# Solved: Symantec Email Proxy Virus Help!!!!!!!!!



## louriec (Jun 5, 2007)

Hey all newbie here. My girlfriend clicked one of those links from Aim that one of her friends' computers sent her and of course she clicked it...anyways now she gets that symantec email proxy virus where she gets hundred of popups telling her an email message could not be sent and the scan failed. Per the request of other tech guys when this problem came up, I downloaded and ran the Hijack this program and here is the log output. Thanks so much for your help!

Logfile of HijackThis v1.99.1
Scan saved at 8:18:37 AM, on 6/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\security\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\o2flash.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\CPUTray.exe
C:\Program Files\Phoenix Technologies\cME\Guard\Guard.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\mobile PhoneTools\WatchDog.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\wwz.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\NETGEAR\MA101 USB Adapter Configuration Utility\WlanMonitor.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\Program Files\Common Files\Skyscape\smARTupdate.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\PhnxCDSvr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Kristen\Desktop\Virus fixer\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://hsremove.com/done.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://hsremove.com/done.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://www.averatec.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper -
{AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
files\google\googletoolbar4.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} -
C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus -
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton
AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program
Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [KTPWare] C:\Program Files\Elantech\Ktp.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [CPUTray] C:\WINDOWS\system32\CPUTray.exe
O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\Phoenix
Technologies\cME\RPro\ XP\VBPTASK.EXE" VBStart
O4 - HKLM\..\Run: [Eval] "C:\Program Files\Phoenix
Technologies\cME\RPro\Eval\Eval.exe"
O4 - HKLM\..\Run: [Guard] "C:\Program Files\Phoenix
Technologies\cME\Guard\Guard.exe" /background
O4 - HKLM\..\Run: [Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft
IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [py] C:\WINDOWS\system32\py.exe
O4 - HKLM\..\Run: [dnbeiiycm] C:\WINDOWS\system32\dnbeiiycm.exe
O4 - HKLM\..\Run: [saarcsnczoe] C:\WINDOWS\system32\saarcsnczoe.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe
bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [quyujoytjjn] C:\WINDOWS\system32\quyujoytjjn.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [wwz] C:\WINDOWS\system32\wwz.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free
Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft
ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program
Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: Skyscape smARTupdate.lnk = C:\Program Files\Common
Files\Skyscape\smARTupdate.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program
Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: MA101 Configuration Utility .lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O4 - Global Startup: Post-it(r) Software Notes Lite.lnk = C:\Program
Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
- C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite -
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} -
C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}
- C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... -
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -
C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -
C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}
- C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.averatec.com
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo
Uploader Control) -
http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation -
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common
Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation -
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Machine Debug Manager (MCH_DBG) - Unknown owner -
C:\WINDOWS\security\mdm.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) -
Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) -
Symantec Corporation - C:\Program Files\Norton
AntiVirus\IWP\NPFMntor.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner -
C:\WINDOWS\system32\o2flash.exe
O23 - Service: Print Spooler Service (o4ey1avocybuwyy) - Unknown owner
- C:\WINDOWS\system32\py.exe
O23 - Service: Phoenix VCD Service (PhnxVCDService) - Phoenix
Technologies Ltd. - C:\WINDOWS\system32\PhnxCDSvr.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program
Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec
Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC
Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools -
C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation -
C:\Program Files\Viewpoint\Common\ViewpointService.exe


----------



## cybertech (Apr 16, 2002)

Download this tool to your desktop:
http://www.uploads.ejvindh.net/rootchk.exe
Run the program. After a short time a logfile will turn up. Copy the contents of the log into the thread.

Notice: Some security-programs prevent the creation of dummy drivers with certain names. This may cause false positives. If the log of rootchk contains a lot of hidden drivers, you may want to turn of your security programs while rootchk is scanning (you should then unhook your network connection as well)


----------



## louriec (Jun 5, 2007)

********************************* ROOTCHK-(29-05-07b)-LOG, by ejvindh
Tue 06/05/2007 15:36:28.35

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end

Here is the output cybertech, I hope this means something to you, as it's just random words to me! Thanks so much for your help.

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-05 15:36:29
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

hidden processes: 0
hidden services: 0
hidden files: 0


----------



## cybertech (Apr 16, 2002)

Run *Panda ActiveScan* *here*

*Post the results from ActiveScan.*


----------



## louriec (Jun 5, 2007)

Incident Status Location

Potentially unwanted tool:Application/SystemDoctor2006 Not disinfected C:\Program Files\Spyware Doctor\swdsvc.exe 
Adware:adware/whenusearch Not disinfected C:\Documents and Settings\Kristen\Start Menu\Programs\WhenU 
Adware:adware/savenow Not disinfected Windows Registry 
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Cedric\Cookies\[email protected][2].txt 
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Cedric\Cookies\[email protected][1].txt 
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Cedric\Cookies\[email protected][2].txt 
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Kristen\Cookies\[email protected][1].txt 
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Kristen\Cookies\[email protected][1].txt 
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Kristen\Cookies\[email protected][2].txt 
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Kristen\Cookies\[email protected][1].txt


----------



## cybertech (Apr 16, 2002)

Download ComboFix from *Here* or *Here* to your Desktop. 

Double click *combofix.exe * and follow the prompts.
When finished, it shall produce a log for you. Post that log and a *HiJackthis* log in your next reply
*Note: Do not mouseclick combofix's window while its running. That may cause it to stall*


----------



## louriec (Jun 5, 2007)

*This is ComboFix' Log*

"Kristen" - 2007-06-05 19:09:06 Service Pack 2 NTFS 
ComboFix 07-06-3B - Running from: "C:\Documents and Settings\Kristen\Desktop\"

((((((((((((((((((((((((( Files Created from 2007-05-05 to 2007-06-05 )))))))))))))))))))))))))))))))

2007-06-05 17:36	66,560	--a------	C:\bootloader.exe
2007-06-05 16:36 d--------	C:\WINDOWS\system32\ActiveScan
2007-06-05 16:36 d--------	C:\WINDOWS\LastGood
2007-06-05 08:23	66,560	--a------	C:\bootload.exe
2007-06-04 22:51	83,536	--a------	C:\WINDOWS\system32\drivers\iksyssec.sys
2007-06-04 22:51	626,688	--a------	C:\WINDOWS\system32\msvcr80.dll
2007-06-04 22:51	59,984	--a------	C:\WINDOWS\system32\drivers\iksysflt.sys
2007-06-04 22:51	52,304	--a------	C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-06-04 22:51	39,248	--a------	C:\WINDOWS\system32\drivers\ikfileflt.sys
2007-06-04 22:51	26,064	--a------	C:\WINDOWS\system32\drivers\kcom.sys
2007-06-04 22:51 d--------	C:\Program Files\Spyware Doctor
2007-06-04 22:51 d--------	C:\DOCUME~1\Kristen\APPLIC~1\PC Tools
2007-06-04 22:49	14,848	--a------	C:\WINDOWS\system32\drivers\kbdhid.sys
2007-06-04 22:43	8,192	--a------	C:\WINDOWS\system32\wshirda.dll
2007-06-04 22:43	66,560	--a------	C:\WINDOWS\system32\quyujoytjjn.exe
2007-06-04 22:43	59,648	--a------	C:\WINDOWS\system32\drivers\rfcomm.sys
2007-06-04 22:43	27,136	--a------	C:\WINDOWS\system32\irmon.dll
2007-06-04 22:43	17,024	--a------	C:\WINDOWS\system32\drivers\BthEnum.sys
2007-06-04 22:43	152,576	--a------	C:\WINDOWS\system32\irftp.exe
2007-06-04 22:43	100,992	--a------	C:\WINDOWS\system32\drivers\bthpan.sys
2007-06-04 22:42	274,304	--a------	C:\WINDOWS\system32\drivers\bthport.sys
2007-06-04 22:42	18,944	--a------	C:\WINDOWS\system32\drivers\BTHUSB.SYS
2007-06-04 22:07	66,560	--a------	C:\WINDOWS\system32\wwz.exe
2007-06-04 21:38	76,560	--a------	C:\WINDOWS\system32\drivers\tmcomm.sys
2007-06-04 21:36 d--------	C:\DOCUME~1\Kristen\.housecall6.6
2007-06-04 21:31	66,560	--a------	C:\WINDOWS\system32\saarcsnczoe.exe
2007-06-04 20:14 d--------	C:\Program Files\ATS2
2007-06-04 20:11	66,560	--a------	C:\WINDOWS\system32\dnbeiiycm.exe
2007-06-04 19:45	66,560	--a------	C:\WINDOWS\system32\py.exe

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-05 22:08:04	--------	d-----w	C:\Program Files\QuickTime
2007-06-05 22:05:48	--------	d-----w	C:\Program Files\Norton AntiVirus
2007-06-05 22:03:56	--------	d-----w	C:\Program Files\mobile PhoneTools
2007-06-05 22:01:56	--------	d-----w	C:\Program Files\Microsoft IntelliPoint
2007-06-05 22:01:45	--------	d-----w	C:\Program Files\Microsoft ActiveSync
2007-06-05 22:01:01	--------	d-----w	C:\Program Files\Messenger
2007-06-05 21:59:07	--------	d-----w	C:\Program Files\iTunes
2007-06-05 21:58:02	--------	d-----w	C:\Program Files\Google
2007-06-05 21:56:39	--------	d-----w	C:\Program Files\Common Files\Symantec Shared
2007-06-05 21:56:23	--------	d-----w	C:\Program Files\Common Files\Stardock
2007-06-05 21:56:22	--------	d-----w	C:\Program Files\Common Files\Skyscape
2007-06-05 21:54:24	--------	d-----w	C:\Program Files\AIM
2007-04-21 20:36:11	--------	d-----w	C:\DOCUME~1\Kristen\APPLIC~1\WinRAR
2007-04-18 16:12:23	2,854,400	----a-w	C:\WINDOWS\system32\msi.dll
2007-04-17 02:47:36	33,624	----a-w	C:\WINDOWS\system32\wups.dll
2007-04-17 02:45:54	1,710,936	----a-w	C:\WINDOWS\system32\wuaueng.dll
2007-04-17 02:45:48	549,720	----a-w	C:\WINDOWS\system32\wuapi.dll
2007-04-17 02:45:42	325,976	----a-w	C:\WINDOWS\system32\wucltui.dll
2007-04-17 02:45:36	203,096	----a-w	C:\WINDOWS\system32\wuweb.dll
2007-04-17 02:45:28	92,504	----a-w	C:\WINDOWS\system32\cdm.dll
2007-04-17 02:45:20	53,080	----a-w	C:\WINDOWS\system32\wuauclt.exe
2007-04-17 02:45:20	43,352	----a-w	C:\WINDOWS\system32\wups2.dll
2007-04-12 23:44:24	724,992	----a-w	C:\WINDOWS\iun6002.exe
2007-03-17 13:43:01	292,864	----a-w	C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:36:28	577,536	----a-w	C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28	40,960	----a-w	C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28	281,600	----a-w	C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48	1,843,584	----a-w	C:\WINDOWS\system32\win32k.sys

