Strange Behavior - Malware?
I have noticed something very strange. As if something is controlling my computer:
- Menus are selected automatically
- strange text is inserted into fields automatically like in Word
- when Outlook is running but is behind other windows, it is brought to the front.
- sometimes when I am reading an email, it selects "reply" by itself and creates a reply message right before my eyes.
- it also seems to have an affinity for bringing outlook to the front and selecting the "Go" menu, but then nothing else happens.
I never see the mouse move. It always just happens instantaneously. I don't have to be touching my PC for this to happen. It just happens, but not all the time, just randomly. And in periods. A few weeks ago it acted like this for a few days, and then quieted down. Now it is acting up again.
I thought my system was pretty safe:
- have a D-Link router with firewall
- ZA firewall is installed and always running on my PC
- McAfee NA ViruScan Enterprise 8 is always updated and running
- I don't open junk mail, I don't browse shady websites
I had and have run online scans from Trend Micro and ewido and CAetrust and they never detect anything other than tracking cookies.
So I have been living with it, but what caused me to post this today was I got a RUNDLL error. "An exception occurred while trying to run Shell32.dll, Control_RunDLL.dll wscui.cpl". Seems serious.
So something isn't right. Any ideas? Is this malware? Or does it sound like something else?
- Menus are selected automatically
- strange text is inserted into fields automatically like in Word
- when Outlook is running but is behind other windows, it is brought to the front.
- sometimes when I am reading an email, it selects "reply" by itself and creates a reply message right before my eyes.
- it also seems to have an affinity for bringing outlook to the front and selecting the "Go" menu, but then nothing else happens.
I never see the mouse move. It always just happens instantaneously. I don't have to be touching my PC for this to happen. It just happens, but not all the time, just randomly. And in periods. A few weeks ago it acted like this for a few days, and then quieted down. Now it is acting up again.
I thought my system was pretty safe:
- have a D-Link router with firewall
- ZA firewall is installed and always running on my PC
- McAfee NA ViruScan Enterprise 8 is always updated and running
- I don't open junk mail, I don't browse shady websites
I had and have run online scans from Trend Micro and ewido and CAetrust and they never detect anything other than tracking cookies.
So I have been living with it, but what caused me to post this today was I got a RUNDLL error. "An exception occurred while trying to run Shell32.dll, Control_RunDLL.dll wscui.cpl". Seems serious.
So something isn't right. Any ideas? Is this malware? Or does it sound like something else?
0
Comments
Please Download HJTsetup.exe
Save HJTsetup.exe to your desktop.
Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
Logfile of HijackThis v1.99.1
Scan saved at 1:17:47 PM, on 4/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Toggler\toggler.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\HJT\Analyse.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Toggler] C:\Program Files\Toggler\toggler.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7570flkp.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles/7570flkp.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
O4 - Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: Launch Microsoft Office Outlook.lnk = C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
O4 - Startup: Shortcut to procexp.lnk = C:\Documents and Settings\Administrator\My Documents\PC stuff\ProcessExplorer\procexp.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4788DE08-3552-49EA-AC8C-233DA52523B9} (RIM AxLoader) - http://wwrex.com/handango/AxLoader.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1156438812346
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - http://www.seagate.com/support/disc/asp/tools/en/bin/npseatools.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.hp.com/ediags/hpfix/aio/en/check/qdiagh.cab?326
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Download ATF-Cleaner by Atribune to your desktop.
Do not run it yet.
Run ATF Cleaner Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
_________________________________________________
Please do an online scan with Kaspersky WebScanner
Click on Kaspersky Online Scanner
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
Extended (if available otherwise Standard)
Scan Archives
Scan Mail Bases
[*]Click OK
[*]Now under select a target to scan:
Select
My Computer[*]This will program will start and scan your system.
[*]The scan will take a while so be patient and let it run.
[*]Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
[*]Save the file to your desktop.[*]Copy and paste that information in your next post.
