Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Badly Infected - Tried Everything


  • Please log in to reply
24 replies to this topic

#1 Kimberly

Kimberly

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:37 AM

Posted 30 November 2005 - 06:18 PM

This is my boss's laptop I'm working on. He is completely computer illiterate and has managed to completely hose his computer. I have done everything listed in the help topic, as well as installed Spyguard and Spyware Blaster. The computer is stilll taking a good ten minutes to boot up and does crazy things when connected to the internet. The log file is posted below. Thank you so much!


Logfile of HijackThis v1.99.1
Scan saved at 6:11:58 PM, on 11/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\SymantecNorton\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lexmark 3300 Series\lxccmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\WINDOWS\system32\cisvc.exe
C:\SymantecNorton\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\lxcccoms.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCserv.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Sadrid\Desktop\HijackThis.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bluegrassfirstclass.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://autoconfig.cpqcorp.net
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\SymantecNorton\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-040BCAF82AD6} - C:\WINDOWS\Downloaded Program Files\SbCIe02a.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\SymantecNorton\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: WebFerret - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - C:\Program Files\FerretSoft\WebFerret\FerretBand.dll
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [LMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe"
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [2Search] C:\Program Files\2search\main.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\WINDOWS\Downloaded Program Files\SbCIe02a.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .tiff: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://www.sidestep.com/get/k42037/sb02a.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1122789141941
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\SymantecNorton\ISSVC.exe
O23 - Service: LXCCCustomerConnect - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCserv.exe
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\SymantecNorton\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\SymantecNorton\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

BC AdBot (Login to Remove)

 


#2 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 04 December 2005 - 10:11 AM

Hi Kimberly and Welcome to the Bleeping Computer!

Download WinPFind:
WinPFind

Right Click the Zip Folder and Select "Extract All"

Don't use it yet


Download and unzip BFUzip from HERE

Right Click the Zip folder and select "Extract All"

Locate and double click BFU.exe

Now locate and click the Greenish Blue globe with the chord plugged into it

When the next small window pops up-> Copy&Paste this URL into it and click OK
http://metallica.geekstogo.com/2search.bfu

Once the URL has appeared in the "Scriptfile to Execute"-> Confirm that 2search.bfu is in the BFU folder.

Now click the execute button and let the script run


Reboot into SAFE MODE(F5 or F8 when restarting)
Here is a link on how to boot into Safe Mode:
SafeMode


Once in Safe Mode,Run the BFU Script once more to confirm nothing has survived.


Once in Safe Mode-> From the WinPFind folder-> Doubleclick WinPFind.exe and Click "Start Scan"

It will scan the entire System, so please be patient

One you see "Scan Complete"-> a log (WinPFind.txt) will be automatically generated in the WinPFind folder


Run MSCONFIG and enable everything in the startup area. To get to MSCONFIG, click on Start -> Run -> type in MSCONFIG -> click OK!

Under the "General" Tab

Make Sure "Normal Startup-load all device drivers and services" has a green tick by it

Click Apply>>Close>>Follow the Prompts to Restart


Restart Normal and have the PC Scanned here:
Panda Active Scan

You will need to be using Internet Explorer for the Scan to work

Save the Report it generates


Post back with a fresh HijackThis log and the reports from WinPFind and Panda

#3 Kimberly

Kimberly
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  

Posted 04 December 2005 - 06:06 PM

Hi there,

Ok, I've done everything you asked, except that I can't get the Panda active scan to run for some reason. I'm using IE, but it just won't work. I've tried several times, but the page cannot be loaded for some reason. Should I try a different scan? I've posted the hijack log and winpfind log below. Thanks!

Logfile of HijackThis v1.99.1
Scan saved at 6:03:13 PM, on 12/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\SymantecNorton\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lexmark 3300 Series\lxccmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\sistray.EXE
C:\WINDOWS\system32\khooker.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\D-Link\AirPlus G Wireless Adapter Utility\AirPlus.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\Program Files\Lexmark X125\LEX125SU.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCserv.exe
C:\SymantecNorton\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\lxcccoms.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Sadrid\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bluegrassfirstclass.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://autoconfig.cpqcorp.net
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\SymantecNorton\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-040BCAF82AD6} - C:\WINDOWS\Downloaded Program Files\SbCIe02a.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\SymantecNorton\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: WebFerret - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - C:\Program Files\FerretSoft\WebFerret\FerretBand.dll
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [LMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe"
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [2Search] C:\Program Files\2search\main.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\system32\khooker.exe
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Global Startup: D-Link AirPlus G Wireless Utility.lnk = ?
O4 - Global Startup: D-Link REG Utility.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Lexmark X125 Settings Utility.lnk = C:\Program Files\Lexmark X125\LEX125SU.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\WINDOWS\Downloaded Program Files\SbCIe02a.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .tiff: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://www.sidestep.com/get/k42037/sb02a.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1122789141941
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\SymantecNorton\ISSVC.exe
O23 - Service: LXCCCustomerConnect - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCserv.exe
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\SymantecNorton\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\SymantecNorton\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe





WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

Windows OS and Versions
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

Checking Selected Standard Folders

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
PEC2 8/29/2002 2:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
PTech 7/12/2005 5:04:22 PM 520456 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
PECompact2 11/2/2005 12:34:18 AM 2368864 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 11/2/2005 12:34:18 AM 2368864 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2004 2:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 8/4/2004 2:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 8/29/2002 2:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...
PTech 8/4/2004 12:41:38 AM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
12/4/2005 5:11:16 PM S 2048 C:\WINDOWS\bootstat.dat
11/6/2005 7:31:16 PM H 54156 C:\WINDOWS\QTFont.qfn
10/17/2005 10:40:30 AM RHS 227 C:\WINDOWS\assembly\Desktop.ini
12/4/2005 5:04:26 PM H 35870 C:\WINDOWS\system32\vsconfig.xml
11/30/2005 8:56:32 AM H 4212 C:\WINDOWS\system32\zllictbl.dat
10/5/2005 8:33:38 PM S 12849 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896424.cat
12/4/2005 5:11:06 PM H 8192 C:\WINDOWS\system32\config\default.LOG
12/4/2005 5:11:52 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG
12/4/2005 5:11:20 PM H 12288 C:\WINDOWS\system32\config\SECURITY.LOG
12/4/2005 5:14:58 PM H 176128 C:\WINDOWS\system32\config\software.LOG
12/4/2005 5:11:28 PM H 1097728 C:\WINDOWS\system32\config\system.LOG
11/10/2005 6:46:44 PM H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
2/17/2006 2:32:26 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\257fd4dd-bf7f-4225-85f3-cb0c72c18707
11/9/2005 2:15:16 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\64abdbbb-f1d0-4909-9b2f-d7c91b38d5fc
11/9/2005 2:15:16 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
10/17/2005 9:51:46 AM H 43716 C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcchelp.GID
12/4/2005 5:09:56 PM H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 8/26/2005 6:14:42 PM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/29/2002 2:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/29/2002 2:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 4/11/2001 12:22:06 PM 287232 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/29/2002 2:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl

Checking Selected Startup Folders

Checking files in %ALLUSERSPROFILE%\Startup folder...
10/10/2002 9:47:16 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
11/10/2005 9:15:30 PM 1885 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
11/10/2005 9:09:10 PM 1646 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
10/10/2002 2:31:26 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini
2/9/2005 6:49:42 PM 6 C:\Documents and Settings\All Users\Application Data\DirectCDUserNameD.txt
2/23/2005 2:54:22 AM 809 C:\Documents and Settings\All Users\Application Data\hpzinstall.log

Checking files in %USERPROFILE%\Startup folder...
10/10/2002 9:47:16 PM HS 84 C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
10/10/2002 2:31:26 PM HS 62 C:\Documents and Settings\Administrator\Application Data\desktop.ini

Checking Selected Registry Keys

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\SymantecNorton\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WS_FTP
{797F3885-5429-11D4-8823-0050DA59922B} = C:\Program Files\WS_FTP Pro\wsftpsi.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\SymantecNorton\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WS_FTP
{797F3885-5429-11D4-8823-0050DA59922B} = C:\Program Files\WS_FTP Pro\wsftpsi.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{243B17DE-77C7-46BF-B94B-0B5F309A0E64}
= C:\Program Files\Microsoft Money\System\mnyside.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9ECB9560-04F9-4bbc-943D-298DDF1699E1}
CNisExtBho Class = C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7327C09-B521-4EDB-8509-7D2660C9EC98}
Viewpoint Toolbar BHO = C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
Google Toolbar Helper = c:\program files\google\googletoolbar1.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}
CNavExtBho Class = C:\SymantecNorton\Norton AntiVirus\NavShExt.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D714A94F-123A-45CC-8F03-040BCAF82AD6}
= C:\WINDOWS\Downloaded Program Files\SbCIe02a.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}
=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{83B28A74-640D-48F4-9F51-E80EED7CC7E0}
SideStep = C:\WINDOWS\Downloaded Program Files\SbCIe02a.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
Real.com = C:\WINDOWS\System32\Shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll
{F8AD5AA5-D966-4667-9DAF-2561D68B2012} = Viewpoint Toolbar : C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} = Norton Internet Security : C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\SymantecNorton\Norton AntiVirus\NavShExt.dll
{A58686ED-FC46-44C3-95C6-4A812AB776F1} = WebFerret : C:\Program Files\FerretSoft\WebFerret\FerretBand.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3E230861-5C87-11D3-A1C6-00105A1B41B8}
ButtonText = SideStep :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{85d1f590-48f4-11d9-9669-0800200c9a66}
MenuText = Uninstall BitDefender Online Scanner v8 :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
ButtonText = Research :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
ButtonText = Real.com :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{d81ca86b-ef63-42af-bee3-4502d9a03c2d}
ButtonText = MUSICMATCH MX Web Player :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E023F504-0C5A-4750-A1E7-A9046DEA8A21}
ButtonText = MoneySide :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\SymantecNorton\Norton AntiVirus\NavShExt.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Symantec NetDriver Monitor C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
LMPDPSRV C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
LXCCCATS rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
lxccmon.exe "C:\Program Files\Lexmark 3300 Series\lxccmon.exe"
TkBellExe C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
SynTPLpr C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
SynTPEnh C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
KernelFaultCheck %systemroot%\system32\dumprep 0 -k
Logitech Hardware Abstraction Layer KHALMNPR.EXE
mmtask c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
MMTray C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
2Search C:\Program Files\2search\main.exe
SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
Zone Labs Client C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
MSConfig C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^D-Link AirPlus G Wireless Utility.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\D-Link AirPlus G Wireless Utility.lnk
backup C:\WINDOWS\pss\D-Link AirPlus G Wireless Utility.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\D-Link\AIRPLU~1\AirPlus.exe
item D-Link AirPlus G Wireless Utility
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\D-Link AirPlus G Wireless Utility.lnk
backup C:\WINDOWS\pss\D-Link AirPlus G Wireless Utility.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\D-Link\AIRPLU~1\AirPlus.exe
item D-Link AirPlus G Wireless Utility