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 04:56]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 14:22]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar4.dll [2007-01-20 00:55]
{BDF3E430-B101-42AD-A544-FADC6B084872}=C:\Program Files\Norton AntiVirus\NavShExt.dll [2005-10-19 13:54]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-07-14 22:16]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-15 04:07]
"KTPWare"="C:\Program Files\Elantech\Ktp.exe" [2005-03-02 01:46]
"AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [2005-03-04 02:20]
"SMSERIAL"="sm56hlpr.exe" [2004-12-29 03:01 C:\WINDOWS\sm56hlpr.exe]
"VTTimer"="VTTimer.exe" [2005-03-07 15:33 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-01-10 19:33 C:\WINDOWS\system32\VTTrayp.exe]
"farstone"="" []
"RestoreIT!"="C:\Program Files\Phoenix Technologies\cME\RPro\ XP\VBPTASK.exe" [2004-10-11 02:18]
"Eval"="C:\Program Files\Phoenix Technologies\cME\RPro\Eval\Eval.exe" [2004-11-10 20:39]
"Guard"="C:\Program Files\Phoenix Technologies\cME\Guard\Guard.exe" [2004-10-11 16:53]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2006-02-19 09:36]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 14:03]
"WatchDog"="C:\Program Files\mobile PhoneTools\WatchDog.exe" [2004-08-13 16:42]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2005-03-23 19:26]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-24 03:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-09-25 14:54]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-11-26 17:45]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 08:00 C:\WINDOWS\system32\bthprops.cpl]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-05-17 12:02]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" []
"AIM"="C:\Program Files\AIM\aim.exe" [2005-06-02 02:34]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 19:44]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-01-26 13:16]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	BthServ

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*

Contents of the 'Scheduled Tasks' folder
2007-06-05 19:26:03 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-06-02 01:22:38 C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Kristen.job

**************************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-05 19:13:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001000-0000-1000-8000-00805f9b34fb}]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001115-0000-1000-8000-00805f9b34fb}]

Completion time: 2007-06-05 19:15:08

--- E O F ---

*This is HiJack's Log*

Logfile of HijackThis v1.99.1
Scan saved at 7:51:06 PM, on 6/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\security\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\o2flash.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\CPUTray.exe
C:\Program Files\Phoenix Technologies\cME\Guard\Guard.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\mobile PhoneTools\WatchDog.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\saarcsnczoe.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\NETGEAR\MA101 USB Adapter Configuration Utility\WlanMonitor.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\Program Files\Common Files\Skyscape\smARTupdate.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\PhnxCDSvr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Kristen\Desktop\hijackthis_sfx.exe
C:\Documents and Settings\Kristen\Desktop\Virus fixer\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.averatec.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [KTPWare] C:\Program Files\Elantech\Ktp.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1 
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\Phoenix Technologies\cME\RPro\ XP\VBPTASK.EXE" VBStart
O4 - HKLM\..\Run: [Eval] "C:\Program Files\Phoenix Technologies\cME\RPro\Eval\Eval.exe"
O4 - HKLM\..\Run: [Guard] "C:\Program Files\Phoenix Technologies\cME\Guard\Guard.exe" /background
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: Skyscape smARTupdate.lnk = C:\Program Files\Common Files\Skyscape\smARTupdate.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: MA101 Configuration Utility .lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.averatec.com
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Machine Debug Manager (MCH_DBG) - Unknown owner - C:\WINDOWS\security\mdm.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
O23 - Service: Print Spooler Service (o4ey1avocybuwyy) - Unknown owner - C:\WINDOWS\system32\wwz.exe
O23 - Service: Phoenix VCD Service (PhnxVCDService) - Phoenix Technologies Ltd. - C:\WINDOWS\system32\PhnxCDSvr.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


----------



## cybertech (Apr 16, 2002)

Click *here* to download *Dr.Web CureIt *and save it to your desktop.

Doubleclick the *drweb-cureit.exe *file and allow to run the express scan
This will scan the files currently running in memory and when something is found, click the *yes* button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click *'Yes to all' *if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found: 








If so, click it and then click the next icon right below and select Move incurable as you'll see in next image: 








This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
After selecting, in the *Dr.Web CureIt *menu on top, click file and choose save report list
Save the report to your desktop. The report will be called *DrWeb.csv*
*Close Dr.Web Cureit*.
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from *Dr.Web *you saved previously in your next reply along with a new *HijackThis log*.


----------



## louriec (Jun 5, 2007)

Hi So Dr. Web found no viruses. I ran the hijackthis after the dr. web and got this log

Logfile of HijackThis v1.99.1
Scan saved at 12:04:30 PM, on 6/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\security\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\o2flash.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Phoenix Technologies\cME\Guard\Guard.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\mobile PhoneTools\WatchDog.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\wwz.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\NETGEAR\MA101 USB Adapter Configuration Utility\WlanMonitor.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\Program Files\Common Files\Skyscape\smARTupdate.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\PhnxCDSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Kristen\Desktop\drweb-cureit.exe
C:\DOCUME~1\Kristen\LOCALS~1\Temp\RarSFX0\_start.exe
C:\DOCUME~1\Kristen\LOCALS~1\Temp\RarSFX0\cureit.exe
C:\Documents and Settings\Kristen\Desktop\Virus fixer\HijackThis.exe
C:\Program Files\Spyware Doctor\update.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.averatec.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [KTPWare] C:\Program Files\Elantech\Ktp.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1 
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\Phoenix Technologies\cME\RPro\ XP\VBPTASK.EXE" VBStart
O4 - HKLM\..\Run: [Eval] "C:\Program Files\Phoenix Technologies\cME\RPro\Eval\Eval.exe"
O4 - HKLM\..\Run: [Guard] "C:\Program Files\Phoenix Technologies\cME\Guard\Guard.exe" /background
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [wwz] C:\WINDOWS\system32\wwz.exe
O4 - HKLM\..\RunServices: [wwz] C:\WINDOWS\system32\wwz.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: Skyscape smARTupdate.lnk = C:\Program Files\Common Files\Skyscape\smARTupdate.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: MA101 Configuration Utility .lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.averatec.com
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Machine Debug Manager (MCH_DBG) - Unknown owner - C:\WINDOWS\security\mdm.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
O23 - Service: Print Spooler Service (o4ey1avocybuwyy) - Unknown owner - C:\WINDOWS\system32\wwz.exe
O23 - Service: Phoenix VCD Service (PhnxVCDService) - Phoenix Technologies Ltd. - C:\WINDOWS\system32\PhnxCDSvr.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


----------



## cybertech (Apr 16, 2002)

*Run HJT again and put a check in the following:*

O2 - BHO: (no name) - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - (no file)

*Close all applications and browser windows before you click "fix checked".*

*Your Java is out of date.* Older versions have vulnerabilities that malware can use to infect your system.
*Please follow these steps to remove older version Java components and update.*

*Updating Java:* 

Download the latest version of *Java Runtime Environment (JRE) 6u1*. 
Scroll down to where it says "_Java Runtime Environment (JRE) 6u1 allows end-users to run Java applications_". 
Click the "*Download*" button to the right. 
Check the box that says: "*Accept*_ License Agreement_". 
The page will refresh. 
Click on the link to download _Windows Offline Installation_ with or without Multi-language and save to your desktop. 
Close any programs you may have running - especially your web browser. 
Go to *Start* > *Control Panel* double-click on *Add/Remove* programs and remove all older versions of Java. 
Check any item with Java Runtime Environment (JRE or J2SE) in the name. 
Click the *Remove* or *Change/Remove* button. 
Repeat as many times as necessary to remove each Java versions. 
Reboot your computer once all Java components are removed. 
Then from your desktop double-click on the download to install the newest version.

How is it running now? Any problems?


----------



## louriec (Jun 5, 2007)

"Run HJT again and put a check in the following:

O2 - BHO: (no name) - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - (no file)"

Where do I put the check in?


----------



## cybertech (Apr 16, 2002)

See if this picture helps


----------



## louriec (Jun 5, 2007)

Ok i did all that, but unfortunately i' m still getting the popups


----------



## cybertech (Apr 16, 2002)

Please *download* the *OTMoveIt by OldTimer*.

 *Save* it to your *desktop*.
 Please double-click *OTMoveIt.exe* to run it.
*Copy the file paths below to the clipboard* by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose copy):

*C:\WINDOWS\system32\py.exe
C:\WINDOWS\system32\dnbeiiycm.exe
C:\WINDOWS\system32\saarcsnczoe.exe
C:\WINDOWS\system32\wwz.exe
C:\WINDOWS\system32\quyujoytjjn.exe
*

 Return to OTMoveIt, right click on the *"Paste List of Files/Folders to be moved"* window and choose *Paste*.
Click the red *Moveit!* button.
Close *OTMoveIt*
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose *Yes.*

Go to this web site: http://virusscan.jotti.org/
In the File to upload & scan box copy and paste each of the following one at a time. Then click the Submit button.
*C:\bootloader.exe

C:\bootload.exe*

Copy the results and paste them back here in your next reply


----------



## louriec (Jun 5, 2007)

*this is the bootloader.exe*

Scanner results 
Scan taken on 06 Jun 2007 23:28:07 (GMT) 
A-Squared Found Backdoor.Win32.HacDef.gp 
AntiVir Found HEUR/Crypted 
ArcaVir Found nothing 
Avast Found nothing 
AVG Antivirus Found nothing 
BitDefender Found nothing 
ClamAV Found nothing 
Dr.Web Found nothing 
F-Prot Antivirus Found Possibly a new variant of W32/CrazyCrunch-based!Maximus 
F-Secure Anti-Virus Found nothing 
Fortinet Found nothing 
Kaspersky Anti-Virus Found nothing 
NOD32 Found nothing 
Norman Virus Control Found nothing 
Panda Antivirus Found nothing 
Rising Antivirus Found nothing 
VirusBuster Found nothing 
VBA32 Found nothing

this is the bootload.exe

Scanner results 
Scan taken on 06 Jun 2007 23:32:06 (GMT) 
A-Squared Found Backdoor.Win32.HacDef.gp 
AntiVir Found HEUR/Crypted 
ArcaVir Found nothing 
Avast Found nothing 
AVG Antivirus Found nothing 
BitDefender Found nothing 
ClamAV Found nothing 
Dr.Web Found nothing 
F-Prot Antivirus Found nothing 
F-Secure Anti-Virus Found nothing 
Fortinet Found nothing 
Kaspersky Anti-Virus Found nothing 
NOD32 Found nothing 
Norman Virus Control Found nothing 
Panda Antivirus Found nothing 
Rising Antivirus Found nothing 
VirusBuster Found nothing 
VBA32 Found nothing


----------



## cybertech (Apr 16, 2002)

Use OTMoveIt again on both of those files
*C:\bootloader.exe
C:\bootload.exe*

Reboot the machine and post a new Hijackthis log. Also let me know how things are going.


----------



## louriec (Jun 5, 2007)

Here is the Hijack Log (I've had email scanning off on Symantec so that I could use the computer and not deal with the popups. I turned it on after the last program you had me download. It's been about 5 minutes and I haven't gotten a pop up yet so I'm holding my breath here...hopefully this hijack log file is telling you good things)

Logfile of HijackThis v1.99.1
Scan saved at 7:48:39 PM, on 6/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\security\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\o2flash.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Phoenix Technologies\cME\Guard\Guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\mobile PhoneTools\WatchDog.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\PhnxCDSvr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\NETGEAR\MA101 USB Adapter Configuration Utility\WlanMonitor.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\Program Files\Common Files\Skyscape\smARTupdate.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Kristen\Desktop\Virus fixer\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.averatec.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [KTPWare] C:\Program Files\Elantech\Ktp.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1 
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\Phoenix Technologies\cME\RPro\ XP\VBPTASK.EXE" VBStart
O4 - HKLM\..\Run: [Eval] "C:\Program Files\Phoenix Technologies\cME\RPro\Eval\Eval.exe"
O4 - HKLM\..\Run: [Guard] "C:\Program Files\Phoenix Technologies\cME\Guard\Guard.exe" /background
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [wwz] C:\WINDOWS\system32\wwz.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\RunServices: [wwz] C:\WINDOWS\system32\wwz.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: Skyscape smARTupdate.lnk = C:\Program Files\Common Files\Skyscape\smARTupdate.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: MA101 Configuration Utility .lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.averatec.com
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Machine Debug Manager (MCH_DBG) - Unknown owner - C:\WINDOWS\security\mdm.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
O23 - Service: Print Spooler Service (o4ey1avocybuwyy) - Unknown owner - C:\WINDOWS\system32\wwz.exe (file missing)
O23 - Service: Phoenix VCD Service (PhnxVCDService) - Phoenix Technologies Ltd. - C:\WINDOWS\system32\PhnxCDSvr.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


----------



## cybertech (Apr 16, 2002)

Go to this web site: http://virusscan.jotti.org/
In the File to upload & scan box copy and paste each of the following one at a time. Then click the Submit button.
*C:\WINDOWS\system32\wwz.exe
C:\WINDOWS\security\mdm.exe
*
Copy the results and paste them back here in your next reply.