KASPERSKY ONLINE SCANNER REPORT
Thursday, April 19, 2007 11:56:03 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 19/04/2007
Kaspersky Anti-Virus database records: 299623
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
Scan Statistics:
Total number of scanned objects: 48704
Number of viruses found: 1
Number of infected objects: 2 / 0
Number of suspicious objects: 0
Duration of the scan process: 02:05:04
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator\Application Data\Microsoft\Outlook\Outlook.NK2 Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Outlook\Outlook.srs Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7570flkp.default\cert8.db Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7570flkp.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7570flkp.default\foxmarks.log Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7570flkp.default\history.dat Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7570flkp.default\key3.db Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7570flkp.default\parent.lock Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Skype\maxwelltf\call256.dbb Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Skype\maxwelltf\callmember256.dbb Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Skype\maxwelltf\chat512.dbb Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Skype\maxwelltf\chatmember256.dbb Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Skype\maxwelltf\chatmsg1024.dbb Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Skype\maxwelltf\chatmsg2048.dbb Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Skype\maxwelltf\chatmsg256.dbb Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Skype\maxwelltf\chatmsg4096.dbb Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Skype\maxwelltf\chatmsg512.dbb Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Skype\maxwelltf\contactgroup256.dbb Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Skype\maxwelltf\dyncontent\bundle.dat Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Skype\maxwelltf\index2.dat Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Skype\maxwelltf\profile256.dbb Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Skype\maxwelltf\user1024.dbb Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Skype\maxwelltf\user16384.dbb Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Skype\maxwelltf\user256.dbb Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Skype\maxwelltf\user4096.dbb Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Skype\maxwelltf\voicemail256.dbb Object is locked skipped
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Desktop\a.rar.part Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Outlook\OutlookHotmail [maxwelltf]-00000012.bak/Hotmail [maxwelltf]/Deleted Items/28 Jan 2007 15:57 from Me:d-Factories/25 Jan 2007 23:14 from Heath:Re: Play into Savings!/GO_HERE_BUY_RX_ONLINE.htm Infected: Trojan.JS.Redirector.b skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Outlook\OutlookHotmail [maxwelltf]-00000012.bak Mail MS Mail: infected - 1 skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Outlook\OutlookHotmail [maxwelltf]-00000012.pst Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Outlook\TF MASTER ARCHIVE.pst Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Outlook\TF MNTC PST.pst Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Outlook\TF PERS.pst Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Outlook\TF PLX-MNTC MAILBOX (frozen).pst Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\7570flkp.default\Cache\C9415815d01 Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\7570flkp.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\7570flkp.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\7570flkp.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\7570flkp.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\CALENDAR-(2007-04-18).log Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\Perflib_Perfdata_1474.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF7AF7.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF7B15.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF9727.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\My Music\iTunes\iTunes Library.itl Object is locked skipped
C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20070418_Time-103502427_EnterceptExceptions.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20070418_Time-103502427_EnterceptRules.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\Agent_DELL-C640.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\PrdMgr_DELL-C640.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\AccessProtectionLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\BufferOverflowProtectionLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\EmailOnDeliveryLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\EmailOnDemandLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\OnAccessScanLog.txt Object is locked skipped
C:\Documents and Settings\DELL-C640\ASPNET\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\DELL-C640\ASPNET\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\DELL-C640\ASPNET\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\DELL-C640\ASPNET\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{79CB344D-2222-4DF8-BA7F-DC0CA2799526}\RP101\change.log Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\DELL-C640.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{95F267D1-C683-4C69-8C4F-5AEEF3CBF266}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\W3SVC1\ex070419.log Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\temp\ZLT06092.TMP Object is locked skipped
C:\WINDOWS\temp\ZLT06435.TMP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
Plese go ahead and delete these messages from Outlook:
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Outlook\OutlookHotmail [maxwelltf]-00000012.bak/Hotmail [maxwelltf]/Deleted Items/28 Jan 2007 15:57 from Me:d-Factories/25 Jan 2007 23:14 from Heath:Re: Play into Savings!/GO_HERE_BUY_RX_ONLINE.htm
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Outlook\OutlookHotmail [maxwelltf]-00000012.bak
_______________________________________________________
Please download Deckard's System Scanner (DSS) and save it to your Desktop.
Thanks.
Could you please run (DSS) And paste the results to here.
Thanks.
Deckard's System Scanner v20070411.38
Run by Administrator on 2007-04-20 at 18:42:01
Computer is in Normal Mode.
-- System Restore
Successfully created a Deckard's System Scanner Restore Point.