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^D-Link REG Utility.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\D-Link REG Utility.lnk
backup C:\WINDOWS\pss\D-Link REG Utility.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\D-Link\AIRPLU~1\Reg.exe
item D-Link REG Utility
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\D-Link REG Utility.lnk
backup C:\WINDOWS\pss\D-Link REG Utility.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\D-Link\AIRPLU~1\Reg.exe
item D-Link REG Utility

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk
backup C:\WINDOWS\pss\hp psc 1000 series.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpohmr08.exe
item hp psc 1000 series
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk
backup C:\WINDOWS\pss\hp psc 1000 series.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpohmr08.exe
item hp psc 1000 series

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpotdd01.exe
item hpoddt01.exe
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpotdd01.exe
item hpoddt01.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Lexmark X125 Settings Utility.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Lexmark X125 Settings Utility.lnk
backup C:\WINDOWS\pss\Lexmark X125 Settings Utility.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\LEXMAR~1\LEX125SU.exe
item Lexmark X125 Settings Utility
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Lexmark X125 Settings Utility.lnk
backup C:\WINDOWS\pss\Lexmark X125 Settings Utility.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\LEXMAR~1\LEX125SU.exe
item Lexmark X125 Settings Utility

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\MICROS~3\Office\OSA9.EXE -b -l
item Microsoft Office
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\MICROS~3\Office\OSA9.EXE -b -l
item Microsoft Office

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Aaou
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item othb
hkey HKCU
command "C:\Program Files\ipee\othb.exe" -vt mtx
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item othb
hkey HKCU
command "C:\Program Files\ipee\othb.exe" -vt mtx
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdaptecDirectCD
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item DirectCD
hkey HKLM
command "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item DirectCD
hkey HKLM
command "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CARPService
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item carpserv
hkey HKLM
command carpserv.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item carpserv
hkey HKLM
command carpserv.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\FaxCenterServer
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item fm3032
hkey HKLM
command "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item fm3032
hkey HKLM
command "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KernelFaultCheck
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item dumprep 0 -k
hkey HKLM
command %systemroot%\system32\dumprep 0 -k
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item dumprep 0 -k
hkey HKLM
command %systemroot%\system32\dumprep 0 -k
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MoneyAgent
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item mnyexpr
hkey HKCU
command "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item mnyexpr
hkey HKCU
command "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msmsgs
hkey HKCU
command "C:\Program Files\Messenger\msmsgs.exe" /background
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msmsgs
hkey HKCU
command "C:\Program Files\Messenger\msmsgs.exe" /background
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SiS KHooker
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item khooker
hkey HKLM
command C:\WINDOWS\system32\khooker.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item khooker
hkey HKLM
command C:\WINDOWS\system32\khooker.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SiS Tray
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item sistray
hkey HKLM
command C:\WINDOWS\system32\sistray.EXE
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item sistray
hkey HKLM
command C:\WINDOWS\system32\sistray.EXE
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\srmclean
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item srmclean
hkey HKLM
command C:\Cpqs\Scom\srmclean.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item srmclean
hkey HKLM
command C:\Cpqs\Scom\srmclean.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item realsched
hkey HKLM
command C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item realsched
hkey HKLM
command C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ViewMgr
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ViewMgr
hkey HKLM
command C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ViewMgr
hkey HKLM
command C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 2
services 0
startup 2


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll
UPnPMonitor {e57ce738-33e8-4c51-8354-bb4de9d215d1} = C:\WINDOWS\system32\upnpui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


Scan Complete
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 12/4/2005 5:22:37 PM

#4 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 05 December 2005 - 12:59 PM

OK,before we go much further,lets see if we can get an different Online Scan to work.

Try this one
http://support.f-secure.com/enu/home/ols.shtml

#5 Kimberly

Kimberly
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:37 AM

Posted 05 December 2005 - 06:10 PM

Ok, I can't even get that URL to open in IE, it won't load either. What should I try now? This laptop is frustrating me to no end! :thumbsup: Thank you!

#6 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 07 December 2005 - 06:39 PM

No Problems,we can do this another way.

Create a folder on your desktop called Sysclean.

Go to http://www.trendmicro.com/download/dcs.asp and download sysclean package to the folder you made.

Go to http://www.trendmicro.com/download/pattern.asp and download the Official Pattern Release for windows to your desktop.

This file will be called lptXXX.zip (XXX represents the version number)

Unzip lptXXX.zip and you'll get the file lpt$vpn.XXX.

Move the lpt$vpn.XXX to that Sysclean-folder you created on your desktop.

Turn off your antivirus which is installed on your system because it can interfere with the Sysclean-scan.

Open the sysclean-folder and doubleclick sysclean.com.
Check: Automatically clean or delete detected files.
Click scan.
When the scan is finished, select: 'view log'.
Copy and paste this log in your next reply.

#7 Kimberly

Kimberly
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  

Posted 09 December 2005 - 11:59 PM

Ok, I'm having problems with this too. I ran the scan, it took a couple of hours, but I can't get the log file to copy. Not with Ctrl+C or select all. It absolutely won't let me. Not sure what's going on with it. Help!

