program Files\MSI\Live Update 3\Uninst.isu"
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection E:\WINDOWS\INF\msninst.inf,Uninstall
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Musicmatch® Jukebox --> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9 -uninst
myfantasyleague.com Game Day 2007 --> "E:\Program Files\myfantasyleague\unins000.exe"
Nero OEM --> E:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NETGEAR XE102 Powerline Ethernet Adapter --> MsiExec.exe /X{EA4ABA3D-10ED-449F-8D79-503CA2CFB373}
No-IP.com DUC (remove only) --> "E:\Program Files\No-IP\DUC20.exe" -uninstall
NVIDIA Drivers --> E:\WINDOWS\system32\nvudisp.exe UninstallGUI
NVIDIA WDM Drivers --> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{B023185F-F1EF-4F97-B0BD-AE6D802226D1}\Setup.exe"
Oakley THUMP512 Firmware Updater --> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{298D005D-92E4-453E-932A-F9BAF8F2B523}\setup.exe" -l0x9
Outerinfo --> "E:\Program Files\Common Files\Yazzle1560OinUninstaller.exe"
PaperPort 8.0 SE --> MsiExec.exe /I{AEF2D1F3-0696-11D5-8E6A-00C04F7FA234}
Photo Organizer --> E:\WINDOWS\UNINST.EXE -f"E:\PROGRA~1\BRODER~1\PHOTOO~1.8\DeIsL1.isu"
Pocket PC Connection Wizard --> E:\WINDOWS\IsUninst.exe -f"E:\Program Files\Microsoft ActiveSync\cmdtwiz.isu"
PowerDVD --> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{9763E36A-08E9-4228-BBCE-12989A4EB1A8}
RealPlayer --> E:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
ResChanger XP --> E:\WINDOWS\iun506.exe E:\Program Files\ResChanger XP\irunin.ini
SafeSurfing --> E:\WINDOWS\System32\SSUninstall.exe
SAMSUNG Mobile Modem Driver Set --> E:\Program Files\SAMSUNG\SAMSUNG Mobile Modem\SSCDUninstall.exe
SBC Self Support Tool --> E:\WINDOWS\Motive\SBC\MCCUninst.exe
SBC Yahoo! DSL Activation --> E:\PROGRA~1\Yahoo!\Common\undsldlk.exe
SlingPlayer --> E:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{004B0DCB-4C60-465B-8F01-44B0A4111187} /l1033
SpeedFan (remove only) --> "E:\Program Files\SpeedFan\uninstall.exe"
stunnel --> "E:\Program Files\stunnel\uninstall.exe"
tunebite 3.0.1.8 --> "E:\Program Files\tunebite\unins000.exe"
TurboTax Basic 2007 --> E:\Program Files\TurboTax\Basic 2007\TaxUnst.EXE "E:\Program Files\TurboTax\Basic 2007\Uninstall.log" -NoGui
UT2000 --> E:\PROGRA~1\UT2000\INSTAL~1\UNWISE.EXE /R E:\PROGRA~1\UT2000\INSTAL~1\ut2000.log
ViewSonic Monitor Drivers --> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{B4FEA924-630D-11D4-B78E-005004566E4D}\Setup.exe" -l0x9
ViewSonic Windows XP Signed Files --> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{FC47C7A5-BE63-11D5-B7C9-005004566E4D}\Setup.exe" -l0x9
WD FAT32 Formatter --> MsiExec.exe /I{A0D85877-DC09-4F08-9164-BE8381CB8E27}
Webtools --> cmd /C regsvr32 /u /s "E:\Program Files\Webtools\webtools.dll" & reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Webtools" /f & reg add HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce /v DelOldFile /d "cmd.exe /C rmdir /Q /S \"E:\Program Files\Webtools\\"" /f
WIDCOMM Bluetooth Software --> MsiExec.exe /X{FE90E9E7-A158-4687-8853-DF677A939A61}
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Media Format 11 runtime --> "E:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Search Functions --> E:\WINDOWS\WinSBUninst.exe all
Windows SR 2.0 --> E:\WINDOWS\UnstSA2.exe
WinRAR archiver --> E:\Program Files\WinRAR\uninstall.exe
Xteq Systems X-Setup 6.0 --> "E:\Program Files\X-Setup\unins000.exe"
Zango Browser and Wowpapers Tools --> "E:\Program Files\Zango\bin\10.0.314.0\ZangoUnInstaller.exe" Web


-- Application Event Log -------------------------------------------------------

Event Record #/Type6026 / Warning
Event Submitted/Written: 08/09/2008 07:41:49 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type6024 / Error
Event Submitted/Written: 08/09/2008 07:41:17 AM
Event ID/Source: 5000 / MPSampleSubmission
Event Description:
EventType avsubmit, P1 windefend, P2 1.1.3807.0, P3 unspecified, P4 1.41.72.0, P5 trojan_win32_vundo.gen!g, P6 NIL, P7 NIL, P8 NIL, P9 avsubmit0, P10 avsubmit1.

Event Record #/Type6022 / Error
Event Submitted/Written: 08/09/2008 07:41:16 AM
Event ID/Source: 5000 / MPSampleSubmission
Event Description:
EventType avsubmit, P1 windefend, P2 1.1.3807.0, P3 unspecified, P4 1.41.72.0, P5 trojan_win32_vundo.gen!e, P6 NIL, P7 NIL, P8 NIL, P9 avsubmit0, P10 avsubmit1.

Event Record #/Type6020 / Error
Event Submitted/Written: 08/09/2008 07:41:14 AM
Event ID/Source: 5000 / MPSampleSubmission
Event Description:
EventType avsubmit, P1 windefend, P2 1.1.3807.0, P3 unspecified, P4 1.41.72.0, P5 trojan_win32_vundo.gen!e, P6 NIL, P7 NIL, P8 NIL, P9 avsubmit0, P10 avsubmit1.

Event Record #/Type6018 / Error
Event Submitted/Written: 08/09/2008 07:41:13 AM
Event ID/Source: 5000 / MPSampleSubmission
Event Description:
EventType avsubmit, P1 windefend, P2 1.1.3807.0, P3 unspecified, P4 1.41.72.0, P5 trojan_win32_vundo.gen!e, P6 NIL, P7 NIL, P8 NIL, P9 avsubmit0, P10 avsubmit1.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type24547 / Warning
Event Submitted/Written: 08/09/2008 08:59:31 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%DFLORES-0127 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %DFLORES-0127 can't undo changes that you allow.

For more information please see the following:
%DFLORES-01275

Scan ID: {A005BFA3-88E7-4DC1-851E-2BEDF1798334}

User: DFLORES-01\David Flores

Name: %DFLORES-01271

ID: %DFLORES-01272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %DFLORES-01276

Alert Type: %DFLORES-01278

Detection Type: 1.1.1593.02

Event Record #/Type24546 / Warning
Event Submitted/Written: 08/09/2008 08:59:31 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%DFLORES-0127 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %DFLORES-0127 can't undo changes that you allow.

For more information please see the following:
%DFLORES-01275

Scan ID: {4282EA6A-1A88-4741-9714-916AC6FBD079}

User: DFLORES-01\David Flores

Name: %DFLORES-01271

ID: %DFLORES-01272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %DFLORES-01276

Alert Type: %DFLORES-01278

Detection Type: 1.1.1593.02

Event Record #/Type24545 / Warning
Event Submitted/Written: 08/09/2008 08:59:31 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%DFLORES-0127 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %DFLORES-0127 can't undo changes that you allow.

For more information please see the following:
%DFLORES-01275

Scan ID: {58A6EFE9-C88F-45DA-955B-81EFDDA46730}

User: DFLORES-01\David Flores

Name: %DFLORES-01271

ID: %DFLORES-01272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %DFLORES-01276

Alert Type: %DFLORES-01278

Detection Type: 1.1.1593.02

Event Record #/Type24544 / Warning
Event Submitted/Written: 08/09/2008 08:59:29 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%DFLORES-0127 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %DFLORES-0127 can't undo changes that you allow.

For more information please see the following:
%DFLORES-01275

Scan ID: {E6BE6A88-781C-46F2-A6FF-71C548E28991}

User: DFLORES-01\David Flores

Name: %DFLORES-01271

ID: %DFLORES-01272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %DFLORES-01276

Alert Type: %DFLORES-01278

Detection Type: 1.1.1593.02

Event Record #/Type24543 / Warning
Event Submitted/Written: 08/09/2008 08:59:29 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%DFLORES-0127 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %DFLORES-0127 can't undo changes that you allow.

For more information please see the following:
%DFLORES-01275

Scan ID: {294DABF0-03C9-4D53-939E-72C83F8107E3}

User: DFLORES-01\David Flores

Name: %DFLORES-01271

ID: %DFLORES-01272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %DFLORES-01276

Alert Type: %DFLORES-01278

Detection Type: 1.1.1593.02



-- End of Deckard's System Scanner: finished at 2008-08-09 09:00:43 ------------

BC AdBot (Login to Remove)

 


#2 don77

don77

    Forum Regular


  • Members
  • 3,212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston Mass
  • Local time:03:19 AM

Posted 09 August 2008 - 12:46 PM

Hello and welcome D Man

There are a few programs that need to be uninstalled, I have listed in Green p2p and file sharing programs they are a great resource for infecting your computer I highly recommend the removal of them the choice is yours:
The Java removal is an outdated version that had some exploits that have been resloved in current versions and the last 2 programs are Ad and or spyware related,

Please print out these instructions or save them to notepad some place handy like your desktop so you have access to them as you will be performing them with Internet Explorer or Fire Fox closed.


Click on start, then control panel, and then double-click on add/remove programs. From within add/remove program uninstall the following if they exist by double-clicking on the following entries:


µTorrent
BearShar
BitTorrent 5.0.9


Java 2 Runtime Environment, SE v1.4.2 <--outdated version of Java

Outerinfo
Zango Browser and Wowpapers Tools


Upon completion of the last program removed please restart your computer.

Once back in normal mode please do the following


click on Start, click on Run
copy and paste the following in bold in the open window and then click OK
"%userprofile%\desktop\dss.exe" /config
This will open up DSS configuration
click on Check All
click Scan
DSS will now run again when finished
Please post back both logs that open in notepad
Main txt and extra txt

#3 D_Man

D_Man
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 09 August 2008 - 01:22 PM

Take #2:

Main.txt:

Deckard's System Scanner v20071014.68
Run by David Flores on 2008-08-09 11:15:49
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
104: 2008-08-09 18:15:56 UTC - RP1670 - Deckard's System Scanner Restore Point
103: 2008-08-09 18:08:32 UTC - RP1669 - Removed Java 2 Runtime Environment, SE v1.4.2
102: 2008-08-09 15:54:54 UTC - RP1668 - Deckard's System Scanner Restore Point
101: 2008-08-09 15:42:00 UTC - RP1667 - Installed Java™ 6 Update 7
100: 2008-08-09 07:33:58 UTC - RP1666 - Windows Defender Checkpoint


-- First Restore Point --
1: 2008-05-12 10:10:29 UTC - RP1567 - System Checkpoint


Performed disk cleanup.

System Drive E: has 6.41 GiB (less than 15%) free.


-- HijackThis (run as David Flores.exe) ----------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-08-09 11:16:05
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
E:\WINDOWS\system32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Windows Defender\MsMpEng.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\BRSVC01A.EXE
E:\WINDOWS\system32\BRSS01A.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\explorer.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\Program Files\Widcomm\Bluetooth Software\bin\btwdins.exe
E:\Program Files\Yahoo!\Antivirus\iSafe.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
E:\Program Files\No-IP\DUC20.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\UStorSrv.exe
E:\Program Files\Yahoo!\Antivirus\VetMsg.exe
E:\Program Files\ResChanger XP\ResChangerXP.exe
E:\WINDOWS\system32\rundll32.exe
E:\WINDOWS\system32\rmctrl.exe
E:\Program Files\Yahoo!\browser\ybrwicon.exe
E:\Program Files\Scansoft\PaperPort\pptd40nt.exe
E:\WINDOWS\system32\spool\drivers\w32x86\3\E_S4I2F1.EXE
E:\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB.exe
E:\WINDOWS\iisvers.exe
E:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
E:\Program Files\Yahoo!\browser\ycommon.exe
E:\Program Files\Yahoo!\Antivirus\CAVTray.exe
E:\Program Files\Yahoo!\Antivirus\CAVRid.exe
E:\WINDOWS\system32\rundll32.exe
E:\Program Files\Windows Defender\MSASCui.exe
C:\program files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
E:\WINDOWS\system32\wscntfy.exe
E:\WINDOWS\system32\rundll32.exe
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\Program Files\Yahoo!\YOP\yop.exe
E:\Program Files\QuickTime\QTTask.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\program files\MusicMatch\MusicMatch Jukebox\mim.exe
E:\Program Files\MSI\Live Update 3\LMonitor.exe
E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
E:\WINDOWS\system32\ctfmon.exe
C:\program files\MusicMatch\MusicMatch Jukebox\MMDiag.exe
E:\Program Files\Microsoft ActiveSync\wcescomm.exe
E:\Program Files\Windows Media Player\wmpnscfg.exe
C:\program files\E-Color\Common\IconMgr.exe
E:\Program Files\Microsoft ActiveSync\rapimgr.exe
E:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
E:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\program files\E-Color\E-Color Indicator\TICIcon.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Documents and Settings\David Flores\Desktop\dss.exe
C:\program files\MusicMatch\Common\ComponentMgr\MMComponentMgr.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://home.microsoft.com/search/lobby/search.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: ChangerBHO Class - {0D4C7057-EAD2-44C6-AD18-9092905F28F1} - E:\WINDOWS\system32\avifil32b.dll (file missing)
O2 - BHO: (no name) - {11F12CE4-B0DF-47FB-84E8-9A2D292C3C90} - E:\WINDOWS\system32\khfCssRh.dll
O2 - BHO: (no name) - {17901A86-97AC-4B1E-8BB0-DB618A9044D6} - E:\WINDOWS\system32\pmnnMdbB.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - E:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - E:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - E:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - E:\Program Files\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O4 - HKLM\..\Run: [ResChangerXP] E:\Program Files\ResChanger XP\ResChangerXP.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [RemoteControl] E:\WINDOWS\System32\rmctrl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WinFavorites] c:\program files\winfavorites\WinFavorites.exe1
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [YBrowser] E:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "E:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [PaperPort PTD] E:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] E:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [Motive SmartBridge] E:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [wnddrv] E:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [iisvers] E:\WINDOWS\iisvers.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "E:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [CaAvTray] "E:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "E:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Windows Defender] "E:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~2\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [PRISMSVR.EXE] "E:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YOP] E:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LiveMonitor] E:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "E:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Yahoo! Pager] "E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "E:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [WMPNSCFG] E:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Skra] E:\Program Files\Skra\Skra.exe
O4 - HKCU\..\Run: [qomw] E:\Program Files\Common Files\qomw\qomwm.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "E:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "E:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: E-Color.lnk = C:\program files\E-Color\Common\IconMgr.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SmartUI.lnk = E:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
O8 - Extra context menu item: &Yahoo! Search - file:///E:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///E:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///E:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///E:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\WINDOWS\system32\msjava.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\Widcomm\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\Widcomm\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://online.musicmatch.com (HKLM)
O15 - Trusted Zone: https://turbotax.com (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/0/5...heckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - E:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O16 - DPF: {33363249-0000-0010-8000-00AA00389B71} () - http://codecs.microsoft.com/codecs/i386/i263_32.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1133454522281
O16 - DPF: {9656B666-992F-4D74-8588-8CA69E97D90C} () - http://www.commonname.com/eng/oneclick/uninstbb.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} () - http://v4.windowsupdate.microsoft.com/CAB/...7813.4484722222
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://download.yahoo.com/dl/installs/ymail/ymmapi.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - E:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - E:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - E:\Program Files\Microsoft ActiveSync\aatp.dll (file missing)
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - E:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - E:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O20 - Winlogon Notify: khfCssRh - E:\WINDOWS\system32\khfCssRh.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - E:\WINDOWS\system32\BRSVC01A.EXE
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - E:\Program Files\Widcomm\Bluetooth Software\bin\btwdins.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - E:\Program Files\Yahoo!\Antivirus\iSafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NoIPDUCService - Vitalwerks LLC - E:\Program Files\No-IP\DUC20.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: UStorage Server Service - OTi - E:\WINDOWS\system32\UStorSrv.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - E:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - E:\WINDOWS\system32\YPcservice.exe