----------



## louriec (Jun 5, 2007)

(When I hit submit for the system32 file, this is the message I got) The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file

The security file resilted in this


Scanner results 
Scan taken on 07 Jun 2007 14:29:29 (GMT) 
A-Squared Found nothing 
AntiVir Found HEUR/Crypted 
ArcaVir Found nothing 
Avast Found nothing 
AVG Antivirus Found nothing 
BitDefender Found nothing 
ClamAV Found nothing 
Dr.Web Found nothing 
F-Prot Antivirus Found nothing 
F-Secure Anti-Virus Found nothing 
Fortinet Found nothing 
Kaspersky Anti-Virus Found nothing 
NOD32 Found nothing 
Norman Virus Control Found W32/Hupigon.gen76 
Panda Antivirus Found nothing 
Rising Antivirus Found nothing 
VirusBuster Found nothing 
VBA32 Found nothing


----------



## cybertech (Apr 16, 2002)

Restart in safe mode and copy them to your c:\temp folder then try again using those copies to submit.


----------



## louriec (Jun 5, 2007)

So I could not find the files just by going into the C:Windows file but they weren't there. I performed a search of the C drive and the computer only found the wwz.exe file, which I moved to the temp folder. However it did not find the other file...


----------



## cybertech (Apr 16, 2002)

What is in the C:\WINDOWS\*security *folder?

Look in there and see how many files you find. If you find mdm.exe and a .pf file delete the files.


----------



## louriec (Jun 5, 2007)

So I looked in my C:Windows/Security folder. In the folder are three folders: Database, logs, and templates. In the "database" folder is a file called secedit and it's an appfix package. In the "logs" folder, there are 3 text files called backup, sceroot, and scesetup, and one OLD file called scecomp.old. Finally, in the "templates" folder there are three setup information files called hisecdc, hisecws, and setup security. I didn't see either of the .exe files we were looking at before.


----------



## cybertech (Apr 16, 2002)

Download *WinPFind3U.exe* to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

Open the WinPFind3u folder and double-click on *WinPFind3U.exe* to start the program.
In the *Files Created Within* group click *30 days*
In the *Files Modified Within* group select *30 days*
In the *File String Search* group select *Non-Microsoft*

Now click the *Run Scan* button on the toolbar.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Please post the resulting log here as an attachment.


----------



## louriec (Jun 5, 2007)

WinPFind3 logfile created on: 6/10/2007 3:53:49 PM
WinPFind3U by OldTimer - Version 1.0.38	Folder = C:\Documents and Settings\Kristen\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)

479.36 Mb Total Physical Memory | 136.61 Mb Available Physical Memory | 28.50% Memory free
1.10 Gb Paging File | 0.59 Gb Available in Paging File | 53.87% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 72.18 Gb Total Space | 61.71 Gb Free Space | 85.50% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: KRISTENR-AVERA
Current User Name: Kristen
Logged in as Administrator.
Current Boot Mode: Normal