-- Last 2 Restore Point(s) --
2: 2007-04-21 01:42:21 UTC - RP103 - Deckard's System Scanner Restore Point
1: 2007-04-20 11:15:36 UTC - RP102 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Administrator.exe)
Logfile of HijackThis v1.99.1
Scan saved at 6:47:51 PM, on 4/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
C:\WINDOWS\system32\inetsrv\DavCData.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Documents and Settings\Administrator\My Documents\PC stuff\ProcessExplorer\procexp.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\HJT\Administrator.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Toggler] C:\Program Files\Toggler\toggler.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7570flkp.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles/7570flkp.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
O4 - Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: Launch Microsoft Office Outlook.lnk = C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
O4 - Startup: Shortcut to procexp.lnk = C:\Documents and Settings\Administrator\My Documents\PC stuff\ProcessExplorer\procexp.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4788DE08-3552-49EA-AC8C-233DA52523B9} (RIM AxLoader) - http://wwrex.com/handango/AxLoader.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1156438812346
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - http://www.seagate.com/support/disc/asp/tools/en/bin/npseatools.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.hp.com/ediags/hpfix/aio/en/check/qdiagh.cab?326
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
-- File Associations
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled
R0 imagedrv - c:\windows\system32\drivers\imagedrv.sys
R0 imagesrv - c:\windows\system32\drivers\imagesrv.sys
R0 Vmodem (W2k Vmodem) - c:\windows\system32\drivers\vmodem.sys
R0 Vpctcom (W2k Vpctcom) - c:\windows\system32\drivers\vpctcom.sys
R0 Vvoice (W2k Vvoice) - c:\windows\system32\drivers\vvoice.sys
R1 Cdr4_xp - c:\windows\system32\drivers\cdr4_xp.sys
R1 Cdralw2k - c:\windows\system32\drivers\cdralw2k.sys
R1 cdudf_xp - c:\windows\system32\drivers\cdudf_xp.sys
R1 NaiAvTdi1 - c:\windows\system32\drivers\mvstdi5x.sys
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys
R1 pwd_2k - c:\windows\system32\drivers\pwd_2k.sys
R1 UdfReadr_xp - c:\windows\system32\drivers\udfreadr_xp.sys
R2 MDC8021X (WPA Security Protocol (IEEE 802.1x) v2.2.0.0) - c:\windows\system32\drivers\mdc8021x.sys
R3 cs429x (Cirrus Logic WDM Audio Codec Driver) - c:\windows\system32\drivers\cwawdm.sys
R3 EL90XBC (3Com 3C90X-BC Family PCI EtherLink Adapter) - c:\windows\system32\drivers\el90xbc5.sys
R3 EntDrv51 - c:\windows\system32\drivers\entdrv51.sys
R3 mmc_2K - c:\windows\system32\drivers\mmc_2k.sys
R3 NaiAvFilter1 - c:\windows\system32\drivers\naiavf5x.sys
R3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys
R3 Ptserial (W2K Pctel Serial Device Driver) - c:\windows\system32\drivers\ptserial.sys
R3 RimVSerPort (RIM Virtual Serial Port v2) - c:\windows\system32\drivers\rimserial.sys
R3 ROOTMODEM (Microsoft Legacy Modem Driver) - c:\windows\system32\drivers\rootmdm.sys
S2 USBHSB (GeneLink File Transfer Driver) - c:\windows\system32\drivers\usbhsb.sys (file missing)
S3 ac97intc (Intel(r) 82801 Audio Driver Install Service (WDM)) - c:\windows\system32\drivers\ac97intc.sys
S3 AR5211 (D-Link Adapter) - c:\windows\system32\drivers\ar5211.sys
S3 CO_Mon - c:\windows\system32\drivers\co_mon.sys
