Hello,
I have two accounts on my laptop - one Administrator and one Ginga - both have administrative authority.
SDFix: Version 1.165 Run by Ginga on Tue 04/01/2008 at 07:04 AM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\WINDOWS\dsaip32b.dll - Deleted
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-04-01 07:21:17
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwClose
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:000000c5
"TracesSuccessful"=dword:0000000d
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"="C:\\WINDOWS\\system32\\usmt\\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Thu 23 Dec 2004 74,240 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\~WRL0748.tmp"
Thu 23 Dec 2004 72,192 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\~WRL0765.tmp"
Thu 18 Oct 2007 136,704 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\~WRL0789.tmp"
Thu 23 Dec 2004 74,240 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\~WRL1122.tmp"
Thu 23 Dec 2004 73,728 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\~WRL2707.tmp"
Thu 18 Oct 2007 136,192 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\~WRL2816.tmp"
Thu 23 Dec 2004 71,168 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\~WRL2847.tmp"
Wed 8 Aug 2007 400 A..H. --- "C:\Program Files\Common Files\Symantec Shared\COH\COH32LU.reg"
Wed 8 Aug 2007 403 A..H. --- "C:\Program Files\Common Files\Symantec Shared\COH\COHDLU.reg"
Thu 27 Dec 2007 6,934,488 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b6b8211a5dc0636ae3d15bf626ce10d3\BIT2.tmp"
Thu 14 Feb 2008 154,112 ...H. --- "C:\Documents and Settings\Ginga\Application Data\Microsoft\Word\~WRL2719.tmp"
Mon 17 Apr 2006 28,672 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\Financial\~WRL0134.tmp"
Tue 18 Dec 2007 29,696 A..H. --- "C:\Documents and Settings\Ginga\My Documents\Files\Financial\~WRL2332.tmp"
Sat 14 Oct 2006 43,008 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\Journey\~WRL0088.tmp"
Wed 25 Apr 2007 24,576 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\Red Horse Mountain\~WRL2437.tmp"
Wed 29 Jun 2005 33,280 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\Travel\~WRL3733.tmp"
Thu 26 May 2005 32,768 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files - Mom & Dad\Insurance\~WRL1692.tmp"
Thu 26 May 2005 32,768 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files - Mom & Dad\Insurance\~WRL2134.tmp"
Tue 11 Mar 2003 30,208 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\-\Career Discovery\~WRL0082.tmp"
Sun 31 Aug 2003 745,984 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\Lagniappe Consulting LLC\GSK GLMS\~WRL0046.tmp"
Sun 31 Aug 2003 755,712 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\Lagniappe Consulting LLC\GSK GLMS\~WRL0330.tmp"
Sun 31 Aug 2003 761,344 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\Lagniappe Consulting LLC\GSK GLMS\~WRL0447.tmp"
Wed 30 Jul 2003 303,616 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\Lagniappe Consulting LLC\GSK GLMS\~WRL0496.tmp"
Sun 31 Aug 2003 781,312 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\Lagniappe Consulting LLC\GSK GLMS\~WRL0534.tmp"
Sun 31 Aug 2003 728,576 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\Lagniappe Consulting LLC\GSK GLMS\~WRL0716.tmp"
Sun 31 Aug 2003 746,496 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\Lagniappe Consulting LLC\GSK GLMS\~WRL0818.tmp"
Sun 31 Aug 2003 791,552 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\Lagniappe Consulting LLC\GSK GLMS\~WRL0895.tmp"
Sun 31 Aug 2003 776,704 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\Lagniappe Consulting LLC\GSK GLMS\~WRL0901.tmp"
Wed 3 Sep 2003 745,984 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\Lagniappe Consulting LLC\GSK GLMS\~WRL0932.tmp"
Sun 31 Aug 2003 772,096 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\Lagniappe Consulting LLC\GSK GLMS\~WRL1161.tmp"
Fri 1 Aug 2003 334,848 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\Lagniappe Consulting LLC\GSK GLMS\~WRL1340.tmp"
Wed 3 Sep 2003 745,472 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\Lagniappe Consulting LLC\GSK GLMS\~WRL1504.tmp"
Sun 31 Aug 2003 762,368 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\Lagniappe Consulting LLC\GSK GLMS\~WRL1883.tmp"
Wed 10 Sep 2003 1,208,320 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\Lagniappe Consulting LLC\GSK GLMS\~WRL2072.tmp"
Wed 17 Sep 2003 1,217,024 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\Lagniappe Consulting LLC\GSK GLMS\~WRL2203.tmp"
Wed 3 Sep 2003 745,472 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\Lagniappe Consulting LLC\GSK GLMS\~WRL2472.tmp"
Sun 31 Aug 2003 770,560 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\Lagniappe Consulting LLC\GSK GLMS\~WRL2539.tmp"
Sun 31 Aug 2003 745,984 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\Lagniappe Consulting LLC\GSK GLMS\~WRL2568.tmp"
Sun 31 Aug 2003 753,152 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\Lagniappe Consulting LLC\GSK GLMS\~WRL2775.tmp"
