Options
PLEASE someone help me!! LOST ALL desktop items!!
PLEASE help me, or Im toast in court Tuesday!
Going, Going... ...Almost gone!
Well, here it is and PLEASE help me fast! I have court in 2 days and I need this thing or Ima die!Yeah, Ima programmer and the first thing Im taught is BACK UP! ...Well, I DIDNT, and I gotta have this up and back fast. Almost everything on the desktop disappeared???!!!! What's up with that? Heart...
Dell Laptop almost dust!
Deckard's System Scanner v20070426.43
Run by Pamella Burkhart on 2007-05-27 at 06:52:42
Computer is in Normal Mode.
-- System Restore
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
51: 2007-05-27 13:52:49 UTC - RP451 - Deckard's System Scanner Restore Point
50: 2007-05-27 13:47:35 UTC - RP450 - Software Distribution Service 2.0
49: 2007-05-27 09:04:50 UTC - RP449 - Deckard's System Scanner Restore Point
48: 2007-05-27 05:59:51 UTC - RP448 - Software Distribution Service 2.0
47: 2007-05-27 05:52:49 UTC - RP447 - Installed Windows Defender
-- First Restore Point --
1: 2007-05-09 09:03:00 UTC - RP401 - System Checkpoint
Performed disk cleanup.
-- HijackThis (run as Pamella Burkhart.exe)
Logfile of HijackThis v1.99.1
Scan saved at 6:53:42 AM, on 5/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
c:\documents and settings\pamella burkhart\desktop\progrms\a-squared free\a2service.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\sessmgr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Skyhook Wireless\Wi-Fi Service\WPSScannerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Pamella Burkhart\Desktop\dss.exe
C:\WINDOWS\system32\cidaemon.exe
C:\DOCUME~1\PAMELL~1\Desktop\Pamella Burkhart.exe
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [DLCDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\DOCUME~1\PAMELL~1\Desktop\ACTIVE~1\INetRepl.dll (file missing)
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\DOCUME~1\PAMELL~1\Desktop\ACTIVE~1\INetRepl.dll (file missing)
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\DOCUME~1\PAMELL~1\Desktop\ACTIVE~1\INetRepl.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/service_c...ex/TmHcmsX.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase8300.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1176931590843
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\documents and settings\pamella burkhart\desktop\progrms\a-squared free\a2service.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: WPS Scanner Service (WPSScannerSvc) - Skyhook Wireless - C:\Program Files\Skyhook Wireless\Wi-Fi Service\WPSScannerSvc.exe
-- File Associations
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled
R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Inc; OMCI Driver>
R1 Tosrfcom (Bluetooth RFCOMM from TOSHIBA) - c:\windows\system32\drivers\tosrfcom.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFCOMM Driver>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.6.0.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.6.0.0>
R2 procguard - c:\windows\system32\drivers\procguard.sys <Not Verified; DiamondCS; DiamondCS ProcessGuard>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R2 VirtualSerial - c:\windows\system32\drivers\virtualserial.sys
R3 tosporte (Bluetooth Port Driver from Toshiba) - c:\windows\system32\drivers\tosporte.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Bluetooth Port Emulation Driver>
R3 Tosrfbd (Bluetooth RFBUS from TOSHIBA) - c:\windows\system32\drivers\tosrfbd.sys <Not Verified; TOSHIBA CORPORATION; Bluetooth BUS Driver(WindowsXP,Windows2000)>
R3 Tosrfbnp (Bluetooth RFBNEP from TOSHIBA) - c:\windows\system32\drivers\tosrfbnp.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFBNEP Driver from TOSHIBA>
R3 Tosrfhid (Bluetooth RFHID from TOSHIBA) - c:\windows\system32\drivers\tosrfhid.sys <Not Verified; TOSHIBA Corporation.; Bluetooth HID Driver from TOSHIBA>
R3 tosrfnds (Bluetooth Personal Area Network from TOSHIBA) - c:\windows\system32\drivers\tosrfnds.sys <Not Verified; TOSHIBA Corporation.; Bluetooth BNEP Driver from TOSHIBA>
R3 Tosrfusb (Bluetooth USB Controller) - c:\windows\system32\drivers\tosrfusb.sys <Not Verified; TOSHIBA CORPORATION; Microsoft(R) Windows NT(R) Operating System>
R3 Wpsnuio (WPS NDIS Usermode I/O Protocol) - c:\windows\system32\drivers\wpsnuio.sys <Not Verified; Skyhook Wireless; WPS NDIS User Mode I/O Driver>
S2 tmcomm - c:\windows\system32\drivers\tmcomm.sys (file missing)
S3 NETw3x32 (Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows XP 32 Bit) - c:\windows\system32\drivers\netw3x32.sys <Not Verified; Intel® Corporation; Intel® Wireless LAN Adapter>
S3 Pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
S3 tapvpn (TAP VPN Adapter) - c:\windows\system32\drivers\tapvpn.sys <Not Verified; The OpenVPN Project; TAP-Win32 Virtual Network Driver>
S3 toshidpt (TOSHIBA Bluetooth HID port driver) - c:\windows\system32\drivers\toshidpt.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Bluetooth HID Mini Port Driver>
S3 TosRfSnd (Bluetooth Audio Device (WDM) from TOSHIBA) - c:\windows\system32\drivers\tosrfsnd.sys <Not Verified; TOSHIBA Corporation; Bluetooth Audio Driver>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled
R2 RegSrvc (Intel(R) PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel(R) PROSet/Wireless Registry Service>
R2 WPSScannerSvc (WPS Scanner Service) - c:\program files\skyhook wireless\wi-fi service\wpsscannersvc.exe <Not Verified; Skyhook Wireless; Wi-Fi Scanner Service>
S2 WLANKEEPER (Intel(R) PROSet/Wireless SSO Service) - c:\program files\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel(R) Corporation; SSO Service>
S4 Bluetooth Hid Switch Service - "c:\program files\bluetooth\hidswitchservice\hidsw.exe" <Not Verified; Cambridge Silicon Radio; HID Switch Service>
S4 NICCONFIGSVC - c:\program files\dell\quickset\nicconfigsvc.exe <Not Verified; Dell Inc.; NicConfigSvc>
S4 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>
-- Scheduled Tasks
2007-05-27 06:48:09 330 --ah
C:\WINDOWS\Tasks\MP Scheduled Scan.job
2007-05-27 01:33:13 416 --ah
C:\WINDOWS\Tasks\{F897AA24-BDC3-11D1-B85B-00C04FB93981}_D7GT37B1_Pamella Burkhart.job
2007-05-12 05:45:00 366 --a
C:\WINDOWS\Tasks\HP DArC Task #Hewlett-Packard#hp psc 2400 series#1155068554.job
2006-07-17 17:30:36 128 --a
C:\WINDOWS\Tasks\Low Battery Alarm Program.job
-- Files created between 2007-04-27 and 2007-05-27
2007-05-26 23:29:38 0 d
C:\{00002394-0000-0000-5CF6-A18143E8BCE9}
2007-05-26 23:07:24 0 d
C:\Documents and Settings\DelSTemp\Application Data