[Processes - Non-Microsoft Only]
adeck.exe -> %ProgramFiles%\VIAudioi\SBADeck\ADeck.exe -> VIA Technologies, Inc. [Ver = 5, 9, 0, 6 | Size = 512000 bytes | Modified Date = 3/4/2005 2:20:46 AM | Attr = ]
aim.exe -> %ProgramFiles%\AIM\aim.exe -> America Online, Inc. [Ver = 5.9.3797 | Size = 67160 bytes | Modified Date = 6/2/2005 2:34:34 AM | Attr = ]
aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> Symantec Corporation [Ver = 3.0.0.160 | Size = 100032 bytes | Modified Date = 2/23/2006 12:41:04 PM | Attr = ]
ccapp.exe -> %CommonProgramFiles%\Symantec Shared\CCAPP.EXE -> Symantec Corporation [Ver = 103.0.5.2 | Size = 58992 bytes | Modified Date = 7/14/2005 10:16:00 PM | Attr = ]
ccevtmgr.exe -> %CommonProgramFiles%\Symantec Shared\CCEVTMGR.EXE -> Symantec Corporation [Ver = 103.0.5.2 | Size = 198256 bytes | Modified Date = 7/14/2005 10:16:30 PM | Attr = ]
ccsetmgr.exe -> %CommonProgramFiles%\Symantec Shared\CCSETMGR.EXE -> Symantec Corporation [Ver = 103.0.5.2 | Size = 181872 bytes | Modified Date = 7/14/2005 10:16:44 PM | Attr = ]
googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 1, 2, 1128, 5462 | Size = 171448 bytes | Modified Date = 1/26/2007 1:16:34 PM | Attr = ]
guard.exe -> %ProgramFiles%\Phoenix Technologies\cME\Guard\guard.exe -> Phoenix Technologies Ltd. [Ver = 1, 0, 0, 16 | Size = 532480 bytes | Modified Date = 10/11/2004 4:53:22 PM | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.1.8 | Size = 451136 bytes | Modified Date = 9/25/2006 2:54:22 PM | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.1.8 | Size = 229952 bytes | Modified Date = 9/25/2006 2:54:24 PM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_01\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 83608 bytes | Modified Date = 3/14/2007 3:43:44 AM | Attr = ]
mdm.exe -> %SystemRoot%\security\mdm.exe -> [Ver = | Size = 89088 bytes | Modified Date = 6/4/2007 7:45:22 PM | Attr = RHS]
navapsvc.exe -> %ProgramFiles%\Norton AntiVirus\NAVAPSVC.EXE -> Symantec Corporation [Ver = 11.0.16.2 | Size = 177264 bytes | Modified Date = 10/19/2005 1:54:14 PM | Attr = ]
npfmntor.exe -> %ProgramFiles%\Norton AntiVirus\IWP\NPFMNTOR.EXE -> Symantec Corporation [Ver = 11.0.16.2 | Size = 46704 bytes | Modified Date = 10/19/2005 1:54:52 PM | Attr = ]
o2flash.exe -> %System32%\o2flash.exe -> [Ver = | Size = 36864 bytes | Modified Date = 1/27/2005 4:33:58 AM | Attr = ]
objectdock.exe -> %ProgramFiles%\Stardock\ObjectDock\ObjectDock.exe -> Stardock [Ver = v1.20.521u | Size = 1802309 bytes | Modified Date = 7/14/2005 5:13:06 PM | Attr = ]
pdvdserv.exe -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 5.00.0000 | Size = 32768 bytes | Modified Date = 7/15/2004 4:07:56 AM | Attr = ]
phnxcdsvr.exe -> %System32%\PhnxCDSvr.exe -> Phoenix Technologies Ltd. [Ver = 2.0.0.5 | Size = 49152 bytes | Modified Date = 10/12/2004 5:29:58 PM | Attr = ]
psngive.exe -> %ProgramFiles%\3M\PSNLite\PSNGive.exe -> 3M [Ver = 3, 0, 2, 2070 | Size = 65536 bytes | Modified Date = 5/26/2004 9:40:16 AM | Attr = ]
psnlite.exe -> %ProgramFiles%\3M\PSNLite\PsnLite.exe -> 3M [Ver = 3, 0, 1, 1070 | Size = 1622016 bytes | Modified Date = 6/2/2004 2:04:58 PM | Attr = ]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 9/24/2006 3:24:54 AM | Attr = ]
realplay.exe -> %ProgramFiles%\Real\RealPlayer\realplay.exe -> RealNetworks, Inc. [Ver = 6.0.12.1741 | Size = 214560 bytes | Modified Date = 11/26/2006 5:45:18 PM | Attr = ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3760 | Size = 185896 bytes | Modified Date = 11/26/2006 5:45:12 PM | Attr = ]
sdtrayapp.exe -> %ProgramFiles%\Spyware Doctor\SDTrayApp.exe -> PC Tools [Ver = 5.0.0.38 | Size = 810576 bytes | Modified Date = 5/17/2007 12:02:18 PM | Attr = ]
sm56hlpr.exe -> %SystemRoot%\sm56hlpr.exe -> Motorola Inc. [Ver = 6.09.07 | Size = 544768 bytes | Modified Date = 12/29/2004 3:01:56 AM | Attr = ]
smartupdate.exe -> %CommonProgramFiles%\Skyscape\smARTupdate.exe -> Skyscape, Inc. [Ver = 3, 2, 31, 0 | Size = 4165632 bytes | Modified Date = 4/4/2007 1:25:54 PM | Attr = ]
sndsrvc.exe -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 5.5.1.6 | Size = 206552 bytes | Modified Date = 4/5/2005 12:17:22 PM | Attr = ]
spbbcsvc.exe -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 1,0,1,47 | Size = 173160 bytes | Modified Date = 3/16/2005 3:31:00 AM | Attr = ]
svcntaux.exe -> %ProgramFiles%\Spyware Doctor\svcntaux.exe -> PC Tools [Ver = 5.0.0.23 | Size = 708176 bytes | Modified Date = 5/17/2007 12:02:22 PM | Attr = ]
swdsvc.exe -> %ProgramFiles%\Spyware Doctor\swdsvc.exe -> PC Tools [Ver = 5.0.0.59 | Size = 1302608 bytes | Modified Date = 5/17/2007 12:02:28 PM | Attr = ]
viewmgr.exe -> %ProgramFiles%\Viewpoint\Viewpoint Manager\ViewMgr.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 112336 bytes | Modified Date = 1/4/2007 5:38:20 PM | Attr = ]
viewpointservice.exe -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 5:38:10 PM | Attr = ]
vttimer.exe -> %System32%\VTTimer.exe -> S3 Graphics, Inc. [Ver = 2.00.01-0307 | Size = 53248 bytes | Modified Date = 3/7/2005 3:33:28 PM | Attr = ]
vttrayp.exe -> %System32%\VTTrayp.exe -> S3 Graphics Co., Ltd. [Ver = 2.00.35-0110 | Size = 143360 bytes | Modified Date = 1/10/2005 7:33:24 PM | Attr = ]
watchdog.exe -> %ProgramFiles%\mobile PhoneTools\WatchDog.exe -> [Ver = | Size = 36864 bytes | Modified Date = 8/13/2004 4:42:20 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.38.0 | Size = 318976 bytes | Modified Date = 5/22/2007 6:27:40 PM | Attr = ]
wlanmonitor.exe -> %ProgramFiles%\NETGEAR\MA101 USB Adapter Configuration Utility\WlanMonitor.exe -> ATMEL [Ver = 3, 1, 4, 8, 21 | Size = 163916 bytes | Modified Date = 7/28/2003 2:38:12 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> Symantec Corporation [Ver = 3.0.0.160 | Size = 100032 bytes | Modified Date = 2/23/2006 12:41:04 PM | Attr = ]
(ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCEVTMGR.EXE -> Symantec Corporation [Ver = 103.0.5.2 | Size = 198256 bytes | Modified Date = 7/14/2005 10:16:30 PM | Attr = ]
(ccPwdSvc) Symantec Password Validation [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\CCPWDSVC.EXE -> Symantec Corporation [Ver = 103.0.5.2 | Size = 79472 bytes | Modified Date = 7/14/2005 10:16:40 PM | Attr = ]
(ccSetMgr) Symantec Settings Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCSETMGR.EXE -> Symantec Corporation [Ver = 103.0.5.2 | Size = 181872 bytes | Modified Date = 7/14/2005 10:16:44 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 1/26/2007 1:16:26 PM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 1:41:10 AM | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.1.8 | Size = 451136 bytes | Modified Date = 9/25/2006 2:54:22 PM | Attr = ]
(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_0.EXE -> Symantec Corporation [Ver = 3.0.0.160 | Size = 2045632 bytes | Modified Date = 2/23/2006 12:41:04 PM | Attr = ]
(MCH_DBG) Machine Debug Manager [Win32_Own | Auto | Running] -> %SystemRoot%\security\mdm.exe -> [Ver = | Size = 89088 bytes | Modified Date = 6/4/2007 7:45:22 PM | Attr = RHS]
(navapsvc) Norton AntiVirus Auto-Protect Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Norton AntiVirus\NAVAPSVC.EXE -> Symantec Corporation [Ver = 11.0.16.2 | Size = 177264 bytes | Modified Date = 10/19/2005 1:54:14 PM | Attr = ]
(NPFMntor) Norton AntiVirus Firewall Monitor Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Norton AntiVirus\IWP\NPFMNTOR.EXE -> Symantec Corporation [Ver = 11.0.16.2 | Size = 46704 bytes | Modified Date = 10/19/2005 1:54:52 PM | Attr = ]
(O2Flash) O2Micro Flash Memory [Win32_Own | Auto | Running] -> %System32%\o2flash.exe -> [Ver = | Size = 36864 bytes | Modified Date = 1/27/2005 4:33:58 AM | Attr = ]
(o4ey1avocybuwyy) Print Spooler Service [Win32_Own | Auto | Stopped] -> %System32%\wwz.exe -> File not found
(PhnxVCDService) Phoenix VCD Service [Win32_Own | On_Demand | Running] -> %System32%\PhnxCDSvr.exe -> Phoenix Technologies Ltd. [Ver = 2.0.0.5 | Size = 49152 bytes | Modified Date = 10/12/2004 5:29:58 PM | Attr = ]
(SAVScan) SAVScan [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Norton AntiVirus\SAVSCAN.EXE -> Symantec Corporation [Ver = 9.4.2.1 | Size = 198368 bytes | Modified Date = 3/7/2005 3:59:36 PM | Attr = ]
(SBService) ScriptBlocking Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\Script Blocking\SBSERV.EXE -> Symantec Corporation [Ver = 11.0.16.2 | Size = 67184 bytes | Modified Date = 10/19/2005 1:55:00 PM | Attr = ]
(sdAuxService) Spyware Doctor Auxiliary Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\svcntaux.exe -> PC Tools [Ver = 5.0.0.23 | Size = 708176 bytes | Modified Date = 5/17/2007 12:02:22 PM | Attr = ]
(sdCoreService) Spyware Doctor Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\swdsvc.exe -> PC Tools [Ver = 5.0.0.59 | Size = 1302608 bytes | Modified Date = 5/17/2007 12:02:28 PM | Attr = ]
(SNDSrvc) Symantec Network Drivers Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 5.5.1.6 | Size = 206552 bytes | Modified Date = 4/5/2005 12:17:22 PM | Attr = ]
(SPBBCSvc) Symantec SPBBCSvc [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 1,0,1,47 | Size = 173160 bytes | Modified Date = 3/16/2005 3:31:00 AM | Attr = ]
(Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 5:38:10 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AudioDeck -> %ProgramFiles%\VIAudioi\SBADeck\ADeck.exe -> VIA Technologies, Inc. [Ver = 5, 9, 0, 6 | Size = 512000 bytes | Modified Date = 3/4/2005 2:20:46 AM | Attr = ]
ccApp -> %CommonProgramFiles%\Symantec Shared\CCAPP.EXE -> Symantec Corporation [Ver = 103.0.5.2 | Size = 58992 bytes | Modified Date = 7/14/2005 10:16:00 PM | Attr = ]
Eval -> %ProgramFiles%\Phoenix Technologies\cME\RPro\Eval\Eval.exe -> [Ver = 1, 0, 0, 1 | Size = 1826816 bytes | Modified Date = 11/10/2004 8:39:22 PM | Attr = ]
farstone -> -> File not found
Guard -> %ProgramFiles%\Phoenix Technologies\cME\Guard\guard.exe -> Phoenix Technologies Ltd. [Ver = 1, 0, 0, 16 | Size = 532480 bytes | Modified Date = 10/11/2004 4:53:22 PM | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.1.8 | Size = 229952 bytes | Modified Date = 9/25/2006 2:54:24 PM | Attr = ]
KTPWare -> %ProgramFiles%\Elantech\Ktp.exe -> ELANTECH Devices Corp. [Ver = 5, 0, 2, 0 | Size = 253952 bytes | Modified Date = 3/2/2005 1:46:26 AM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 9/24/2006 3:24:54 AM | Attr = ]
RemoteControl -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 5.00.0000 | Size = 32768 bytes | Modified Date = 7/15/2004 4:07:56 AM | Attr = ]
RestoreIT! -> %ProgramFiles%\Phoenix Technologies\cME\RPro\ XP\vbptask.exe -> FarStone Tech. Inc. [Ver = 2, 0, 0, 0 | Size = 114688 bytes | Modified Date = 10/11/2004 2:18:42 AM | Attr = ]
SDTray -> %ProgramFiles%\Spyware Doctor\SDTrayApp.exe -> PC Tools [Ver = 5.0.0.38 | Size = 810576 bytes | Modified Date = 5/17/2007 12:02:18 PM | Attr = ]
SMSERIAL -> %SystemRoot%\sm56hlpr.exe -> Motorola Inc. [Ver = 6.09.07 | Size = 544768 bytes | Modified Date = 12/29/2004 3:01:56 AM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_01\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 83608 bytes | Modified Date = 3/14/2007 3:43:44 AM | Attr = ]
Symantec NetDriver Monitor -> %ProgramFiles%\SymNetDrv\SNDMon.exe -> Symantec Corporation [Ver = 5.5.1.6 | Size = 100056 bytes | Modified Date = 2/19/2006 9:37:00 AM | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3760 | Size = 185896 bytes | Modified Date = 11/26/2006 5:45:12 PM | Attr = ]
VTTimer -> %System32%\VTTimer.exe -> S3 Graphics, Inc. [Ver = 2.00.01-0307 | Size = 53248 bytes | Modified Date = 3/7/2005 3:33:28 PM | Attr = ]
VTTrayp -> %System32%\VTTrayp.exe -> S3 Graphics Co., Ltd. [Ver = 2.00.35-0110 | Size = 143360 bytes | Modified Date = 1/10/2005 7:33:24 PM | Attr = ]
WatchDog -> %ProgramFiles%\mobile PhoneTools\WatchDog.exe -> [Ver = | Size = 36864 bytes | Modified Date = 8/13/2004 4:42:20 PM | Attr = ]
wwz -> %System32%\wwz.exe -> File not found
< RunServices [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
wwz -> %System32%\wwz.exe -> File not found
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 -> 
MAPI -> Installed = 1 -> 
MSFS -> Installed = 1 -> 
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AIM -> %ProgramFiles%\AIM\aim.exe -cnetwait.odl -> File not found
Free Download Manager -> %ProgramFiles%\Free Download Manager\fdm.exe -> File not found
Power2GoExpress -> -> File not found
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 1, 2, 1128, 5462 | Size = 171448 bytes | Modified Date = 1/26/2007 1:16:34 PM | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
%AllUsersStartup%\MA101 Configuration Utility .lnk -> %ProgramFiles%\NETGEAR\MA101 USB Adapter Configuration Utility\WlanMonitor.exe -> ATMEL [Ver = 3, 1, 4, 8, 21 | Size = 163916 bytes | Modified Date = 7/28/2003 2:38:12 PM | Attr = ]
%AllUsersStartup%\Post-it® Software Notes Lite.lnk -> %ProgramFiles%\3M\PSNLite\PsnLite.exe -> 3M [Ver = 3, 0, 1, 1070 | Size = 1622016 bytes | Modified Date = 6/2/2004 2:04:58 PM | Attr = ]
< User Startup > -> C:\Documents and Settings\Kristen\Start Menu\Programs\Startup
%UserStartup%\Skyscape smARTupdate.lnk -> %CommonProgramFiles%\Skyscape\smARTupdate.exe -> Skyscape, Inc. [Ver = 3, 2, 31, 0 | Size = 4165632 bytes | Modified Date = 4/4/2007 1:25:54 PM | Attr = ]
%UserStartup%\Stardock ObjectDock.lnk -> %ProgramFiles%\Stardock\ObjectDock\ObjectDock.exe -> Stardock [Ver = v1.20.521u | Size = 1802309 bytes | Modified Date = 7/14/2005 5:13:06 PM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
127.0.0.1 localhost -> -> 
< Internet Explorer Settings > -> 
HKLM: Default_Page_URL -> -> 
HKLM: Main\\Default_Search_URL -> -> 
HKLM: Local Page -> %SystemRoot%\system32\blank.htm -> 
HKLM: Search Page -> -> 
HKLM: Start Page -> about:blank -> 
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKLM: Search\\Default_Search_URL -> http://www.google.com/ie -> 
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm -> 
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKCU: Start Page -> http://hsremove.com/done.htm -> 
HKCU: SearchAssistant -> http://www.google.com/ie -> 
HKCU: ProxyEnable -> 0 -> 
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> -> 
< Trusted Sites > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
alias_widener.edu [https] -> -> 
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 7.0.0.2004121400 | Size = 63136 bytes | Modified Date = 12/14/2004 4:56:50 AM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 3/14/2007 3:43:40 AM | Attr = ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\googletoolbar4.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R ]
{BDF3E430-B101-42AD-A544-FADC6B084872} [HKLM] -> %ProgramFiles%\Norton AntiVirus\NAVSHEXT.DLL [CNavExtBho Class] -> Symantec Corporation [Ver = 11.0.16.2 | Size = 218736 bytes | Modified Date = 10/19/2005 1:54:30 PM | Attr = ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R ]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> %ProgramFiles%\Norton AntiVirus\NAVSHEXT.DLL [Norton AntiVirus] -> Symantec Corporation [Ver = 11.0.16.2 | Size = 218736 bytes | Modified Date = 10/19/2005 1:54:30 PM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> %ProgramFiles%\Norton AntiVirus\NAVSHEXT.DLL [Norton AntiVirus] -> Symantec Corporation [Ver = 11.0.16.2 | Size = 218736 bytes | Modified Date = 10/19/2005 1:54:30 PM | Attr = ]
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R ]
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [&Yahoo! Toolbar] -> File not found
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\npjpi160_01.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 132760 bytes | Modified Date = 3/14/2007 3:43:42 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 3/14/2007 3:43:40 AM | Attr = ]
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} -> Reg Data - Value does not exist [ButtonText: Create Mobile Favorite] -> File not found
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -> %ProgramFiles%\AIM\aim.exe [ButtonText: AIM] -> America Online, Inc. [Ver = 5.9.3797 | Size = 67160 bytes | Modified Date = 6/2/2005 2:34:34 AM | Attr = ]
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
E&xport to Microsoft Excel -> -> File not found
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{1FB5C2B7-60AE-4281-9F51-4519F0943421} -> (VIA Rhine II Fast Ethernet Adapter) -> 
{2007FD7D-6089-404D-8E75-DDE6ED97D211} -> (Windows Mobile-based Device) -> 
{443FDD95-14DD-4D81-AE57-21A0503FE752} -> (1394 Net Adapter) -> 
{51DABD9C-9C70-4D39-A9C0-7C73D76B30C0} -> () -> 
{B082E2BD-B7F3-44DC-BB78-5BE0C036357D} -> (1394 Net Adapter) -> 
{DBC22D20-AD77-49D2-B014-7CC00B1CF325} -> (NETGEAR MA101 USB Adapter) -> 
{E86A6BF0-5C22-46F3-8F07-6F26AEC7946C} -> (802.11g MiniPCI Wireless Network Adapter) -> 
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://active.macromedia.com/director/cabs/sw.cab -> 
{5F8469B4-B055-49DD-83F7-62B522420ECC} -> Facebook Photo Uploader Control - CodeBase = http://upload.facebook.com/controls/FacebookPhotoUploader.cab -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab -> 
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -> ActiveScan Installer Class - CodeBase = http://acs.pandasoftware.com/activescan/as5free/asinst.cab -> 
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> Shockwave Flash Object - CodeBase = http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab ->

