Hi again,
Here are the logs for Kaspersky and Hijackthis. The first three logs, however, are some kind of DSS logs and are iffy. I do not have or could not locate anything resembling a daft.txt file anywhere. I did click on fix at the end of step 2 but did not have a log pop up at all.
BTW.........The Kasperly Antivirus scan took over 5 hours to scan my computer. WOW!! I was shocked it did not lock the system up during that time. It usually freezes when I leave it unattended for just minutes and not hours like this was. Thank you again for all the time you are giving me.
The problems I have been having are:
Locking up or freezing up.
No Disk error messages on start up.
Missing drivers for an AGP video card that is installed and for some odd reason now is not found under hardware. It won't permit me to play some newer games and I get an error message "No compatible display devices found."
Too many start up programs, I think, because it takes forever and a day.
Not enough Ram???
Yours truly,
Patty
Directories/Files moved to C:\Deckard\System Scanner\backup
2008-06-21 03:03:58 24576 --a------ C:\DOCUME~1\PATRIC~1\LOCALS~1\Temp\IadHide4.dll <Not Verified; BackWeb; BackWeb IAdHide>
2008-08-12 05:26:15 40960 --a------ C:\DOCUME~1\PATRIC~1\LOCALS~1\Temp\rtdrvmon.exe <Not Verified; Realtek; rtdrvmon>
2008-03-24 19:33:02 1527056 --a------ C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe <Verified; Adobe Systems Incorporated; Adobe® Flash® Player ActiveX>
2007-10-18 10:04:16 341296 --a------ C:\WINDOWS\Downloaded Program Files\HPDEXAXO.dll <Verified; Hewlett-Packard Co.; HPDEXAXO>
2007-06-30 19:09:06 175968 --a------ C:\WINDOWS\Downloaded Program Files\IEAWSDC.DLL
2006-06-20 15:44:04 379704 --a------ C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll <Verified; Microsoft® Corporation; MSN Photo Upload Control>
2006-06-20 15:44:02 117560 --a------ C:\WINDOWS\Downloaded Program Files\PURen-us.dll <Verified; Microsoft® Corporation; MSN Photo Upload Control>
2007-05-16 08:22:06 166512 --a------ C:\WINDOWS\Downloaded Program Files\gp.ocx <Verified; NOS Microsystems Ltd.; getPlus(R)>
2008-04-04 09:56:43 370344 --a------ C:\WINDOWS\Downloaded Program Files\UpgradeVerify.ocx
-*- End of Logfile -*-
Deckard's System Scanner v20071014.68
Run by PATRICIA PRESCOTT on 2008-08-12 05:28:15
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
44: 2008-08-12 12:28:23 UTC - RP384 - Deckard's System Scanner Restore Point
43: 2008-08-12 05:24:39 UTC - RP383 - System Checkpoint
42: 2008-08-10 16:57:52 UTC - RP382 - System Checkpoint
41: 2008-08-09 14:48:32 UTC - RP381 - System Checkpoint
40: 2008-08-08 14:44:01 UTC - RP380 - System Checkpoint
-- First Restore Point --
1: 2008-06-27 13:30:57 UTC - RP341 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as PATRICIA PRESCOTT.exe) -----------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:30:01, on 8/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Dit.exe
C:\Program Files\SpiralFrog\Spiralfrog.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Belkin\F5D8053\Belkinwcui.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\clipsrv.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WUSB54GSC.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\msdtc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Documents and Settings\PATRICIA PRESCOTT\Desktop\dss.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\PATRICIA PRESCOTT.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://www.emachines.com/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Live Search Club Toolbar - {719D74AB-1AF9-43a1-8C62-D8750628D93E} - C:\Program Files\Live Search Club Toolbar\Toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [DriverMagicLogon] "C:\Program Files\SymplisIT\DriverMagic\dmschedule.exe" /boot
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [SpiralFrog] C:\Program Files\SpiralFrog\Spiralfrog.exe