--
End of file - 14981 bytes

-- HijackThis Fixed Entries (C:\unzipped\HIJACK~1\backups\) --------------------

backup-20050724-224925-118 O2 - BHO: brdg Class - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - E:\WINDOWS\System32\bridge.dll
backup-20050724-224925-201 R3 - URLSearchHook: AutoSearch Class - {1E432263-6841-4653-8F02-366A2F77E339} - E:\PROGRA~1\WINDOW~4\WinSB1.dll
backup-20050724-224925-491 O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
backup-20050724-224925-523 O16 - DPF: {2119776A-F1AD-4FCD-9548-F1E1C615350C} - http://www.stop-sign.com/pub/download/stop-sign_fs2.cab
backup-20050724-224925-701 O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
backup-20050724-224925-886 O4 - HKLM\..\Run: [RunDLL] rundll32.exe "E:\WINDOWS\System32\bridge.dll",Load

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 giveio - e:\windows\system32\giveio.sys
R0 speedfan - e:\windows\system32\speedfan.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R1 ati1xbxxx - e:\windows\system32\drivers\ati1xbxxx.sys
R1 Cdr4_2K - e:\windows\system32\drivers\cdr4_2k.sys <Not Verified; Adaptec; Adaptec's CD-R Helper Drivers>
R1 VETFDDNT (VET Floppy Boot Sector Monitor) - e:\windows\system32\drivers\vetfddnt.sys <Not Verified; Computer Associates International, Inc.; Computer Associates Antivirus>
R1 VET-FILT (VET File System Filter) - e:\windows\system32\drivers\vet-filt.sys <Not Verified; Computer Associates International, Inc.; Computer Associates Antivirus>
R1 VETMONNT (VET File Monitor) - e:\windows\system32\drivers\vetmonnt.sys <Not Verified; Computer Associates International, Inc.; Computer Associates Antivirus>
R1 VET-REC (VET File System Recognizer) - e:\windows\system32\drivers\vet-rec.sys <Not Verified; Computer Associates International, Inc.; Computer Associates Antivirus>
R2 BTSERIAL (Bluetooth Serial Driver) - e:\windows\system32\drivers\btserial.sys
R2 BTSLBCSP (Bluetooth Port Client Driver) - e:\windows\system32\drivers\btslbcsp.sys <Not Verified; WIDCOMM, Inc.; Bluetooth Software 1.4.2 Build 10>
R2 IOPort - e:\windows\system32\drivers\ioport.sys <Not Verified; Erik Salaj; IOPort>
R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.9) - e:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.9>
R3 tbhsd (Tunebite High-Speed Dubbing) - e:\windows\system32\drivers\tbhsd.sys <Not Verified; RapidSolution Software AG; Tunebite High-Speed Dubbing>

S3 GMSIPCI - d:\install\gmsipci.sys (file missing)
S3 HwIOctl - e:\program files\setup files\ms-6728 v2.50\hwioctl.sys (file missing)
S3 Memctl - e:\program files\setup files\ms-6728 v2.50\memctl.sys (file missing)
S3 PCAMPR5 (PCAMPR5 NDIS Protocol Driver) - e:\windows\system32\pcampr5.sys (file missing)
S3 PLCNDIS5 (PLCNDIS5 NDIS Protocol Driver) - e:\windows\system32\plcndis5.sys <Not Verified; Intellon, Inc.; PCAUSA Rawether for Windows>
S3 wceusbsh (Windows CE USB Serial Host Driver) - e:\windows\system32\drivers\wceusbsh.sys <Not Verified; Microsoft Corporation; Windows CE USB Serial Host Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "e:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 NoIPDUCService - e:\program files\no-ip\duc20.exe -service <Not Verified; Vitalwerks LLC; DUC v2.2.1.0>
R2 UStorage Server Service - e:\windows\system32\ustorsrv.exe /service <Not Verified; OTi; OTi Content Service>

S3 YPCService - e:\windows\system32\ypcser~1.exe <Not Verified; Yahoo! Inc.; YPCService Module>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Process Modules -------------------------------------------------------------

E:\WINDOWS\system32\winlogon.exe (pid 1288)
2008-08-06 21:58:23 26112 --a------ E:\WINDOWS\system32\khfCssRh.dll

E:\WINDOWS\explorer.exe (pid 344)
2008-08-06 22:03:34 312320 --a------ E:\WINDOWS\system32\pmnnMdbB.dll
2008-08-06 21:58:23 26112 --a------ E:\WINDOWS\system32\khfCssRh.dll
1998-10-17 07:00:00 33792 --a------ F:\Program Files\WinZip\WZSHLEXT.DLL
1998-10-17 07:00:00 20992 --a------ F:\Program Files\WinZip\WZCAB2.DLL <Not Verified; Nico Mak Computing, Inc.; WinZip>
2007-09-20 19:34:58 129024 --a------ E:\Program Files\WinRAR\RarExt.dll
2004-04-16 10:04:58 126976 --a------ E:\Program Files\SBC Self Support Tool\SmartBridge\SBHook.dll <Not Verified; Motive Communications, Inc.; Motive System>

E:\WINDOWS\system32\rundll32.exe (pid 2140)
2004-04-16 10:04:58 126976 --a------ E:\Program Files\SBC Self Support Tool\SmartBridge\SBHook.dll <Not Verified; Motive Communications, Inc.; Motive System>


-- Scheduled Tasks -------------------------------------------------------------

2008-08-09 11:15:12 330 --ah----- E:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-08-08 16:00:04 412 --ah----- E:\WINDOWS\Tasks\{B73221EB-7285-47CF-8380-35B7D1383E6C}_DFLORES-01_David Flores.job
2008-08-08 16:00:04 412 --ah----- E:\WINDOWS\Tasks\{365C68CC-BA57-4AFF-B4B5-C3B9DA568879}_DFLORES-01_David Flores.job
2008-08-08 09:00:03 412 --ah----- E:\WINDOWS\Tasks\{0C03FD4E-C55E-46CF-A939-238AA9F02CE2}_DFLORES-01_David Flores.job
2008-08-06 19:02:00 284 --a------ E:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-07-09 and 2008-08-09 -----------------------------

2008-08-09 08:01:43 225280 --a------ E:\Program Files\Uninstall My Global Search Bar.dll <Not Verified; My Global Search; My Global Search Bar for Internet Explorer and FireFox>
2008-08-09 00:08:50 2048 --a------ E:\WINDOWS\system32\qnvsnmom.exe
2008-08-08 00:40:47 86144 --a------ E:\WINDOWS\system32\drivers\ati1xbxxx.sys
2008-08-08 00:40:44 0 d-------- E:\WINDOWS\system32\gps
2008-08-08 00:40:44 0 d-------- E:\WINDOWS\system32\fx
2008-08-08 00:40:29 26112 --a------ E:\WINDOWS\system32\tuvVOGwT.dll
2008-08-08 00:40:28 0 d-------- E:\WINDOWS\system32\kBin19
2008-08-08 00:40:28 26112 --a------ E:\WINDOWS\system32\cbXpOFxw.dll
2008-08-08 00:07:03 2048 --a------ E:\WINDOWS\system32\yxecldfp.exe
2008-08-08 00:06:35 89088 --a------ E:\WINDOWS\system32\xofgqfsr.dll
2008-08-07 23:44:55 0 d-------- E:\Program Files\Webtools
2008-08-07 23:39:53 0 d-------- E:\Program Files\Mjcore
2008-08-07 00:06:39 2048 --a------ E:\WINDOWS\system32\edlsator.exe
2008-08-07 00:06:35 107008 --a------ E:\WINDOWS\system32\yovvdltr.dll
2008-08-07 00:06:35 107008 --a------ E:\WINDOWS\system32\sdrqko.dll
2008-08-06 22:04:28 107008 --a------ E:\WINDOWS\system32\ufetny.dll
2008-08-06 22:04:26 107008 --a------ E:\WINDOWS\system32\ktksfybx.dll
2008-08-06 22:03:34 885749 --ahs---- E:\WINDOWS\system32\BbdMnnmp.ini2
2008-08-06 22:03:29 312320 --a------ E:\WINDOWS\system32\pmnnMdbB.dll
2008-08-06 21:58:25 26112 --a------ E:\WINDOWS\system32\pmnkHXqR.dll
2008-08-06 21:58:23 26112 --a------ E:\WINDOWS\system32\yayxyxXn.dll
2008-08-06 21:58:23 26112 --a------ E:\WINDOWS\system32\xxywWpqP.dll
2008-08-06 21:58:23 26112 --a------ E:\WINDOWS\system32\khfCssRh.dll
2008-08-05 04:39:18 439808 --a------ E:\WINDOWS\b158.exe
2008-08-04 07:59:48 64512 --a------ E:\WINDOWS\b152.exe
2008-07-28 10:06:12 56832 --a------ E:\WINDOWS\b155.exe


-- Find3M Report ---------------------------------------------------------------

2008-08-09 10:57:55 0 d-------- E:\Program Files\Common Files
2008-08-09 10:56:46 0 d-------- E:\Program Files\BitTorrent
2008-08-09 10:56:26 0 d-------- E:\Program Files\BearFlix
2008-08-09 10:56:08 0 d-------- E:\Program Files\BearShare
2008-08-09 08:44:20 0 d-------- E:\Program Files\Java
2008-08-09 08:29:33 0 dr-h----- E:\Documents and Settings\David Flores\Application Data\yahoo!
2008-08-08 00:20:57 0 d-------- E:\Program Files\Common Files\qomw
2008-06-29 18:18:45 0 d-------- E:\Program Files\MSI
2008-06-29 18:16:56 0 d-------- E:\Program Files\Setup Files
2008-05-30 06:21:43 38416 --a------ E:\Documents and Settings\David Flores\Application Data\GDIPFONTCACHEV1.DAT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D4C7057-EAD2-44C6-AD18-9092905F28F1}]
E:\WINDOWS\system32\avifil32b.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11F12CE4-B0DF-47FB-84E8-9A2D292C3C90}]
08/06/2008 09:58 PM 26112 --a------ E:\WINDOWS\system32\khfCssRh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17901A86-97AC-4B1E-8BB0-DB618A9044D6}]
08/06/2008 10:03 PM 312320 --a------ E:\WINDOWS\system32\pmnnMdbB.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
07/28/2008 03:46 AM 160496 --a------ E:\Program Files\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ResChangerXP"="E:\Program Files\ResChanger XP\ResChangerXP.exe" [02/14/2002 11:33 AM]
"Cmaudio"="cmicnfg.cpl" []
"RemoteControl"="E:\WINDOWS\System32\rmctrl.exe" [10/16/2000 09:37 AM]
"NvCplDaemon"="E:\WINDOWS\system32\NvCpl.dll" [10/22/2006 01:22 PM]
"WinFavorites"="c:\program files\winfavorites\WinFavorites.exe1" []
"NeroFilterCheck"="E:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 03:50 AM]
"YBrowser"="E:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [07/21/2006 05:19 PM]
"IPInSightMonitor 01"="E:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe" [07/14/2003 12:30 PM]
"PaperPort PTD"="E:\Program Files\Scansoft\PaperPort\pptd40nt.exe" [08/12/2002 10:33 AM]
"IndexSearch"="E:\Program Files\Scansoft\PaperPort\IndexSearch.exe" [08/12/2002 11:07 AM]
"EPSON Stylus Photo R300 Series"="E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.exe" [06/04/2003 03:00 AM]
"Motive SmartBridge"="E:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [08/18/2006 06:13 PM]
"wnddrv"="E:\WINDOWS\svchost.exe" []
"iisvers"="E:\WINDOWS\iisvers.exe" [02/13/2005 11:28 PM]
"Adobe Photo Downloader"="E:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/06/2005 11:46 PM]
"CaAvTray"="E:\Program Files\Yahoo!\Antivirus\CAVTray.exe" [09/13/2005 11:15 PM]
"CAVRID"="E:\Program Files\Yahoo!\Antivirus\CAVRID.exe" [09/13/2005 11:15 PM]
"BluetoothAuthenticationAgent"="bthprops.cpl" [08/04/2004 12:56 AM E:\WINDOWS\system32\bthprops.cpl]
"Windows Defender"="E:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"MimBoot"="C:\PROGRA~2\MUSICM~1\MUSICM~1\mimboot.exe" [11/07/2006 04:41 PM]
"MMTray"="C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe" [11/07/2006 04:41 PM]
"PRISMSVR.EXE"="E:\WINDOWS\system32\PRISMSVR.exe" []
"nwiz"="nwiz.exe" [10/22/2006 01:22 PM E:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="E:\WINDOWS\system32\NvMcTray.dll" [10/22/2006 01:22 PM]
"TkBellExe"="E:\Program Files\Common Files\Real\Update_OB\realsched.exe" [10/11/2006 11:50 PM]
"YOP"="E:\PROGRA~1\Yahoo!\YOP\yop.exe" [07/21/2006 11:43 AM]
"QuickTime Task"="E:\Program Files\QuickTime\QTTask.exe" [11/15/2007 12:43 AM]
"iTunesHelper"="E:\Program Files\iTunes\iTunesHelper.exe" [11/15/2007 02:11 PM]
"Adobe Reader Speed Launcher"="E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"LiveMonitor"="E:\Program Files\MSI\Live Update 3\LMonitor.exe" [04/30/2008 06:30 PM]
"SunJavaUpdateSched"="E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="E:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"Spyware Doctor"="E:\Program Files\Spyware Doctor\swdoctor.exe" []
"@"="" []
"Yahoo! Pager"="E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [03/01/2007 06:11 PM]
"H/PC Connection Agent"="E:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [11/13/2006 02:39 PM]
"WMPNSCFG"="E:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 09:05 PM]
"Skra"="E:\Program Files\Skra\Skra.exe" []
"qomw"="E:\Program Files\Common Files\qomw\qomwm.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="E:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