#8 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 10 December 2005 - 06:57 AM

So sorry for the delays,work got crazy this week.

Did SysClean save the log to its folder?

#9 Kimberly

Kimberly
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:37 AM

Posted 11 December 2005 - 06:48 PM

No worries about the delay, I was out of town too. Yes, the log file was there. Posted below. Thanks so much!



/--------------------------------------------------------------\
| Trend Micro Sysclean Package |
| Copyright 2002, Trend Micro, Inc. |
| http://www.trendmicro.com |
\--------------------------------------------------------------/


2005-12-08, 21:13:55, Auto-clean mode specified.
2005-12-08, 21:13:55, Running scanner "C:\Documents and Settings\Sadrid\Desktop\Sysclean\TSC.BIN"...
2005-12-08, 21:15:00, Scanner "C:\Documents and Settings\Sadrid\Desktop\Sysclean\TSC.BIN" has finished running.
2005-12-08, 21:15:00, TSC Log:

2005-12-08, 22:21:50, An error occurred while scanning file "C:\Documents and Settings\LocalService\NTUSER.DAT": Access is denied.
2005-12-08, 22:21:50, An error occurred while scanning file "C:\Documents and Settings\LocalService\ntuser.dat.LOG": Access is denied.
2005-12-08, 22:21:51, An error occurred while scanning file "C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat": Access is denied.
2005-12-08, 22:21:51, An error occurred while scanning file "C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied.
2005-12-08, 22:21:53, An error occurred while scanning file "C:\Documents and Settings\NetworkService\NTUSER.DAT": Access is denied.
2005-12-08, 22:21:53, An error occurred while scanning file "C:\Documents and Settings\NetworkService\ntuser.dat.LOG": Access is denied.
2005-12-08, 22:21:54, An error occurred while scanning file "C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat": Access is denied.
2005-12-08, 22:21:54, An error occurred while scanning file "C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied.
2005-12-08, 22:21:54, An error occurred while scanning file "C:\Documents and Settings\Sadrid\NTUSER.DAT": Access is denied.
2005-12-08, 22:21:54, An error occurred while scanning file "C:\Documents and Settings\Sadrid\ntuser.dat.LOG": Access is denied.
2005-12-08, 22:27:40, An error occurred while scanning file "C:\Documents and Settings\Sadrid\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat": Access is denied.
2005-12-08, 22:27:40, An error occurred while scanning file "C:\Documents and Settings\Sadrid\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied.
2005-12-08, 22:56:59, An error occurred while scanning file "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll": Access is denied.
2005-12-08, 23:06:28, An error occurred while scanning file "C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sadrid\Data\chandir.dat": Access is denied.
2005-12-08, 23:06:28, An error occurred while scanning file "C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sadrid\Data\chandir.idx": Access is denied.
2005-12-08, 23:06:28, An error occurred while scanning file "C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sadrid\Data\chn.dat": Access is denied.
2005-12-08, 23:06:28, An error occurred while scanning file "C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sadrid\Data\chn.idx": Access is denied.
2005-12-08, 23:06:28, An error occurred while scanning file "C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sadrid\Data\D0000000.FCS": Access is denied.
2005-12-08, 23:06:29, An error occurred while scanning file "C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sadrid\Data\L0000002.FCS": Access is denied.
2005-12-08, 23:06:29, An error occurred while scanning file "C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sadrid\Data\prs.dat": Access is denied.
2005-12-08, 23:06:29, An error occurred while scanning file "C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sadrid\Data\prs.idx": Access is denied.
2005-12-08, 23:06:29, An error occurred while scanning file "C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sadrid\Data\prs_die.dat": Access is denied.
2005-12-08, 23:06:29, An error occurred while scanning file "C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sadrid\Data\prs_die.idx": Access is denied.
2005-12-08, 23:06:29, An error occurred while scanning file "C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sadrid\Data\prs_dnd.dat": Access is denied.
2005-12-08, 23:06:29, An error occurred while scanning file "C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sadrid\Data\prs_dnd.idx": Access is denied.
2005-12-08, 23:06:29, An error occurred while scanning file "C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sadrid\Data\prs_ext.dat": Access is denied.
2005-12-08, 23:06:29, An error occurred while scanning file "C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sadrid\Data\prs_ext.idx": Access is denied.