2007-05-26 23:07:24 0 d
C:\Documents and Settings\DelSTemp\Application Data\Intel
2007-05-26 2333 21425 --a
C:\WINDOWS\system32\drivers\AegisP.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.6.0.0>
2007-05-26 23:00:27 0 d
C:\Documents and Settings\Default User\Application Data\Intel
2007-05-26 23:00:27 0 d
C:\Documents and Settings\Administrator\Application Data\Intel
2007-05-26 23:00:26 0 d
C:\Documents and Settings\NetworkService\Application Data\Intel
2007-05-26 23:00:26 0 d
C:\Documents and Settings\LocalService\Application Data\Intel
2007-05-26 22:57:00 0 d
C:\Documents and Settings\All Users\Application Data\Intel
2007-05-26 22:56:32 0 d
C:\Documents and Settings\Pamella Burkhart\Application Data\Intel
2007-05-26 22:52:52 0 d
C:\Program Files\Windows Defender
2007-05-26 20:50:44 0 d
C:\Program Files\Windows Live Safety Center
2007-05-26 16:33:36 0 d
C:\WINDOWS\system32\ActiveScan
2007-05-26 16:27:58 21312 --a
C:\WINDOWS\choice.exe
2007-05-26 16:27:12 0 d
C:\ie-spyad2
2007-05-26 16:26:16 0 d
C:\ie-spyad_zo
2007-05-26 16:11:09 0 d
C:\Program Files\SpywareBlaster
2007-05-26 15:09:07 0 d
C:\Program Files\Lavasoft
2007-05-26 15:08:30 0 d
C:\Program Files\Common Files\Wise Installation Wizard
2007-05-26 06:35:37 0 d
C:\Documents and Settings\All Users\Application Data\Trend Micro
2007-05-24 22:59:38 0 d
C:\Program Files\Common Files\Motorola Shared
2007-05-24 22:58:25 5936 --a
C:\Documents and Settings\Pamella Burkhart\mqdmwhnt.sys <Not Verified; MCCI; Motorola DM Composite Driver>
2007-05-24 22:58:25 79328 --a
C:\Documents and Settings\Pamella Burkhart\mqdmserd.sys <Not Verified; MCCI; Motorola USB Diag>
2007-05-24 22:58:25 92064 --a
C:\Documents and Settings\Pamella Burkhart\mqdmmdm.sys <Not Verified; MCCI; Motorola USB Modem>
2007-05-24 22:58:25 9232 --a
C:\Documents and Settings\Pamella Burkhart\mqdmmdfl.sys <Not Verified; MCCI; Motorola USB Modem Filter>
2007-05-24 22:58:25 4048 --a
C:\Documents and Settings\Pamella Burkhart\mqdmcr.sys <Not Verified; MCCI; Motorola USB DIAG>
2007-05-24 22:58:25 6208 --a
C:\Documents and Settings\Pamella Burkhart\mqdmcmnt.sys <Not Verified; MCCI; Motorola USB DIAG>
2007-05-24 22:58:25 66656 --a
C:\Documents and Settings\Pamella Burkhart\mqdmbus.sys <Not Verified; MCCI; Motorola DM Composite Driver>
2007-05-24 22:58:24 6947 --a
C:\Documents and Settings\Pamella Burkhart\1180072704-(null)
2007-05-24 10:01:24 0 d
C:\Documents and Settings\Pamella Burkhart\.java
2007-05-24 10:01:22 16384 --a
C:\Documents and Settings\Pamella Burkhart\WindowHook.dll
2007-05-24 10:01:22 53248 --a
C:\Documents and Settings\Pamella Burkhart\IDFileViewer.dll
2007-05-23 04:13:52 0 d
C:\Documents and Settings\Pamella Burkhart\WINDOWS
2007-05-22 23:30:33 22768 --a
C:\Documents and Settings\Pamella Burkhart\usbsermpt.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2007-05-21 08:03:30 0 d
C:\Program Files\CONEXANT
2007-05-21 07:40:49 0 d
C:\Documents and Settings\All Users\Application Data\BeInSync Settings
2007-05-21 06:57:11 0 d
C:\Documents and Settings\All Users\Application Data\TEMP
2007-05-21 06:54:12 0 d
C:\Documents and Settings\Pamella Burkhart\Application Data\GoodSync
2007-05-21 05:23:18 0 d
C:\WINDOWS\ASTULogTemp
2007-05-08 18:45:24 0 d
C:\WINDOWS\PoolData
-- Find3M Report
2007-05-27 01:16:00 98 --a
C:\WINDOWS\system32\mhncache.dat
2007-05-26 22:26:34 0 d
C:\Program Files\Microsoft Location Finder
2007-05-26 19:53:59 0 d
C:\Program Files\Virtual Earth 3D
2007-05-26 19:51:46 0 d
C:\Program Files\MSN Messenger
2007-05-26 15:11:10 0 d
C:\Documents and Settings\Pamella Burkhart\Application Data\Lavasoft
2007-05-26 13:55:41 0 d
C:\Program Files\Trend Micro
2007-05-26 08:01:39 0 d
C:\Documents and Settings\Pamella Burkhart\Application Data\Jasc Software Inc
2007-05-26 05:12:49 0 d
C:\Documents and Settings\Pamella Burkhart\Application Data\LimeWire
2007-05-26 04:38:12 0 d--h
C:\Program Files\InstallShield Installation Information
2007-05-26 04:34:08 0 d
C:\Program Files\Jasc Software Inc
2007-05-24 22:50:08 0 d
C:\Program Files\PokerStars
2007-05-21 04:49:15 2528 --a
C:\Documents and Settings\Pamella Burkhart\Application Data\$_hpcst$.hpc
2007-04-18 14:02:40 0 d
C:\Program Files\Microsoft ActiveSync
2007-04-17 17:39:58 0 d
C:\Documents and Settings\Pamella Burkhart\Application Data\Syntrillium
2007-04-16 13:37:27 6214 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-04-16 13:37:27 56 -r-hs---- C:\WINDOWS\system32\20E6BFAE36.sys
2007-04-14 15:30:43 0 d
C:\Program Files\Dell Photo AIO Printer 944
2007-04-13 20:59:05 0 d
C:\Documents and Settings\Pamella Burkhart\Application Data\Vso
2007-04-13 20:23:20 0 d
C:\Documents and Settings\Pamella Burkhart\Application Data\CyberLink
2007-04-13 15:25:35 0 d
C:\Program Files\Bitcollider
2007-04-11 10:25:23 0 d
C:\Documents and Settings\Pamella Burkhart\Application Data\COREL
2007-04-05 14:36:56 0 d
C:\Documents and Settings\Pamella Burkhart\Application Data\AdobeUM
2007-04-05 01:31:06 0 d
C:\Program Files\MSECache
2007-04-05 00:54:10 0 d
C:\Program Files\MTV Networks
2007-04-03 16:01:54 0 d
C:\Program Files\Windows Plus
2007-03-24 02:52:06 40183 ---hs---- C:\Program Files\Common Files\Yazzle1670OinUninstaller.exe
2007-03-23 17:50:40 147456 --a
C:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>
2007-03-19 17:16:29 2 --a
C:\WINDOWS\system32\wnscpicomsv32.exe
-- Registry Dump
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"DLCDCATS"="rundll32 C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\DLCDtime.dll,_RunDLLEntry@16"
"SpybotSnD"="\"C:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe\""
"ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\ISUSPM.exe\" -startup"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"IntelZeroConfig"="\"C:\\Program Files\\Intel\\Wireless\\bin\\ZCfgSvc.exe\""
"IntelWireless"="\"C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" /tf Intel PROSet/Wireless"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Microsoft Location Finder"="\"C:\\Program Files\\Microsoft Location Finder\\LocationFinder.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source REG_SZ C:\Program Files\Messenger\rtekefse.html
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0
SafeBoot registry key needs to be repaired. This machine cannot enter Safe Mode.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
Shell\AutoRun\command E:\setup.exe
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_AEGISP
-- End of Deckard's System Scanner: finished at 2007-05-27 at 06:55:21
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
NEW SCANS!!!