S3 dvd_2K - c:\windows\system32\drivers\dvd_2k.sys
S3 MEMSWEEP2 - c:\windows\system32\2.tmp (file missing)
S3 RimSerPort (RIM Virtual Serial Port) - c:\windows\system32\drivers\rimserial.sys
S3 RimUsb (BlackBerry Device) - c:\windows\system32\drivers\rimusb.sys
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled
R2 IISADMIN (IIS Admin) - c:\windows\system32\inetsrv\inetinfo.exe
R2 McAfeeFramework (McAfee Framework Service) - c:\program files\network associates\common framework\frameworkservice.exe /servicestart
R2 McTaskManager (Network Associates Task Manager) - "c:\program files\network associates\virusscan\vstskmgr.exe"
R2 SMTPSVC (Simple Mail Transfer Protocol (SMTP)) - c:\windows\system32\inetsrv\inetinfo.exe
-- Scheduled Tasks
2007-04-19 19:48:01 284 --a
C:\WINDOWS\Tasks\AppleSoftwareUpdate.job<APPLES~1.JOB>
2007-02-18 00:22:01 358 --a
C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1163831275.job<FRUTAS~1.JOB>
-- Files created between 2007-03-20 and 2007-04-20
2007-04-19 22:41:28 0 d
C:\Documents and Settings\Administrator\Application Data\KingSoft
2007-04-19 11:00:34 0 d
C:\Program Files\FlashGet
2007-04-19 10:54:53 0 d
C:\WINDOWS\system32\Kaspersky Lab<KASPER~1>
2007-04-18 11:33:49 0 d
C:\Program Files\Windows Live Safety Center<WIE5D0~1>
2007-04-18 11:33:40 0 d
C:\WINDOWS\LastGood
2007-04-15 13:40:35 0 d
C:\Documents and Settings\Administrator\Application Data\LegalSounds<LEGALS~1>
2007-04-15 13:40:32 0 d
C:\Program Files\LegalSounds<LEGALS~1>
2007-04-12 22:31:34 94480 --a
C:\WINDOWS\system32\drivers\tmcomm.sys
2007-04-09 12:08:07 0 d
C:\Documents and Settings\All Users\Application Data\Skype
2007-04-09 12:08:06 0 d
C:\Program Files\Common Files\Skype
2007-04-03 18:02:10 0 d
C:\Documents and Settings\All Users\Application Data\NCH Swift Sound<NCHSWI~1>
2007-04-03 18:02:10 0 d
C:\Documents and Settings\Administrator\Application Data\RecordPad<RECORD~1>
2007-04-03 18:02:10 0 d
C:\Documents and Settings\Administrator\Application Data\NCH Swift Sound<NCHSWI~1>
2007-04-03 18:01:44 0 d
C:\Program Files\NCH Swift Sound<NCHSWI~1>
2007-03-30 17:51:39 0 d
C:\Documents and Settings\Administrator\Application Data\MailFrontier<MAILFR~1>
2007-03-27 22:39:43 0 d
C:\Program Files\REXwireless<REXWIR~1>
2007-03-27 21:38:38 1677824 --a
C:\WINDOWS\system32\chsbrkr.dll
2007-03-27 21:38:37 838144 --a
C:\WINDOWS\system32\chtbrkr.dll
2007-03-27 21:38:36 70656 --a
C:\WINDOWS\system32\korwbrkr.dll
2007-03-27 21:38:35 98304 --a
C:\WINDOWS\system32\msir3jp.dll
2007-03-27 21:38:14 218112 --a
C:\WINDOWS\system32\c_g18030.dll
2007-03-27 21:38:13 6144 --a
C:\WINDOWS\system32\kbd101a.dll
2007-03-27 21:37:58 6144 --a
C:\WINDOWS\system32\kbdlk41j.dll
2007-03-27 21:37:57 7680 --a
C:\WINDOWS\system32\kbdnecNT.dll
2007-03-27 21:37:57 9216 --a
C:\WINDOWS\system32\kbdnecAT.dll
2007-03-27 21:37:57 7168 --a
C:\WINDOWS\system32\kbdnec95.dll
2007-03-27 21:37:57 6656 --a
C:\WINDOWS\system32\kbdlk41a.dll
2007-03-27 21:37:57 7168 --a
C:\WINDOWS\system32\kbdibm02.dll
2007-03-27 21:37:57 6144 --a
C:\WINDOWS\system32\kbdax2.dll
2007-03-27 21:37:57 6144 --a
C:\WINDOWS\system32\kbd106n.dll
2007-03-27 21:37:57 6144 --a
C:\WINDOWS\system32\kbd101.dll
2007-03-27 21:37:57 7168 --a
C:\WINDOWS\system32\f3ahvoas.dll
2007-03-27 21:37:27 6656 --a
C:\WINDOWS\system32\c_is2022.dll
2007-03-27 21:37:22 76288 --a
C:\WINDOWS\system32\uniime.dll
2007-03-27 21:37:09 811064 --a
C:\WINDOWS\system32\imjp81k.dll
2007-03-27 21:30:23 8192 --a
C:\WINDOWS\system32\kbdkor.dll
2007-03-27 21:30:23 8704 --a