O4 - HKLM\..\Run: [EPSON Stylus CX6400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE /P19 "EPSON Stylus CX6400" /O6 "USB001" /M "Stylus CX6400"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Belkin F5D8053 N Wireless USB Adapter Utility.lnk = C:\Program Files\Belkin\F5D8053\Belkinwcui.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Photags AutoDetect.lnk = C:\Program Files\PhoTags Express\Photags AutoDetect.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cabO16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) -
http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cabO16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) -
https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cabO16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) -
http://www.adobe.com/products/acrobat/nos/gp.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/s ... wflash.cabO16 - DPF: {FFD85DC8-5261-4D11-B728-F7C59D911691} (iolo.ProductDetector) -
https://secure.iolo.com/app/ocx/UpgradeVerify.ocxO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo Product Update Service (ioloProductUpdate) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
O23 - Service: WUSB54GSCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe
--
End of file - 9846 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------
backup-20080317-234124-167 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
backup-20080807-040804-152 O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - (no file)
backup-20080807-040804-849 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20080807-040804-979 O20 - AppInit_DLLs: 6741f5de
-- File Associations -----------------------------------------------------------
.js - JSFile - shell\open\command - NOTEPAD.EXE %1.reg - regfile - shell\open\command - NOTEPAD.EXE %1.scr - scrfile - shell\open\command - NOTEPAD.EXE %1.vbs - VBSFile - shell\open\command - NOTEPAD.EXE %1-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys
R1 FileDisk - c:\windows\system32\drivers\filedisk.sys <Not Verified; iolo technologies, LLC (based on original work by Bo Brantén); filedisk (based on original work by Bo Brantén)>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.5.3.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.5.3.0>
R2 LBeepKE - c:\windows\system32\drivers\lbeepke.sys <Not Verified; Logitech Inc.; Logitech SetPoint>
R3 GTNDIS5 (GTNDIS5 NDIS Protocol Driver) - c:\windows\system32\gtndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 BOCDRIVE (BOClean Kernel Monitor.) - c:\program files\comodo\cboclean\bocdrive.sys (file missing)
S3 FreshIO - c:\program files\freshdevices\freshdiagnose\freshio.sys (file missing)
S3 Mtlmnt5 - c:\windows\system32\drivers\mtlmnt5.sys <Not Verified; ; Modem>
S3 Mtlstrm - c:\windows\system32\drivers\mtlstrm.sys <Not Verified; ; Modem>
S3 NtMtlFax - c:\windows\system32\drivers\ntmtlfax.sys <Not Verified; ; Modem>
S3 pcwe - c:\ati\pc wizard 2007\pcw86-32.sys (file missing)
S3 Slntamr (SmartLink AMR_PCI Driver) - c:\windows\system32\drivers\slntamr.sys <Not Verified; ; Modem>
S3 SlNtHal - c:\windows\system32\drivers\slnthal.sys <Not Verified; ; Modem>
S3 SlWdmSup - c:\windows\system32\drivers\slwdmsup.sys <Not Verified; Vireo Software; Driver::Works>
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 SLService (SmartLinkService) - slserv.exe <Not Verified; ; Modem>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Video Controller (VGA Compatible)
Device ID: PCI\VEN_1002&DEV_5964&SUBSYS_02601092&REV_01\4&26E5833C&0&0008
Manufacturer:
Name: Video Controller (VGA Compatible)
PNP Device ID: PCI\VEN_1002&DEV_5964&SUBSYS_02601092&REV_01\4&26E5833C&0&0008
Service:
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Video Controller
Device ID: PCI\VEN_1002&DEV_5D44&SUBSYS_02611092&REV_01\4&26E5833C&0&0108
Manufacturer:
Name: Video Controller
PNP Device ID: PCI\VEN_1002&DEV_5D44&SUBSYS_02611092&REV_01\4&26E5833C&0&0108
Service:
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139/810x Family Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_90121509&REV_10\3&61AAA01&0&58
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8139/810x Family Fast Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_90121509&REV_10\3&61AAA01&0&58
Service: RTL8023xp
Class GUID: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
Description: USB Receiver
Device ID: USB\VID_046D&PID_C503&MI_01\6&31E6A037&0&0001
Manufacturer: Logitech
Name: USB Receiver
PNP Device ID: USB\VID_046D&PID_C503&MI_01\6&31E6A037&0&0001
Service:
-- Scheduled Tasks -------------------------------------------------------------
2008-08-12 03:30:00 450 --a------ C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job
2008-08-06 18:44:03 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-08-01 01:00:08 356 --a------ C:\WINDOWS\Tasks\McQcTask.job
2008-07-26 21:05:00 294 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
2008-07-15 01:21:08 364 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2007-07-18 01:22:25 416 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
-- Files created between 2008-07-12 and 2008-08-12 -----------------------------
2008-08-11 02:36:03 0 d-------- C:\Documents and Settings\PATRICIA PRESCOTT\Application Data\Malwarebytes
2008-08-11 02:35:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-10 05:40:50 0 d-------- C:\Documents and Settings\PATRICIA PRESCOTT\Application Data\Apple Computer
2008-08-07 03:02:13 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-08-07 03:01:57 0 d-------- C:\Program Files\MSXML 4.0
2008-08-07 01:46:40 0 d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-08-07 01:45:44 107370 --a------ C:\WINDOWS\hpqins13.dat
2008-08-07 01:17:37 0 d-------- C:\Documents and Settings\PATRICIA PRESCOTT\Application Data\MSNInstaller
2008-08-06 04:05:22 0 d-------- C:\Program Files\Common Files\HP
2008-08-06 04:03:27 0 d-------- C:\Program Files\Hewlett-Packard
2008-08-06 04:03:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-08-06 04:03:18 82432 -ra------ C:\WINDOWS\system32\MSXML4r.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 4.0 SP1>
2008-08-06 04:03:18 44544 -ra------ C:\WINDOWS\system32\MSXML4a.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 4.0 SP1>
2008-08-06 04:03:17 626960 -ra------ C:\WINDOWS\system32\hpvaut32.dll <Not Verified; Microsoft Corporation; >
2008-08-06 04:01:55 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-08-06 03:56:23 17176 -----n--- C:\WINDOWS\hpomdl04.dat
2008-08-06 03:56:23 104182 --a------ C:\WINDOWS\hpoins04.dat
2008-08-05 02:28:31 57344 --a------ C:\WINDOWS\system32\HPZisn12.dll <Not Verified; HP; HP SNMP Windows>
2008-08-05 02:28:31 94208 --a------ C:\WINDOWS\system32\HPZipt12.dll <Not Verified; HP; HP SNMP Windows>
2008-08-05 02:28:31 204800 --a------ C:\WINDOWS\system32\HPZipr12.dll <Not Verified; HP; HP PmlRtl>
2008-08-05 02:28:31 65536 --a------ C:\WINDOWS\system32\HPZipm12.exe <Not Verified; HP; HP PML>
2008-08-05 02:28:31 61440 --a------ C:\WINDOWS\system32\HPZinw12.exe <Not Verified; HP; HP Dot4Net Windows>
2008-08-05 02:28:31 278584 --a------ C:\WINDOWS\system32\HPZidr12.dll <Not Verified; HP; HP Dot4Rtl>
2008-08-05 01:57:38 0 d-------- C:\Program Files\HP
2008-08-05 01:57:35 0 d-------- C:\WINDOWS\Downloaded Installations
2008-08-03 00:05:58 79622 --a------ C:\WINDOWS\system32\EBPMON24.DLL <Not Verified; SEIKO EPSON CORPORATION; EPSON Bi-directional Printer>
2008-08-03 00:05:58 98304 --a------ C:\WINDOWS\system32\E_SAGSET.DLL <Not Verified; SEIKO EPSON CORPORATION; EPSON Bidirectional Printer>
2008-08-03 00:05:06 0 d-------- C:\Program Files\EPSON
2008-08-03 00:03:31 0 d-------- C:\epson
2008-08-02 02:44:51 0 d-------- C:\Program Files\Epson Printer
2008-08-01 23:39:55 0 d-------- C:\Documents and Settings\PATRICIA PRESCOTT\Application Data\InstallShield
2008-08-01 00:12:13 0 d-------- C:\Program Files\Common Files\ODBC