2005-12-08, 23:06:29, An error occurred while scanning file "C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sadrid\Data\prs_rcv.dat": Access is denied.
2005-12-08, 23:06:29, An error occurred while scanning file "C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sadrid\Data\prs_rcv.idx": Access is denied.
2005-12-08, 23:06:29, An error occurred while scanning file "C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sadrid\Data\storydb.dat": Access is denied.
2005-12-08, 23:06:29, An error occurred while scanning file "C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sadrid\Data\storydb.idx": Access is denied.
2005-12-08, 23:43:35, An error occurred while scanning file "C:\System Volume Information\catalog.wci\CiCL0001.000": Access is denied.
2005-12-08, 23:43:35, An error occurred while scanning file "C:\System Volume Information\catalog.wci\CiP10000.000": Access is denied.
2005-12-08, 23:43:35, An error occurred while scanning file "C:\System Volume Information\catalog.wci\CiP20000.000": Access is denied.
2005-12-08, 23:43:35, An error occurred while scanning file "C:\System Volume Information\catalog.wci\CiPT0000.000": Access is denied.
2005-12-08, 23:43:35, An error occurred while scanning file "C:\System Volume Information\catalog.wci\CiSL0001.000": Access is denied.
2005-12-08, 23:43:35, An error occurred while scanning file "C:\System Volume Information\catalog.wci\CiSP0000.000": Access is denied.
2005-12-08, 23:43:35, An error occurred while scanning file "C:\System Volume Information\catalog.wci\CiST0000.000": Access is denied.
2005-12-08, 23:43:36, An error occurred while scanning file "C:\System Volume Information\catalog.wci\CiVP0000.000": Access is denied.
2005-12-08, 23:43:36, An error occurred while scanning file "C:\System Volume Information\catalog.wci\INDEX.000": Access is denied.
2005-12-09, 00:28:51, Could not set file for reading on "C:\WINDOWS\Prefetch\ACTION.EXE-05F18F3F.pf": Access is denied.
2005-12-09, 00:28:51, Could not set file for reading on "C:\WINDOWS\Prefetch\ACTION.EXE-209CA8BE.pf": Access is denied.
2005-12-09, 00:28:51, Could not set file for reading on "C:\WINDOWS\Prefetch\AIRPLUS.EXE-2777D339.pf": Access is denied.
2005-12-09, 00:28:51, Could not set file for reading on "C:\WINDOWS\Prefetch\ALG.EXE-0F138680.pf": Access is denied.
2005-12-09, 00:28:51, Could not set file for reading on "C:\WINDOWS\Prefetch\AUPDATE.EXE-2253CB60.pf": Access is denied.
2005-12-09, 00:28:51, Could not set file for reading on "C:\WINDOWS\Prefetch\BACKWEB-8876480.EXE-0566499E.pf": Access is denied.
2005-12-09, 00:28:51, Could not set file for reading on "C:\WINDOWS\Prefetch\BFU.EXE-019CB7E3.pf": Access is denied.
2005-12-09, 00:28:51, Could not set file for reading on "C:\WINDOWS\Prefetch\CARPSERV.EXE-314CE2F7.pf": Access is denied.
2005-12-09, 00:28:51, Could not set file for reading on "C:\WINDOWS\Prefetch\CCAPP.EXE-1207B2A5.pf": Access is denied.
2005-12-09, 00:28:51, Could not set file for reading on "C:\WINDOWS\Prefetch\CIDAEMON.EXE-27AE97A4.pf": Access is denied.
2005-12-09, 00:28:51, Could not set file for reading on "C:\WINDOWS\Prefetch\CISVC.EXE-21F69875.pf": Access is denied.
2005-12-09, 00:28:51, Could not set file for reading on "C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf": Access is denied.
2005-12-09, 00:28:51, Could not set file for reading on "C:\WINDOWS\Prefetch\DEFRAG.EXE-273F131E.pf": Access is denied.
2005-12-09, 00:28:51, Could not set file for reading on "C:\WINDOWS\Prefetch\DFRGNTFS.EXE-269967DF.pf": Access is denied.
2005-12-09, 00:28:51, Could not set file for reading on "C:\WINDOWS\Prefetch\DIRECTCD.EXE-0A60B47C.pf": Access is denied.
2005-12-09, 00:28:51, Could not set file for reading on "C:\WINDOWS\Prefetch\DUMPREP.EXE-1B46F901.pf": Access is denied.
2005-12-09, 00:28:51, Could not set file for reading on "C:\WINDOWS\Prefetch\DWWIN.EXE-30875ADC.pf": Access is denied.
2005-12-09, 00:28:51, Could not set file for reading on "C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf": Access is denied.
2005-12-09, 00:28:51, Could not set file for reading on "C:\WINDOWS\Prefetch\FM3032.EXE-20910848.pf": Access is denied.
2005-12-09, 00:28:51, Could not set file for reading on "C:\WINDOWS\Prefetch\GET.EXE-052F08AC.pf": Access is denied.
2005-12-09, 00:28:51, Could not set file for reading on "C:\WINDOWS\Prefetch\GLBE3.TMP-00845E41.pf": Access is denied.
2005-12-09, 00:28:51, Could not set file for reading on "C:\WINDOWS\Prefetch\HIJACKTHIS.EXE-04FFF34D.pf": Access is denied.
2005-12-09, 00:28:51, Could not set file for reading on "C:\WINDOWS\Prefetch\HPOEVM08.EXE-11CD83CD.pf": Access is denied.
2005-12-09, 00:28:51, Could not set file for reading on "C:\WINDOWS\Prefetch\HPOHMR08.EXE-161F3023.pf": Access is denied.
2005-12-09, 00:28:51, Could not set file for reading on "C:\WINDOWS\Prefetch\HPOSTS08.EXE-1CA0815A.pf": Access is denied.
2005-12-09, 00:28:51, Could not set file for reading on "C:\WINDOWS\Prefetch\HPOTDD01.EXE-05D63AB9.pf": Access is denied.