Wed 3 Sep 2003 742,400 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\Lagniappe Consulting LLC\GSK GLMS\~WRL2777.tmp"
Sun 31 Aug 2003 762,368 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\Lagniappe Consulting LLC\GSK GLMS\~WRL3000.tmp"
Sun 31 Aug 2003 776,704 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\Lagniappe Consulting LLC\GSK GLMS\~WRL3046.tmp"
Sun 31 Aug 2003 779,264 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\Lagniappe Consulting LLC\GSK GLMS\~WRL3475.tmp"
Fri 15 Aug 2003 808,960 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\Lagniappe Consulting LLC\Lloyd's Register Serentec\~WRL0411.tmp"
Wed 30 Mar 2005 43,008 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\Massage Therapy\BTI\~WRL0003.tmp"
Sun 13 Mar 2005 35,328 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\Massage Therapy\BTI\~WRL0086.tmp"
Sun 13 Mar 2005 30,720 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\Massage Therapy\BTI\~WRL1263.tmp"
Thu 5 May 2005 37,888 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\Massage Therapy\BTI\~WRL1737.tmp"
Mon 18 Jul 2005 80,384 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\Massage Therapy\BTI\~WRL2201.tmp"
Wed 30 Mar 2005 44,032 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\Massage Therapy\BTI\~WRL2277.tmp"
Thu 31 Mar 2005 34,816 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\Massage Therapy\BTI\~WRL2410.tmp"
Tue 14 Dec 2004 33,280 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\Massage Therapy\BTI\~WRL2778.tmp"
Mon 21 Mar 2005 33,792 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\Massage Therapy\BTI\~WRL3011.tmp"
Thu 31 Mar 2005 30,720 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\Massage Therapy\BTI\~WRL3271.tmp"
Thu 5 May 2005 29,184 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\Massage Therapy\BTI\~WRL3636.tmp"
Thu 29 Sep 2005 50,688 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\Massage Therapy\Career Search\~WRL0727.tmp"
Wed 17 Aug 2005 26,112 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\My Health\Solution\~WRL0452.tmp"
Wed 26 Oct 2005 24,576 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\My Health\Solution\~WRL1507.tmp"
Wed 26 Oct 2005 34,816 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\My Health\Solution\~WRL2569.tmp"
Wed 26 Oct 2005 33,792 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\My Health\Solution\~WRL3078.tmp"
Sun 6 Aug 2006 27,136 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\My Health\Solution\~WRL3153.tmp"
Wed 10 Aug 2005 37,888 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\My Health\Solution\~WRL3154.tmp"
Wed 26 Oct 2005 39,936 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\My Health\Solution\~WRL3800.tmp"
Fri 2 Nov 2007 84,480 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\Resumes\FAC\~WRL0667.tmp"
Sat 9 Apr 2005 26,112 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\Resumes\Jeffrey M Walker\~WRL0590.tmp"
Sat 9 Apr 2005 27,136 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\Resumes\Jeffrey M Walker\~WRL0979.tmp"
Sat 9 Apr 2005 31,232 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\Resumes\Jeffrey M Walker\~WRL1359.tmp"
Sat 9 Apr 2005 25,088 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\Resumes\Jeffrey M Walker\~WRL1954.tmp"
Sat 9 Apr 2005 25,088 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\Resumes\Jeffrey M Walker\~WRL2104.tmp"
Sat 9 Apr 2005 31,232 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\Resumes\Jeffrey M Walker\~WRL2909.tmp"
Sat 9 Apr 2005 24,064 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\Resumes\Jeffrey M Walker\~WRL3337.tmp"
Thu 6 Mar 2003 27,648 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\-\Career Discovery\Consulting Porfolio\~WRL3174.tmp"
Tue 25 Feb 2003 29,696 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\-\Career Discovery\Cruise Mailing\~WRL0936.tmp"
Thu 14 Jul 2005 69,632 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\Massage Therapy\BTI\Externship\~WRL1185.tmp"
Thu 14 Apr 2005 46,592 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\Massage Therapy\BTI\Externship\~WRL3113.tmp"
Sat 18 Jun 2005 34,304 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\Massage Therapy\BTI\Practice Logs\~WRL0301.tmp"
Sat 18 Jun 2005 34,816 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\Massage Therapy\BTI\Practice Logs\~WRL1195.tmp"
Sat 18 Jun 2005 34,816 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\Massage Therapy\BTI\Practice Logs\~WRL2046.tmp"
Sat 18 Jun 2005 34,816 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\Massage Therapy\BTI\Practice Logs\~WRL2349.tmp"
Sat 6 Aug 2005 34,816 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\Massage Therapy\BTI\Practice Logs\~WRL2726.tmp"
Sat 18 Jun 2005 35,840 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\Massage Therapy\BTI\Practice Logs\~WRL2886.tmp"
Sat 18 Jun 2005 35,328 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\Massage Therapy\BTI\Practice Logs\~WRL3736.tmp"