2008-07-31 07:03:37 0 d-------- C:\WINDOWS\Sun
2008-07-31 04:54:24 0 d-------- C:\Program Files\SpiralFrog
2008-07-30 22:37:07 0 d-------- C:\Documents and Settings\LocalService\Application Data\iolo
2008-07-30 20:23:30 0 dr-h----- C:\Documents and Settings\PATRICIA PRESCOTT\Recent
2008-07-30 20:09:30 0 d-------- C:\Documents and Settings\PATRICIA PRESCOTT\Application Data\Business Logic
2008-07-30 20:09:12 0 d-------- C:\Program Files\Business Logic Corporation
2008-07-23 14:34:00 256 --a------ C:\WINDOWS\DisableDrWatson[1].reg
-- Find3M Report ---------------------------------------------------------------
2008-08-11 02:16:15 2768 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-10 05:41:19 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-08-10 03:12:15 0 d-------- C:\Documents and Settings\PATRICIA PRESCOTT\Application Data\Real
2008-08-07 01:17:46 0 d-------- C:\Documents and Settings\PATRICIA PRESCOTT\Application Data\MSN6
2008-08-06 04:05:22 0 d-------- C:\Program Files\Common Files
2008-08-02 02:57:23 0 d-------- C:\Documents and Settings\PATRICIA PRESCOTT\Application Data\Adobe
2008-08-01 23:40:02 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-08-01 12:42:08 0 d-------- C:\Program Files\McAfee
2008-08-01 12:12:19 0 d-------- C:\Documents and Settings\PATRICIA PRESCOTT\Application Data\Yahoo!
2008-07-30 22:35:17 0 d-------- C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster
2008-07-30 22:35:16 0 d-------- C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor
2008-07-30 22:32:53 0 d-------- C:\Documents and Settings\PATRICIA PRESCOTT\Application Data\Walgreens
2008-07-30 22:32:44 0 d-------- C:\Program Files\Real
2008-07-30 22:32:44 0 d-------- C:\Program Files\QuickTime
2008-07-30 22:32:44 0 d-------- C:\Program Files\PC Wizard 2007
2008-07-30 22:32:43 0 d-------- C:\Program Files\Yahoo!
2008-07-15 05:23:59 0 d-------- C:\Program Files\Java
2008-07-14 06:28:34 0 d-------- C:\Documents and Settings\PATRICIA PRESCOTT\Application Data\U3
2008-07-09 04:21:04 0 d-------- C:\Program Files\RealArcade
2008-07-09 04:03:40 0 d-------- C:\Documents and Settings\PATRICIA PRESCOTT\Application Data\Logitech
2008-07-09 03:56:07 0 d-------- C:\Program Files\Common Files\Logitech
2008-07-09 03:20:56 0 d-------- C:\Program Files\Realtek AC97
2008-07-09 00:15:46 0 d-------- C:\Program Files\iolo
2008-06-27 01:28:26 0 d-------- C:\Documents and Settings\PATRICIA PRESCOTT\Application Data\Gogii Games
2008-06-21 13:05:32 0 d-------- C:\Program Files\Common Files\Java
2008-06-21 03:03:53 0 d-------- C:\Program Files\Logitech
2008-06-21 03:02:08 0 d-------- C:\Program Files\MUSICMATCH
2008-06-16 19:21:20 29696 --a------ C:\WINDOWS\system32\iolobtdfg.exe
2008-06-13 11:32:38 0 d-------- C:\Program Files\PC Drivers HeadQuarters
2008-06-06 16:55:34 8704 --a------ C:\WINDOWS\system32\smrgdf.exe
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dit"="Dit.exe" [09/05/2002 18:14 C:\WINDOWS\Dit.exe]
"Lexmark 1200 Series"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [07/12/2006 22:22]
"VTPreset"="VTPreset.exe" [02/24/2004 20:17 C:\WINDOWS\system32\VTPreset.exe]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"DriverMagicLogon"="C:\Program Files\SymplisIT\DriverMagic\dmschedule.exe" [04/16/2008 01:54]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [07/19/2006 12:03 C:\WINDOWS\KHALMNPR.Exe]
"Logitech Hardware Abstraction Layer"="C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [07/19/2006 12:03]
"@"="" []
"SpiralFrog"="C:\Program Files\SpiralFrog\Spiralfrog.exe" [03/12/2008 13:05]
"EPSON Stylus CX6400"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.exe" []
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [05/12/2004 15:18]
"hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [03/13/2008 09:34]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [06/21/2008 03:03]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 00:56]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Belkin F5D8053 N Wireless USB Adapter Utility.lnk - C:\Program Files\Belkin\F5D8053\Belkinwcui.exe [7/2/2007 7:45:04 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [5/28/2004 10:31:38 PM]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [5/28/2004 11:06:36 PM]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [6/21/2008 3:04:00 AM]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [7/9/2008 3:56:18 AM]
Photags AutoDetect.lnk - C:\Program Files\PhoTags Express\Photags AutoDetect.exe [12/17/2007 6:36:01 PM]
Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe [12/19/2007 7:37:31 AM]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Microsoft Works\WkDetect.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=2 (0x2)
"SysmonLog"=2 (0x2)
"navapsvc"=2 (0x2)
"Messenger"=2 (0x2)
"ERSvc"=2 (0x2)
"CryptSvc"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f89c4199-5188-11dd-8307-00173fc44ed6}]
AutoRun\command- J:\setupSNK.exe
-- End of Deckard's System Scanner: finished at 2008-08-12 05:31:32 ------------
Deckard's System Scanner v20071014.68
Run by PATRICIA PRESCOTT on 2008-08-13 03:16:17
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis (run as PATRICIA PRESCOTT.exe) -----------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:16:24, on 8/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Dit.exe
C:\Program Files\SpiralFrog\Spiralfrog.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Belkin\F5D8053\Belkinwcui.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\clipsrv.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WUSB54GSC.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\msdtc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Temp\jkos-PATRICIA PRESCOTT\binaries\ScanningProcess.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\PATRICIA PRESCOTT\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\PATRIC~1.EXE
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Live Search Club Toolbar - {719D74AB-1AF9-43a1-8C62-D8750628D93E} - C:\Program Files\Live Search Club Toolbar\Toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [DriverMagicLogon] "C:\Program Files\SymplisIT\DriverMagic\dmschedule.exe" /boot
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [SpiralFrog] C:\Program Files\SpiralFrog\Spiralfrog.exe
O4 - HKLM\..\Run: [EPSON Stylus CX6400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE /P19 "EPSON Stylus CX6400" /O6 "USB001" /M "Stylus CX6400"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Belkin F5D8053 N Wireless USB Adapter Utility.lnk = C:\Program Files\Belkin\F5D8053\Belkinwcui.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Photags AutoDetect.lnk = C:\Program Files\PhoTags Express\Photags AutoDetect.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cabO16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) -
http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cabO16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) -
https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cabO16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) -
http://www.adobe.com/products/acrobat/nos/gp.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/s ... wflash.cabO16 - DPF: {FFD85DC8-5261-4D11-B728-F7C59D911691} (iolo.ProductDetector) -
https://secure.iolo.com/app/ocx/UpgradeVerify.ocxO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo Product Update Service (ioloProductUpdate) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
O23 - Service: WUSB54GSCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe
--
End of file - 9862 bytes
-- Files created between 2008-07-13 and 2008-08-13 -----------------------------
2008-08-12 12:36:51 0 d-------- C:\WINDOWS\system32\CatRoot_bak
2008-08-11 02:36:03 0 d-------- C:\Documents and Settings\PATRICIA PRESCOTT\Application Data\Malwarebytes
2008-08-11 02:35:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-10 05:40:50 0 d-------- C:\Documents and Settings\PATRICIA PRESCOTT\Application Data\Apple Computer