E:\Documents and Settings\All Users\Start Menu\Programs\Startup\
E-Color.lnk - C:\program files\E-Color\Common\IconMgr.exe [7/11/2003 5:01:20 AM]
Microsoft Office.lnk - E:\Program Files\Microsoft Office\Office\OSA9.EXE [1/21/2000 1:15:54 AM]
SmartUI.lnk - E:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe [8/12/2002 10:00:40 AM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{11F12CE4-B0DF-47FB-84E8-9A2D292C3C90}"= E:\WINDOWS\system32\khfCssRh.dll [08/06/2008 09:58 PM 26112]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfCssRh]
khfCssRh.dll 08/06/2008 09:58 PM 26112 E:\WINDOWS\system32\khfCssRh.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 E:\WINDOWS\system32\pmnnMdbB

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=E:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]
path=E:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk
backup=E:\WINDOWS\pss\BTTray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^David Flores^Start Menu^Programs^Startup^No-IP DUC.lnk]
path=E:\Documents and Settings\David Flores\Start Menu\Programs\Startup\No-IP DUC.lnk
backup=E:\WINDOWS\pss\No-IP DUC.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"E:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tunebite.exe]
E:\Program Files\tunebite\tunebite.exe -hidden

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
E:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zango]
"e:\program files\zango\zango.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ




-- End of Deckard's System Scanner: finished at 2008-08-09 11:18:54 ------------



Extra txt:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.40GHz
CPU 1: Intel® Pentium® 4 CPU 2.40GHz
Percentage of Memory in Use: 25%
Physical Memory (total/avail): 2047.48 MiB / 1527.85 MiB
Pagefile Memory (total/avail): 3944.31 MiB / 3569.73 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1922.77 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 39.06 GiB total, 5.67 GiB free.
D: is CDROM (No Media)
E: is Fixed (NTFS) - 72.69 GiB total, 6.41 GiB free.
F: is Fixed (FAT32) - 37.26 GiB total, 19.73 GiB free.
G: is CDROM (No Media)
H: is Removable (FAT32)
I: is Fixed (FAT32) - 232.83 GiB total, 193.26 GiB free.

\\.\PHYSICALDRIVE1 - ST340823A - 37.27 GiB - 1 partition
\PARTITION0 (bootable) - Unknown - 37.27 GiB - F:

\\.\PHYSICALDRIVE0 - WDC WD1200JB-75CRA0 - 111.76 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 39.06 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 72.69 GiB - E:

\\.\PHYSICALDRIVE2 - Apple iPod USB Device - 5.72 GiB - 1 partition
\PARTITION0 - Unknown - 5.68 GiB - H:

\\.\PHYSICALDRIVE3 - WD 2500BEV External USB Device - 232.88 GiB - 1 partition
\PARTITION0 - Unknown - 232.88 GiB - I:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: Anti-Virus - SBC Yahoo! Online Protection v7.0.7.4 (Computer Associates) Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="E:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"E:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="E:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"E:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="E:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YPAGER.EXE"="E:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YPAGER.EXE:*:Enabled:Yahoo! Messenger"
"E:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"="E:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe:*:Enabled:Yahoo! FT Server"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="E:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:*:Enabled:Connection Manager"
"E:\\Program Files\\DietPower 4.0\\Diet.exe"="E:\\Program Files\\DietPower 4.0\\Diet.exe:*:Enabled:DietPower"
"E:\\Program Files\\MSI\\i-Speeder\\i-Speeder.exe"="E:\\Program Files\\MSI\\i-Speeder\\i-Speeder.exe:*:Enabled:i-Speeder"
"E:\\Program Files\\BearShare\\BearShare.exe"="E:\\Program Files\\BearShare\\BearShare.exe:*:Enabled:BearShare"
"E:\\Program Files\\BitTorrent\\bittorrent.exe"="E:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"E:\\Program Files\\BearFlix\\bearflix.exe"="E:\\Program Files\\BearFlix\\bearflix.exe:*:Enabled:BearFlix"
"E:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="E:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\\Program Files\\iTunes\\iTunes.exe"="E:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"E:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="E:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"E:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="E:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"E:\\Program Files\\uTorrent\\uTorrent.exe"="E:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"E:\\Program Files\\TurboTax\\Basic 2007\\32bit\\ttax.exe"="E:\\Program Files\\TurboTax\\Basic 2007\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"E:\\Program Files\\TurboTax\\Basic 2007\\32bit\\updatemgr.exe"="E:\\Program Files\\TurboTax\\Basic 2007\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=E:\Documents and Settings\All Users
APPDATA=E:\Documents and Settings\David Flores\Application Data
CLASSPATH=.;E:\Program Files\Java\j2re1.4.2\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=E:\Program Files\Common Files
COMPUTERNAME=DFLORES-01
ComSpec=E:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=E:
HOMEPATH=\Documents and Settings\David Flores
LOGONSERVER=\\DFLORES-01
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=E:\WINDOWS\system32;E:\WINDOWS;E:\WINDOWS\System32\Wbem;E:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=E:\Program Files
PROMPT=$P$G
QTJAVA=E:\Program Files\Java\j2re1.4.2\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=E:
SystemRoot=E:\WINDOWS
TEMP=E:\DOCUME~1\DAVIDF~1\LOCALS~1\Temp
TMP=E:\DOCUME~1\DAVIDF~1\LOCALS~1\Temp
USERDOMAIN=DFLORES-01
USERNAME=David Flores
USERPROFILE=E:\Documents and Settings\David Flores
windir=E:\WINDOWS


-- User Profiles ---------------------------------------------------------------

David Flores (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "E:\Program Files\SBC Yahoo!\umuninst.exe" /S
--> C:\PROGRA~1\SBCSEL~1\CustomUninstall.exe SBC
--> E:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
--> E:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 E:\WINDOWS\INF\PCHealth.inf
2Wire Wireless Client --> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{A3BC5D37-30F9-4CF7-BD5C-0DFF063E4B6D}\Setup.exe" -l0x9 -L0x9
3Deep --> E:\WINDOWS\IsUninst.exe -f"C:\Program Files\E-Color\3Deep\TDPunins.isu" -c"C:\PROGRA~2\E-Color\3Deep\tdpunins.dll" ProdName3Deep
Adobe Acrobat 5.0 --> E:\WINDOWS\ISUNINST.EXE -f"E:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"E:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player Plugin --> E:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Reader 8.1.2 Security Update 1 (KB403742) -->
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Adobe® Photoshop® Album Starter Edition 3.0.1 --> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{C9618743-1A5C-461E-91C4-E013A3D70F3C}\Setup.exe" -l0x9
AnalogX POW! --> E:\Program Files\AnalogX\POW\powu.exe
AnswerWorks 4.0 Runtime - English --> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AT&T Yahoo! Applications --> E:\PROGRA~1\Yahoo!\Common\uninstall.exe
AT&T Yahoo! High Speed Internet Home Networking Installer --> E:\Program Files\2Wire\Uninstaller.exe
AvantGo Client --> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{E938E6C4-269B-4FA8-860F-BC23BA665B15}\Setup.exe" -uninst
Brother MFL Pro Suite --> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{0C3FCE48-6984-11D5-90F8-00E029591716}\Setup.exe" bruninst.dll
BSPlayer --> "E:\Program Files\BSPlayer\uninstall.exe"
C-Media 3D Audio --> E:\WINDOWS\CMIUnInstall.exe
C-Media WDM Audio Driver --> E:\WINDOWS\system32\cmirmdrv.exe
Canon IXY 200a, PowerShot S200, IXUS v2 WIA Driver --> E:\WINDOWS\IsUninst.exe -f"E:\Program Files\Canon\IXY200A PSS200 IXUSV2 WIA\Uninst.isu" -c"E:\Program Files\Canon\IXY200A PSS200 IXUSV2 WIA\UNSTE116.dll"
Canon PhotoRecord --> E:\WINDOWS\IsUninst.exe -f"E:\Program Files\Canon\PhotoRecord\Uninst.isu" -c"E:\Program Files\Canon\PhotoRecord\Program\uninstdll.dll"
Canon Utilities PhotoStitch 3.1 --> E:\WINDOWS\IsUninst.exe -f"E:\Program Files\Canon\PhotoStitch\Uninst.isu"
Canon Utilities RAW Image Converter2 --> E:\WINDOWS\IsUninst.exe -f"E:\Program Files\Canon\RAW Image Converter2\Uninst.isu"
Canon Utilities RemoteCapture 2.4 --> E:\WINDOWS\IsUninst.exe -f"E:\Program Files\Canon\RemoteCapture\Uninst.isu"
Canon Utilities ZoomBrowser EX --> E:\WINDOWS\IsUninst.exe -f"E:\Program Files\Canon\ZoomBrowser EX\Uninst.isu" -c"E:\Program Files\Canon\ZoomBrowser EX\Program\uninstallutilities.dll"
ClickArt® 360,000 Premier Image Pak --> E:\WINDOWS\UNINST.EXE -f"E:\PROGRA~1\BRODER~1\CLICKA~1\DeIsL1.isu"
ClickArt® Gallery --> E:\WINDOWS\UNINST.EXE -f"E:\PROGRA~1\BRODER~1\CLICKA~2\DeIsL1.isu"
CNetX ezyUnZIP (Pocket PC Edition) --> "E:\Program Files\Microsoft ActiveSync\CNetX\ezyUnZIP\uInstall.exe" E:\Program Files\Microsoft ActiveSync\CNetX\ezyUnZIP\ppcSetup.uil
Codec Pack - All In 1 6.0.3.0 --> E:\WINDOWS\iun6002.exe "E:\Program Files\Codec Pack - All In 1\irunin.ini"
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
CopyPod (remove only) --> "E:\Program Files\CopyPod\uninstall.exe"
DietPower 4.0 --> MsiExec.exe /I{14038AAA-064F-4506-8FD4-59F2F7DF035C}
DVD Decrypter (Remove Only) --> "C:\All DVD work\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2 --> "E:\Program Files\DVD Shrink\unins000.exe"
E-Color Indicator --> E:\WINDOWS\IsUninst.exe -f"C:\Program Files\E-Color\E-Color Indicator\Uninst.isu" -c"C:\Program Files\E-Color\E-Color Indicator\TICUninstall.dll"
EPSON CardMonitor --> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{109D28C7-FB38-483A-9C91-001CB59E2699}\Setup.exe" -l0x9 uninst
EPSON PhotoStarter3.0 --> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{5983C895-DDA4-45D9-A8D1-877D5DE7693E}\Setup.exe" uninst
EPSON Print CD --> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\Setup.exe" -l0x9 -SYSTEM
EPSON Printer Software --> E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON SPR300 Reference Guide --> E:\Program Files\epson\guide\spr300_e\uninstall.exe
Film Factory --> E:\WINDOWS\IsUninst.exe -f"E:\Program Files\EPSON Software\Film Factory\Uninst.isu"
HijackThis 1.99.1 --> C:\unzipped\hijackthis\HijackThis.exe /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "E:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344) --> "E:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB910998) --> "E:\WINDOWS\$NtUninstallKB910998$\spuninst\spuninst.exe"
i-Speeder --> E:\WINDOWS\IsUninst.exe -f"E:\Program Files\MSI\i-Speeder\Uninst.isu"
Imation Disk Manager II Service --> E:\DOCUME~1\DAVIDF~1\LOCALS~1\Temp\Imation Disk Manager II.exe -u
InfoView --> E:\WINDOWS\IsUninst.exe -f"E:\Program Files\MSI\InfoView\Uninst.isu"
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
iPod for Windows 2006-03-23 --> E:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB} /l1033
iTunes --> MsiExec.exe /I{4F5CE18C-D97D-48FF-A510-A0D90C918294}
Java™ 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Macromedia Flash Player 8 --> E:\WINDOWS\system32\Macromed\Flash\UninstFl.exe
Metafile Companion --> E:\WINDOWS\UNINST.EXE -f"E:\PROGRA~1\BRODER~1\METAFI~1\DeIsL1.isu"
Microsoft ActiveSync --> MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Compression Client Pack 1.0 for Windows XP --> "E:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669 --> E:\WINDOWS\muninst.exe E:\WINDOWS\INF\KB870669.inf
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Outlook 2000 SR-1 --> MsiExec.exe /I{00160409-78E1-11D2-B60F-006097C998E7}
Microsoft Pocket Streets --> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{AEFD48FE-2A76-11D3-928B-00C04FB90523}\setup.exe" UninstReg
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "E:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Move Networks Player for Firefox --> "E:\Program Files\Mozilla Firefox\plugins\unins000.exe"
Movkit Batch Video Converter 2.8.8 --> "E:\Program Files\Movkit\Movkit Batch Video Converter\unins000.exe"
Mozilla Firefox (2.0.0.16) --> E:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSI Live Update 3 --> E:\WINDOWS\IsUninst.exe -f"E:\Program Files\MSI\Live Update 3\Uninst.isu"
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection E:\WINDOWS\INF\msninst.inf,Uninstall
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Musicmatch® Jukebox --> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9 -uninst
myfantasyleague.com Game Day 2007 --> "E:\Program Files\myfantasyleague\unins000.exe"
Nero OEM --> E:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NETGEAR XE102 Powerline Ethernet Adapter --> MsiExec.exe /X{EA4ABA3D-10ED-449F-8D79-503CA2CFB373}
No-IP.com DUC (remove only) --> "E:\Program Files\No-IP\DUC20.exe" -uninstall
NVIDIA Drivers --> E:\WINDOWS\system32\nvudisp.exe UninstallGUI
NVIDIA WDM Drivers --> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{B023185F-F1EF-4F97-B0BD-AE6D802226D1}\Setup.exe"
Oakley THUMP512 Firmware Updater --> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{298D005D-92E4-453E-932A-F9BAF8F2B523}\setup.exe" -l0x9
PaperPort 8.0 SE --> MsiExec.exe /I{AEF2D1F3-0696-11D5-8E6A-00C04F7FA234}
Photo Organizer --> E:\WINDOWS\UNINST.EXE -f"E:\PROGRA~1\BRODER~1\PHOTOO~1.8\DeIsL1.isu"
Pocket PC Connection Wizard --> E:\WINDOWS\IsUninst.exe -f"E:\Program Files\Microsoft ActiveSync\cmdtwiz.isu"
PowerDVD --> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{9763E36A-08E9-4228-BBCE-12989A4EB1A8}
RealPlayer --> E:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
ResChanger XP --> E:\WINDOWS\iun506.exe E:\Program Files\ResChanger XP\irunin.ini
SafeSurfing --> E:\WINDOWS\System32\SSUninstall.exe
SAMSUNG Mobile Modem Driver Set --> E:\Program Files\SAMSUNG\SAMSUNG Mobile Modem\SSCDUninstall.exe
SBC Self Support Tool --> E:\WINDOWS\Motive\SBC\MCCUninst.exe
SBC Yahoo! DSL Activation --> E:\PROGRA~1\Yahoo!\Common\undsldlk.exe
SlingPlayer --> E:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{004B0DCB-4C60-465B-8F01-44B0A4111187} /l1033
SpeedFan (remove only) --> "E:\Program Files\SpeedFan\uninstall.exe"
stunnel --> "E:\Program Files\stunnel\uninstall.exe"
tunebite 3.0.1.8 --> "E:\Program Files\tunebite\unins000.exe"
TurboTax Basic 2007 --> E:\Program Files\TurboTax\Basic 2007\TaxUnst.EXE "E:\Program Files\TurboTax\Basic 2007\Uninstall.log" -NoGui
UT2000 --> E:\PROGRA~1\UT2000\INSTAL~1\UNWISE.EXE /R E:\PROGRA~1\UT2000\INSTAL~1\ut2000.log
ViewSonic Monitor Drivers --> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{B4FEA924-630D-11D4-B78E-005004566E4D}\Setup.exe" -l0x9
ViewSonic Windows XP Signed Files --> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{FC47C7A5-BE63-11D5-B7C9-005004566E4D}\Setup.exe" -l0x9
WD FAT32 Formatter --> MsiExec.exe /I{A0D85877-DC09-4F08-9164-BE8381CB8E27}
Webtools --> cmd /C regsvr32 /u /s "E:\Program Files\Webtools\webtools.dll" & reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Webtools" /f & reg add HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce /v DelOldFile /d "cmd.exe /C rmdir /Q /S \"E:\Program Files\Webtools\\"" /f
WIDCOMM Bluetooth Software --> MsiExec.exe /X{FE90E9E7-A158-4687-8853-DF677A939A61}
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Media Format 11 runtime --> "E:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Search Functions --> E:\WINDOWS\WinSBUninst.exe all
Windows SR 2.0 --> E:\WINDOWS\UnstSA2.exe
WinRAR archiver --> E:\Program Files\WinRAR\uninstall.exe
Xteq Systems X-Setup 6.0 --> "E:\Program Files\X-Setup\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type6039 / Warning
Event Submitted/Written: 08/09/2008 11:09:50 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type6026 / Warning
Event Submitted/Written: 08/09/2008 07:41:49 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type6024 / Error
Event Submitted/Written: 08/09/2008 07:41:17 AM
Event ID/Source: 5000 / MPSampleSubmission
Event Description:
EventType avsubmit, P1 windefend, P2 1.1.3807.0, P3 unspecified, P4 1.41.72.0, P5 trojan_win32_vundo.gen!g, P6 NIL, P7 NIL, P8 NIL, P9 avsubmit0, P10 avsubmit1.