"Pamella Burkhart" - 2007-05-27 17:08:33 Service Pack 2
ComboFix 07-05.27.V - Running from: "C:\Documents and Settings\Pamella Burkhart\Desktop\"
((((((((((((((((((((((((((((((( Files Created from 2007-04-27 to 2007-05-27 ))))))))))))))))))))))))))))))))))
2007-05-27 15:27 <DIR> d
C:\WINDOWS\system32\Kaspersky Lab
2007-05-27 15:27 <DIR> d
C:\WINDOWS\LastGood
2007-05-27 12:56 49,152 --a
C:\WINDOWS\nircmd.exe
2007-05-27 00:12 679,936 --a
C:\WINDOWS\system32\NETw4c32.dll
2007-05-27 00:12 2,756,608 --a
C:\WINDOWS\system32\NETw4r32.dll
2007-05-27 00:12 2,203,520 --a
C:\WINDOWS\system32\drivers\NETw4x32.sys
2007-05-26 23:29 <DIR> d
C:\{00002394-0000-0000-5CF6-A18143E8BCE9}
2007-05-26 23:07 <DIR> d
C:\DOCUME~1\DelSTemp\APPLIC~1\Intel
2007-05-26 23:06 21,425 --a
C:\WINDOWS\system32\drivers\AegisP.sys
2007-05-26 23:00 <DIR> d
C:\DOCUME~1\NETWOR~1\APPLIC~1\Intel
2007-05-26 23:00 <DIR> d
C:\DOCUME~1\LOCALS~1\APPLIC~1\Intel
2007-05-26 23:00 <DIR> d
C:\DOCUME~1\DEFAUL~1\APPLIC~1\Intel
2007-05-26 23:00 <DIR> d
C:\DOCUME~1\ADMINI~1\APPLIC~1\Intel
2007-05-26 22:57 <DIR> d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Intel
2007-05-26 22:56 <DIR> d
C:\DOCUME~1\PAMELL~1\APPLIC~1\Intel
2007-05-26 22:52 <DIR> d
C:\Program Files\Windows Defender
2007-05-26 20:50 <DIR> d
C:\Program Files\Windows Live Safety Center
2007-05-26 19:27 <DIR> d
C:\Deckard
2007-05-26 16:33 <DIR> d
C:\WINDOWS\system32\ActiveScan
2007-05-26 16:27 21,312 --a
C:\WINDOWS\choice.exe
2007-05-26 16:27 <DIR> d
C:\ie-spyad2
2007-05-26 16:26 <DIR> d
C:\ie-spyad_zo
2007-05-26 16:11 <DIR> d
C:\Program Files\SpywareBlaster
2007-05-26 15:09 <DIR> d
C:\Program Files\Lavasoft
2007-05-26 15:08 <DIR> d
C:\Program Files\Common Files\Wise Installation Wizard
2007-05-26 06:35 <DIR> d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trend Micro
2007-05-24 22:59 <DIR> d
C:\Program Files\Common Files\Motorola Shared
2007-05-24 10:01 53,248 --a
C:\Documents and Settings\PAMELL~1\IDFileViewer.dll
2007-05-24 10:01 53,248 --a
C:\DOCUME~1\PAMELL~1\IDFileViewer.dll
2007-05-24 10:01 16,384 --a
C:\Documents and Settings\PAMELL~1\WindowHook.dll
2007-05-24 10:01 16,384 --a
C:\DOCUME~1\PAMELL~1\WindowHook.dll
2007-05-23 04:13 <DIR> d
C:\Documents and Settings\PAMELL~1\WINDOWS
2007-05-23 04:13 <DIR> d
C:\DOCUME~1\PAMELL~1\WINDOWS
2007-05-22 23:33 25,600 --a
C:\WINDOWS\system32\drivers\usbser.sys
2007-05-22 23:30 25,600 --a
C:\Documents and Settings\PAMELL~1\usbsermptxp.sys
2007-05-22 23:30 25,600 --a
C:\DOCUME~1\PAMELL~1\usbsermptxp.sys
2007-05-22 23:30 22,768 --a
C:\Documents and Settings\PAMELL~1\usbsermpt.sys
2007-05-22 23:30 22,768 --a
C:\DOCUME~1\PAMELL~1\usbsermpt.sys
2007-05-21 08:03 <DIR> d
C:\Program Files\CONEXANT
2007-05-21 07:40 <DIR> d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\BeInSync Settings
2007-05-21 06:57 <DIR> d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-05-21 06:54 <DIR> d
C:\DOCUME~1\PAMELL~1\APPLIC~1\GoodSync
2007-05-21 05:23 <DIR> d
C:\WINDOWS\ASTULogTemp
2007-05-08 18:45 <DIR> d
C:\WINDOWS\PoolData
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-05-27 23:53:36 98 ----a-w C:\WINDOWS\system32\mhncache.dat
2007-05-27 23:33:05 6,214 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-05-27 23:33:05 56 --sh--r C:\WINDOWS\system32\20E6BFAE36.sys
2007-05-27 19:50:27
d
w C:\Program Files\Messenger
2007-05-27 14:21:41
d
w C:\Program Files\PokerStars
2007-05-27 05:26:34
d
w C:\Program Files\Microsoft Location Finder
2007-05-27 02:53:59
d
w C:\Program Files\Virtual Earth 3D
2007-05-27 02:51:46
d
w C:\Program Files\MSN Messenger
2007-05-26 22:11:10
d
w C:\DOCUME~1\PAMELL~1\APPLIC~1\Lavasoft
2007-05-26 20:55:41
d
w C:\Program Files\Trend Micro
2007-05-26 15:01:39
d
w C:\DOCUME~1\PAMELL~1\APPLIC~1\Jasc Software Inc
2007-05-26 12:12:49
d
w C:\DOCUME~1\PAMELL~1\APPLIC~1\LimeWire
2007-05-26 11:38:12
d--h--w C:\Program Files\InstallShield Installation Information
2007-05-26 11:34:08
d
w C:\Program Files\Jasc Software Inc
2007-04-18 21:02:40
d
w C:\Program Files\Microsoft ActiveSync
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-18 00:39:58
d
w C:\DOCUME~1\PAMELL~1\APPLIC~1\Syntrillium
2007-04-14 22:30:43
d
w C:\Program Files\Dell Photo AIO Printer 944
2007-04-14 03:59:05
d
w C:\DOCUME~1\PAMELL~1\APPLIC~1\Vso
2007-04-14 03:23:20
d
w C:\DOCUME~1\PAMELL~1\APPLIC~1\CyberLink
2007-04-13 22:25:35
d
w C:\Program Files\Bitcollider
2007-04-11 17:25:23
d
w C:\DOCUME~1\PAMELL~1\APPLIC~1\COREL
2007-04-05 21:36:56
d
w C:\DOCUME~1\PAMELL~1\APPLIC~1\AdobeUM
2007-04-05 08:31:06
d
w C:\Program Files\MSECache
2007-04-05 07:54:10
d
w C:\Program Files\MTV Networks
2007-04-03 23:01:54
d
w C:\Program Files\Windows Plus
2007-03-24 00:50:40 147,456 ----a-w C:\WINDOWS\system32\vbzip10.dll
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
2006-12-11 07:46:34 88 --sh--r C:\WINDOWS\system32\36AEBFE620.sys
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSnD"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" []
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 08:44]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 11:19]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 11:17]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 03:00]
"Microsoft Location Finder"="C:\Program Files\Microsoft Location Finder\LocationFinder.exe" [2006-11-14 13:22]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
C:\Program Files\Messenger\rtekefse.html