2005-12-09, 00:28:51, Could not set file for reading on "C:\WINDOWS\Prefetch\HPZIPM12.EXE-145E7369.pf": Access is denied.
2005-12-09, 00:28:51, Could not set file for reading on "C:\WINDOWS\Prefetch\IEXPLORE.EXE-27122324.pf": Access is denied.
2005-12-09, 00:28:51, Could not set file for reading on "C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf": Access is denied.
2005-12-09, 00:28:51, Could not set file for reading on "C:\WINDOWS\Prefetch\JUSCHED.EXE-012EA23E.pf": Access is denied.
2005-12-09, 00:28:51, Could not set file for reading on "C:\WINDOWS\Prefetch\KEM.EXE-3AEDF2B9.pf": Access is denied.
2005-12-09, 00:28:51, Could not set file for reading on "C:\WINDOWS\Prefetch\KHALMNPR.EXE-098E13FC.pf": Access is denied.
2005-12-09, 00:28:51, Could not set file for reading on "C:\WINDOWS\Prefetch\KHALMNPR.EXE-29F7E061.pf": Access is denied.
2005-12-09, 00:28:51, Could not set file for reading on "C:\WINDOWS\Prefetch\KHOOKER.EXE-2360CAF9.pf": Access is denied.
2005-12-09, 00:28:51, Could not set file for reading on "C:\WINDOWS\Prefetch\Layout.ini": Access is denied.
2005-12-09, 00:28:51, Could not set file for reading on "C:\WINDOWS\Prefetch\LDMCONF.EXE-2E2A6E1D.pf": Access is denied.
2005-12-09, 00:28:51, Could not set file for reading on "C:\WINDOWS\Prefetch\LEX125SU.EXE-28FD09AA.pf": Access is denied.
2005-12-09, 00:28:51, Could not set file for reading on "C:\WINDOWS\Prefetch\LMPDPSRV.EXE-2E5B5A44.pf": Access is denied.
2005-12-09, 00:28:51, Could not set file for reading on "C:\WINDOWS\Prefetch\LOGON.SCR-151EFAEA.pf": Access is denied.
2005-12-09, 00:28:51, Could not set file for reading on "C:\WINDOWS\Prefetch\LOGONUI.EXE-0AF22957.pf": Access is denied.
2005-12-09, 00:28:51, Could not set file for reading on "C:\WINDOWS\Prefetch\LUCOMS~1.EXE-02DB5950.pf": Access is denied.
2005-12-09, 00:28:51, Could not set file for reading on "C:\WINDOWS\Prefetch\LXCCCOMS.EXE-06051320.pf": Access is denied.
2005-12-09, 00:28:51, Could not set file for reading on "C:\WINDOWS\Prefetch\LXCCMON.EXE-0801E5EE.pf": Access is denied.
2005-12-09, 00:28:51, Could not set file for reading on "C:\WINDOWS\Prefetch\LXCCSERV.EXE-035F9279.pf": Access is denied.
2005-12-09, 00:28:51, Could not set file for reading on "C:\WINDOWS\Prefetch\LXCCTIME.EXE-0A8A1572.pf": Access is denied.
2005-12-09, 00:28:51, Could not set file for reading on "C:\WINDOWS\Prefetch\MMDIAG.EXE-29DD47F1.pf": Access is denied.
2005-12-09, 00:28:51, Could not set file for reading on "C:\WINDOWS\Prefetch\MMTASK.EXE-3A1ED548.pf": Access is denied.
2005-12-09, 00:28:51, Could not set file for reading on "C:\WINDOWS\Prefetch\MM_TRAY.EXE-01CCB25B.pf": Access is denied.
2005-12-09, 00:28:51, Could not set file for reading on "C:\WINDOWS\Prefetch\MSCONFIG.EXE-35E4DAE9.pf": Access is denied.
2005-12-09, 00:28:51, Could not set file for reading on "C:\WINDOWS\Prefetch\MSMSGS.EXE-2B6052DE.pf": Access is denied.
2005-12-09, 00:28:51, Could not set file for reading on "C:\WINDOWS\Prefetch\NAVAPSVC.EXE-1F4854B2.pf": Access is denied.
2005-12-09, 00:28:51, Could not set file for reading on "C:\WINDOWS\Prefetch\NAVW32.EXE-2E0F9BA1.pf": Access is denied.
2005-12-09, 00:28:51, Could not set file for reading on "C:\WINDOWS\Prefetch\NDETECT.EXE-16E64095.pf": Access is denied.
2005-12-09, 00:28:51, Could not set file for reading on "C:\WINDOWS\Prefetch\NMAIN.EXE-2BA406E0.pf": Access is denied.
2005-12-09, 00:28:51, Could not set file for reading on "C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf": Access is denied.
2005-12-09, 00:28:51, Could not set file for reading on "C:\WINDOWS\Prefetch\NSMDTR.EXE-2AD48E42.pf": Access is denied.
2005-12-09, 00:28:51, Could not set file for reading on "C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf": Access is denied.
2005-12-09, 00:28:51, Could not set file for reading on "C:\WINDOWS\Prefetch\OSA9.EXE-27CD7DB8.pf": Access is denied.
2005-12-09, 00:28:51, Could not set file for reading on "C:\WINDOWS\Prefetch\QUICKTIMEPLAYER.EXE-280B4828.pf": Access is denied.
2005-12-09, 00:28:51, Could not set file for reading on "C:\WINDOWS\Prefetch\REALSCHED.EXE-3282FD31.pf": Access is denied.
2005-12-09, 00:28:51, Could not set file for reading on "C:\WINDOWS\Prefetch\REG.EXE-046FDFA5.pf": Access is denied.
2005-12-09, 00:28:51, Could not set file for reading on "C:\WINDOWS\Prefetch\REGEDIT.EXE-1B606482.pf": Access is denied.
2005-12-09, 00:28:51, Could not set file for reading on "C:\WINDOWS\Prefetch\REGSVR32.EXE-25EEFE2F.pf": Access is denied.
2005-12-09, 00:28:51, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-4750DFCE.pf": Access is denied.
2005-12-09, 00:28:51, Could not set file for reading on "C:\WINDOWS\Prefetch\SBSERV.EXE-32089713.pf": Access is denied.
2005-12-09, 00:28:51, Could not set file for reading on "C:\WINDOWS\Prefetch\SC.EXE-012262AF.pf": Access is denied.
2005-12-09, 00:28:51, Could not set file for reading on "C:\WINDOWS\Prefetch\SISTRAY.EXE-245DBCED.pf": Access is denied.
2005-12-09, 00:28:51, Could not set file for reading on "C:\WINDOWS\Prefetch\SNDMON.EXE-0A6C21A2.pf": Access is denied.