Event Record #/Type6022 / Error
Event Submitted/Written: 08/09/2008 07:41:16 AM
Event ID/Source: 5000 / MPSampleSubmission
Event Description:
EventType avsubmit, P1 windefend, P2 1.1.3807.0, P3 unspecified, P4 1.41.72.0, P5 trojan_win32_vundo.gen!e, P6 NIL, P7 NIL, P8 NIL, P9 avsubmit0, P10 avsubmit1.

Event Record #/Type6020 / Error
Event Submitted/Written: 08/09/2008 07:41:14 AM
Event ID/Source: 5000 / MPSampleSubmission
Event Description:
EventType avsubmit, P1 windefend, P2 1.1.3807.0, P3 unspecified, P4 1.41.72.0, P5 trojan_win32_vundo.gen!e, P6 NIL, P7 NIL, P8 NIL, P9 avsubmit0, P10 avsubmit1.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type24594 / Warning
Event Submitted/Written: 08/09/2008 11:16:48 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%DFLORES-0127 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %DFLORES-0127 can't undo changes that you allow.

For more information please see the following:
%DFLORES-01275

Scan ID: {76832771-DD06-4C9C-80CB-D3C79880D37A}

User: DFLORES-01\David Flores

Name: %DFLORES-01271

ID: %DFLORES-01272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %DFLORES-01276

Alert Type: %DFLORES-01278

Detection Type: 1.1.1593.02

Event Record #/Type24593 / Warning
Event Submitted/Written: 08/09/2008 11:16:48 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%DFLORES-0127 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %DFLORES-0127 can't undo changes that you allow.

For more information please see the following:
%DFLORES-01275

Scan ID: {028C7BAA-5580-4E08-9706-EC325760A4D3}

User: DFLORES-01\David Flores

Name: %DFLORES-01271

ID: %DFLORES-01272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %DFLORES-01276

Alert Type: %DFLORES-01278

Detection Type: 1.1.1593.02

Event Record #/Type24592 / Warning
Event Submitted/Written: 08/09/2008 11:16:48 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%DFLORES-0127 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %DFLORES-0127 can't undo changes that you allow.

For more information please see the following:
%DFLORES-01275

Scan ID: {1904BE3C-71C3-476A-815A-D57B889B34F7}

User: DFLORES-01\David Flores

Name: %DFLORES-01271

ID: %DFLORES-01272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %DFLORES-01276

Alert Type: %DFLORES-01278

Detection Type: 1.1.1593.02

Event Record #/Type24591 / Warning
Event Submitted/Written: 08/09/2008 11:16:45 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%DFLORES-0127 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %DFLORES-0127 can't undo changes that you allow.

For more information please see the following:
%DFLORES-01275

Scan ID: {0396C75E-1D49-448B-9CB7-E195AB311DD5}

User: DFLORES-01\David Flores

Name: %DFLORES-01271

ID: %DFLORES-01272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %DFLORES-01276

Alert Type: %DFLORES-01278

Detection Type: 1.1.1593.02

Event Record #/Type24590 / Warning
Event Submitted/Written: 08/09/2008 11:16:45 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%DFLORES-0127 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %DFLORES-0127 can't undo changes that you allow.

For more information please see the following:
%DFLORES-01275

Scan ID: {08EA42D1-3DCF-4253-9406-E8CB8F38301E}

User: DFLORES-01\David Flores

Name: %DFLORES-01271

ID: %DFLORES-01272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %DFLORES-01276

Alert Type: %DFLORES-01278

Detection Type: 1.1.1593.02



-- End of Deckard's System Scanner: finished at 2008-08-09 11:18:54 ------------

#4 don77

don77

    Forum Regular


  • Members
  • 3,212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston Mass
  • Local time:03:19 AM

Posted 09 August 2008 - 01:33 PM

Good work :thumbsup:

Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Please download SDFix by AndyManchesta and save it to your desktop.
When using this tool, you must use the Administrator's account or an account with "Administrative rights"
  • Double click SDFix.exe and it will extract the files to %systemdrive%
  • (this is the drive that contains the Windows Directory, typically C:\SDFix).
  • DO NOT use it just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Open the SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
  • Copy and paste the contents of the results file Report.txt in your next replyalong with a new HijackThis log.
-- If this error message is displayed when running SDFix: "The command prompt has been disabled by your administrator. Press any key to continue..."
Please go to Start Menu > Run > and copy/paste the following line:
%systemdrive%\SDFix\apps\swreg IMPORT %systemdrive%\SDFix\apps\Enable_Command_Prompt.reg
Press Ok and then run SDFix again.

-- If the Command Prompt window flashes on then off again on XP or Win 2000, please go to Start Menu > Run > and copy/paste the following line:
%systemdrive%\SDFix\apps\FixPath.exe /Q
Reboot and then run SDFix again.

-- If SDFix still does not run, check the %comspec% variable. Right-click My Computer > click Properties > Advanced > Environment Variables and check that the ComSpec variable points to cmd.exe.
%SystemRoot%\system32\cmd.exe



Please rescan with DSS again as well please this run it will only produce the main txt which is fine that will be all I need to see for the moment

#5 D_Man

D_Man
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 09 August 2008 - 10:00 PM

Take #3... I ran everything, but it seems as though IE keeps popping up. Now the gory details:

Report.txt


SDFix: Version 1.214
Run by Administrator on Sat 08/09/2008 at 12:31 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: E:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

E:\WINDOWS\system32\khfCssRh.dll - Deleted
E:\Program Files\Webtools\webtools.dll - Deleted
E:\WINDOWS\b152.exe - Deleted
E:\WINDOWS\b155.exe - Deleted
E:\WINDOWS\b158.exe - Deleted
E:\WINDOWS\system32\pac.txt - Deleted


Could Not Remove E:\WINDOWS\system32\drivers\core.cache.dsk

Folder E:\Program Files\Webtools - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-09 18:50:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

IPC error: 2 The system cannot find the file specified.
scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0011954fd497]
"000a28726876"=hex:11,6b,65,65,20,ba,b8,14,11,f1,d5,21,34,9c,3c,85
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0011954fd497]
"000a28726876"=hex:11,6b,65,65,20,ba,b8,14,11,f1,d5,21,34,9c,3c,85
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0011954fd497]
"000a28726876"=hex:11,6b,65,65,20,ba,b8,14,11,f1,d5,21,34,9c,3c,85

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000085
"TracesSuccessful"=dword:00000079

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"E:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YPAGER.EXE"="E:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YPAGER.EXE:*:Enabled:Yahoo! Messenger"
"E:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"="E:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe:*:Enabled:Yahoo! FT Server"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="E:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:*:Enabled:Connection Manager"
"E:\\Program Files\\DietPower 4.0\\Diet.exe"="E:\\Program Files\\DietPower 4.0\\Diet.exe:*:Enabled:DietPower"
"E:\\Program Files\\MSI\\i-Speeder\\i-Speeder.exe"="E:\\Program Files\\MSI\\i-Speeder\\i-Speeder.exe:*:Enabled:i-Speeder"
"E:\\Program Files\\BearShare\\BearShare.exe"="E:\\Program Files\\BearShare\\BearShare.exe:*:Enabled:BearShare"
"E:\\Program Files\\BitTorrent\\bittorrent.exe"="E:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"E:\\Program Files\\BearFlix\\bearflix.exe"="E:\\Program Files\\BearFlix\\bearflix.exe:*:Enabled:BearFlix"
"E:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="E:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\\Program Files\\iTunes\\iTunes.exe"="E:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"E:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="E:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"E:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="E:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"E:\\Program Files\\uTorrent\\uTorrent.exe"="E:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:ęTorrent"
"E:\\Program Files\\TurboTax\\Basic 2007\\32bit\\ttax.exe"="E:\\Program Files\\TurboTax\\Basic 2007\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"E:\\Program Files\\TurboTax\\Basic 2007\\32bit\\updatemgr.exe"="E:\\Program Files\\TurboTax\\Basic 2007\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="E:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"E:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="E:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"E:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="E:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

Remaining Files :

E:\WINDOWS\system32\drivers\core.cache.dsk Found

File Backups: - E:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Sun 13 Nov 2005 24,064 A..H. --- "E:\Veros Stuff\~WRL0711.tmp"
Sun 13 Nov 2005 25,088 A..H. --- "E:\Veros Stuff\~WRL3586.tmp"
Mon 15 Nov 2004 1,876,992 A..H. --- "E:\Veros Stuff\clickartpic\~WRL0004.tmp"
Tue 16 Nov 2004 1,964,032 A..H. --- "E:\Veros Stuff\clickartpic\~WRL0316.tmp"
Thu 15 Jan 2004 4,348 A.SH. --- "E:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 7 Jul 2006 20,480 A..H. --- "E:\Documents and Settings\David Flores\My Documents\~WRL0005.tmp"
Fri 6 Jul 2007 0 A.SH. --- "E:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Thu 8 May 2008 0 A..H. --- "E:\WINDOWS\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\BIT6.tmp"
Fri 21 Jul 2006 30,208 A..H. --- "E:\Documents and Settings\David Flores\Application Data\Microsoft\Word\~WRL3247.tmp"
Thu 15 Jan 2004 4,348 A..H. --- "E:\Documents and Settings\David Flores\My Documents\My Music\License Backup\drmv1key.bak"
Sun 7 Mar 2004 20 A..H. --- "E:\Documents and Settings\David Flores\My Documents\My Music\License Backup\drmv1lic.bak"
Thu 15 Jan 2004 400 A..H. --- "E:\Documents and Settings\David Flores\My Documents\My Music\License Backup\drmv2key.bak"
Sun 7 Mar 2004 46,080 A..H. --- "E:\Documents and Settings\David Flores\My Documents\My Music\License Backup\drmv2lic.bak"
Tue 29 Nov 2005 524,288 A.SH. --- "E:\Deckard\System Scanner\20080809111526\backup\WINDOWS\temp\6llmxpdu.TMP"
Tue 29 Nov 2005 589,824 A.SH. --- "E:\Deckard\System Scanner\20080809111526\backup\WINDOWS\temp\siy2dk99.TMP"
Tue 29 Nov 2005 589,824 A.SH. --- "E:\Deckard\System Scanner\20080809111526\backup\WINDOWS\temp\ylppvflx.TMP"

Finished!