(The report was too long, so I've cut it down into two replies)


----------



## louriec (Jun 5, 2007)

[Files/Folders - Created Within 30 days]
aolupdater.exe -> %SystemDrive%\aolupdater.exe -> [Ver = | Size = 62464 bytes | Created Date = 6/6/2007 2:33:20 PM | Attr = ]
aolupdates.exe -> %SystemDrive%\aolupdates.exe -> [Ver = | Size = 62464 bytes | Created Date = 6/6/2007 2:32:34 PM | Attr = ]
bootloader.exe -> %SystemDrive%\bootloader.exe -> [Ver = | Size = 103424 bytes | Created Date = 6/6/2007 6:43:08 PM | Attr = ]
bootloader1X.exe -> %SystemDrive%\bootloader1X.exe -> [Ver = | Size = 62464 bytes | Created Date = 6/6/2007 2:01:52 PM | Attr = ]
bootloader2X.exe -> %SystemDrive%\bootloader2X.exe -> [Ver = | Size = 62464 bytes | Created Date = 6/6/2007 2:06:23 PM | Attr = ]
bootloaderX.exe -> %SystemDrive%\bootloaderX.exe -> [Ver = | Size = 62464 bytes | Created Date = 6/6/2007 2:00:19 PM | Attr = ]
dosload.exe -> %SystemDrive%\dosload.exe -> [Ver = | Size = 62464 bytes | Created Date = 6/6/2007 1:49:16 PM | Attr = ]
install.exe -> %SystemDrive%\install.exe -> [Ver = | Size = 62464 bytes | Created Date = 6/6/2007 3:32:33 PM | Attr = ]
installOS.exe -> %SystemDrive%\installOS.exe -> [Ver = | Size = 62464 bytes | Created Date = 6/6/2007 3:50:03 PM | Attr = ]
installOSx.exe -> %SystemDrive%\installOSx.exe -> [Ver = | Size = 62464 bytes | Created Date = 6/6/2007 4:01:33 PM | Attr = ]
QooBox -> %SystemDrive%\QooBox -> [Folder | Created Date = 6/5/2007 6:12:16 PM | Attr = ]
_OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Created Date = 6/6/2007 6:25:36 PM | Attr = ]
$NtUninstallKB927891$ -> %SystemRoot%\$NtUninstallKB927891$ -> [Folder | Created Date = 5/23/2007 9:21:54 PM | Attr = H ]
catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 87040 bytes | Created Date = 6/5/2007 6:15:11 PM | Attr = ]
nircmd.exe -> %SystemRoot%\nircmd.exe -> NirSoft [Ver = 1.85 | Size = 49152 bytes | Created Date = 6/5/2007 6:15:11 PM | Attr = ]
temp -> %SystemRoot%\temp -> [Folder | Created Date = 6/5/2007 6:16:11 PM | Attr = ]
ActiveScan -> %System32%\ActiveScan -> [Folder | Created Date = 6/5/2007 3:36:15 PM | Attr = ]
asuninst.exe -> %System32%\asuninst.exe -> Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Created Date = 6/5/2007 3:37:21 PM | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Created Date = 6/5/2007 3:36:23 PM | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 135168 bytes | Created Date = 6/6/2007 2:20:27 PM | Attr = ]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 69632 bytes | Created Date = 6/6/2007 2:20:27 PM | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 135168 bytes | Created Date = 6/6/2007 2:20:27 PM | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 139264 bytes | Created Date = 6/6/2007 2:20:27 PM | Attr = ]
moveex.exe -> %System32%\moveex.exe -> [Ver = | Size = 38400 bytes | Created Date = 6/5/2007 6:15:10 PM | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Created Date = 6/5/2007 3:36:22 PM | Attr = ]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.6 | Size = 428032 bytes | Created Date = 6/5/2007 6:15:12 PM | Attr = ]
swsc.exe -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.0 | Size = 370688 bytes | Created Date = 6/5/2007 6:15:09 PM | Attr = ]
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 6/5/2007 6:15:08 PM | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Created Date = 6/5/2007 3:36:23 PM | Attr = ]
vfind.exe -> %System32%\vfind.exe -> [Ver = | Size = 49152 bytes | Created Date = 6/5/2007 6:15:11 PM | Attr = ]
ZPORT4AS.dll -> %System32%\ZPORT4AS.dll -> [Ver = | Size = 11776 bytes | Created Date = 6/5/2007 3:37:21 PM | Attr = ]
ikfileflt.sys -> %System32%\drivers\ikfileflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1016 | Size = 39248 bytes | Created Date = 6/4/2007 9:51:30 PM | Attr = ]
ikfilesec.sys -> %System32%\drivers\ikfilesec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1025 | Size = 52304 bytes | Created Date = 6/4/2007 9:51:30 PM | Attr = ]
iksysflt.sys -> %System32%\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1018 | Size = 59984 bytes | Created Date = 6/4/2007 9:51:30 PM | Attr = ]
iksyssec.sys -> %System32%\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1017 | Size = 83536 bytes | Created Date = 6/4/2007 9:51:30 PM | Attr = ]
kcom.sys -> %System32%\drivers\kcom.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1006 | Size = 26064 bytes | Created Date = 6/4/2007 9:51:30 PM | Attr = ]
tmcomm.sys -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.5.0.1052 | Size = 76560 bytes | Created Date = 6/4/2007 8:38:29 PM | Attr = ]

[Files/Folders - Modified Within 30 days]
aolupdater.exe -> %SystemDrive%\aolupdater.exe -> [Ver = | Size = 62464 bytes | Modified Date = 6/6/2007 3:33:22 PM | Attr = ]
aolupdates.exe -> %SystemDrive%\aolupdates.exe -> [Ver = | Size = 62464 bytes | Modified Date = 6/6/2007 3:32:36 PM | Attr = ]
b923e2f54ce1c1a0efb0 -> %SystemDrive%\b923e2f54ce1c1a0efb0 -> [Folder | Modified Date = 6/5/2007 5:28:08 PM | Attr = ]
bootloader.exe -> %SystemDrive%\bootloader.exe -> [Ver = | Size = 103424 bytes | Modified Date = 6/6/2007 7:43:10 PM | Attr = ]
bootloader1X.exe -> %SystemDrive%\bootloader1X.exe -> [Ver = | Size = 62464 bytes | Modified Date = 6/6/2007 3:01:54 PM | Attr = ]
bootloader2X.exe -> %SystemDrive%\bootloader2X.exe -> [Ver = | Size = 62464 bytes | Modified Date = 6/6/2007 3:06:24 PM | Attr = ]
bootloaderX.exe -> %SystemDrive%\bootloaderX.exe -> [Ver = | Size = 62464 bytes | Modified Date = 6/6/2007 3:00:20 PM | Attr = ]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 6/6/2007 7:41:24 PM | Attr = HS]
dosload.exe -> %SystemDrive%\dosload.exe -> [Ver = | Size = 62464 bytes | Modified Date = 6/6/2007 2:49:18 PM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 502714368 bytes | Modified Date = 6/10/2007 3:27:26 PM | Attr = HS]
install.exe -> %SystemDrive%\install.exe -> [Ver = | Size = 62464 bytes | Modified Date = 6/6/2007 4:32:34 PM | Attr = ]
installOS.exe -> %SystemDrive%\installOS.exe -> [Ver = | Size = 62464 bytes | Modified Date = 6/6/2007 4:50:06 PM | Attr = ]
installOSx.exe -> %SystemDrive%\installOSx.exe -> [Ver = | Size = 62464 bytes | Modified Date = 6/6/2007 5:01:34 PM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 6/10/2007 3:27:40 PM | Attr = R ]
QooBox -> %SystemDrive%\QooBox -> [Folder | Modified Date = 6/5/2007 7:12:18 PM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 6/6/2007 10:46:20 AM | Attr = ]
_OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Modified Date = 6/6/2007 7:25:38 PM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 5/23/2007 10:21:20 PM | Attr = H ]
$NtUninstallKB927891$ -> %SystemRoot%\$NtUninstallKB927891$ -> [Folder | Modified Date = 5/23/2007 10:21:56 PM | Attr = H ]
AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 6/5/2007 6:13:48 PM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 6/10/2007 3:27:26 PM | Attr = S]
catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 87040 bytes | Modified Date = 5/28/2007 4:23:12 AM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 6/5/2007 6:14:36 PM | Attr = S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 5/31/2007 10:11:24 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 6/5/2007 4:37:36 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 6/6/2007 3:20:38 PM | Attr = HS]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 6/10/2007 3:36:24 PM | Attr = ]
security -> %SystemRoot%\security -> [Folder | Modified Date = 6/7/2007 5:58:56 PM | Attr = ]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 6/5/2007 6:27:44 PM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 6/10/2007 3:33:40 PM | Attr = ]
temp -> %SystemRoot%\temp -> [Folder | Modified Date = 6/10/2007 3:31:22 PM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 536 bytes | Modified Date = 6/5/2007 4:42:14 PM | Attr = ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 6/5/2007 3:26:04 PM | Attr = ]
Norton AntiVirus - Scan my computer - Kristen.job -> %SystemRoot%\tasks\Norton AntiVirus - Scan my computer - Kristen.job -> [Ver = | Size = 534 bytes | Modified Date = 6/1/2007 9:22:40 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 6/10/2007 3:27:34 PM | Attr = H ]
ActiveScan -> %System32%\ActiveScan -> [Folder | Modified Date = 6/5/2007 6:28:04 PM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 6/6/2007 2:31:48 PM | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 6/5/2007 6:28:50 PM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 6/4/2007 10:49:12 PM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 6/10/2007 3:28:22 PM | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 6/5/2007 5:15:30 PM | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Modified Date = 6/5/2007 5:15:30 PM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 53838 bytes | Modified Date = 6/10/2007 3:33:40 PM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 382260 bytes | Modified Date = 6/10/2007 3:33:40 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 441626 bytes | Modified Date = 6/10/2007 3:33:36 PM | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 6/5/2007 5:15:30 PM | Attr = ]
wbem -> %System32%\wbem -> [Folder | Modified Date = 6/5/2007 6:35:02 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 6/10/2007 3:29:16 PM | Attr = ]
tmcomm.sys -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.5.0.1052 | Size = 76560 bytes | Modified Date = 6/4/2007 9:36:42 PM | Attr = ]