2008-08-07 03:02:13 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-08-07 03:01:57 0 d-------- C:\Program Files\MSXML 4.0
2008-08-07 01:46:40 0 d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-08-07 01:45:44 107370 --a------ C:\WINDOWS\hpqins13.dat
2008-08-07 01:17:37 0 d-------- C:\Documents and Settings\PATRICIA PRESCOTT\Application Data\MSNInstaller
2008-08-06 04:05:22 0 d-------- C:\Program Files\Common Files\HP
2008-08-06 04:03:27 0 d-------- C:\Program Files\Hewlett-Packard
2008-08-06 04:03:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-08-06 04:03:18 82432 -ra------ C:\WINDOWS\system32\MSXML4r.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 4.0 SP1>
2008-08-06 04:03:18 44544 -ra------ C:\WINDOWS\system32\MSXML4a.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 4.0 SP1>
2008-08-06 04:03:17 626960 -ra------ C:\WINDOWS\system32\hpvaut32.dll <Not Verified; Microsoft Corporation; >
2008-08-06 04:01:55 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-08-06 03:56:23 17176 -----n--- C:\WINDOWS\hpomdl04.dat
2008-08-06 03:56:23 104182 --a------ C:\WINDOWS\hpoins04.dat
2008-08-05 02:28:31 57344 --a------ C:\WINDOWS\system32\HPZisn12.dll <Not Verified; HP; HP SNMP Windows>
2008-08-05 02:28:31 94208 --a------ C:\WINDOWS\system32\HPZipt12.dll <Not Verified; HP; HP SNMP Windows>
2008-08-05 02:28:31 204800 --a------ C:\WINDOWS\system32\HPZipr12.dll <Not Verified; HP; HP PmlRtl>
2008-08-05 02:28:31 65536 --a------ C:\WINDOWS\system32\HPZipm12.exe <Not Verified; HP; HP PML>
2008-08-05 02:28:31 61440 --a------ C:\WINDOWS\system32\HPZinw12.exe <Not Verified; HP; HP Dot4Net Windows>
2008-08-05 02:28:31 278584 --a------ C:\WINDOWS\system32\HPZidr12.dll <Not Verified; HP; HP Dot4Rtl>
2008-08-05 01:57:38 0 d-------- C:\Program Files\HP
2008-08-05 01:57:35 0 d-------- C:\WINDOWS\Downloaded Installations
2008-08-03 00:05:58 79622 --a------ C:\WINDOWS\system32\EBPMON24.DLL <Not Verified; SEIKO EPSON CORPORATION; EPSON Bi-directional Printer>
2008-08-03 00:05:58 98304 --a------ C:\WINDOWS\system32\E_SAGSET.DLL <Not Verified; SEIKO EPSON CORPORATION; EPSON Bidirectional Printer>
2008-08-03 00:05:06 0 d-------- C:\Program Files\EPSON
2008-08-03 00:03:31 0 d-------- C:\epson
2008-08-02 02:44:51 0 d-------- C:\Program Files\Epson Printer
2008-08-01 23:39:55 0 d-------- C:\Documents and Settings\PATRICIA PRESCOTT\Application Data\InstallShield
2008-08-01 00:12:13 0 d-------- C:\Program Files\Common Files\ODBC
2008-07-31 07:03:37 0 d-------- C:\WINDOWS\Sun
2008-07-31 04:54:24 0 d-------- C:\Program Files\SpiralFrog
2008-07-30 22:37:07 0 d-------- C:\Documents and Settings\LocalService\Application Data\iolo
2008-07-30 20:23:30 0 dr-h----- C:\Documents and Settings\PATRICIA PRESCOTT\Recent
2008-07-30 20:09:30 0 d-------- C:\Documents and Settings\PATRICIA PRESCOTT\Application Data\Business Logic
2008-07-30 20:09:12 0 d-------- C:\Program Files\Business Logic Corporation
2008-07-23 14:34:00 256 --a------ C:\WINDOWS\DisableDrWatson[1].reg
-- Find3M Report ---------------------------------------------------------------
2008-08-12 12:09:01 0 d-------- C:\Program Files\RealArcade
2008-08-11 02:16:15 2768 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-10 05:41:19 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-08-10 03:12:15 0 d-------- C:\Documents and Settings\PATRICIA PRESCOTT\Application Data\Real
2008-08-07 01:17:46 0 d-------- C:\Documents and Settings\PATRICIA PRESCOTT\Application Data\MSN6
2008-08-06 04:05:22 0 d-------- C:\Program Files\Common Files
2008-08-02 02:57:23 0 d-------- C:\Documents and Settings\PATRICIA PRESCOTT\Application Data\Adobe
2008-08-01 23:40:02 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-08-01 12:42:08 0 d-------- C:\Program Files\McAfee
2008-08-01 12:12:19 0 d-------- C:\Documents and Settings\PATRICIA PRESCOTT\Application Data\Yahoo!