Main.txt

Deckard's System Scanner v20071014.68
Run by David Flores on 2008-08-09 19:52:28
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive E: has 5.59 GiB (less than 15%) free.


-- HijackThis (run as David Flores.exe) ----------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-08-09 19:52:32
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
E:\WINDOWS\system32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Windows Defender\MsMpEng.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\BRSVC01A.EXE
E:\WINDOWS\system32\BRSS01A.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\explorer.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\Program Files\Widcomm\Bluetooth Software\bin\btwdins.exe
E:\Program Files\Yahoo!\Antivirus\iSafe.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
E:\Program Files\No-IP\DUC20.exe
E:\Program Files\ResChanger XP\ResChangerXP.exe
E:\WINDOWS\system32\rundll32.exe
E:\WINDOWS\system32\rmctrl.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\Program Files\Yahoo!\browser\ybrwicon.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Scansoft\PaperPort\pptd40nt.exe
E:\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB.exe
E:\WINDOWS\system32\UStorSrv.exe
E:\WINDOWS\iisvers.exe
E:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
E:\Program Files\Yahoo!\Antivirus\CAVTray.exe
E:\Program Files\Yahoo!\Antivirus\VetMsg.exe
E:\Program Files\Yahoo!\browser\ycommon.exe
E:\Program Files\Yahoo!\Antivirus\CAVRid.exe
E:\WINDOWS\system32\rundll32.exe
E:\Program Files\Windows Defender\MSASCui.exe
C:\program files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\Program Files\Yahoo!\YOP\yop.exe
E:\Program Files\QuickTime\QTTask.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\MSI\Live Update 3\LMonitor.exe
E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\program files\MusicMatch\MusicMatch Jukebox\mim.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Microsoft ActiveSync\wcescomm.exe
E:\Program Files\Windows Media Player\wmpnscfg.exe
C:\program files\MusicMatch\MusicMatch Jukebox\MMDiag.exe
C:\program files\E-Color\Common\IconMgr.exe
E:\WINDOWS\system32\wscntfy.exe
E:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
E:\Program Files\Microsoft ActiveSync\rapimgr.exe
C:\program files\E-Color\E-Color Indicator\TICIcon.exe
E:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Documents and Settings\David Flores\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://home.microsoft.com/search/lobby/search.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: ChangerBHO Class - {0D4C7057-EAD2-44C6-AD18-9092905F28F1} - E:\WINDOWS\system32\avifil32b.dll (file missing)
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - E:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - E:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {97BBAAA9-4ED1-4502-B3B4-AACD0288D360} - E:\WINDOWS\system32\pmnnMdbB.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - E:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - E:\Program Files\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O4 - HKLM\..\Run: [ResChangerXP] E:\Program Files\ResChanger XP\ResChangerXP.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [RemoteControl] E:\WINDOWS\System32\rmctrl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WinFavorites] c:\program files\winfavorites\WinFavorites.exe1
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [YBrowser] E:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "E:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [PaperPort PTD] E:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] E:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [Motive SmartBridge] E:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [wnddrv] E:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [iisvers] E:\WINDOWS\iisvers.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "E:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [CaAvTray] "E:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "E:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Windows Defender] "E:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~2\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [PRISMSVR.EXE] "E:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YOP] E:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LiveMonitor] E:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "E:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Yahoo! Pager] "E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "E:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [WMPNSCFG] E:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [qomw] E:\Program Files\Common Files\qomw\qomwm.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "E:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "E:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: E-Color.lnk = C:\program files\E-Color\Common\IconMgr.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SmartUI.lnk = E:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
O8 - Extra context menu item: &Yahoo! Search - file:///E:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///E:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///E:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///E:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\WINDOWS\system32\msjava.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\Widcomm\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\Widcomm\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://online.musicmatch.com (HKLM)
O15 - Trusted Zone: https://turbotax.com (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/0/5...heckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - E:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O16 - DPF: {33363249-0000-0010-8000-00AA00389B71} () - http://codecs.microsoft.com/codecs/i386/i263_32.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1133454522281
O16 - DPF: {9656B666-992F-4D74-8588-8CA69E97D90C} () - http://www.commonname.com/eng/oneclick/uninstbb.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} () - http://v4.windowsupdate.microsoft.com/CAB/...7813.4484722222
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://download.yahoo.com/dl/installs/ymail/ymmapi.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - E:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - E:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - E:\Program Files\Microsoft ActiveSync\aatp.dll (file missing)
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - E:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - E:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - E:\WINDOWS\system32\BRSVC01A.EXE
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - E:\Program Files\Widcomm\Bluetooth Software\bin\btwdins.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - E:\Program Files\Yahoo!\Antivirus\iSafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NoIPDUCService - Vitalwerks LLC - E:\Program Files\No-IP\DUC20.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: UStorage Server Service - OTi - E:\WINDOWS\system32\UStorSrv.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - E:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - E:\WINDOWS\system32\YPcservice.exe


--
End of file - 14544 bytes

-- Files created between 2008-07-09 and 2008-08-09 -----------------------------

2008-08-09 12:24:50 0 d-------- E:\WINDOWS\ERUNT
2008-08-09 12:23:24 0 d-------- E:\Documents and Settings\Administrator\Favorites
2008-08-09 12:23:24 0 d-------- E:\Documents and Settings\Administrator\Desktop
2008-08-09 12:23:24 0 d--hs---- E:\Documents and Settings\Administrator\Cookies
2008-08-09 12:23:24 0 dr-h----- E:\Documents and Settings\Administrator\Application Data
2008-08-09 12:23:24 0 d---s---- E:\Documents and Settings\Administrator\Application Data\Microsoft
2008-08-09 12:23:23 0 d--h----- E:\Documents and Settings\Administrator\Templates
2008-08-09 12:23:23 0 dr------- E:\Documents and Settings\Administrator\Start Menu
2008-08-09 12:23:23 0 dr-h----- E:\Documents and Settings\Administrator\SendTo
2008-08-09 12:23:23 0 d--h----- E:\Documents and Settings\Administrator\Recent
2008-08-09 12:23:23 0 d--h----- E:\Documents and Settings\Administrator\PrintHood
2008-08-09 12:23:23 0 d--h----- E:\Documents and Settings\Administrator\NetHood
2008-08-09 12:23:23 0 d-------- E:\Documents and Settings\Administrator\My Documents
2008-08-09 12:23:23 0 d--h----- E:\Documents and Settings\Administrator\Local Settings
2008-08-09 12:23:22 524288 --ah----- E:\Documents and Settings\Administrator\NTUSER.DAT
2008-08-09 00:08:50 2048 --a------ E:\WINDOWS\system32\qnvsnmom.exe
2008-08-08 00:40:47 86144 --a------ E:\WINDOWS\system32\drivers\ati1xbxxx.sys
2008-08-08 00:40:44 0 d-------- E:\WINDOWS\system32\gps
2008-08-08 00:40:44 0 d-------- E:\WINDOWS\system32\fx
2008-08-08 00:40:29 26112 --a------ E:\WINDOWS\system32\tuvVOGwT.dll
2008-08-08 00:40:28 0 d-------- E:\WINDOWS\system32\kBin19
2008-08-08 00:40:28 26112 --a------ E:\WINDOWS\system32\cbXpOFxw.dll
2008-08-08 00:07:03 2048 --a------ E:\WINDOWS\system32\yxecldfp.exe
2008-08-08 00:06:35 89088 --a------ E:\WINDOWS\system32\xofgqfsr.dll
2008-08-07 23:39:53 0 d-------- E:\Program Files\Mjcore
2008-08-07 00:06:39 2048 --a------ E:\WINDOWS\system32\edlsator.exe
2008-08-07 00:06:35 107008 --a------ E:\WINDOWS\system32\yovvdltr.dll
2008-08-07 00:06:35 107008 --a------ E:\WINDOWS\system32\sdrqko.dll
2008-08-06 22:04:28 107008 --a------ E:\WINDOWS\system32\ufetny.dll
2008-08-06 22:04:26 107008 --a------ E:\WINDOWS\system32\ktksfybx.dll
2008-08-06 22:03:34 889281 --ahs---- E:\WINDOWS\system32\BbdMnnmp.ini2
2008-08-06 22:03:29 312320 --a------ E:\WINDOWS\system32\pmnnMdbB.dll
2008-08-06 21:58:25 26112 --a------ E:\WINDOWS\system32\pmnkHXqR.dll
2008-08-06 21:58:23 26112 --a------ E:\WINDOWS\system32\yayxyxXn.dll
2008-08-06 21:58:23 26112 --a------ E:\WINDOWS\system32\xxywWpqP.dll


-- Find3M Report ---------------------------------------------------------------

2008-08-09 10:57:55 0 d-------- E:\Program Files\Common Files
2008-08-09 10:56:46 0 d-------- E:\Program Files\BitTorrent
2008-08-09 10:56:26 0 d-------- E:\Program Files\BearFlix
2008-08-09 10:56:08 0 d-------- E:\Program Files\BearShare
2008-08-09 08:44:20 0 d-------- E:\Program Files\Java
2008-08-09 08:29:33 0 dr-h----- E:\Documents and Settings\David Flores\Application Data\yahoo!
2008-08-08 00:20:57 0 d-------- E:\Program Files\Common Files\qomw
2008-06-29 18:18:45 0 d-------- E:\Program Files\MSI
2008-06-29 18:16:56 0 d-------- E:\Program Files\Setup Files
2008-05-30 06:21:43 38416 --a------ E:\Documents and Settings\David Flores\Application Data\GDIPFONTCACHEV1.DAT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D4C7057-EAD2-44C6-AD18-9092905F28F1}]
E:\WINDOWS\system32\avifil32b.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{97BBAAA9-4ED1-4502-B3B4-AACD0288D360}]
08/06/2008 10:03 PM 312320 --a------ E:\WINDOWS\system32\pmnnMdbB.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
07/28/2008 03:46 AM 160496 --a------ E:\Program Files\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ResChangerXP"="E:\Program Files\ResChanger XP\ResChangerXP.exe" [02/14/2002 11:33 AM]
"Cmaudio"="cmicnfg.cpl" []
"RemoteControl"="E:\WINDOWS\System32\rmctrl.exe" [10/16/2000 09:37 AM]
"NvCplDaemon"="E:\WINDOWS\system32\NvCpl.dll" [10/22/2006 01:22 PM]
"WinFavorites"="c:\program files\winfavorites\WinFavorites.exe1" []
"NeroFilterCheck"="E:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 03:50 AM]
"YBrowser"="E:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [07/21/2006 05:19 PM]
"IPInSightMonitor 01"="E:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe" [07/14/2003 12:30 PM]
"PaperPort PTD"="E:\Program Files\Scansoft\PaperPort\pptd40nt.exe" [08/12/2002 10:33 AM]
"IndexSearch"="E:\Program Files\Scansoft\PaperPort\IndexSearch.exe" [08/12/2002 11:07 AM]
"EPSON Stylus Photo R300 Series"="E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.exe" [06/04/2003 03:00 AM]
"Motive SmartBridge"="E:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [08/18/2006 06:13 PM]
"wnddrv"="E:\WINDOWS\svchost.exe" []
"iisvers"="E:\WINDOWS\iisvers.exe" [02/13/2005 11:28 PM]
"Adobe Photo Downloader"="E:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/06/2005 11:46 PM]
"CaAvTray"="E:\Program Files\Yahoo!\Antivirus\CAVTray.exe" [09/13/2005 11:15 PM]
"CAVRID"="E:\Program Files\Yahoo!\Antivirus\CAVRID.exe" [09/13/2005 11:15 PM]
"BluetoothAuthenticationAgent"="bthprops.cpl" [08/04/2004 12:56 AM E:\WINDOWS\system32\bthprops.cpl]
"Windows Defender"="E:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"MimBoot"="C:\PROGRA~2\MUSICM~1\MUSICM~1\mimboot.exe" [11/07/2006 04:41 PM]
"MMTray"="C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe" [11/07/2006 04:41 PM]
"PRISMSVR.EXE"="E:\WINDOWS\system32\PRISMSVR.exe" []
"nwiz"="nwiz.exe" [10/22/2006 01:22 PM E:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="E:\WINDOWS\system32\NvMcTray.dll" [10/22/2006 01:22 PM]
"TkBellExe"="E:\Program Files\Common Files\Real\Update_OB\realsched.exe" [10/11/2006 11:50 PM]
"YOP"="E:\PROGRA~1\Yahoo!\YOP\yop.exe" [07/21/2006 11:43 AM]
"QuickTime Task"="E:\Program Files\QuickTime\QTTask.exe" [11/15/2007 12:43 AM]
"iTunesHelper"="E:\Program Files\iTunes\iTunesHelper.exe" [11/15/2007 02:11 PM]
"Adobe Reader Speed Launcher"="E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"LiveMonitor"="E:\Program Files\MSI\Live Update 3\LMonitor.exe" [04/30/2008 06:30 PM]
"SunJavaUpdateSched"="E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="E:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"Spyware Doctor"="E:\Program Files\Spyware Doctor\swdoctor.exe" []
"Yahoo! Pager"="E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [03/01/2007 06:11 PM]
"H/PC Connection Agent"="E:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [11/13/2006 02:39 PM]
"WMPNSCFG"="E:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 09:05 PM]
"qomw"="E:\Program Files\Common Files\qomw\qomwm.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="E:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

E:\Documents and Settings\All Users\Start Menu\Programs\Startup\
E-Color.lnk - C:\program files\E-Color\Common\IconMgr.exe [7/11/2003 5:01:20 AM]
Microsoft Office.lnk - E:\Program Files\Microsoft Office\Office\OSA9.EXE [1/21/2000 1:15:54 AM]
SmartUI.lnk - E:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe [8/12/2002 10:00:40 AM]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 E:\WINDOWS\system32\pmnnMdbB

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=E:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]
path=E:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk
backup=E:\WINDOWS\pss\BTTray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^David Flores^Start Menu^Programs^Startup^No-IP DUC.lnk]
path=E:\Documents and Settings\David Flores\Start Menu\Programs\Startup\No-IP DUC.lnk
backup=E:\WINDOWS\pss\No-IP DUC.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"E:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tunebite.exe]
E:\Program Files\tunebite\tunebite.exe -hidden