C:\WINDOWS\system32\kbdjpn.dll
2007-03-27 21:30:23 6144 --a
C:\WINDOWS\system32\kbd106.dll
2007-03-27 21:30:23 5632 --a
C:\WINDOWS\system32\kbd103.dll
2007-03-27 21:30:23 6144 --a
C:\WINDOWS\system32\kbd101c.dll
2007-03-27 21:30:19 6144 --a
C:\WINDOWS\system32\kbd101b.dll
2007-03-27 21:10:59 0 d
C:\Program Files\iPod
2007-03-27 21:10:42 0 d
C:\Program Files\iTunes
2007-03-24 17:31:40 0 d
C:\Program Files\PolderbitS<POLDER~1>
2007-03-22 00:19:04 0 d
C:\Program Files\Direct WAV MP3 Splitter<DIRECT~1>
2007-03-22 00:11:08 57344 --a
C:\WINDOWS\system32\Wnaspint.dll
2007-03-22 00:10:46 0 d
C:\Program Files\Acoustica Spin It Again<ACOUST~1>
-- Find3M Report
2007-04-20 18:47:45 0 d
C:\Program Files\HJT
2007-04-20 14:46:16 0 d
C:\Documents and Settings\Administrator\Application Data\Skype
2007-04-19 23:40:38 0 d
C:\Program Files\EuroAsiaSoftware<EUROAS~1>
2007-04-18 11:49:03 0 d
C:\Program Files\Java
2007-04-17 09:11:47 0 d
C:\Program Files\DC++<DC__~1>
2007-04-15 20:16:50 0 d
C:\Documents and Settings\Administrator\Application Data\Adobe
2007-04-13 10:08:44 0 d
C:\Program Files\AviSynth 2.5<AVISYN~1.5>
2007-04-12 22:44:30 0 d--h
C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-04-12 22:44:29 0 d
C:\Program Files\CyberLink DVD Solution<CYBERL~2>
2007-04-09 12:08:07 0 d
C:\Program Files\Skype
2007-03-30 17:45:47 4212 ---h
C:\WINDOWS\system32\zllictbl.dat
2007-03-27 21:41:46 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft<MICROS~1>
2007-03-20 12:59:08 0 d
C:\Program Files\zdt
2007-03-18 19:44:37 0 d
C:\Program Files\ChineseTools<CHINES~1>
2007-03-16 17:58:55 0 d
C:\Documents and Settings\Administrator\Application Data\CyberLink<CYBERL~1>
2007-03-16 17:58:17 540 --a
C:\Documents and Settings\Administrator\Application Data\AutoGK.ini
2007-03-14 10:39:02 0 d
C:\Program Files\Common Files\Research In Motion<RESEAR~1>
2007-03-13 22:03:39 0 d
C:\Program Files\QuickTime<QUICKT~1>
2007-03-13 22:01:18 0 d
C:\Program Files\Apple Software Update<APPLES~1>
2007-03-13 21:04:13 0 d
C:\Program Files\Dell
2007-03-11 15:03:00 0 d
C:\Program Files\DIFX
2007-03-09 00:02:00 75512 --a
C:\WINDOWS\zllsputility.exe<ZLLSPU~1.EXE>
2007-03-09 00:01:42 1087216 --a
C:\WINDOWS\system32\zpeng24.dll
2007-03-08 08:36:28 577536 --a
C:\WINDOWS\system32\user32.dll
2007-03-08 08:36:28 40960 --a
C:\WINDOWS\system32\mf3216.dll
2007-03-08 08:36:28 281600 --a
C:\WINDOWS\system32\gdi32.dll
2007-03-08 06:47:48 1843584 --a
C:\WINDOWS\system32\win32k.sys
2007-03-07 12:17:37 0 d
C:\Documents and Settings\Administrator\Application Data\Ahead
2007-03-07 12:16:24 0 d
C:\Program Files\Ahead
2007-03-07 12:16:21 0 d
C:\Program Files\Common Files\Ahead
2007-03-07 00:25:43 0 d
C:\Program Files\DriveGLEAM<DRIVEG~1>
2007-03-06 22:43:46 0 d
C:\Program Files\Common Files\LightScribe<LIGHTS~1>
2007-03-05 10:11:10 0 d
C:\Documents and Settings\Administrator\Application Data\CNN
2007-03-02 01:12:58 0 d
C:\Program Files\Toggler
2007-03-02 01:11:22 0 d
C:\Program Files\MSN Messenger<MSNMES~1>
2007-03-02 01:08:17 0 d
C:\Program Files\Messenger<MESSEN~1>
2007-02-28 18:35:58 0 d
C:\Program Files\DVD Shrink<DVDSHR~1>
2007-02-28 18:06:51 0 d
C:\Program Files\AutoGK
2007-02-28 18:06:46 43602 --a
C:\WINDOWS\system32\xvid-uninstall.exe<XVID-U~1.EXE>
2007-02-27 09:01:02 0 d
C:\Documents and Settings\Administrator\Application Data\estroke
2007-02-26 23:55:28 0 d
C:\Program Files\eStroke
2007-01-31 21:56:06 823296 --a
C:\WINDOWS\system32\divx_xx07.dll<DIVX_X~2.DLL>
2007-01-31 21:56:05 802816 --a