[File String Scan - Non-Microsoft Only]
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable -> 
Thawte Consulting , -> %System32%\Archimedes_pc.dll -> Skyscape, Inc [Ver = 1, 3, 9, 0 | Size = 174544 bytes | Modified Date = 3/7/2006 4:14:14 PM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
Thawte Consulting , -> %System32%\JS32CE_pc.dll -> Skyscape, Inc [Ver = 1, 3, 9, 0 | Size = 334288 bytes | Modified Date = 3/7/2006 4:14:14 PM | Attr = ]
Thawte Consulting , -> %System32%\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.9.2568 | Size = 185952 bytes | Modified Date = 11/26/2006 5:45:44 PM | Attr = ]
Thawte Consulting , -> %System32%\ssartworkz_pc.dll -> Skyscape, Inc [Ver = 2, 9, 9, 0 | Size = 2738640 bytes | Modified Date = 12/8/2006 2:22:48 PM | Attr = ]
Thawte Consulting , -> %System32%\sszlib_pc.dll -> Skyscape, Inc [Ver = 2, 9, 9, 0 | Size = 88528 bytes | Modified Date = 12/8/2006 2:22:48 PM | Attr = ]
@Alternate Data Stream - 0 bytes -> %System32%\Thumbs.db:encryptable -> 
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]

< End of report >


----------



## cybertech (Apr 16, 2002)

Start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the *Run Fix* button.


> [Registry - Non-Microsoft Only]
> < Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> YY -> wwz -> %System32%\wwz.exe
> < RunServices [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
> ...


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the *Ok* button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new WinPFind3u scan.

I will review the information when it comes back in.


----------



## louriec (Jun 5, 2007)

[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\wwz deleted successfully.
File C:\WINDOWS\SYSTEM32\wwz.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\\wwz deleted successfully.
File C:\WINDOWS\SYSTEM32\wwz.exe not found.
[Files/Folders - Created Within 30 days]
C:\aolupdater.exe moved successfully.
C:\aolupdates.exe moved successfully.
C:\bootloader.exe moved successfully.
C:\bootloader1X.exe moved successfully.
C:\bootloader2X.exe moved successfully.
C:\bootloaderX.exe moved successfully.
C:\dosload.exe moved successfully.
C:\install.exe moved successfully.
C:\installOS.exe moved successfully.
C:\installOSx.exe moved successfully.
C:\WINDOWS\SYSTEM32\moveex.exe moved successfully.
File not found!
< End of log >
Created on 06/10/2007 21:59:55

THis is from the the fix. The next two replies will be a new WinPFind3u scan


----------



## louriec (Jun 5, 2007)

WinPFind3 logfile created on: 6/10/2007 10:03:10 PM
WinPFind3U by OldTimer - Version 1.0.38	Folder = C:\Documents and Settings\Kristen\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)

479.36 Mb Total Physical Memory | 126.52 Mb Available Physical Memory | 26.39% Memory free
1.10 Gb Paging File | 0.57 Gb Available in Paging File | 51.96% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 72.18 Gb Total Space | 61.69 Gb Free Space | 85.47% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: KRISTENR-AVERA
Current User Name: Kristen
Logged in as Administrator.
Current Boot Mode: Normal