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
E:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zango]
"e:\program files\zango\zango.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ




-- End of Deckard's System Scanner: finished at 2008-08-09 19:53:53 ------------

#6 don77

don77

    Forum Regular


  • Members
  • 3,212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston Mass
  • Local time:03:19 AM

Posted 09 August 2008 - 10:08 PM

Still some cleaning left to go,,

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • The next screen will ask you to select the drives to scan. Leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Post back a fresh DSS log as well upon completion of running MBAM

#7 D_Man

D_Man
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 09 August 2008 - 11:59 PM

Take #4:

mbam_log:

Malwarebytes' Anti-Malware 1.24
Database version: 1036
Windows 5.1.2600 Service Pack 2

9:47:50 PM 8/9/2008
mbam-log-8-9-2008 (21-47-50).txt

Scan type: Quick Scan
Objects scanned: 51088
Time elapsed: 10 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 49
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 5
Files Infected: 23

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
E:\WINDOWS\system32\pmnnMdbB.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{97bbaaa9-4ed1-4502-b3b4-aacd0288d360} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{97bbaaa9-4ed1-4502-b3b4-aacd0288d360} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\AppID\{80ef304a-b1c4-425c-8535-95ab6f1eefb8} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17e44256-51e0-4d46-a0c8-44e80ab4ba5b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e0f01490-dcf3-4357-95aa-169a8c2b2190} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{ff46f4ab-a85f-487e-b399-3f191ac0fe23} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{63334394-3da3-4b29-a041-03535909d361} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\testcpv6.bho (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\testcpv6.bho.1 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostie.bho (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostie.bho.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.htmlmenuui (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.htmlmenuui.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.toolbarctl (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.toolbarctl.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\srv.coreservices (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\srv.coreservices.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostol.mailanim (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostol.mailanim.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbmain.commband (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbmain.commband.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\coresrv.lfgax (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\coresrv.lfgax.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostol.webmailsend (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostol.webmailsend.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bf1bf02c-5a86-4ecf-adac-472c54c4d21e} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\instie.hbinstobj (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\instie.hbinstobj.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\coresrv.coreservices (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\coresrv.coreservices.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbr.hbmain (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbr.hbmain.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Features\9ee2330ae5f4470cac801baac83818c9 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\568267acfc5644dab06f058006ddbae3 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\BHO_MyJavaCore.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\testCPV6.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch (Adware.BookedSpace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: e:\windows\system32\pmnnmdbb -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: e:\windows\system32\pmnnmdbb -> Delete on reboot.

Folders Infected:
E:\Program Files\MyGlobalSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyGlobalSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyGlobalSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyGlobalSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\Mjcore (Trojan.BHO) -> Quarantined and deleted successfully.

Files Infected:
E:\WINDOWS\system32\pmnnMdbB.dll (Trojan.Vundo) -> Delete on reboot.
E:\WINDOWS\system32\BbdMnnmp.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\BbdMnnmp.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\drivers\ati1xbxxx.sys (Rootkit.Agent) -> Delete on reboot.
E:\Program Files\Mjcore\Mjcore.dll (Trojan.BHO) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\edlsator.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\qnvsnmom.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\yxecldfp.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\Documents and Settings\David Flores\Local Settings\Temporary Internet Files\Content.IE5\V398E9GW\kb65666[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\Program Files\MyGlobalSearch\bar\History\search (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyGlobalSearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\Program Files\MyGlobalSearch\bar\Settings\settings.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
E:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\xxywWpqP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\tuvVOGwT.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\cbXpOFxw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\pmnkHXqR.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\yayxyxXn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\BMef3053e0.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\BMef3053e0.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\drivers\core.cache.dsk (Rootkit.Agent) -> Delete on reboot.


DSS main.txt

Deckard's System Scanner v20071014.68
Run by David Flores on 2008-08-09 21:57:33
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive E: has 6.31 GiB (less than 15%) free.


-- HijackThis (run as David Flores.exe) ----------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-08-09 21:58:00
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
E:\WINDOWS\system32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Windows Defender\MsMpEng.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\BRSVC01A.EXE
E:\WINDOWS\system32\BRSS01A.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\explorer.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\Program Files\Widcomm\Bluetooth Software\bin\btwdins.exe
E:\Program Files\Yahoo!\Antivirus\iSafe.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
E:\Program Files\No-IP\DUC20.exe
E:\Program Files\ResChanger XP\ResChangerXP.exe
E:\WINDOWS\system32\rundll32.exe
E:\WINDOWS\system32\rmctrl.exe
E:\Program Files\Yahoo!\browser\ybrwicon.exe
E:\Program Files\Scansoft\PaperPort\pptd40nt.exe
E:\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB.exe
E:\WINDOWS\iisvers.exe
E:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
E:\Program Files\Yahoo!\Antivirus\CAVTray.exe
E:\Program Files\Yahoo!\Antivirus\CAVRid.exe
E:\Program Files\Yahoo!\browser\ycommon.exe
E:\WINDOWS\system32\rundll32.exe
E:\Program Files\Windows Defender\MSASCui.exe
E:\WINDOWS\system32\nvsvc32.exe
C:\program files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\Program Files\Yahoo!\YOP\yop.exe
C:\program files\MusicMatch\MusicMatch Jukebox\MMDiag.exe
E:\Program Files\QuickTime\QTTask.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\WINDOWS\system32\UStorSrv.exe
E:\Program Files\MSI\Live Update 3\LMonitor.exe
E:\Program Files\Yahoo!\Antivirus\VetMsg.exe
E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\program files\MusicMatch\MusicMatch Jukebox\mim.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Microsoft ActiveSync\wcescomm.exe
E:\Program Files\Windows Media Player\wmpnscfg.exe
C:\program files\E-Color\Common\IconMgr.exe
E:\Program Files\Microsoft ActiveSync\rapimgr.exe
E:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
E:\WINDOWS\system32\wscntfy.exe
C:\program files\E-Color\E-Color Indicator\TICIcon.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\MSI\i-Speeder\i-Speeder.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Documents and Settings\David Flores\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://home.microsoft.com/search/lobby/search.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: ChangerBHO Class - {0D4C7057-EAD2-44C6-AD18-9092905F28F1} - E:\WINDOWS\system32\avifil32b.dll (file missing)
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - E:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - E:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - E:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - E:\Program Files\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O4 - HKLM\..\Run: [ResChangerXP] E:\Program Files\ResChanger XP\ResChangerXP.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [RemoteControl] E:\WINDOWS\System32\rmctrl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WinFavorites] c:\program files\winfavorites\WinFavorites.exe1
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [YBrowser] E:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "E:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [PaperPort PTD] E:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] E:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [Motive SmartBridge] E:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [wnddrv] E:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [iisvers] E:\WINDOWS\iisvers.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "E:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [CaAvTray] "E:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "E:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Windows Defender] "E:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~2\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [PRISMSVR.EXE] "E:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YOP] E:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LiveMonitor] E:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "E:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Yahoo! Pager] "E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "E:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [WMPNSCFG] E:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [qomw] E:\Program Files\Common Files\qomw\qomwm.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "E:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "E:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: E-Color.lnk = C:\program files\E-Color\Common\IconMgr.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SmartUI.lnk = E:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
O8 - Extra context menu item: &Yahoo! Search - file:///E:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///E:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///E:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///E:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\WINDOWS\system32\msjava.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\Widcomm\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\Widcomm\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://online.musicmatch.com (HKLM)
O15 - Trusted Zone: https://turbotax.com (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/0/5...heckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - E:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O16 - DPF: {33363249-0000-0010-8000-00AA00389B71} () - http://codecs.microsoft.com/codecs/i386/i263_32.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1133454522281
O16 - DPF: {9656B666-992F-4D74-8588-8CA69E97D90C} () - http://www.commonname.com/eng/oneclick/uninstbb.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} () - http://v4.windowsupdate.microsoft.com/CAB/...7813.4484722222
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://download.yahoo.com/dl/installs/ymail/ymmapi.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - E:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - E:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - E:\Program Files\Microsoft ActiveSync\aatp.dll (file missing)
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - E:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - E:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - E:\WINDOWS\system32\BRSVC01A.EXE
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - E:\Program Files\Widcomm\Bluetooth Software\bin\btwdins.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - E:\Program Files\Yahoo!\Antivirus\iSafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NoIPDUCService - Vitalwerks LLC - E:\Program Files\No-IP\DUC20.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: UStorage Server Service - OTi - E:\WINDOWS\system32\UStorSrv.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - E:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - E:\WINDOWS\system32\YPcservice.exe


--
End of file - 14489 bytes

-- Files created between 2008-07-09 and 2008-08-09 -----------------------------

2008-08-09 20:53:50 0 d-------- E:\Documents and Settings\David Flores\Application Data\Malwarebytes
2008-08-09 20:53:40 0 d-------- E:\Program Files\Malwarebytes' Anti-Malware
2008-08-09 20:53:40 0 d-------- E:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-09 12:24:50 0 d-------- E:\WINDOWS\ERUNT
2008-08-09 12:23:24 0 d-------- E:\Documents and Settings\Administrator\Favorites
2008-08-09 12:23:24 0 d-------- E:\Documents and Settings\Administrator\Desktop
2008-08-09 12:23:24 0 d--hs---- E:\Documents and Settings\Administrator\Cookies
2008-08-09 12:23:24 0 dr-h----- E:\Documents and Settings\Administrator\Application Data
2008-08-09 12:23:24 0 d---s---- E:\Documents and Settings\Administrator\Application Data\Microsoft
2008-08-09 12:23:23 0 d--h----- E:\Documents and Settings\Administrator\Templates
2008-08-09 12:23:23 0 dr------- E:\Documents and Settings\Administrator\Start Menu
2008-08-09 12:23:23 0 dr-h----- E:\Documents and Settings\Administrator\SendTo
2008-08-09 12:23:23 0 d--h----- E:\Documents and Settings\Administrator\Recent
2008-08-09 12:23:23 0 d--h----- E:\Documents and Settings\Administrator\PrintHood
2008-08-09 12:23:23 0 d--h----- E:\Documents and Settings\Administrator\NetHood
2008-08-09 12:23:23 0 d-------- E:\Documents and Settings\Administrator\My Documents
2008-08-09 12:23:23 0 d--h----- E:\Documents and Settings\Administrator\Local Settings
2008-08-09 12:23:22 524288 --ah----- E:\Documents and Settings\Administrator\NTUSER.DAT
2008-08-08 00:40:44 0 d-------- E:\WINDOWS\system32\gps
2008-08-08 00:40:44 0 d-------- E:\WINDOWS\system32\fx
2008-08-08 00:40:28 0 d-------- E:\WINDOWS\system32\kBin19
2008-08-08 00:06:35 89088 --a------ E:\WINDOWS\system32\xofgqfsr.dll
2008-08-07 00:06:35 107008 --a------ E:\WINDOWS\system32\yovvdltr.dll
2008-08-07 00:06:35 107008 --a------ E:\WINDOWS\system32\sdrqko.dll
2008-08-06 22:04:28 107008 --a------ E:\WINDOWS\system32\ufetny.dll
2008-08-06 22:04:26 107008 --a------ E:\WINDOWS\system32\ktksfybx.dll


-- Find3M Report ---------------------------------------------------------------

2008-08-09 10:57:55 0 d-------- E:\Program Files\Common Files
2008-08-09 10:56:46 0 d-------- E:\Program Files\BitTorrent
2008-08-09 10:56:26 0 d-------- E:\Program Files\BearFlix
2008-08-09 10:56:08 0 d-------- E:\Program Files\BearShare
2008-08-09 08:44:20 0 d-------- E:\Program Files\Java
2008-08-09 08:29:33 0 dr-h----- E:\Documents and Settings\David Flores\Application Data\yahoo!
2008-08-08 00:20:57 0 d-------- E:\Program Files\Common Files\qomw
2008-06-29 18:18:45 0 d-------- E:\Program Files\MSI
2008-06-29 18:16:56 0 d-------- E:\Program Files\Setup Files
2008-05-30 06:21:43 38416 --a------ E:\Documents and Settings\David Flores\Application Data\GDIPFONTCACHEV1.DAT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D4C7057-EAD2-44C6-AD18-9092905F28F1}]
E:\WINDOWS\system32\avifil32b.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
07/28/2008 03:46 AM 160496 --a------ E:\Program Files\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ResChangerXP"="E:\Program Files\ResChanger XP\ResChangerXP.exe" [02/14/2002 11:33 AM]
"Cmaudio"="cmicnfg.cpl" []
"RemoteControl"="E:\WINDOWS\System32\rmctrl.exe" [10/16/2000 09:37 AM]
"NvCplDaemon"="E:\WINDOWS\system32\NvCpl.dll" [10/22/2006 01:22 PM]
"WinFavorites"="c:\program files\winfavorites\WinFavorites.exe1" []
"NeroFilterCheck"="E:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 03:50 AM]
"YBrowser"="E:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [07/21/2006 05:19 PM]
"IPInSightMonitor 01"="E:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe" [07/14/2003 12:30 PM]
"PaperPort PTD"="E:\Program Files\Scansoft\PaperPort\pptd40nt.exe" [08/12/2002 10:33 AM]
"IndexSearch"="E:\Program Files\Scansoft\PaperPort\IndexSearch.exe" [08/12/2002 11:07 AM]
"EPSON Stylus Photo R300 Series"="E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.exe" [06/04/2003 03:00 AM]
"Motive SmartBridge"="E:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [08/18/2006 06:13 PM]
"wnddrv"="E:\WINDOWS\svchost.exe" []
"iisvers"="E:\WINDOWS\iisvers.exe" [02/13/2005 11:28 PM]
"Adobe Photo Downloader"="E:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/06/2005 11:46 PM]
"CaAvTray"="E:\Program Files\Yahoo!\Antivirus\CAVTray.exe" [09/13/2005 11:15 PM]
"CAVRID"="E:\Program Files\Yahoo!\Antivirus\CAVRID.exe" [09/13/2005 11:15 PM]
"BluetoothAuthenticationAgent"="bthprops.cpl" [08/04/2004 12:56 AM E:\WINDOWS\system32\bthprops.cpl]
"Windows Defender"="E:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"MimBoot"="C:\PROGRA~2\MUSICM~1\MUSICM~1\mimboot.exe" [11/07/2006 04:41 PM]
"MMTray"="C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe" [11/07/2006 04:41 PM]
"PRISMSVR.EXE"="E:\WINDOWS\system32\PRISMSVR.exe" []
"nwiz"="nwiz.exe" [10/22/2006 01:22 PM E:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="E:\WINDOWS\system32\NvMcTray.dll" [10/22/2006 01:22 PM]
"TkBellExe"="E:\Program Files\Common Files\Real\Update_OB\realsched.exe" [10/11/2006 11:50 PM]
"YOP"="E:\PROGRA~1\Yahoo!\YOP\yop.exe" [07/21/2006 11:43 AM]
"QuickTime Task"="E:\Program Files\QuickTime\QTTask.exe" [11/15/2007 12:43 AM]
"iTunesHelper"="E:\Program Files\iTunes\iTunesHelper.exe" [11/15/2007 02:11 PM]
"Adobe Reader Speed Launcher"="E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"LiveMonitor"="E:\Program Files\MSI\Live Update 3\LMonitor.exe" [04/30/2008 06:30 PM]
"SunJavaUpdateSched"="E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="E:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"Spyware Doctor"="E:\Program Files\Spyware Doctor\swdoctor.exe" []
"Yahoo! Pager"="E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [03/01/2007 06:11 PM]
"H/PC Connection Agent"="E:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [11/13/2006 02:39 PM]
"WMPNSCFG"="E:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 09:05 PM]
"qomw"="E:\Program Files\Common Files\qomw\qomwm.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="E:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