Wed 8 Mar 2006 25,600 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\Massage Therapy\Career Search\Business Documents\~WRL0103.tmp"
Thu 2 Feb 2006 55,808 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\Massage Therapy\Career Search\Business Documents\~WRL0490.tmp"
Wed 8 Mar 2006 24,576 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\Massage Therapy\Career Search\Business Documents\~WRL2055.tmp"
Wed 8 Mar 2006 26,624 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\Massage Therapy\Career Search\Business Documents\~WRL3978.tmp"
Thu 10 Nov 2005 27,136 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\Massage Therapy\Career Search\Emails\~WRL2207.tmp"
Tue 23 May 2006 37,376 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\Red Horse Mountain\2006 Archive\Meeting Notes\~WRL1998.tmp"
Tue 23 May 2006 36,352 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\Red Horse Mountain\2006 Archive\Meeting Notes\~WRL2516.tmp"
Tue 23 May 2006 36,352 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\Red Horse Mountain\2006 Archive\Meeting Notes\~WRL2930.tmp"
Tue 23 May 2006 38,400 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\Red Horse Mountain\2006 Archive\Meeting Notes\~WRL3485.tmp"
Tue 23 May 2006 36,352 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\Red Horse Mountain\2006 Archive\Meeting Notes\~WRL4054.tmp"
Wed 17 May 2006 60,928 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\Red Horse Mountain\2006 Archive\Web Site and Publications\~WRL0448.tmp"
Sat 9 Feb 2008 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp"
Sat 9 Feb 2008 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\lock.tmp"
Sat 9 Feb 2008 8 A..H. --- "C:\Documents and Settings\Ginga\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
Sat 9 Feb 2008 8 A..H. --- "C:\Documents and Settings\Ginga\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
Sat 10 Jun 2006 0 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\Red Horse Mountain\2006 Archive\DEPARTMENT HEADS CONFIDENTIAL\Meeting Notes\~WRL1816.tmp"
Sat 10 Jun 2006 53,248 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\Red Horse Mountain\2006 Archive\DEPARTMENT HEADS CONFIDENTIAL\Meeting Notes\~WRL2674.tmp"
Sat 10 Jun 2006 53,248 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\Red Horse Mountain\2006 Archive\DEPARTMENT HEADS CONFIDENTIAL\Meeting Notes\~WRL3457.tmp"
Tue 29 Aug 2006 139,776 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\Red Horse Mountain\2006 Archive\DEPARTMENT HEADS CONFIDENTIAL\RHM Visioning 2006\~WRL1027.tmp"
Thu 24 Aug 2006 2,136,576 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\Red Horse Mountain\2006 Archive\DEPARTMENT HEADS CONFIDENTIAL\RHM Visioning 2006\~WRL1137.tmp"
Sat 10 Jun 2006 0 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\Red Horse Mountain\2006 Archive\RHM Server - RHM1\Meeting Notes\~WRL1816.tmp"
Sat 10 Jun 2006 53,248 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\Red Horse Mountain\2006 Archive\RHM Server - RHM1\Meeting Notes\~WRL2674.tmp"
Sat 10 Jun 2006 53,248 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\Red Horse Mountain\2006 Archive\RHM Server - RHM1\Meeting Notes\~WRL3457.tmp"
Sat 12 Aug 2006 225,280 A.SH. --- "C:\Documents and Settings\Ginga\My Documents\Files\Red Horse Mountain\2006 Archive\RHM Server - RHM1\Special Projects\~WRL0978.tmp"
Finished!Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:30:12 AM, on 4/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Norton SystemWorks Basic Edition\Norton GoBack\GBPoll.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\PROGRA~1\NORTON~3\NORTON~1\NPROTECT.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\hphmon03.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Norton SystemWorks Basic Edition\Norton GoBack\GBTray.exe
C:\WINDOWS\system32\HPHipm09.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.comR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [NSWosCheck] "C:\Program Files\Norton SystemWorks Basic Edition\osCheck.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks Basic Edition\Norton GoBack\GBTray.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Append to existing PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) -
http://downloads.ewido.net/ewidoOnlineScan.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) -
http://admin01.co.wake.nc.us/iNotes6W.cabO16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) -
http://www.linkedin.com/cab/LinkedInCon ... ontrol.cabO16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) -
http://upload.facebook.com/controls/Fac ... oader3.cabO16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) -
https://webdl.symantec.com/activex/symdlmgr.cabO16 - DPF: {E7B12A6B-341F-4765-A9EA-29A745916878} (ImageViewer Control) -
http://www.co.apache.az.us/FEEDS/ImageViewer.cabO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks Basic Edition\Norton GoBack\GBPoll.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~3\NORTON~1\NPROTECT.EXE
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 11036 bytes
Thank you!
Regards,
Ginga