SafeBoot registry key needs to be repaired. This machine cannot enter Safe Mode.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=C:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DeLorme Serial Emulator.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DeLorme Serial Emulator.lnk
backup=C:\WINDOWS\pss\DeLorme Serial Emulator.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Virtual Serial Port for DeLorme.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Virtual Serial Port for DeLorme.lnk
backup=C:\WINDOWS\pss\Virtual Serial Port for DeLorme.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Pamella Burkhart^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Pamella Burkhart\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Pamella Burkhart^Start Menu^Programs^Startup^Morpheus.lnk]
path=C:\Documents and Settings\Pamella Burkhart\Start Menu\Programs\Startup\Morpheus.lnk
backup=C:\WINDOWS\pss\Morpheus.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Pamella Burkhart^Start Menu^Programs^Startup^Trend Micro Anti-Spyware.lnk]
path=C:\Documents and Settings\Pamella Burkhart\Start Menu\Programs\Startup\Trend Micro Anti-Spyware.lnk
backup=C:\WINDOWS\pss\Trend Micro Anti-Spyware.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ WinData]
C:\WINDOWS\PoolData\services.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a-squared]
"C:\Documents and Settings\Pamella Burkhart\Desktop\a-squared Anti-Malware\a2guard.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AFProg]
C:\Program Files\Hotspot Shield\AnchorFree\ctrl\AFController.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
"C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
C:\WINDOWS\system32\WLTRAY.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
C:\Program Files\Dell\QuickSet\quickset.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\Dell Support\DSAgnt.exe" /startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeluxeCommunications]
C:\Program Files\DeluxeCommunications\Dxc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlcdmon.exe]
"C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXDllRegExe]
dxdllreg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C80 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE /P23 "EPSON Stylus C80 Series" /O6 "USB001" /M "Stylus C80"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C80 Series (Copy 2)]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE /P32 "EPSON Stylus C80 Series (Copy 2)" /O6 "USB001" /M "Stylus C80"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FolderShare]
"C:\Documents and Settings\Pamella Burkhart\Desktop\foldershare\FolderShare.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
"C:\Documents and Settings\Pamella Burkhart\Desktop\activesync\wcescomm.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
"C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
"C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\McAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MemoryCardManager]
"C:\Program Files\Dell Photo AIO Printer 944\memcard.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Location Finder]
"C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
C:\Program Files\NetWaiting\netWaiting.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPSExe]
c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
C:\Program Files\Napster\napster.exe /systray
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
C:\Program Files\McAfee.com\VSO\oasclnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMX Daemon]
ICO.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
stsystra.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
%SystemRoot%\system32\mobsync.exe /logon
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
"C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebBuying]
C:\Program Files\Web Buying\v1.6.8\webbuying.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\_WinData]
C:\WINDOWS\PoolData\services.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"GEARSecurity"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"AVGEMS"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"AntiVirService"=2 (0x2)
"AntiVirScheduler"=2 (0x2)
"WMPNetworkSvc"=2 (0x2)
"ose"=2 (0x2)
"odserv"=2 (0x2)
"NICCONFIGSVC"=2 (0x2)
"iPod Service"=3 (0x3)
"gusvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"dlcd_device"=3 (0x3)
"Client IP-IPX"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe
Contents of the 'Scheduled Tasks' folder
2007-05-12 12:45:00 C:\WINDOWS\tasks\HP DArC Task #Hewlett-Packard#hp psc 2400 series#1155068554.job
2006-07-18 00:30:36 C:\WINDOWS\tasks\Low Battery Alarm Program.job
2007-05-27 20:05:02 C:\WINDOWS\tasks\MP Scheduled Scan.job
2007-05-27 16
49 C:\WINDOWS\tasks\{F897AA24-BDC3-11D1-B85B-00C04FB93981}_D7GT37B1_Pamella Burkhart.job
********************************************************************
catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-27 17:09:46
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
********************************************************************
Completion time: 2007-05-27 17:10:32
C:\ComboFix-quarantined-files.txt ... 2007-05-27 15:43
C:\ComboFix2.txt ... 2007-05-27 17:03
C:\ComboFix3.txt ... 2007-05-27 17:01
--- E O F ---
Going, Going... ...Almost gone!
Well, here it is and PLEASE help me fast! I have court in 2 days and I need this thing or Ima die!Yeah, Ima programmer and the first thing Im taught is BACK UP! ...Well, I DIDNT, and I gotta have this up and back fast. Almost everything on the desktop disappeared???!!!! What's up with that? Heart...