2008-07-30 22:35:17 0 d-------- C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster
2008-07-30 22:35:16 0 d-------- C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor
2008-07-30 22:32:53 0 d-------- C:\Documents and Settings\PATRICIA PRESCOTT\Application Data\Walgreens
2008-07-30 22:32:44 0 d-------- C:\Program Files\Real
2008-07-30 22:32:44 0 d-------- C:\Program Files\QuickTime
2008-07-30 22:32:44 0 d-------- C:\Program Files\PC Wizard 2007
2008-07-30 22:32:43 0 d-------- C:\Program Files\Yahoo!
2008-07-15 05:23:59 0 d-------- C:\Program Files\Java
2008-07-14 06:28:34 0 d-------- C:\Documents and Settings\PATRICIA PRESCOTT\Application Data\U3
2008-07-09 04:03:40 0 d-------- C:\Documents and Settings\PATRICIA PRESCOTT\Application Data\Logitech
2008-07-09 03:56:07 0 d-------- C:\Program Files\Common Files\Logitech
2008-07-09 03:20:56 0 d-------- C:\Program Files\Realtek AC97
2008-07-09 00:15:46 0 d-------- C:\Program Files\iolo
2008-06-27 01:28:26 0 d-------- C:\Documents and Settings\PATRICIA PRESCOTT\Application Data\Gogii Games
2008-06-21 13:05:32 0 d-------- C:\Program Files\Common Files\Java
2008-06-21 03:03:53 0 d-------- C:\Program Files\Logitech
2008-06-21 03:02:08 0 d-------- C:\Program Files\MUSICMATCH
2008-06-16 19:21:20 29696 --a------ C:\WINDOWS\system32\iolobtdfg.exe
2008-06-13 11:32:38 0 d-------- C:\Program Files\PC Drivers HeadQuarters
2008-06-06 16:55:34 8704 --a------ C:\WINDOWS\system32\smrgdf.exe
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dit"="Dit.exe" [09/05/2002 18:14 C:\WINDOWS\Dit.exe]
"Lexmark 1200 Series"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [07/12/2006 22:22]
"VTPreset"="VTPreset.exe" [02/24/2004 20:17 C:\WINDOWS\system32\VTPreset.exe]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"DriverMagicLogon"="C:\Program Files\SymplisIT\DriverMagic\dmschedule.exe" [04/16/2008 01:54]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [07/19/2006 12:03 C:\WINDOWS\KHALMNPR.Exe]
"Logitech Hardware Abstraction Layer"="C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [07/19/2006 12:03]
"@"="" []
"SpiralFrog"="C:\Program Files\SpiralFrog\Spiralfrog.exe" [03/12/2008 13:05]
"EPSON Stylus CX6400"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.exe" []
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [05/12/2004 15:18]
"hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [03/13/2008 09:34]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [06/21/2008 03:03]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 00:56]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Belkin F5D8053 N Wireless USB Adapter Utility.lnk - C:\Program Files\Belkin\F5D8053\Belkinwcui.exe [7/2/2007 7:45:04 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [5/28/2004 10:31:38 PM]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [5/28/2004 11:06:36 PM]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [6/21/2008 3:04:00 AM]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [7/9/2008 3:56:18 AM]
Photags AutoDetect.lnk - C:\Program Files\PhoTags Express\Photags AutoDetect.exe [12/17/2007 6:36:01 PM]
Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe [12/19/2007 7:37:31 AM]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Microsoft Works\WkDetect.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=2 (0x2)
"SysmonLog"=2 (0x2)
"navapsvc"=2 (0x2)
"Messenger"=2 (0x2)
"ERSvc"=2 (0x2)
"CryptSvc"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f89c4199-5188-11dd-8307-00173fc44ed6}]
AutoRun\command- J:\setupSNK.exe
-- End of Deckard's System Scanner: finished at 2008-08-13 03:17:02 ------------
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, August 12, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, August 12, 2008 22:02:40
Records in database: 1087115
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