2005-12-09, 00:28:51, Could not set file for reading on "C:\WINDOWS\Prefetch\SPRITE6.EXE-32582B79.pf": Access is denied.
2005-12-09, 00:28:51, Could not set file for reading on "C:\WINDOWS\Prefetch\SRMCLEAN.EXE-1A445B2C.pf": Access is denied.
2005-12-09, 00:28:51, Could not set file for reading on "C:\WINDOWS\Prefetch\SSSTARS.SCR-2D6FC20D.pf": Access is denied.
2005-12-09, 00:28:51, Could not set file for reading on "C:\WINDOWS\Prefetch\STNG259.EXE-285644B3.pf": Access is denied.
2005-12-09, 00:28:51, Could not set file for reading on "C:\WINDOWS\Prefetch\SVCHOST.EXE-3530F672.pf": Access is denied.
2005-12-09, 00:28:51, Could not set file for reading on "C:\WINDOWS\Prefetch\SYMLCSVC.EXE-0DE3B05C.pf": Access is denied.
2005-12-09, 00:28:51, Could not set file for reading on "C:\WINDOWS\Prefetch\SYMWSC.EXE-321AAE19.pf": Access is denied.
2005-12-09, 00:28:51, Could not set file for reading on "C:\WINDOWS\Prefetch\SYNTPENH.EXE-315D3ABC.pf": Access is denied.
2005-12-09, 00:28:51, Could not set file for reading on "C:\WINDOWS\Prefetch\SYNTPLPR.EXE-28BB9F3B.pf": Access is denied.
2005-12-09, 00:28:51, Could not set file for reading on "C:\WINDOWS\Prefetch\SYSCLEAN.COM-322E1B47.pf": Access is denied.
2005-12-09, 00:28:51, Could not set file for reading on "C:\WINDOWS\Prefetch\SYSCLEAN.EXE-094F860A.pf": Access is denied.
2005-12-09, 00:28:51, Could not set file for reading on "C:\WINDOWS\Prefetch\TASKMGR.EXE-20256C55.pf": Access is denied.
2005-12-09, 00:28:51, Could not set file for reading on "C:\WINDOWS\Prefetch\TSC.BIN-28E1C0C9.pf": Access is denied.
2005-12-09, 00:28:51, Could not set file for reading on "C:\WINDOWS\Prefetch\USERINIT.EXE-30B18140.pf": Access is denied.
2005-12-09, 00:28:51, Could not set file for reading on "C:\WINDOWS\Prefetch\VIEWMGR.EXE-1E800BBC.pf": Access is denied.
2005-12-09, 00:28:51, Could not set file for reading on "C:\WINDOWS\Prefetch\VSMON.EXE-1609C098.pf": Access is denied.
2005-12-09, 00:28:52, Could not set file for reading on "C:\WINDOWS\Prefetch\WANMPSVC.EXE-079295ED.pf": Access is denied.
2005-12-09, 00:28:52, Could not set file for reading on "C:\WINDOWS\Prefetch\WDFMGR.EXE-2CF4013B.pf": Access is denied.
2005-12-09, 00:28:52, Could not set file for reading on "C:\WINDOWS\Prefetch\WINZIP32.EXE-335422C1.pf": Access is denied.
2005-12-09, 00:28:52, Could not set file for reading on "C:\WINDOWS\Prefetch\WMIADAP.EXE-2DF425B2.pf": Access is denied.
2005-12-09, 00:28:52, Could not set file for reading on "C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf": Access is denied.
2005-12-09, 00:28:52, Could not set file for reading on "C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf": Access is denied.
2005-12-09, 00:28:52, Could not set file for reading on "C:\WINDOWS\Prefetch\ZLCLIENT.EXE-02918DDB.pf": Access is denied.
2005-12-09, 00:28:52, Could not set file for reading on "C:\WINDOWS\Prefetch\ZLCLIENT.EXE-1C550EB2.pf": Access is denied.
2005-12-09, 00:28:52, Could not set file for reading on "C:\WINDOWS\Prefetch\ZLSSETUP_61_737_000_EN.EXE-2C7E66A6.pf": Access is denied.
2005-12-09, 00:30:23, An error occurred while scanning file "C:\WINDOWS\SoftwareDistribution\EventCache\{AEE6AA9C-772A-468C-9A94-2D12EAC316D3}.bin": Access is denied.
2005-12-09, 00:36:14, An error occurred while scanning file "C:\WINDOWS\system32\config\default": Access is denied.
2005-12-09, 00:36:14, An error occurred while scanning file "C:\WINDOWS\system32\config\default.LOG": Access is denied.
2005-12-09, 00:36:14, An error occurred while scanning file "C:\WINDOWS\system32\config\SAM": Access is denied.
2005-12-09, 00:36:14, An error occurred while scanning file "C:\WINDOWS\system32\config\SAM.LOG": Access is denied.
2005-12-09, 00:36:14, An error occurred while scanning file "C:\WINDOWS\system32\config\SECURITY": Access is denied.
2005-12-09, 00:36:14, An error occurred while scanning file "C:\WINDOWS\system32\config\SECURITY.LOG": Access is denied.
2005-12-09, 00:36:14, An error occurred while scanning file "C:\WINDOWS\system32\config\software": Access is denied.
2005-12-09, 00:36:14, An error occurred while scanning file "C:\WINDOWS\system32\config\software.LOG": Access is denied.
2005-12-09, 00:36:15, An error occurred while scanning file "C:\WINDOWS\system32\config\system": Access is denied.
2005-12-09, 00:36:15, An error occurred while scanning file "C:\WINDOWS\system32\config\system.LOG": Access is denied.
2005-12-09, 00:40:35, An error occurred while scanning file "C:\WINDOWS\Temp\ZLT07a94.TMP": Access is denied.
2005-12-09, 00:40:53, Running scanner "C:\Documents and Settings\Sadrid\Desktop\Sysclean\VSCANTM.BIN"...
2005-12-09, 02:28:10, Files Detected:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 12/9/2005 00:40:55
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 991 (114726 Patterns) (2005/12/07) (299100)
Command Line: C:\Documents and Settings\Sadrid\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Sadrid\Desktop\Sysclean