Dell Laptop almost dust!
Deckard's System Scanner v20070426.43
Run by Pamella Burkhart on 2007-05-27 at 06:52:42
Computer is in Normal Mode.
-- System Restore
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
51: 2007-05-27 13:52:49 UTC - RP451 - Deckard's System Scanner Restore Point
50: 2007-05-27 13:47:35 UTC - RP450 - Software Distribution Service 2.0
49: 2007-05-27 09:04:50 UTC - RP449 - Deckard's System Scanner Restore Point
48: 2007-05-27 05:59:51 UTC - RP448 - Software Distribution Service 2.0
47: 2007-05-27 05:52:49 UTC - RP447 - Installed Windows Defender
-- First Restore Point --
1: 2007-05-09 09:03:00 UTC - RP401 - System Checkpoint
Performed disk cleanup.
-- HijackThis (run as Pamella Burkhart.exe)
Logfile of HijackThis v1.99.1
Scan saved at 6:53:42 AM, on 5/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
c:\documents and settings\pamella burkhart\desktop\progrms\a-squared free\a2service.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\sessmgr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Skyhook Wireless\Wi-Fi Service\WPSScannerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Pamella Burkhart\Desktop\dss.exe
C:\WINDOWS\system32\cidaemon.exe
C:\DOCUME~1\PAMELL~1\Desktop\Pamella Burkhart.exe
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [DLCDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\DOCUME~1\PAMELL~1\Desktop\ACTIVE~1\INetRepl.dll (file missing)
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\DOCUME~1\PAMELL~1\Desktop\ACTIVE~1\INetRepl.dll (file missing)
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\DOCUME~1\PAMELL~1\Desktop\ACTIVE~1\INetRepl.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/service_c...ex/TmHcmsX.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase8300.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1176931590843
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\documents and settings\pamella burkhart\desktop\progrms\a-squared free\a2service.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: WPS Scanner Service (WPSScannerSvc) - Skyhook Wireless - C:\Program Files\Skyhook Wireless\Wi-Fi Service\WPSScannerSvc.exe
-- File Associations
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled
R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Inc; OMCI Driver>
R1 Tosrfcom (Bluetooth RFCOMM from TOSHIBA) - c:\windows\system32\drivers\tosrfcom.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFCOMM Driver>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.6.0.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.6.0.0>
R2 procguard - c:\windows\system32\drivers\procguard.sys <Not Verified; DiamondCS; DiamondCS ProcessGuard>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R2 VirtualSerial - c:\windows\system32\drivers\virtualserial.sys
R3 tosporte (Bluetooth Port Driver from Toshiba) - c:\windows\system32\drivers\tosporte.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Bluetooth Port Emulation Driver>
R3 Tosrfbd (Bluetooth RFBUS from TOSHIBA) - c:\windows\system32\drivers\tosrfbd.sys <Not Verified; TOSHIBA CORPORATION; Bluetooth BUS Driver(WindowsXP,Windows2000)>
R3 Tosrfbnp (Bluetooth RFBNEP from TOSHIBA) - c:\windows\system32\drivers\tosrfbnp.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFBNEP Driver from TOSHIBA>
R3 Tosrfhid (Bluetooth RFHID from TOSHIBA) - c:\windows\system32\drivers\tosrfhid.sys <Not Verified; TOSHIBA Corporation.; Bluetooth HID Driver from TOSHIBA>
R3 tosrfnds (Bluetooth Personal Area Network from TOSHIBA) - c:\windows\system32\drivers\tosrfnds.sys <Not Verified; TOSHIBA Corporation.; Bluetooth BNEP Driver from TOSHIBA>
R3 Tosrfusb (Bluetooth USB Controller) - c:\windows\system32\drivers\tosrfusb.sys <Not Verified; TOSHIBA CORPORATION; Microsoft(R) Windows NT(R) Operating System>
R3 Wpsnuio (WPS NDIS Usermode I/O Protocol) - c:\windows\system32\drivers\wpsnuio.sys <Not Verified; Skyhook Wireless; WPS NDIS User Mode I/O Driver>
S2 tmcomm - c:\windows\system32\drivers\tmcomm.sys (file missing)
S3 NETw3x32 (Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows XP 32 Bit) - c:\windows\system32\drivers\netw3x32.sys <Not Verified; Intel® Corporation; Intel® Wireless LAN Adapter>
S3 Pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
S3 tapvpn (TAP VPN Adapter) - c:\windows\system32\drivers\tapvpn.sys <Not Verified; The OpenVPN Project; TAP-Win32 Virtual Network Driver>
S3 toshidpt (TOSHIBA Bluetooth HID port driver) - c:\windows\system32\drivers\toshidpt.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Bluetooth HID Mini Port Driver>
S3 TosRfSnd (Bluetooth Audio Device (WDM) from TOSHIBA) - c:\windows\system32\drivers\tosrfsnd.sys <Not Verified; TOSHIBA Corporation; Bluetooth Audio Driver>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled
R2 RegSrvc (Intel(R) PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel(R) PROSet/Wireless Registry Service>
R2 WPSScannerSvc (WPS Scanner Service) - c:\program files\skyhook wireless\wi-fi service\wpsscannersvc.exe <Not Verified; Skyhook Wireless; Wi-Fi Scanner Service>
S2 WLANKEEPER (Intel(R) PROSet/Wireless SSO Service) - c:\program files\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel(R) Corporation; SSO Service>
S4 Bluetooth Hid Switch Service - "c:\program files\bluetooth\hidswitchservice\hidsw.exe" <Not Verified; Cambridge Silicon Radio; HID Switch Service>
S4 NICCONFIGSVC - c:\program files\dell\quickset\nicconfigsvc.exe <Not Verified; Dell Inc.; NicConfigSvc>
S4 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>
-- Scheduled Tasks
2007-05-27 06:48:09 330 --ah
C:\WINDOWS\Tasks\MP Scheduled Scan.job
2007-05-27 01:33:13 416 --ah
C:\WINDOWS\Tasks\{F897AA24-BDC3-11D1-B85B-00C04FB93981}_D7GT37B1_Pamella Burkhart.job
2007-05-12 05:45:00 366 --a
C:\WINDOWS\Tasks\HP DArC Task #Hewlett-Packard#hp psc 2400 series#1155068554.job
2006-07-17 17:30:36 128 --a
C:\WINDOWS\Tasks\Low Battery Alarm Program.job
-- Files created between 2007-04-27 and 2007-05-27
2007-05-26 23:29:38 0 d
C:\{00002394-0000-0000-5CF6-A18143E8BCE9}
2007-05-26 23:07:24 0 d
C:\Documents and Settings\DelSTemp\Application Data
2007-05-26 23:07:24 0 d
C:\Documents and Settings\DelSTemp\Application Data\Intel
2007-05-26 2333 21425 --a
C:\WINDOWS\system32\drivers\AegisP.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.6.0.0>
2007-05-26 23:00:27 0 d