F:\
G:\
H:\
I:\
Scan statistics:
Files scanned: 180628
Threat name: 3
Infected objects: 1
Suspicious objects: 13
Duration of the scan: 05:31:56
File name / Threat name / Threats count
C:\Documents and Settings\PATRICIA PRESCOTT\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Application Data\Identities\{E53E8A33-444C-4429-A144-301819F851BC}\Microsoft\Outlook Express\Junk E-Mail.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 2
C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Application Data\Identities\{E53E8A33-444C-4429-A144-301819F851BC}\Microsoft\Outlook Express\Sent Messages (1).dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 4
C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Application Data\Microsoft\MSN\db30\Mail (
pjp_1234@msn.com)\stm0x300203e.000 Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Application Data\Microsoft\MSN\db30\Mail (
pjp_1234@msn.com)\stm0x300205a.000 Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Application Data\Microsoft\MSN\db30\Mail (
pjp_1234@msn.com)\stm0x300231d.000 Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Application Data\Microsoft\MSN\db30\Mail (
pjp_1234@msn.com)\stm0x30023ba.000 Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Application Data\Microsoft\MSN\db30\Mail (
pjp_1234@msn.com)\stm0x30023dd.000 Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Application Data\Microsoft\MSN\db30\Mail (
pjp_1234@msn.com)\stm0x30023f0.000 Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\My Games\Hidden Wonders of the Depths\HWD.exe Suspicious: Type_Win32 1
The selected area was scanned.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:01:06, on 8/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Dit.exe
C:\Program Files\SpiralFrog\Spiralfrog.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Belkin\F5D8053\Belkinwcui.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\clipsrv.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WUSB54GSC.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\msdtc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Temp\jkos-PATRICIA PRESCOTT\binaries\ScanningProcess.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Live Search Club Toolbar - {719D74AB-1AF9-43a1-8C62-D8750628D93E} - C:\Program Files\Live Search Club Toolbar\Toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [DriverMagicLogon] "C:\Program Files\SymplisIT\DriverMagic\dmschedule.exe" /boot
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [SpiralFrog] C:\Program Files\SpiralFrog\Spiralfrog.exe
O4 - HKLM\..\Run: [EPSON Stylus CX6400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE /P19 "EPSON Stylus CX6400" /O6 "USB001" /M "Stylus CX6400"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Belkin F5D8053 N Wireless USB Adapter Utility.lnk = C:\Program Files\Belkin\F5D8053\Belkinwcui.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Photags AutoDetect.lnk = C:\Program Files\PhoTags Express\Photags AutoDetect.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cabO16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) -
http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cabO16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) -
https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cabO16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) -
http://www.adobe.com/products/acrobat/nos/gp.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/s ... wflash.cabO16 - DPF: {FFD85DC8-5261-4D11-B728-F7C59D911691} (iolo.ProductDetector) -
https://secure.iolo.com/app/ocx/UpgradeVerify.ocxO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo Product Update Service (ioloProductUpdate) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
O23 - Service: WUSB54GSCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe
--
End of file - 9846 bytes