C:\WINDOWS\system32\divx_xx11.dll<DIVX_X~3.DLL>
2007-01-31 21:56:05 823296 --a
C:\WINDOWS\system32\divx_xx0c.dll<DIVX_X~1.DLL>
2007-01-31 21:56:04 639066 --a
C:\WINDOWS\system32\DivX.dll
2007-01-31 14:27:01 524288 --a
C:\WINDOWS\system32\DivXsm.exe
2007-01-30 16:15:10 118784 --a
C:\WINDOWS\system32\DivXCodecUpdateChecker.exe<DIVXCO~1.EXE>
2007-01-29 22:03:40 3596288 --a
C:\WINDOWS\system32\qt-dx331.dll
2007-01-29 22:03:26 200704 --a
C:\WINDOWS\system32\ssldivx.dll
2007-01-29 22:03:26 1044480 --a
C:\WINDOWS\system32\libdivx.dll
2007-01-29 21:56:56 196608 --a
C:\WINDOWS\system32\dtu100.dll
2007-01-29 21:56:56 73728 --a
C:\WINDOWS\system32\dpl100.dll
2007-01-29 21:56:54 53248 --a
C:\WINDOWS\system32\dpuGUI10.dll
2007-01-29 21:56:52 57344 --a
C:\WINDOWS\system32\dpv11.dll
2007-01-29 21:56:52 344064 --a
C:\WINDOWS\system32\dpus11.dll
2007-01-29 21:56:52 593920 --a
C:\WINDOWS\system32\dpuGUI11.dll
2007-01-29 21:56:52 294912 --a
C:\WINDOWS\system32\dpu11.dll
2007-01-29 21:56:52 294912 --a
C:\WINDOWS\system32\dpu10.dll
-- Registry Dump
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Toggler"="C:\\Program Files\\Toggler\\toggler.exe"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"FFTI"="C:\\Documents and Settings\\Administrator\\Application Data\\Mozilla\\Firefox\\Profiles\\7570flkp.default\\extensions\\{B13721C7-F507-4982-B2E5-502A71474FED}\\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath=\"C:\\Documents and Settings\\Administrator\\Application Data\\Mozilla\\Firefox\\Profiles/7570flkp.default\\extensions\\{B13721C7-F507-4982-B2E5-502A71474FED}\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATIModeChange"="Ati2mdxx.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"PCTVOICE"="pctspk.exe"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"ShStatEXE"="\"C:\\Program Files\\Network Associates\\VirusScan\\SHSTAT.EXE\" /STANDALONE"
"Network Associates Error Reporting Service"="\"C:\\Program Files\\Common Files\\Network Associates\\TalkBack\\TBMon.exe\""
"McAfeeUpdaterUI"="\"C:\\Program Files\\Network Associates\\Common Framework\\UpdaterUI.exe\" /StartedFromRunKey"
"RoxioEngineUtility"="\"C:\\Program Files\\Common Files\\Roxio Shared\\System\\EngUtil.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"IMEKRMIG6.1"="C:\\WINDOWS\\ime\\imkr6_1\\IMEKRMIG.EXE"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DVDLauncher"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -k"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -k"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DrgToDsc"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Roxio\\Easy CD Creator 6\\DragToDisc\\DrgToDsc.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -u"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -u"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WMPNSCFG"
"hkey"="HKCU"
"command"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="sockspy.dll"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"=hex:01,00,00,00
"NoRecentDocsHistory"=hex:01,00,00,00
"NoSMMyDocs"=hex:01,00,00,00
"NoSMMyPictures"=hex:01,00,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
-- Hosts
127.0.0.1 us.a2.yimg.com
127.0.0.1 yimg.com
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 www.abcsearcher.com #[Spamdexing][Microsoft.Strider]
127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
127.0.0.1 adserver.adbunker.com
127.0.0.1 phpadsnew.abac.com
127.0.0.1 a.abnad.net
127.0.0.1 b.abnad.net
13973 more entries in hosts file.