E:\Documents and Settings\All Users\Start Menu\Programs\Startup\
E-Color.lnk - C:\program files\E-Color\Common\IconMgr.exe [7/11/2003 5:01:20 AM]
Microsoft Office.lnk - E:\Program Files\Microsoft Office\Office\OSA9.EXE [1/21/2000 1:15:54 AM]
SmartUI.lnk - E:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe [8/12/2002 10:00:40 AM]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=E:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]
path=E:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk
backup=E:\WINDOWS\pss\BTTray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^David Flores^Start Menu^Programs^Startup^No-IP DUC.lnk]
path=E:\Documents and Settings\David Flores\Start Menu\Programs\Startup\No-IP DUC.lnk
backup=E:\WINDOWS\pss\No-IP DUC.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"E:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tunebite.exe]
E:\Program Files\tunebite\tunebite.exe -hidden

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
E:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zango]
"e:\program files\zango\zango.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ




-- End of Deckard's System Scanner: finished at 2008-08-09 21:59:02 ------------

#8 don77

don77

    Forum Regular


  • Members
  • 3,212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston Mass
  • Local time:03:19 AM

Posted 10 August 2008 - 04:05 PM

Getting closer :thumbsup:


Please restart HJT put a check next to the following, close all open windows and click “Fix Checked”

O2 - BHO: ChangerBHO Class - {0D4C7057-EAD2-44C6-AD18-9092905F28F1} - E:\WINDOWS\system32\avifil32b.dll (file missing)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - E:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
O4 - HKLM\..\Run: [wnddrv] E:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [iisvers] E:\WINDOWS\iisvers.exe
O4 - HKCU\..\Run: [Spyware Doctor] "E:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [qomw] E:\Program Files\Common Files\qomw\qomwm.exe



Close out HJT

Next


Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    E:\WINDOWS\iisvers.exe
    E:\WINDOWS\system32\gps
    E:\WINDOWS\system32\fx
    E:\WINDOWS\system32\kBin19
    E:\WINDOWS\system32\xofgqfsr.dll
    E:\WINDOWS\system32\yovvdltr.dll
    E:\WINDOWS\system32\sdrqko.dll
    E:\WINDOWS\system32\ufetny.dll
    E:\WINDOWS\system32\ktksfybx.dll
    E:\Program Files\BitTorrent
    E:\Program Files\BearShare
    e:\program files\zango

  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


Rescan with DSS and post back the main txt for me please, Let me know how the machine is running now please

#9 D_Man

D_Man
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 11 August 2008 - 03:25 AM

Hmmmmm.... that was wierd... I got a message bugging out about my version of HJT.
OK, here's the log info fro HJT:

HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:21:37 AM, on 8/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Windows Defender\MsMpEng.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\brsvc01a.exe
E:\WINDOWS\System32\brss01a.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
E:\Program Files\Yahoo!\Antivirus\ISafe.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
E:\Program Files\No-IP\DUC20.exe
E:\Program Files\ResChanger XP\ResChangerXP.exe
E:\WINDOWS\system32\RunDll32.exe
E:\WINDOWS\System32\rmctrl.exe
E:\Program Files\Scansoft\PaperPort\pptd40nt.exe
E:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
E:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
E:\PROGRA~1\Yahoo!\browser\ycommon.exe
E:\WINDOWS\system32\rundll32.exe
E:\Program Files\Windows Defender\MSASCui.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\System32\svchost.exe
E:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\PROGRA~2\MUSICM~1\MUSICM~1\MMDiag.exe
E:\Program Files\QuickTime\QTTask.exe
E:\WINDOWS\system32\UStorSrv.exe
E:\Program Files\MSI\Live Update 3\LMonitor.exe
E:\Program Files\Yahoo!\Antivirus\VetMsg.exe
E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\program files\MusicMatch\MusicMatch Jukebox\mim.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Microsoft ActiveSync\Wcescomm.exe
E:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\program files\E-Color\Common\IconMgr.exe
E:\PROGRA~1\MICROS~4\rapimgr.exe
E:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
E:\WINDOWS\system32\wscntfy.exe
C:\Program Files\E-Color\E-Color Indicator\TICIcon.exe
E:\Program Files\MSI\i-Speeder\i-Speeder.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - E:\PROGRA~1\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - E:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - E:\Program Files\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O4 - HKLM\..\Run: [ResChangerXP] E:\Program Files\ResChanger XP\ResChangerXP.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [RemoteControl] E:\WINDOWS\System32\rmctrl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WinFavorites] c:\program files\winfavorites\WinFavorites.exe1
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [YBrowser] E:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "E:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [PaperPort PTD] E:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] E:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [Motive SmartBridge] E:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "E:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [CaAvTray] "E:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "E:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Windows Defender] "E:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~2\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [PRISMSVR.EXE] "E:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YOP] E:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LiveMonitor] E:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "E:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [WMPNSCFG] E:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "E:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "E:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: E-Color.lnk = C:\program files\E-Color\Common\IconMgr.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SmartUI.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///E:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///E:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///E:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///E:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\WINDOWS\System32\msjava.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: E:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - E:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1133454522281
O16 - DPF: {9656B666-992F-4D74-8588-8CA69E97D90C} - http://www.commonname.com/eng/oneclick/uninstbb.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - E:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - E:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - E:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NoIPDUCService - Vitalwerks LLC - E:\Program Files\No-IP\DUC20.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: UStorage Server Service - OTi - E:\WINDOWS\system32\UStorSrv.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - E:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - E:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 11523 bytes


DSS Main.txt
Deckard's System Scanner v20071014.68
Run by David Flores on 2008-08-11 01:24:24
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive E: has 6.3 GiB (less than 15%) free.


-- HijackThis (run as David Flores.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:24:32 AM, on 8/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Windows Defender\MsMpEng.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\brsvc01a.exe
E:\WINDOWS\System32\brss01a.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
E:\Program Files\Yahoo!\Antivirus\ISafe.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
E:\Program Files\No-IP\DUC20.exe
E:\Program Files\ResChanger XP\ResChangerXP.exe
E:\WINDOWS\system32\RunDll32.exe
E:\WINDOWS\System32\rmctrl.exe
E:\Program Files\Scansoft\PaperPort\pptd40nt.exe
E:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
E:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
E:\PROGRA~1\Yahoo!\browser\ycommon.exe
E:\WINDOWS\system32\rundll32.exe
E:\Program Files\Windows Defender\MSASCui.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\System32\svchost.exe
E:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\PROGRA~2\MUSICM~1\MUSICM~1\MMDiag.exe
E:\Program Files\QuickTime\QTTask.exe
E:\WINDOWS\system32\UStorSrv.exe
E:\Program Files\MSI\Live Update 3\LMonitor.exe
E:\Program Files\Yahoo!\Antivirus\VetMsg.exe
E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\program files\MusicMatch\MusicMatch Jukebox\mim.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Microsoft ActiveSync\Wcescomm.exe
E:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\program files\E-Color\Common\IconMgr.exe
E:\PROGRA~1\MICROS~4\rapimgr.exe
E:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
E:\WINDOWS\system32\wscntfy.exe
C:\Program Files\E-Color\E-Color Indicator\TICIcon.exe
E:\Program Files\MSI\i-Speeder\i-Speeder.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Documents and Settings\David Flores\Desktop\dss.exe
E:\PROGRA~1\TRENDM~1\HIJACK~1\David Flores.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - E:\PROGRA~1\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - E:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - E:\Program Files\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O4 - HKLM\..\Run: [ResChangerXP] E:\Program Files\ResChanger XP\ResChangerXP.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [RemoteControl] E:\WINDOWS\System32\rmctrl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WinFavorites] c:\program files\winfavorites\WinFavorites.exe1
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [YBrowser] E:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "E:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [PaperPort PTD] E:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] E:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [Motive SmartBridge] E:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "E:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [CaAvTray] "E:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "E:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Windows Defender] "E:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~2\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [PRISMSVR.EXE] "E:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YOP] E:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LiveMonitor] E:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "E:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [WMPNSCFG] E:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "E:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "E:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: E-Color.lnk = C:\program files\E-Color\Common\IconMgr.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SmartUI.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///E:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///E:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///E:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///E:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\WINDOWS\System32\msjava.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: E:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - E:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1133454522281
O16 - DPF: {9656B666-992F-4D74-8588-8CA69E97D90C} - http://www.commonname.com/eng/oneclick/uninstbb.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - E:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - E:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - E:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NoIPDUCService - Vitalwerks LLC - E:\Program Files\No-IP\DUC20.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: UStorage Server Service - OTi - E:\WINDOWS\system32\UStorSrv.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - E:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - E:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 11571 bytes

-- Files created between 2008-07-11 and 2008-08-11 -----------------------------

2008-08-11 01:18:24 0 d-------- E:\Program Files\Trend Micro
2008-08-09 20:53:50 0 d-------- E:\Documents and Settings\David Flores\Application Data\Malwarebytes
2008-08-09 20:53:40 0 d-------- E:\Program Files\Malwarebytes' Anti-Malware
2008-08-09 20:53:40 0 d-------- E:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-09 12:24:50 0 d-------- E:\WINDOWS\ERUNT
2008-08-09 12:23:24 0 d-------- E:\Documents and Settings\Administrator\Favorites
2008-08-09 12:23:24 0 d-------- E:\Documents and Settings\Administrator\Desktop
2008-08-09 12:23:24 0 d--hs---- E:\Documents and Settings\Administrator\Cookies
2008-08-09 12:23:24 0 dr-h----- E:\Documents and Settings\Administrator\Application Data
2008-08-09 12:23:24 0 d---s---- E:\Documents and Settings\Administrator\Application Data\Microsoft
2008-08-09 12:23:23 0 d--h----- E:\Documents and Settings\Administrator\Templates
2008-08-09 12:23:23 0 dr------- E:\Documents and Settings\Administrator\Start Menu
2008-08-09 12:23:23 0 dr-h----- E:\Documents and Settings\Administrator\SendTo
2008-08-09 12:23:23 0 d--h----- E:\Documents and Settings\Administrator\Recent
2008-08-09 12:23:23 0 d--h----- E:\Documents and Settings\Administrator\PrintHood
2008-08-09 12:23:23 0 d--h----- E:\Documents and Settings\Administrator\NetHood
2008-08-09 12:23:23 0 d-------- E:\Documents and Settings\Administrator\My Documents
2008-08-09 12:23:23 0 d--h----- E:\Documents and Settings\Administrator\Local Settings
2008-08-09 12:23:22 524288 --ah----- E:\Documents and Settings\Administrator\NTUSER.DAT


-- Find3M Report ---------------------------------------------------------------

2008-08-09 10:57:55 0 d-------- E:\Program Files\Common Files
2008-08-09 10:56:26 0 d-------- E:\Program Files\BearFlix
2008-08-09 08:44:20 0 d-------- E:\Program Files\Java
2008-08-09 08:29:33 0 dr-h----- E:\Documents and Settings\David Flores\Application Data\yahoo!
2008-08-08 00:20:57 0 d-------- E:\Program Files\Common Files\qomw
2008-06-29 18:18:45 0 d-------- E:\Program Files\MSI
2008-06-29 18:16:56 0 d-------- E:\Program Files\Setup Files
2008-05-30 06:21:43 38416 --a------ E:\Documents and Settings\David Flores\Application Data\GDIPFONTCACHEV1.DAT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
07/28/2008 03:46 AM 160496 --a------ E:\Program Files\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ResChangerXP"="E:\Program Files\ResChanger XP\ResChangerXP.exe" [02/14/2002 11:33 AM]
"Cmaudio"="cmicnfg.cpl" []
"RemoteControl"="E:\WINDOWS\System32\rmctrl.exe" [10/16/2000 09:37 AM]
"NvCplDaemon"="E:\WINDOWS\system32\NvCpl.dll" [10/22/2006 01:22 PM]
"WinFavorites"="c:\program files\winfavorites\WinFavorites.exe1" []
"NeroFilterCheck"="E:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 03:50 AM]
"YBrowser"="E:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [07/21/2006 05:19 PM]
"IPInSightMonitor 01"="E:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe" [07/14/2003 12:30 PM]
"PaperPort PTD"="E:\Program Files\Scansoft\PaperPort\pptd40nt.exe" [08/12/2002 10:33 AM]
"IndexSearch"="E:\Program Files\Scansoft\PaperPort\IndexSearch.exe" [08/12/2002 11:07 AM]
"EPSON Stylus Photo R300 Series"="E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.exe" [06/04/2003 03:00 AM]
"Motive SmartBridge"="E:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [08/18/2006 06:13 PM]
"Adobe Photo Downloader"="E:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/06/2005 11:46 PM]
"CaAvTray"="E:\Program Files\Yahoo!\Antivirus\CAVTray.exe" [09/13/2005 11:15 PM]
"CAVRID"="E:\Program Files\Yahoo!\Antivirus\CAVRID.exe" [09/13/2005 11:15 PM]
"BluetoothAuthenticationAgent"="bthprops.cpl" [08/04/2004 12:56 AM E:\WINDOWS\system32\bthprops.cpl]
"Windows Defender"="E:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"MimBoot"="C:\PROGRA~2\MUSICM~1\MUSICM~1\mimboot.exe" [11/07/2006 04:41 PM]
"MMTray"="C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe" [11/07/2006 04:41 PM]
"PRISMSVR.EXE"="E:\WINDOWS\system32\PRISMSVR.exe" []
"nwiz"="nwiz.exe" [10/22/2006 01:22 PM E:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="E:\WINDOWS\system32\NvMcTray.dll" [10/22/2006 01:22 PM]
"TkBellExe"="E:\Program Files\Common Files\Real\Update_OB\realsched.exe" [10/11/2006 11:50 PM]
"YOP"="E:\PROGRA~1\Yahoo!\YOP\yop.exe" [07/21/2006 11:43 AM]
"QuickTime Task"="E:\Program Files\QuickTime\QTTask.exe" [11/15/2007 12:43 AM]
"iTunesHelper"="E:\Program Files\iTunes\iTunesHelper.exe" [11/15/2007 02:11 PM]
"Adobe Reader Speed Launcher"="E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"LiveMonitor"="E:\Program Files\MSI\Live Update 3\LMonitor.exe" [04/30/2008 06:30 PM]
"SunJavaUpdateSched"="E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="E:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"Yahoo! Pager"="E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [03/01/2007 06:11 PM]
"H/PC Connection Agent"="E:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [11/13/2006 02:39 PM]
"WMPNSCFG"="E:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 09:05 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="E:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