75166 files have been read.
75166 files have been checked.
56167 files have been scanned.
93035 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 12/9/2005 02:28:10
---------*---------*---------*---------*---------*---------*---------*---------*
2005-12-09, 02:28:10, Files Clean:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 12/9/2005 00:40:54
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 991 (114726 Patterns) (2005/12/07) (299100)
Command Line: C:\Documents and Settings\Sadrid\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Sadrid\Desktop\Sysclean

75166 files have been read.
75166 files have been checked.
56167 files have been scanned.
93035 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 12/9/2005 02:28:10 1 hour 47 minutes 8 seconds (6428.20 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2005-12-09, 02:28:10, Clean Fail:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 12/9/2005 00:40:54
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 991 (114726 Patterns) (2005/12/07) (299100)
Command Line: C:\Documents and Settings\Sadrid\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Sadrid\Desktop\Sysclean

75166 files have been read.
75166 files have been checked.
56167 files have been scanned.
93035 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 12/9/2005 02:28:10 1 hour 47 minutes 8 seconds (6428.20 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2005-12-09, 02:28:10, Scanner "C:\Documents and Settings\Sadrid\Desktop\Sysclean\VSCANTM.BIN" has finished running.

#10 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 12 December 2005 - 12:05 AM

Allright,let me put my thinking cap on and see what I can come up with.

Have a look for this folder and see if it exist--> C:\Program Files\ipee

If found,please delete it.

OK...Lets have a look at the Hosts File!

Open HijackThis-> Click the tab labeled "Open the Misc Tools Section->Click Open Hosts File Manager-> Click Open in Notepad-> Copy&Paste the entire Contents of that Notepad Page to your Next Post

#11 Kimberly

Kimberly
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  

Posted 12 December 2005 - 10:32 PM

Ok, there was no ipee folder in C:\program files. And this is what came up when I did what you said for the host manager file thing in hijack this.

# Copyright © 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

#12 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 13 December 2005 - 06:55 PM

Lets check something out.

Open IE and Click Tools-> Internet Options-> Programs-> Click Reset Web Settings

Here is a link to ensure the IE defaults are in tact
http://support.mcihispeed.net/mu/500/psc/i...0/8455.mci.html

Let me know if you are able to run any of the Online Scans from any of these sites

http://support.f-secure.com/enu/home/ols.shtml

http://www.pandasoftware.com/products/acti...n_principal.htm

http://www.windowsecurity.com/trojanscan/

http://www3.ca.com/securityadvisor/virusinfo/scan.aspx

#13 Kimberly

Kimberly
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:37 AM

Posted 15 December 2005 - 08:29 PM

Oh god, I'm getting so frustrated with this laptop. I can't get any of these scans to work. They at least start now, but halfway through they choke, or it gets all the way to the end and then page not found will pop up. I'm ready to throw this damn thing. Aaargh!

#14 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 16 December 2005 - 04:49 AM

Hmm,I asked for some extra eyes to have a look.

If you will,go back to Safe Mode and Scan with WinPFind once more.

Restart Normal and post a fresh HijackThis log along with the WinPFind results.

#15 Kimberly

Kimberly
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  

Posted 16 December 2005 - 08:17 AM

Oh, I got ActiveScan to work last night finally. Here is the log. I'm going to do the Winpfind thing now.


Incident Status Location

Adware:Adware/SideStep Not disinfected C:\WINDOWS\Downloaded Program Files\SbCIe02a.dll
Adware:adware/sidestep Not disinfected C:\Documents and Settings\Sadrid\Application Data\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\SideStep.lnk
Adware:adware/2search Not disinfected Windows Registry
Adware:Adware/WUpd Not disinfected C:\Documents and Settings\Sadrid\Local Settings\Temporary Internet Files\Content.IE5\4J9ZMYV9\webview[1].js
Adware:Adware/WUpd Not disinfected C:\Documents and Settings\Sadrid\Local Settings\Temporary Internet Files\Content.IE5\BBHFJXCW\init[1].js
Adware:Adware/SideStep Not disinfected C:\WINDOWS\Downloaded Program Files\SbCIe02a.dll




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users