-- End of Deckard's System Scanner: finished at 2007-04-20 at 18:48:29
=====================
Deckard's System Scanner v20070411.38
Extra logfile - please post this as an attachment with your post.
-- System Information
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Mobile Intel(R) Pentium(R) 4 - M CPU 1.80GHz
Percentage of Memory in Use: 59%
Physical Memory (total/avail): 767.43 MiB / 314.5 MiB
Pagefile Memory (total/avail): 1491.52 MiB / 1024.43 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1988.86 MiB
C: is Fixed (NTFS) - 37.26 GiB total, 6.26 GiB free.
D: is CDROM (UDF)
-- Security Center
AUOptions is disabled.
Windows Internal Firewall is disabled.
FirstRunDisabled is set.
FW: ZoneAlarm Firewall v7.0.337.000 (Check Point, LTD.)
-- Environment Variables
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DELL-C640
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator
LOGONSERVER=\\DELL-C640
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Roxio Shared\DLLShared;"C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier";C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0207
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=DELL-C640
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator
windir=C:\WINDOWS
-- User Profiles
ASPNET
Administrator (admin)
-- Add/Remove Programs
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
AirXpert Tri-Mode Dualband Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52A5F706-2FCC-4C14-9E9A-345C2DCB25E9}\Setup.exe" -l0x9
Apple Software Update --> MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Auto Gordian Knot 2.40 --> C:\Program Files\AutoGK\uninst.exe
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
BlackBerry Desktop Software 4.2.1 --> MsiExec.exe /i{F804AE2A-92AD-4189-B8B1-7D4207F7AB13}
BlackBerry Desktop Software 4.2.1 --> MsiExec.exe /I{F804AE2A-92AD-4189-B8B1-7D4207F7AB13}
BlackBerry v4.0.2 for the 7700 Series Wireless Handheld --> MsiExec.exe /X{CE4E52DE-2BB5-4B8A-80D7-40683F240AC0}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Chinese Homework --> MsiExec.exe /I{80A27BF9-6D38-4218-9648-CB8314475123}
DC++ 0.698 --> "C:\Program Files\DC++\uninstall.exe"
DimSum 0.7.9 --> "C:\Program Files\ChineseTools\unins000.exe"
Direct WAV MP3 Splitter 2.4 --> "C:\Program Files\Direct WAV MP3 Splitter\unins000.exe"
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DIY DataRecovery DiskPatch 3.0 --> "C:\Program Files\DIY DataRecovery DiskPatch 3.0\uninstall.exe"
DIY DataRecovery iRecover 2.1 --> "C:\Program Files\DIY DataRecovery iRecover 2.1\uninstall.exe"
DriveGLEAM V1.04 --> "C:\Program Files\DriveGLEAM\unins000.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
DVD Solution --> "C:\Program Files\Uninstall_CDS.exe"
Easy CD & DVD Creator 6 --> MsiExec.exe /I{46DDF76F-ACD4-42BC-B48F-B89C4EE2E1A9}
ERUNT 1.1j --> "C:\Program Files\ERUNT\unins000.exe"
eStroke Animated Chinese Character --> C:\Program Files\eStroke\uninst.exe
FlashGet(JetCar) --> C:\PROGRA~1\FlashGet\UNWISE.EXE C:\PROGRA~1\FlashGet\INSTALL.LOG
Garmin Training Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4787278D-6526-4701-A9FE-03E7EE9F1945}\setup.exe" -l0x9
Garmin WebUpdater --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2FD94FBC-07AE-475C-B522-BFE899B9048E}\setup.exe" -l0x9
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Video Player --> "C:\Program Files\Google\Google Video Player\Uninstall.exe"
HijackThis 1.99.1 --> C:\PROGRA~1\HJT\HijackThis.exe /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Photo and Imaging 2.0 - All-in-One --> MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