C:\Documents and Settings\Default User\Application Data\Intel
2007-05-26 23:00:27 0 d
C:\Documents and Settings\Administrator\Application Data\Intel
2007-05-26 23:00:26 0 d
C:\Documents and Settings\NetworkService\Application Data\Intel
2007-05-26 23:00:26 0 d
C:\Documents and Settings\LocalService\Application Data\Intel
2007-05-26 22:57:00 0 d
C:\Documents and Settings\All Users\Application Data\Intel
2007-05-26 22:56:32 0 d
C:\Documents and Settings\Pamella Burkhart\Application Data\Intel
2007-05-26 22:52:52 0 d
C:\Program Files\Windows Defender
2007-05-26 20:50:44 0 d
C:\Program Files\Windows Live Safety Center
2007-05-26 16:33:36 0 d
C:\WINDOWS\system32\ActiveScan
2007-05-26 16:27:58 21312 --a
C:\WINDOWS\choice.exe
2007-05-26 16:27:12 0 d
C:\ie-spyad2
2007-05-26 16:26:16 0 d
C:\ie-spyad_zo
2007-05-26 16:11:09 0 d
C:\Program Files\SpywareBlaster
2007-05-26 15:09:07 0 d
C:\Program Files\Lavasoft
2007-05-26 15:08:30 0 d
C:\Program Files\Common Files\Wise Installation Wizard
2007-05-26 06:35:37 0 d
C:\Documents and Settings\All Users\Application Data\Trend Micro
2007-05-24 22:59:38 0 d
C:\Program Files\Common Files\Motorola Shared
2007-05-24 22:58:25 5936 --a
C:\Documents and Settings\Pamella Burkhart\mqdmwhnt.sys <Not Verified; MCCI; Motorola DM Composite Driver>
2007-05-24 22:58:25 79328 --a
C:\Documents and Settings\Pamella Burkhart\mqdmserd.sys <Not Verified; MCCI; Motorola USB Diag>
2007-05-24 22:58:25 92064 --a
C:\Documents and Settings\Pamella Burkhart\mqdmmdm.sys <Not Verified; MCCI; Motorola USB Modem>
2007-05-24 22:58:25 9232 --a
C:\Documents and Settings\Pamella Burkhart\mqdmmdfl.sys <Not Verified; MCCI; Motorola USB Modem Filter>
2007-05-24 22:58:25 4048 --a
C:\Documents and Settings\Pamella Burkhart\mqdmcr.sys <Not Verified; MCCI; Motorola USB DIAG>
2007-05-24 22:58:25 6208 --a
C:\Documents and Settings\Pamella Burkhart\mqdmcmnt.sys <Not Verified; MCCI; Motorola USB DIAG>
2007-05-24 22:58:25 66656 --a
C:\Documents and Settings\Pamella Burkhart\mqdmbus.sys <Not Verified; MCCI; Motorola DM Composite Driver>
2007-05-24 22:58:24 6947 --a
C:\Documents and Settings\Pamella Burkhart\1180072704-(null)
2007-05-24 10:01:24 0 d
C:\Documents and Settings\Pamella Burkhart\.java
2007-05-24 10:01:22 16384 --a
C:\Documents and Settings\Pamella Burkhart\WindowHook.dll
2007-05-24 10:01:22 53248 --a
C:\Documents and Settings\Pamella Burkhart\IDFileViewer.dll
2007-05-23 04:13:52 0 d
C:\Documents and Settings\Pamella Burkhart\WINDOWS
2007-05-22 23:30:33 22768 --a
C:\Documents and Settings\Pamella Burkhart\usbsermpt.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2007-05-21 08:03:30 0 d
C:\Program Files\CONEXANT
2007-05-21 07:40:49 0 d
C:\Documents and Settings\All Users\Application Data\BeInSync Settings
2007-05-21 06:57:11 0 d
C:\Documents and Settings\All Users\Application Data\TEMP
2007-05-21 06:54:12 0 d
C:\Documents and Settings\Pamella Burkhart\Application Data\GoodSync
2007-05-21 05:23:18 0 d
C:\WINDOWS\ASTULogTemp
2007-05-08 18:45:24 0 d
C:\WINDOWS\PoolData
-- Find3M Report
2007-05-27 01:16:00 98 --a
C:\WINDOWS\system32\mhncache.dat
2007-05-26 22:26:34 0 d
C:\Program Files\Microsoft Location Finder
2007-05-26 19:53:59 0 d
C:\Program Files\Virtual Earth 3D
2007-05-26 19:51:46 0 d
C:\Program Files\MSN Messenger
2007-05-26 15:11:10 0 d
C:\Documents and Settings\Pamella Burkhart\Application Data\Lavasoft
2007-05-26 13:55:41 0 d
C:\Program Files\Trend Micro
2007-05-26 08:01:39 0 d
C:\Documents and Settings\Pamella Burkhart\Application Data\Jasc Software Inc
2007-05-26 05:12:49 0 d
C:\Documents and Settings\Pamella Burkhart\Application Data\LimeWire
2007-05-26 04:38:12 0 d--h
C:\Program Files\InstallShield Installation Information
2007-05-26 04:34:08 0 d
C:\Program Files\Jasc Software Inc
2007-05-24 22:50:08 0 d
C:\Program Files\PokerStars
2007-05-21 04:49:15 2528 --a
C:\Documents and Settings\Pamella Burkhart\Application Data\$_hpcst$.hpc
2007-04-18 14:02:40 0 d
C:\Program Files\Microsoft ActiveSync
2007-04-17 17:39:58 0 d
C:\Documents and Settings\Pamella Burkhart\Application Data\Syntrillium
2007-04-16 13:37:27 6214 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-04-16 13:37:27 56 -r-hs---- C:\WINDOWS\system32\20E6BFAE36.sys
2007-04-14 15:30:43 0 d
C:\Program Files\Dell Photo AIO Printer 944
2007-04-13 20:59:05 0 d
C:\Documents and Settings\Pamella Burkhart\Application Data\Vso
2007-04-13 20:23:20 0 d
C:\Documents and Settings\Pamella Burkhart\Application Data\CyberLink
2007-04-13 15:25:35 0 d
C:\Program Files\Bitcollider
2007-04-11 10:25:23 0 d
C:\Documents and Settings\Pamella Burkhart\Application Data\COREL
2007-04-05 14:36:56 0 d
C:\Documents and Settings\Pamella Burkhart\Application Data\AdobeUM
2007-04-05 01:31:06 0 d
C:\Program Files\MSECache
2007-04-05 00:54:10 0 d
C:\Program Files\MTV Networks
2007-04-03 16:01:54 0 d
C:\Program Files\Windows Plus
2007-03-24 02:52:06 40183 ---hs---- C:\Program Files\Common Files\Yazzle1670OinUninstaller.exe
2007-03-23 17:50:40 147456 --a
C:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>
2007-03-19 17:16:29 2 --a
C:\WINDOWS\system32\wnscpicomsv32.exe
-- Registry Dump
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"DLCDCATS"="rundll32 C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\DLCDtime.dll,_RunDLLEntry@16"
"SpybotSnD"="\"C:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe\""
"ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\ISUSPM.exe\" -startup"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"IntelZeroConfig"="\"C:\\Program Files\\Intel\\Wireless\\bin\\ZCfgSvc.exe\""
"IntelWireless"="\"C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" /tf Intel PROSet/Wireless"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Microsoft Location Finder"="\"C:\\Program Files\\Microsoft Location Finder\\LocationFinder.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source REG_SZ C:\Program Files\Messenger\rtekefse.html
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0
SafeBoot registry key needs to be repaired. This machine cannot enter Safe Mode.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
Shell\AutoRun\command E:\setup.exe
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_AEGISP
-- End of Deckard's System Scanner: finished at 2007-05-27 at 06:55:21
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
NEW SCANS!!!