[Processes - Non-Microsoft Only]
adeck.exe -> %ProgramFiles%\VIAudioi\SBADeck\ADeck.exe -> VIA Technologies, Inc. [Ver = 5, 9, 0, 6 | Size = 512000 bytes | Modified Date = 3/4/2005 2:20:46 AM | Attr = ]
aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> Symantec Corporation [Ver = 3.0.0.160 | Size = 100032 bytes | Modified Date = 2/23/2006 12:41:04 PM | Attr = ]
ccapp.exe -> %CommonProgramFiles%\Symantec Shared\CCAPP.EXE -> Symantec Corporation [Ver = 103.0.5.2 | Size = 58992 bytes | Modified Date = 7/14/2005 10:16:00 PM | Attr = ]
ccevtmgr.exe -> %CommonProgramFiles%\Symantec Shared\CCEVTMGR.EXE -> Symantec Corporation [Ver = 103.0.5.2 | Size = 198256 bytes | Modified Date = 7/14/2005 10:16:30 PM | Attr = ]
ccsetmgr.exe -> %CommonProgramFiles%\Symantec Shared\CCSETMGR.EXE -> Symantec Corporation [Ver = 103.0.5.2 | Size = 181872 bytes | Modified Date = 7/14/2005 10:16:44 PM | Attr = ]
googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 1, 2, 1128, 5462 | Size = 171448 bytes | Modified Date = 1/26/2007 1:16:34 PM | Attr = ]
guard.exe -> %ProgramFiles%\Phoenix Technologies\cME\Guard\guard.exe -> Phoenix Technologies Ltd. [Ver = 1, 0, 0, 16 | Size = 532480 bytes | Modified Date = 10/11/2004 4:53:22 PM | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.1.8 | Size = 451136 bytes | Modified Date = 9/25/2006 2:54:22 PM | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.1.8 | Size = 229952 bytes | Modified Date = 9/25/2006 2:54:24 PM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_01\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 83608 bytes | Modified Date = 3/14/2007 3:43:44 AM | Attr = ]
mdm.exe -> %SystemRoot%\security\mdm.exe -> [Ver = | Size = 89088 bytes | Modified Date = 6/4/2007 7:45:22 PM | Attr = RHS]
navapsvc.exe -> %ProgramFiles%\Norton AntiVirus\NAVAPSVC.EXE -> Symantec Corporation [Ver = 11.0.16.2 | Size = 177264 bytes | Modified Date = 10/19/2005 1:54:14 PM | Attr = ]
npfmntor.exe -> %ProgramFiles%\Norton AntiVirus\IWP\NPFMNTOR.EXE -> Symantec Corporation [Ver = 11.0.16.2 | Size = 46704 bytes | Modified Date = 10/19/2005 1:54:52 PM | Attr = ]
o2flash.exe -> %System32%\o2flash.exe -> [Ver = | Size = 36864 bytes | Modified Date = 1/27/2005 4:33:58 AM | Attr = ]
objectdock.exe -> %ProgramFiles%\Stardock\ObjectDock\ObjectDock.exe -> Stardock [Ver = v1.20.521u | Size = 1802309 bytes | Modified Date = 7/14/2005 5:13:06 PM | Attr = ]
pdvdserv.exe -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 5.00.0000 | Size = 32768 bytes | Modified Date = 7/15/2004 4:07:56 AM | Attr = ]
phnxcdsvr.exe -> %System32%\PhnxCDSvr.exe -> Phoenix Technologies Ltd. [Ver = 2.0.0.5 | Size = 49152 bytes | Modified Date = 10/12/2004 5:29:58 PM | Attr = ]
psngive.exe -> %ProgramFiles%\3M\PSNLite\PSNGive.exe -> 3M [Ver = 3, 0, 2, 2070 | Size = 65536 bytes | Modified Date = 5/26/2004 9:40:16 AM | Attr = ]
psnlite.exe -> %ProgramFiles%\3M\PSNLite\PsnLite.exe -> 3M [Ver = 3, 0, 1, 1070 | Size = 1622016 bytes | Modified Date = 6/2/2004 2:04:58 PM | Attr = ]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 9/24/2006 3:24:54 AM | Attr = ]
realplay.exe -> %ProgramFiles%\Real\RealPlayer\realplay.exe -> RealNetworks, Inc. [Ver = 6.0.12.1741 | Size = 214560 bytes | Modified Date = 11/26/2006 5:45:18 PM | Attr = ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3760 | Size = 185896 bytes | Modified Date = 11/26/2006 5:45:12 PM | Attr = ]
sdtrayapp.exe -> %ProgramFiles%\Spyware Doctor\SDTrayApp.exe -> PC Tools [Ver = 5.0.0.38 | Size = 810576 bytes | Modified Date = 5/17/2007 12:02:18 PM | Attr = ]
sm56hlpr.exe -> %SystemRoot%\sm56hlpr.exe -> Motorola Inc. [Ver = 6.09.07 | Size = 544768 bytes | Modified Date = 12/29/2004 3:01:56 AM | Attr = ]
smartupdate.exe -> %CommonProgramFiles%\Skyscape\smARTupdate.exe -> Skyscape, Inc. [Ver = 3, 2, 31, 0 | Size = 4165632 bytes | Modified Date = 4/4/2007 1:25:54 PM | Attr = ]
sndsrvc.exe -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 5.5.1.6 | Size = 206552 bytes | Modified Date = 4/5/2005 12:17:22 PM | Attr = ]
spbbcsvc.exe -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 1,0,1,47 | Size = 173160 bytes | Modified Date = 3/16/2005 3:31:00 AM | Attr = ]
svcntaux.exe -> %ProgramFiles%\Spyware Doctor\svcntaux.exe -> PC Tools [Ver = 5.0.0.23 | Size = 708176 bytes | Modified Date = 5/17/2007 12:02:22 PM | Attr = ]
swdsvc.exe -> %ProgramFiles%\Spyware Doctor\swdsvc.exe -> PC Tools [Ver = 5.0.0.59 | Size = 1302608 bytes | Modified Date = 5/17/2007 12:02:28 PM | Attr = ]
viewmgr.exe -> %ProgramFiles%\Viewpoint\Viewpoint Manager\ViewMgr.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 112336 bytes | Modified Date = 1/4/2007 5:38:20 PM | Attr = ]
viewpointservice.exe -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 5:38:10 PM | Attr = ]
vttimer.exe -> %System32%\VTTimer.exe -> S3 Graphics, Inc. [Ver = 2.00.01-0307 | Size = 53248 bytes | Modified Date = 3/7/2005 3:33:28 PM | Attr = ]
vttrayp.exe -> %System32%\VTTrayp.exe -> S3 Graphics Co., Ltd. [Ver = 2.00.35-0110 | Size = 143360 bytes | Modified Date = 1/10/2005 7:33:24 PM | Attr = ]
watchdog.exe -> %ProgramFiles%\mobile PhoneTools\WatchDog.exe -> [Ver = | Size = 36864 bytes | Modified Date = 8/13/2004 4:42:20 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.38.0 | Size = 318976 bytes | Modified Date = 5/22/2007 6:27:40 PM | Attr = ]
wlanmonitor.exe -> %ProgramFiles%\NETGEAR\MA101 USB Adapter Configuration Utility\WlanMonitor.exe -> ATMEL [Ver = 3, 1, 4, 8, 21 | Size = 163916 bytes | Modified Date = 7/28/2003 2:38:12 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> Symantec Corporation [Ver = 3.0.0.160 | Size = 100032 bytes | Modified Date = 2/23/2006 12:41:04 PM | Attr = ]
(ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCEVTMGR.EXE -> Symantec Corporation [Ver = 103.0.5.2 | Size = 198256 bytes | Modified Date = 7/14/2005 10:16:30 PM | Attr = ]
(ccPwdSvc) Symantec Password Validation [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\CCPWDSVC.EXE -> Symantec Corporation [Ver = 103.0.5.2 | Size = 79472 bytes | Modified Date = 7/14/2005 10:16:40 PM | Attr = ]
(ccSetMgr) Symantec Settings Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCSETMGR.EXE -> Symantec Corporation [Ver = 103.0.5.2 | Size = 181872 bytes | Modified Date = 7/14/2005 10:16:44 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 1/26/2007 1:16:26 PM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 1:41:10 AM | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.1.8 | Size = 451136 bytes | Modified Date = 9/25/2006 2:54:22 PM | Attr = ]
(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_0.EXE -> Symantec Corporation [Ver = 3.0.0.160 | Size = 2045632 bytes | Modified Date = 2/23/2006 12:41:04 PM | Attr = ]
(MCH_DBG) Machine Debug Manager [Win32_Own | Auto | Running] -> %SystemRoot%\security\mdm.exe -> [Ver = | Size = 89088 bytes | Modified Date = 6/4/2007 7:45:22 PM | Attr = RHS]
(navapsvc) Norton AntiVirus Auto-Protect Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Norton AntiVirus\NAVAPSVC.EXE -> Symantec Corporation [Ver = 11.0.16.2 | Size = 177264 bytes | Modified Date = 10/19/2005 1:54:14 PM | Attr = ]
(NPFMntor) Norton AntiVirus Firewall Monitor Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Norton AntiVirus\IWP\NPFMNTOR.EXE -> Symantec Corporation [Ver = 11.0.16.2 | Size = 46704 bytes | Modified Date = 10/19/2005 1:54:52 PM | Attr = ]
(O2Flash) O2Micro Flash Memory [Win32_Own | Auto | Running] -> %System32%\o2flash.exe -> [Ver = | Size = 36864 bytes | Modified Date = 1/27/2005 4:33:58 AM | Attr = ]
(PhnxVCDService) Phoenix VCD Service [Win32_Own | On_Demand | Running] -> %System32%\PhnxCDSvr.exe -> Phoenix Technologies Ltd. [Ver = 2.0.0.5 | Size = 49152 bytes | Modified Date = 10/12/2004 5:29:58 PM | Attr = ]
(SAVScan) SAVScan [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Norton AntiVirus\SAVSCAN.EXE -> Symantec Corporation [Ver = 9.4.2.1 | Size = 198368 bytes | Modified Date = 3/7/2005 3:59:36 PM | Attr = ]
(SBService) ScriptBlocking Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\Script Blocking\SBSERV.EXE -> Symantec Corporation [Ver = 11.0.16.2 | Size = 67184 bytes | Modified Date = 10/19/2005 1:55:00 PM | Attr = ]
(sdAuxService) Spyware Doctor Auxiliary Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\svcntaux.exe -> PC Tools [Ver = 5.0.0.23 | Size = 708176 bytes | Modified Date = 5/17/2007 12:02:22 PM | Attr = ]
(sdCoreService) Spyware Doctor Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\swdsvc.exe -> PC Tools [Ver = 5.0.0.59 | Size = 1302608 bytes | Modified Date = 5/17/2007 12:02:28 PM | Attr = ]
(SNDSrvc) Symantec Network Drivers Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 5.5.1.6 | Size = 206552 bytes | Modified Date = 4/5/2005 12:17:22 PM | Attr = ]
(SPBBCSvc) Symantec SPBBCSvc [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 1,0,1,47 | Size = 173160 bytes | Modified Date = 3/16/2005 3:31:00 AM | Attr = ]
(Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 5:38:10 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AudioDeck -> %ProgramFiles%\VIAudioi\SBADeck\ADeck.exe -> VIA Technologies, Inc. [Ver = 5, 9, 0, 6 | Size = 512000 bytes | Modified Date = 3/4/2005 2:20:46 AM | Attr = ]
ccApp -> %CommonProgramFiles%\Symantec Shared\CCAPP.EXE -> Symantec Corporation [Ver = 103.0.5.2 | Size = 58992 bytes | Modified Date = 7/14/2005 10:16:00 PM | Attr = ]
Eval -> %ProgramFiles%\Phoenix Technologies\cME\RPro\Eval\Eval.exe -> [Ver = 1, 0, 0, 1 | Size = 1826816 bytes | Modified Date = 11/10/2004 8:39:22 PM | Attr = ]
farstone -> -> File not found
Guard -> %ProgramFiles%\Phoenix Technologies\cME\Guard\guard.exe -> Phoenix Technologies Ltd. [Ver = 1, 0, 0, 16 | Size = 532480 bytes | Modified Date = 10/11/2004 4:53:22 PM | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.1.8 | Size = 229952 bytes | Modified Date = 9/25/2006 2:54:24 PM | Attr = ]
KTPWare -> %ProgramFiles%\Elantech\Ktp.exe -> ELANTECH Devices Corp. [Ver = 5, 0, 2, 0 | Size = 253952 bytes | Modified Date = 3/2/2005 1:46:26 AM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 9/24/2006 3:24:54 AM | Attr = ]
RemoteControl -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 5.00.0000 | Size = 32768 bytes | Modified Date = 7/15/2004 4:07:56 AM | Attr = ]
RestoreIT! -> %ProgramFiles%\Phoenix Technologies\cME\RPro\ XP\vbptask.exe -> FarStone Tech. Inc. [Ver = 2, 0, 0, 0 | Size = 114688 bytes | Modified Date = 10/11/2004 2:18:42 AM | Attr = ]
SDTray -> %ProgramFiles%\Spyware Doctor\SDTrayApp.exe -> PC Tools [Ver = 5.0.0.38 | Size = 810576 bytes | Modified Date = 5/17/2007 12:02:18 PM | Attr = ]
SMSERIAL -> %SystemRoot%\sm56hlpr.exe -> Motorola Inc. [Ver = 6.09.07 | Size = 544768 bytes | Modified Date = 12/29/2004 3:01:56 AM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_01\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 83608 bytes | Modified Date = 3/14/2007 3:43:44 AM | Attr = ]
Symantec NetDriver Monitor -> %ProgramFiles%\SymNetDrv\SNDMon.exe -> Symantec Corporation [Ver = 5.5.1.6 | Size = 100056 bytes | Modified Date = 2/19/2006 9:37:00 AM | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3760 | Size = 185896 bytes | Modified Date = 11/26/2006 5:45:12 PM | Attr = ]
VTTimer -> %System32%\VTTimer.exe -> S3 Graphics, Inc. [Ver = 2.00.01-0307 | Size = 53248 bytes | Modified Date = 3/7/2005 3:33:28 PM | Attr = ]
VTTrayp -> %System32%\VTTrayp.exe -> S3 Graphics Co., Ltd. [Ver = 2.00.35-0110 | Size = 143360 bytes | Modified Date = 1/10/2005 7:33:24 PM | Attr = ]
WatchDog -> %ProgramFiles%\mobile PhoneTools\WatchDog.exe -> [Ver = | Size = 36864 bytes | Modified Date = 8/13/2004 4:42:20 PM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 -> 
MAPI -> Installed = 1 -> 
MSFS -> Installed = 1 -> 
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AIM -> %ProgramFiles%\AIM\aim.exe -cnetwait.odl -> File not found
Free Download Manager -> %ProgramFiles%\Free Download Manager\fdm.exe -> File not found
Power2GoExpress -> -> File not found
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 1, 2, 1128, 5462 | Size = 171448 bytes | Modified Date = 1/26/2007 1:16:34 PM | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
%AllUsersStartup%\MA101 Configuration Utility .lnk -> %ProgramFiles%\NETGEAR\MA101 USB Adapter Configuration Utility\WlanMonitor.exe -> ATMEL [Ver = 3, 1, 4, 8, 21 | Size = 163916 bytes | Modified Date = 7/28/2003 2:38:12 PM | Attr = ]
%AllUsersStartup%\Post-it® Software Notes Lite.lnk -> %ProgramFiles%\3M\PSNLite\PsnLite.exe -> 3M [Ver = 3, 0, 1, 1070 | Size = 1622016 bytes | Modified Date = 6/2/2004 2:04:58 PM | Attr = ]
< User Startup > -> C:\Documents and Settings\Kristen\Start Menu\Programs\Startup
%UserStartup%\Skyscape smARTupdate.lnk -> %CommonProgramFiles%\Skyscape\smARTupdate.exe -> Skyscape, Inc. [Ver = 3, 2, 31, 0 | Size = 4165632 bytes | Modified Date = 4/4/2007 1:25:54 PM | Attr = ]
%UserStartup%\Stardock ObjectDock.lnk -> %ProgramFiles%\Stardock\ObjectDock\ObjectDock.exe -> Stardock [Ver = v1.20.521u | Size = 1802309 bytes | Modified Date = 7/14/2005 5:13:06 PM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableTaskMgr -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableRegedit -> 0 -> 
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
127.0.0.1 localhost -> -> 
< Internet Explorer Settings > -> 
HKLM: Default_Page_URL -> -> 
HKLM: Main\\Default_Search_URL -> -> 
HKLM: Local Page -> %SystemRoot%\system32\blank.htm -> 
HKLM: Search Page -> -> 
HKLM: Start Page -> about:blank -> 
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKLM: Search\\Default_Search_URL -> http://www.google.com/ie -> 
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm -> 
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKCU: Start Page -> http://hsremove.com/done.htm -> 
HKCU: SearchAssistant -> http://www.google.com/ie -> 
HKCU: ProxyEnable -> 0 -> 
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> -> 
< Trusted Sites > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
alias_widener.edu [https] -> -> 
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 7.0.0.2004121400 | Size = 63136 bytes | Modified Date = 12/14/2004 4:56:50 AM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 3/14/2007 3:43:40 AM | Attr = ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\googletoolbar4.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R ]
{BDF3E430-B101-42AD-A544-FADC6B084872} [HKLM] -> %ProgramFiles%\Norton AntiVirus\NAVSHEXT.DLL [CNavExtBho Class] -> Symantec Corporation [Ver = 11.0.16.2 | Size = 218736 bytes | Modified Date = 10/19/2005 1:54:30 PM | Attr = ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R ]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> %ProgramFiles%\Norton AntiVirus\NAVSHEXT.DLL [Norton AntiVirus] -> Symantec Corporation [Ver = 11.0.16.2 | Size = 218736 bytes | Modified Date = 10/19/2005 1:54:30 PM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> %ProgramFiles%\Norton AntiVirus\NAVSHEXT.DLL [Norton AntiVirus] -> Symantec Corporation [Ver = 11.0.16.2 | Size = 218736 bytes | Modified Date = 10/19/2005 1:54:30 PM | Attr = ]
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R ]
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [&Yahoo! Toolbar] -> File not found
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\npjpi160_01.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 132760 bytes | Modified Date = 3/14/2007 3:43:42 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 3/14/2007 3:43:40 AM | Attr = ]
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} -> Reg Data - Value does not exist [ButtonText: Create Mobile Favorite] -> File not found
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -> %ProgramFiles%\AIM\aim.exe [ButtonText: AIM] -> America Online, Inc. [Ver = 5.9.3797 | Size = 67160 bytes | Modified Date = 6/2/2005 2:34:34 AM | Attr = ]
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
E&xport to Microsoft Excel -> -> File not found
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{1FB5C2B7-60AE-4281-9F51-4519F0943421} -> (VIA Rhine II Fast Ethernet Adapter) -> 
{2007FD7D-6089-404D-8E75-DDE6ED97D211} -> (Windows Mobile-based Device) -> 
{443FDD95-14DD-4D81-AE57-21A0503FE752} -> (1394 Net Adapter) -> 
{51DABD9C-9C70-4D39-A9C0-7C73D76B30C0} -> () -> 
{B082E2BD-B7F3-44DC-BB78-5BE0C036357D} -> (1394 Net Adapter) -> 
{DBC22D20-AD77-49D2-B014-7CC00B1CF325} -> (NETGEAR MA101 USB Adapter) -> 
{E86A6BF0-5C22-46F3-8F07-6F26AEC7946C} -> (802.11g MiniPCI Wireless Network Adapter) -> 
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://active.macromedia.com/director/cabs/sw.cab -> 
{5F8469B4-B055-49DD-83F7-62B522420ECC} -> Facebook Photo Uploader Control - CodeBase = http://upload.facebook.com/controls/FacebookPhotoUploader.cab -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab -> 
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -> ActiveScan Installer Class - CodeBase = http://acs.pandasoftware.com/activescan/as5free/asinst.cab -> 
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> Shockwave Flash Object - CodeBase = http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab ->