HP Photo and Imaging 2.0 - All-in-One Drivers --> MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
HP Photo and Imaging 2.0 - hp psc 2200 series --> C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
hp psc 2200 series --> MsiExec.exe /X{913DA816-E8E4-4467-8D22-E2DF5DBF04E4}
Image Resizer Powertoy for Windows XP --> MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29}
iTunes --> MsiExec.exe /I{AB90749C-7422-4580-8A7A-66CC5E9E5F98}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java(TM) SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Kaspersky Online Scanner --> C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe
LegalSounds Music Downloader 1.4 --> "C:\Program Files\LegalSounds\unins000.exe"
LiveUpdate 2.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
McAfee VirusScan Enterprise --> MsiExec.exe /I{5DF3D1BB-894E-4DCD-8275-159AC9829B43}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft MapPoint 2002 North America --> MsiExec.exe /I{F3BCD513-E086-4058-B93E-173780E583A2}
Microsoft Office OneNote 2003 --> MsiExec.exe /I{91A10409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visio Standard 2002 [English] --> MsiExec.exe /I{90530409-6D54-11D4-BEE3-00C04F990354}
Microsoft WSE 2.0 SP3 Runtime --> MsiExec.exe /X{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}
Mozilla Firefox (1.5.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\uninstall.exe /ua "1.5.0.11 (en-US)"
MSN Messenger 7.5 --> MsiExec.exe /I{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}
Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
OverDrive Media Console --> MsiExec.exe /I{16D9439B-DF3D-43D1-A727-4B335300D07A}
PCTEL 2304WT V.9x MDC Modem Drivers --> ptuninst.exe
Photo Story 3 for Windows --> MsiExec.exe /I{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}
PolderbitS Sound Recorder and Editor --> "C:\Program Files\PolderbitS\Recorder\Recorder.exe" /uninstall
PowerDVD 5.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PowerProducer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RecordPad Sound Recorder --> C:\Program Files\NCH Swift Sound\RecordPad\uninst.exe
Seagate SeaTools English Online --> RunDll32.exe C:\WINDOWS\DOWNLO~1\NPSEAT~1.DLL,DllUninstallServer
Skype 3.1 --> "C:\Program Files\Skype\Phone\unins000.exe"
Skype Plugin Manager --> MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
Spin It Again --> C:\PROGRA~1\ACOUST~1\UNWISE.EXE C:\PROGRA~1\ACOUST~1\INSTALL.LOG
Symantec Technical Support Web Controls --> MsiExec.exe /X{C4868E88-F5B5-4E45-9592-C7062BD97441}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
The Rosetta Stone --> C:\WINDOWS\unvise32.exe C:\Program Files\The Rosetta Stone\TRS Support\uninstal.log
todoMatrix 2007 professional 2007.02.02 --> C:\PROGRA~1\REXWIR~1\SETUP-~1.EXE /remove /q0
Tweak UI --> "C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
WavePad Uninstall --> C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XviD & MP3 Codec Pack (remove only) --> "C:\WINDOWS\unins000.exe"
XviD 1.1 final uninstall --> "C:\Program Files\XviD\unins000.exe"
XviD MPEG4 Video Codec (remove only) --> "C:\WINDOWS\system32\xvid-uninstall.exe"
zdt 0.6.1 --> C:\Program Files\zdt\uninst.exe
ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
-- End of Deckard's System Scanner: finished at 2007-04-20 at 18:48:29
I don't think your problem is related to anything that would bring you to this part of the forums.
Are you still receiving issues?
Open the program and click on the Rootkit tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
Click on Scan.
When the scan has run click Copy and paste the results (if any) into this thread.