"Pamella Burkhart" - 2007-05-27 17:08:33 Service Pack 2
ComboFix 07-05.27.V - Running from: "C:\Documents and Settings\Pamella Burkhart\Desktop\"
((((((((((((((((((((((((((((((( Files Created from 2007-04-27 to 2007-05-27 ))))))))))))))))))))))))))))))))))
2007-05-27 15:27 <DIR> d
C:\WINDOWS\system32\Kaspersky Lab
2007-05-27 15:27 <DIR> d
C:\WINDOWS\LastGood
2007-05-27 12:56 49,152 --a
C:\WINDOWS\nircmd.exe
2007-05-27 00:12 679,936 --a
C:\WINDOWS\system32\NETw4c32.dll
2007-05-27 00:12 2,756,608 --a
C:\WINDOWS\system32\NETw4r32.dll
2007-05-27 00:12 2,203,520 --a
C:\WINDOWS\system32\drivers\NETw4x32.sys
2007-05-26 23:29 <DIR> d
C:\{00002394-0000-0000-5CF6-A18143E8BCE9}
2007-05-26 23:07 <DIR> d
C:\DOCUME~1\DelSTemp\APPLIC~1\Intel
2007-05-26 23:06 21,425 --a
C:\WINDOWS\system32\drivers\AegisP.sys
2007-05-26 23:00 <DIR> d
C:\DOCUME~1\NETWOR~1\APPLIC~1\Intel
2007-05-26 23:00 <DIR> d
C:\DOCUME~1\LOCALS~1\APPLIC~1\Intel
2007-05-26 23:00 <DIR> d
C:\DOCUME~1\DEFAUL~1\APPLIC~1\Intel
2007-05-26 23:00 <DIR> d
C:\DOCUME~1\ADMINI~1\APPLIC~1\Intel
2007-05-26 22:57 <DIR> d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Intel
2007-05-26 22:56 <DIR> d
C:\DOCUME~1\PAMELL~1\APPLIC~1\Intel
2007-05-26 22:52 <DIR> d
C:\Program Files\Windows Defender
2007-05-26 20:50 <DIR> d
C:\Program Files\Windows Live Safety Center
2007-05-26 19:27 <DIR> d
C:\Deckard
2007-05-26 16:33 <DIR> d
C:\WINDOWS\system32\ActiveScan
2007-05-26 16:27 21,312 --a
C:\WINDOWS\choice.exe
2007-05-26 16:27 <DIR> d
C:\ie-spyad2
2007-05-26 16:26 <DIR> d
C:\ie-spyad_zo
2007-05-26 16:11 <DIR> d
C:\Program Files\SpywareBlaster
2007-05-26 15:09 <DIR> d
C:\Program Files\Lavasoft
2007-05-26 15:08 <DIR> d
C:\Program Files\Common Files\Wise Installation Wizard
2007-05-26 06:35 <DIR> d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trend Micro
2007-05-24 22:59 <DIR> d
C:\Program Files\Common Files\Motorola Shared
2007-05-24 10:01 53,248 --a
C:\Documents and Settings\PAMELL~1\IDFileViewer.dll
2007-05-24 10:01 53,248 --a
C:\DOCUME~1\PAMELL~1\IDFileViewer.dll
2007-05-24 10:01 16,384 --a
C:\Documents and Settings\PAMELL~1\WindowHook.dll
2007-05-24 10:01 16,384 --a
C:\DOCUME~1\PAMELL~1\WindowHook.dll
2007-05-23 04:13 <DIR> d
C:\Documents and Settings\PAMELL~1\WINDOWS
2007-05-23 04:13 <DIR> d
C:\DOCUME~1\PAMELL~1\WINDOWS
2007-05-22 23:33 25,600 --a
C:\WINDOWS\system32\drivers\usbser.sys
2007-05-22 23:30 25,600 --a
C:\Documents and Settings\PAMELL~1\usbsermptxp.sys
2007-05-22 23:30 25,600 --a
C:\DOCUME~1\PAMELL~1\usbsermptxp.sys
2007-05-22 23:30 22,768 --a
C:\Documents and Settings\PAMELL~1\usbsermpt.sys
2007-05-22 23:30 22,768 --a
C:\DOCUME~1\PAMELL~1\usbsermpt.sys
2007-05-21 08:03 <DIR> d
C:\Program Files\CONEXANT
2007-05-21 07:40 <DIR> d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\BeInSync Settings
2007-05-21 06:57 <DIR> d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-05-21 06:54 <DIR> d
C:\DOCUME~1\PAMELL~1\APPLIC~1\GoodSync
2007-05-21 05:23 <DIR> d
C:\WINDOWS\ASTULogTemp
2007-05-08 18:45 <DIR> d
C:\WINDOWS\PoolData
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-05-27 23:53:36 98 ----a-w C:\WINDOWS\system32\mhncache.dat
2007-05-27 23:33:05 6,214 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-05-27 23:33:05 56 --sh--r C:\WINDOWS\system32\20E6BFAE36.sys
2007-05-27 19:50:27
d
w C:\Program Files\Messenger
2007-05-27 14:21:41
d
w C:\Program Files\PokerStars
2007-05-27 05:26:34
d
w C:\Program Files\Microsoft Location Finder
2007-05-27 02:53:59
d
w C:\Program Files\Virtual Earth 3D
2007-05-27 02:51:46
d
w C:\Program Files\MSN Messenger
2007-05-26 22:11:10
d
w C:\DOCUME~1\PAMELL~1\APPLIC~1\Lavasoft
2007-05-26 20:55:41
d
w C:\Program Files\Trend Micro
2007-05-26 15:01:39
d
w C:\DOCUME~1\PAMELL~1\APPLIC~1\Jasc Software Inc
2007-05-26 12:12:49
d
w C:\DOCUME~1\PAMELL~1\APPLIC~1\LimeWire
2007-05-26 11:38:12
d--h--w C:\Program Files\InstallShield Installation Information
2007-05-26 11:34:08
d
w C:\Program Files\Jasc Software Inc
2007-04-18 21:02:40
d
w C:\Program Files\Microsoft ActiveSync
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-18 00:39:58
d
w C:\DOCUME~1\PAMELL~1\APPLIC~1\Syntrillium
2007-04-14 22:30:43
d
w C:\Program Files\Dell Photo AIO Printer 944
2007-04-14 03:59:05
d
w C:\DOCUME~1\PAMELL~1\APPLIC~1\Vso
2007-04-14 03:23:20
d
w C:\DOCUME~1\PAMELL~1\APPLIC~1\CyberLink
2007-04-13 22:25:35
d
w C:\Program Files\Bitcollider
2007-04-11 17:25:23
d
w C:\DOCUME~1\PAMELL~1\APPLIC~1\COREL
2007-04-05 21:36:56
d
w C:\DOCUME~1\PAMELL~1\APPLIC~1\AdobeUM
2007-04-05 08:31:06
d
w C:\Program Files\MSECache
2007-04-05 07:54:10
d
w C:\Program Files\MTV Networks
2007-04-03 23:01:54
d
w C:\Program Files\Windows Plus
2007-03-24 00:50:40 147,456 ----a-w C:\WINDOWS\system32\vbzip10.dll
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
2006-12-11 07:46:34 88 --sh--r C:\WINDOWS\system32\36AEBFE620.sys
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSnD"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" []
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 08:44]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 11:19]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 11:17]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 03:00]
"Microsoft Location Finder"="C:\Program Files\Microsoft Location Finder\LocationFinder.exe" [2006-11-14 13:22]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
C:\Program Files\Messenger\rtekefse.html
SafeBoot registry key needs to be repaired. This machine cannot enter Safe Mode.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=C:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DeLorme Serial Emulator.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DeLorme Serial Emulator.lnk