----------



## louriec (Jun 5, 2007)

[Files/Folders - Created Within 30 days]
QooBox -> %SystemDrive%\QooBox -> [Folder | Created Date = 6/5/2007 6:12:16 PM | Attr = ]
_OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Created Date = 6/6/2007 6:25:36 PM | Attr = ]
$NtUninstallKB927891$ -> %SystemRoot%\$NtUninstallKB927891$ -> [Folder | Created Date = 5/23/2007 9:21:54 PM | Attr = H ]
catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 87040 bytes | Created Date = 6/5/2007 6:15:11 PM | Attr = ]
nircmd.exe -> %SystemRoot%\nircmd.exe -> NirSoft [Ver = 1.85 | Size = 49152 bytes | Created Date = 6/5/2007 6:15:11 PM | Attr = ]
temp -> %SystemRoot%\temp -> [Folder | Created Date = 6/5/2007 6:16:11 PM | Attr = ]
ActiveScan -> %System32%\ActiveScan -> [Folder | Created Date = 6/5/2007 3:36:15 PM | Attr = ]
asuninst.exe -> %System32%\asuninst.exe -> Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Created Date = 6/5/2007 3:37:21 PM | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver =  | Size = 1406 bytes | Created Date = 6/5/2007 3:36:23 PM | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 135168 bytes | Created Date = 6/6/2007 2:20:27 PM | Attr = ]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 69632 bytes | Created Date = 6/6/2007 2:20:27 PM | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 135168 bytes | Created Date = 6/6/2007 2:20:27 PM | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 139264 bytes | Created Date = 6/6/2007 2:20:27 PM | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Created Date = 6/5/2007 3:36:22 PM | Attr = ]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.6 | Size = 428032 bytes | Created Date = 6/5/2007 6:15:12 PM | Attr = ]
swsc.exe -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.0 | Size = 370688 bytes | Created Date = 6/5/2007 6:15:09 PM | Attr = ]
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 6/5/2007 6:15:08 PM | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Created Date = 6/5/2007 3:36:23 PM | Attr = ]
vfind.exe -> %System32%\vfind.exe -> [Ver = | Size = 49152 bytes | Created Date = 6/5/2007 6:15:11 PM | Attr = ]
ZPORT4AS.dll -> %System32%\ZPORT4AS.dll -> [Ver = | Size = 11776 bytes | Created Date = 6/5/2007 3:37:21 PM | Attr = ]
ikfileflt.sys -> %System32%\drivers\ikfileflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1016 | Size = 39248 bytes | Created Date = 6/4/2007 9:51:30 PM | Attr = ]
ikfilesec.sys -> %System32%\drivers\ikfilesec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1025 | Size = 52304 bytes | Created Date = 6/4/2007 9:51:30 PM | Attr = ]
iksysflt.sys -> %System32%\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1018 | Size = 59984 bytes | Created Date = 6/4/2007 9:51:30 PM | Attr = ]
iksyssec.sys -> %System32%\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1017 | Size = 83536 bytes | Created Date = 6/4/2007 9:51:30 PM | Attr = ]
kcom.sys -> %System32%\drivers\kcom.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1006 | Size = 26064 bytes | Created Date = 6/4/2007 9:51:30 PM | Attr = ]
tmcomm.sys -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.5.0.1052 | Size = 76560 bytes | Created Date = 6/4/2007 8:38:29 PM | Attr = ]

[Files/Folders - Modified Within 30 days]
b923e2f54ce1c1a0efb0 -> %SystemDrive%\b923e2f54ce1c1a0efb0 -> [Folder | Modified Date = 6/5/2007 5:28:08 PM | Attr = ]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 6/6/2007 7:41:24 PM | Attr = HS]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 502714368 bytes | Modified Date = 6/10/2007 3:27:26 PM | Attr = HS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 6/10/2007 3:27:40 PM | Attr = R ]
QooBox -> %SystemDrive%\QooBox -> [Folder | Modified Date = 6/5/2007 7:12:18 PM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 6/6/2007 10:46:20 AM | Attr = ]
_OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Modified Date = 6/6/2007 7:25:38 PM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 5/23/2007 10:21:20 PM | Attr = H ]
$NtUninstallKB927891$ -> %SystemRoot%\$NtUninstallKB927891$ -> [Folder | Modified Date = 5/23/2007 10:21:56 PM | Attr = H ]
AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 6/5/2007 6:13:48 PM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 6/10/2007 3:27:26 PM | Attr = S]
catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 87040 bytes | Modified Date = 5/28/2007 4:23:12 AM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 6/5/2007 6:14:36 PM | Attr = S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 5/31/2007 10:11:24 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 6/5/2007 4:37:36 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 6/6/2007 3:20:38 PM | Attr = HS]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 6/10/2007 4:10:24 PM | Attr = ]
security -> %SystemRoot%\security -> [Folder | Modified Date = 6/7/2007 5:58:56 PM | Attr = ]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 6/5/2007 6:27:44 PM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 6/10/2007 9:59:56 PM | Attr = ]
temp -> %SystemRoot%\temp -> [Folder | Modified Date = 6/10/2007 9:56:26 PM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 536 bytes | Modified Date = 6/5/2007 4:42:14 PM | Attr = ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 6/5/2007 3:26:04 PM | Attr = ]
Norton AntiVirus - Scan my computer - Kristen.job -> %SystemRoot%\tasks\Norton AntiVirus - Scan my computer - Kristen.job -> [Ver = | Size = 534 bytes | Modified Date = 6/1/2007 9:22:40 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 6/10/2007 3:27:34 PM | Attr = H ]
ActiveScan -> %System32%\ActiveScan -> [Folder | Modified Date = 6/5/2007 6:28:04 PM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 6/6/2007 2:31:48 PM | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 6/5/2007 6:28:50 PM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 6/4/2007 10:49:12 PM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 6/10/2007 3:28:22 PM | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 6/5/2007 5:15:30 PM | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Modified Date = 6/5/2007 5:15:30 PM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 53838 bytes | Modified Date = 6/10/2007 3:33:40 PM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 382260 bytes | Modified Date = 6/10/2007 3:33:40 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 441626 bytes | Modified Date = 6/10/2007 3:33:36 PM | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 6/5/2007 5:15:30 PM | Attr = ]
wbem -> %System32%\wbem -> [Folder | Modified Date = 6/5/2007 6:35:02 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 6/10/2007 3:29:16 PM | Attr = ]
tmcomm.sys -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.5.0.1052 | Size = 76560 bytes | Modified Date = 6/4/2007 9:36:42 PM | Attr = ]

[File String Scan - Non-Microsoft Only]
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable -> 
Thawte Consulting , -> %System32%\Archimedes_pc.dll -> Skyscape, Inc [Ver = 1, 3, 9, 0 | Size = 174544 bytes | Modified Date = 3/7/2006 4:14:14 PM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
Thawte Consulting , -> %System32%\JS32CE_pc.dll -> Skyscape, Inc [Ver = 1, 3, 9, 0 | Size = 334288 bytes | Modified Date = 3/7/2006 4:14:14 PM | Attr = ]
Thawte Consulting , -> %System32%\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.9.2568 | Size = 185952 bytes | Modified Date = 11/26/2006 5:45:44 PM | Attr = ]
Thawte Consulting , -> %System32%\ssartworkz_pc.dll -> Skyscape, Inc [Ver = 2, 9, 9, 0 | Size = 2738640 bytes | Modified Date = 12/8/2006 2:22:48 PM | Attr = ]
Thawte Consulting , -> %System32%\sszlib_pc.dll -> Skyscape, Inc [Ver = 2, 9, 9, 0 | Size = 88528 bytes | Modified Date = 12/8/2006 2:22:48 PM | Attr = ]
@Alternate Data Stream - 0 bytes -> %System32%\Thumbs.db:encryptable -> 
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]

< End of report >


----------



## cybertech (Apr 16, 2002)

Go to this web site: http://virusscan.jotti.org/
In the File to upload & scan box copy and paste each of the following one at a time. Then click the Submit button.
*c:\windows\System32\sszlib_pc.dll
c:\windows\System32\ssartworkz_pc.dll*
Copy the results and paste them back here in your next reply with a new HJT log.


----------



## louriec (Jun 5, 2007)

For the first file, here are the results

Scanner results 
Scan taken on 15 Jun 2007 14:43:20 (GMT) 
A-Squared Found nothing 
AntiVir Found nothing 
ArcaVir Found nothing 
Avast Found nothing 
AVG Antivirus Found nothing 
BitDefender Found nothing 
ClamAV Found nothing 
Dr.Web Found nothing 
F-Prot Antivirus Found nothing 
F-Secure Anti-Virus Found nothing 
Fortinet Found nothing 
Kaspersky Anti-Virus Found nothing 
NOD32 Found nothing 
Norman Virus Control Found nothing 
Panda Antivirus Found nothing 
Rising Antivirus Found nothing 
VirusBuster Found nothing 
VBA32 Found nothing 



For the second file here are the results



Scanner results 
Scan taken on 15 Jun 2007 14:50:47 (GMT) 
A-Squared Found nothing 
AntiVir Found nothing 
ArcaVir Found nothing 
Avast Found nothing 
AVG Antivirus Found nothing 
BitDefender Found nothing 
ClamAV Found nothing 
Dr.Web Found nothing 
F-Prot Antivirus Found nothing 
F-Secure Anti-Virus Found nothing 
Fortinet Found nothing 
Kaspersky Anti-Virus Found nothing 
NOD32 Found nothing 
Norman Virus Control Found nothing 
Panda Antivirus Found nothing 
Rising Antivirus Found nothing 
VirusBuster Found nothing 
VBA32 Found nothing


----------



## cybertech (Apr 16, 2002)

How is it running now? Any problems?


----------



## louriec (Jun 5, 2007)

It's been running fine for a while now only because I turned off notifications of emails and messages in Symantec. But I took it off recently and wasn't getting the problems of tons of popups on the computer. Does that mean that we're in good shape and the problem might have been extinguished?


----------



## cybertech (Apr 16, 2002)

Yes, I think so!

You can remove all of the tools I requested you to download and/or folders associated with them now.
The *OTMoveIt by OldTimer* has a CleanUp option you can use to remove all of the fixes and associated files and folders if you want to use that.

SUPERAntiSpyware is a trial version so you can keep that until the trial is over and then uninstall.

It's a good idea to Flush your System Restore after removing malware: 
Turn off system restore and then turn it back on: http://support.microsoft.com/kb/310405

Here are some additional links for you to check out to help you with your computer security.

Secunia software inspector & update checker

Good free tools and advice on how to tighten your security settings.

Security Help Tools


----------



## louriec (Jun 5, 2007)

Thank you so much for your help it was much appreciated!


----------



## cybertech (Apr 16, 2002)

You're welcome!


----------