E:\Documents and Settings\All Users\Start Menu\Programs\Startup\
E-Color.lnk - C:\program files\E-Color\Common\IconMgr.exe [7/11/2003 5:01:20 AM]
Microsoft Office.lnk - E:\Program Files\Microsoft Office\Office\OSA9.EXE [1/21/2000 1:15:54 AM]
SmartUI.lnk - E:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe [8/12/2002 10:00:40 AM]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=E:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]
path=E:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk
backup=E:\WINDOWS\pss\BTTray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^David Flores^Start Menu^Programs^Startup^No-IP DUC.lnk]
path=E:\Documents and Settings\David Flores\Start Menu\Programs\Startup\No-IP DUC.lnk
backup=E:\WINDOWS\pss\No-IP DUC.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"E:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tunebite.exe]
E:\Program Files\tunebite\tunebite.exe -hidden

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
E:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zango]
"e:\program files\zango\zango.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ

*Newly Created Service* - FLASHSYS
*Newly Created Service* - WEBNTACCESS



-- End of Deckard's System Scanner: finished at 2008-08-11 01:25:11 ------------

#10 don77

don77

    Forum Regular


  • Members
  • 3,212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston Mass
  • Local time:03:19 AM

Posted 12 August 2008 - 08:38 AM

Just about there,,, everything seem to be back in working order ?

Copy the contents of the Quote Box below to Notepad.
Name the file as fix.reg
Change the Save as Type to All Files
and Save it on the desktop


REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinFavorites"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zango]


Make sure there are NO blank lines before REGEDIT4
Make sure there IS one blank line at the end of the file.

Then double-click on the fix.reg file, and when it prompts to merge say yes,


Please rescan with DSS one more time please and post back the main txt

#11 D_Man

D_Man
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 12 August 2008 - 10:17 AM

Ya... it does seem like it. Won't be able to apply the last fix until Thursday or Friday since I am out of town. But once I get a chance, I'll apply the changes/f

#12 don77

don77

    Forum Regular


  • Members
  • 3,212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston Mass
  • Local time:03:19 AM

Posted 12 August 2008 - 11:13 AM

Thanks for letting me know

#13 don77

don77

    Forum Regular


  • Members
  • 3,212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston Mass
  • Local time:03:19 AM

Posted 19 August 2008 - 07:24 PM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

#14 D_Man

D_Man
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 24 August 2008 - 10:10 AM

My original Topic was closed due to inactivity. The last instructions were to create a fix.reg file and sync it. This should be the last operation if not one of last. I also did the DSS log, info below:

main.txt:

Deckard's System Scanner v20071014.68
Run by David Flores on 2008-08-24 07:56:11
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive E: has 5.56 GiB (less than 15%) free.


-- HijackThis (run as David Flores.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:56:21 AM, on 8/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Windows Defender\MsMpEng.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\brsvc01a.exe
E:\WINDOWS\System32\brss01a.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
E:\Program Files\Yahoo!\Antivirus\ISafe.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\ResChanger XP\ResChangerXP.exe
E:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
E:\WINDOWS\system32\RunDll32.exe
E:\WINDOWS\System32\rmctrl.exe
E:\Program Files\No-IP\DUC20.exe
E:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
E:\Program Files\Scansoft\PaperPort\pptd40nt.exe
E:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
E:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\System32\svchost.exe
E:\PROGRA~1\Yahoo!\browser\ycommon.exe
E:\WINDOWS\system32\rundll32.exe
E:\Program Files\Windows Defender\MSASCui.exe
E:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\PROGRA~2\MUSICM~1\MUSICM~1\MMDiag.exe
E:\WINDOWS\system32\UStorSrv.exe
E:\Program Files\MSI\Live Update 3\LMonitor.exe
E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
E:\Program Files\Yahoo!\Antivirus\VetMsg.exe
E:\WINDOWS\system32\ctfmon.exe
C:\program files\MusicMatch\MusicMatch Jukebox\mim.exe
E:\Program Files\Microsoft ActiveSync\Wcescomm.exe
E:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\program files\E-Color\Common\IconMgr.exe
E:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
E:\PROGRA~1\MICROS~4\rapimgr.exe
E:\WINDOWS\system32\wscntfy.exe
C:\Program Files\E-Color\E-Color Indicator\TICIcon.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\Program Files\MSI\i-Speeder\i-Speeder.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Documents and Settings\David Flores\Desktop\dss.exe
E:\PROGRA~1\TRENDM~1\HIJACK~1\DAVIDF~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - E:\PROGRA~1\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - E:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - E:\Program Files\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O4 - HKLM\..\Run: [ResChangerXP] E:\Program Files\ResChanger XP\ResChangerXP.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [RemoteControl] E:\WINDOWS\System32\rmctrl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [YBrowser] E:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "E:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [PaperPort PTD] E:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] E:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [Motive SmartBridge] E:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "E:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [CaAvTray] "E:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "E:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Windows Defender] "E:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~2\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [PRISMSVR.EXE] "E:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YOP] E:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LiveMonitor] E:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "E:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [WMPNSCFG] E:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "E:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "E:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: E-Color.lnk = C:\program files\E-Color\Common\IconMgr.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SmartUI.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///E:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///E:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///E:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///E:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\WINDOWS\System32\msjava.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: E:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - E:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1133454522281
O16 - DPF: {9656B666-992F-4D74-8588-8CA69E97D90C} - http://www.commonname.com/eng/oneclick/uninstbb.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - E:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - E:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - E:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NoIPDUCService - Vitalwerks LLC - E:\Program Files\No-IP\DUC20.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: UStorage Server Service - OTi - E:\WINDOWS\system32\UStorSrv.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - E:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - E:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 11487 bytes

-- Files created between 2008-07-24 and 2008-08-24 -----------------------------

2008-08-11 01:18:24 0 d-------- E:\Program Files\Trend Micro
2008-08-09 20:53:50 0 d-------- E:\Documents and Settings\David Flores\Application Data\Malwarebytes
2008-08-09 20:53:40 0 d-------- E:\Program Files\Malwarebytes' Anti-Malware
2008-08-09 20:53:40 0 d-------- E:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-09 12:24:50 0 d-------- E:\WINDOWS\ERUNT
2008-08-09 12:23:24 0 d-------- E:\Documents and Settings\Administrator\Favorites
2008-08-09 12:23:24 0 d-------- E:\Documents and Settings\Administrator\Desktop
2008-08-09 12:23:24 0 d--hs---- E:\Documents and Settings\Administrator\Cookies
2008-08-09 12:23:24 0 dr-h----- E:\Documents and Settings\Administrator\Application Data
2008-08-09 12:23:24 0 d---s---- E:\Documents and Settings\Administrator\Application Data\Microsoft
2008-08-09 12:23:23 0 d--h----- E:\Documents and Settings\Administrator\Templates
2008-08-09 12:23:23 0 dr------- E:\Documents and Settings\Administrator\Start Menu
2008-08-09 12:23:23 0 dr-h----- E:\Documents and Settings\Administrator\SendTo
2008-08-09 12:23:23 0 d--h----- E:\Documents and Settings\Administrator\Recent
2008-08-09 12:23:23 0 d--h----- E:\Documents and Settings\Administrator\PrintHood
2008-08-09 12:23:23 0 d--h----- E:\Documents and Settings\Administrator\NetHood
2008-08-09 12:23:23 0 d-------- E:\Documents and Settings\Administrator\My Documents
2008-08-09 12:23:23 0 d--h----- E:\Documents and Settings\Administrator\Local Settings
2008-08-09 12:23:22 524288 --ah----- E:\Documents and Settings\Administrator\NTUSER.DAT


-- Find3M Report ---------------------------------------------------------------

2008-08-18 15:04:42 0 d-------- E:\Documents and Settings\David Flores\Application Data\Real
2008-08-09 10:57:55 0 d-------- E:\Program Files\Common Files
2008-08-09 10:56:26 0 d-------- E:\Program Files\BearFlix
2008-08-09 08:44:20 0 d-------- E:\Program Files\Java
2008-08-09 08:29:33 0 dr-h----- E:\Documents and Settings\David Flores\Application Data\yahoo!
2008-08-08 00:20:57 0 d-------- E:\Program Files\Common Files\qomw
2008-06-29 18:18:45 0 d-------- E:\Program Files\MSI
2008-06-29 18:16:56 0 d-------- E:\Program Files\Setup Files
2008-05-30 06:21:43 38416 --a------ E:\Documents and Settings\David Flores\Application Data\GDIPFONTCACHEV1.DAT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
07/28/2008 03:46 AM 160496 --a------ E:\Program Files\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ResChangerXP"="E:\Program Files\ResChanger XP\ResChangerXP.exe" [02/14/2002 11:33 AM]
"Cmaudio"="cmicnfg.cpl" []
"RemoteControl"="E:\WINDOWS\System32\rmctrl.exe" [10/16/2000 09:37 AM]
"NvCplDaemon"="E:\WINDOWS\system32\NvCpl.dll" [10/22/2006 01:22 PM]
"NeroFilterCheck"="E:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 03:50 AM]
"YBrowser"="E:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [07/21/2006 05:19 PM]
"IPInSightMonitor 01"="E:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe" [07/14/2003 12:30 PM]
"PaperPort PTD"="E:\Program Files\Scansoft\PaperPort\pptd40nt.exe" [08/12/2002 10:33 AM]
"IndexSearch"="E:\Program Files\Scansoft\PaperPort\IndexSearch.exe" [08/12/2002 11:07 AM]
"EPSON Stylus Photo R300 Series"="E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.exe" [06/04/2003 03:00 AM]
"Motive SmartBridge"="E:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [08/18/2006 06:13 PM]
"Adobe Photo Downloader"="E:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/06/2005 11:46 PM]
"CaAvTray"="E:\Program Files\Yahoo!\Antivirus\CAVTray.exe" [09/13/2005 11:15 PM]
"CAVRID"="E:\Program Files\Yahoo!\Antivirus\CAVRID.exe" [09/13/2005 11:15 PM]
"BluetoothAuthenticationAgent"="bthprops.cpl" [08/04/2004 12:56 AM E:\WINDOWS\system32\bthprops.cpl]
"Windows Defender"="E:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"MimBoot"="C:\PROGRA~2\MUSICM~1\MUSICM~1\mimboot.exe" [11/07/2006 04:41 PM]
"MMTray"="C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe" [11/07/2006 04:41 PM]
"PRISMSVR.EXE"="E:\WINDOWS\system32\PRISMSVR.exe" []
"nwiz"="nwiz.exe" [10/22/2006 01:22 PM E:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="E:\WINDOWS\system32\NvMcTray.dll" [10/22/2006 01:22 PM]
"TkBellExe"="E:\Program Files\Common Files\Real\Update_OB\realsched.exe" [10/11/2006 11:50 PM]
"YOP"="E:\PROGRA~1\Yahoo!\YOP\yop.exe" [07/21/2006 11:43 AM]
"QuickTime Task"="E:\Program Files\QuickTime\QTTask.exe" [11/15/2007 12:43 AM]
"iTunesHelper"="E:\Program Files\iTunes\iTunesHelper.exe" [11/15/2007 02:11 PM]
"Adobe Reader Speed Launcher"="E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"LiveMonitor"="E:\Program Files\MSI\Live Update 3\LMonitor.exe" [04/30/2008 06:30 PM]
"SunJavaUpdateSched"="E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="E:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"Yahoo! Pager"="E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [03/01/2007 06:11 PM]
"H/PC Connection Agent"="E:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [11/13/2006 02:39 PM]
"WMPNSCFG"="E:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 09:05 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="E:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

E:\Documents and Settings\All Users\Start Menu\Programs\Startup\
E-Color.lnk - C:\program files\E-Color\Common\IconMgr.exe [7/11/2003 5:01:20 AM]
Microsoft Office.lnk - E:\Program Files\Microsoft Office\Office\OSA9.EXE [1/21/2000 1:15:54 AM]
SmartUI.lnk - E:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe [8/12/2002 10:00:40 AM]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=E:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]
path=E:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk
backup=E:\WINDOWS\pss\BTTray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^David Flores^Start Menu^Programs^Startup^No-IP DUC.lnk]
path=E:\Documents and Settings\David Flores\Start Menu\Programs\Startup\No-IP DUC.lnk
backup=E:\WINDOWS\pss\No-IP DUC.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"E:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tunebite.exe]
E:\Program Files\tunebite\tunebite.exe -hidden

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
E:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ




-- End of Deckard's System Scanner: finished at 2008-08-24 07:57:09 ------------

#15 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,110 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:03:19 AM

Posted 25 August 2008 - 05:30 PM

Hello D_Man,

To avoid confusion, I have merged your most recent topic to your previously existing topic which I have reopened.

From the earlier closing post:

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread.


For future reference: PM stands for Private Message. You can read how to send a private message in this topic: http://www.bleepingcomputer.com/forums/t/33018/how-to-use-and-send-personal-messages/

Back to you don77,

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users