backup=C:\WINDOWS\pss\DeLorme Serial Emulator.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Virtual Serial Port for DeLorme.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Virtual Serial Port for DeLorme.lnk
backup=C:\WINDOWS\pss\Virtual Serial Port for DeLorme.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Pamella Burkhart^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Pamella Burkhart\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Pamella Burkhart^Start Menu^Programs^Startup^Morpheus.lnk]
path=C:\Documents and Settings\Pamella Burkhart\Start Menu\Programs\Startup\Morpheus.lnk
backup=C:\WINDOWS\pss\Morpheus.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Pamella Burkhart^Start Menu^Programs^Startup^Trend Micro Anti-Spyware.lnk]
path=C:\Documents and Settings\Pamella Burkhart\Start Menu\Programs\Startup\Trend Micro Anti-Spyware.lnk
backup=C:\WINDOWS\pss\Trend Micro Anti-Spyware.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ WinData]
C:\WINDOWS\PoolData\services.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a-squared]
"C:\Documents and Settings\Pamella Burkhart\Desktop\a-squared Anti-Malware\a2guard.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AFProg]
C:\Program Files\Hotspot Shield\AnchorFree\ctrl\AFController.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
"C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
C:\WINDOWS\system32\WLTRAY.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
C:\Program Files\Dell\QuickSet\quickset.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\Dell Support\DSAgnt.exe" /startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeluxeCommunications]
C:\Program Files\DeluxeCommunications\Dxc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlcdmon.exe]
"C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXDllRegExe]
dxdllreg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C80 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE /P23 "EPSON Stylus C80 Series" /O6 "USB001" /M "Stylus C80"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C80 Series (Copy 2)]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE /P32 "EPSON Stylus C80 Series (Copy 2)" /O6 "USB001" /M "Stylus C80"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FolderShare]
"C:\Documents and Settings\Pamella Burkhart\Desktop\foldershare\FolderShare.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
"C:\Documents and Settings\Pamella Burkhart\Desktop\activesync\wcescomm.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
"C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
"C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\McAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MemoryCardManager]
"C:\Program Files\Dell Photo AIO Printer 944\memcard.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Location Finder]
"C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
C:\Program Files\NetWaiting\netWaiting.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPSExe]
c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
C:\Program Files\Napster\napster.exe /systray
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
C:\Program Files\McAfee.com\VSO\oasclnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMX Daemon]
ICO.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
stsystra.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
%SystemRoot%\system32\mobsync.exe /logon
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
"C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebBuying]
C:\Program Files\Web Buying\v1.6.8\webbuying.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\_WinData]
C:\WINDOWS\PoolData\services.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"GEARSecurity"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"AVGEMS"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"AntiVirService"=2 (0x2)
"AntiVirScheduler"=2 (0x2)
"WMPNetworkSvc"=2 (0x2)
"ose"=2 (0x2)
"odserv"=2 (0x2)
"NICCONFIGSVC"=2 (0x2)
"iPod Service"=3 (0x3)
"gusvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"dlcd_device"=3 (0x3)
"Client IP-IPX"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe
Contents of the 'Scheduled Tasks' folder
2007-05-12 12:45:00 C:\WINDOWS\tasks\HP DArC Task #Hewlett-Packard#hp psc 2400 series#1155068554.job
2006-07-18 00:30:36 C:\WINDOWS\tasks\Low Battery Alarm Program.job
2007-05-27 20:05:02 C:\WINDOWS\tasks\MP Scheduled Scan.job
2007-05-27 16
49 C:\WINDOWS\tasks\{F897AA24-BDC3-11D1-B85B-00C04FB93981}_D7GT37B1_Pamella Burkhart.job********************************************************************
catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-27 17:09:46
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
********************************************************************
Completion time: 2007-05-27 17:10:32
C:\ComboFix-quarantined-files.txt ... 2007-05-27 15:43
C:\ComboFix2.txt ... 2007-05-27 17:03
C:\ComboFix3.txt ... 2007-05-27 17:01
--- E O F ---
0
Comments
Sorry we haven't been able to help you before your deadline. This is a busy forum and it becomes overloaded from time to time.
All we can hope is that your worst fears weren't realised.
Did you manage to solve your problem?
I ask as the logs look good. Nothing obviously bad.
Just a thought ... maybe you inadvertently tuned off the "show desktop icons" option. That would make it appear as if you have lost everything from the desktop.
To check this ...
Right click on the desktop ...
Select "Arrange icons by..."
Check/click on "Show Desktop Icons".
Please let us know the current position.
MM