Hi Iain and thanks for your reply.
I've followed the 5 steps carefully and here is the results:
Activescan report:
Quote:
Incident Status Location
Adware:Adware/SweetBar Not disinfected C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
Virus:w32/bagle.hx.worm Disinfected Operating system
Adware:adware/savenow Not disinfected c:\program files\VVSN
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Alfonso\Cookies\alfonso@anm.co[1].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Alfonso\Cookies\alfonso@toplist[1].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Alfonso\Cookies\alfonso@yadro[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Alfonso\Cookies\alfonso@xiti[1].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Alfonso\Cookies\alfonso@gostats[1].txt
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Alfonso\Cookies\alfonso@fe.lea.lycos[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Alfonso\Cookies\alfonso@atwola[2].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Alfonso\Cookies\alfonso@888[2].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Alfonso\Cookies\alfonso@int.sitestat[1].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Alfonso\Cookies\alfonso@int.sitestat[2].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Alfonso\Cookies\alfonso@gostats[2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Alfonso\Cookies\alfonso@www3.addfreestats[1].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Alfonso\Cookies\alfonso@tradedoubler[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Alfonso\Cookies\alfonso@atdmt[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Alfonso\Cookies\alfonso@doubleclick[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Alfonso\Cookies\alfonso@tribalfusion[1].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Alfonso\Cookies\alfonso@adserver.terra[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Alfonso\Cookies\alfonso@casalemedia[2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Alfonso\Cookies\alfonso@searchportal.information[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Alfonso\Cookies\alfonso@ad.yieldmanager[1].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Alfonso\Cookies\alfonso@revenue[2].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Alfonso\Cookies\alfonso@yadro[3].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Alfonso\Cookies\alfonso@adtech[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Alfonso\Cookies\alfonso@mediaplex[1].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Alfonso\Cookies\alfonso@toplist[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Alfonso\Cookies\alfonso@com[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Alfonso\Application Data\Mozilla\Firefox\Profiles\wy8emg6y.default\COOKIES.TXT[.doubleclick.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Alfonso\Application Data\Mozilla\Firefox\Profiles\wy8emg6y.default\COOKIES.TXT[.atdmt.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Alfonso\Application Data\Mozilla\Firefox\Profiles\wy8emg6y.default\COOKIES.TXT[ad.yieldmanager.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Alfonso\Application Data\Mozilla\Firefox\Profiles\wy8emg6y.default\COOKIES.TXT[.adrevolver.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Alfonso\Application Data\Mozilla\Firefox\Profiles\wy8emg6y.default\COOKIES.TXT[.adtech.de/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Alfonso\Application Data\Mozilla\Firefox\Profiles\wy8emg6y.default\COOKIES.TXT[.adrevolver.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Alfonso\Application Data\Mozilla\Firefox\Profiles\wy8emg6y.default\COOKIES.TXT[.adtech.de/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Alfonso\Application Data\Mozilla\Firefox\Profiles\wy8emg6y.default\COOKIES.TXT[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Alfonso\Application Data\Mozilla\Firefox\Profiles\wy8emg6y.default\COOKIES.TXT[.bs.serving-sys.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Alfonso\Application Data\Mozilla\Firefox\Profiles\wy8emg6y.default\COOKIES.TXT[.xiti.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Alfonso\Application Data\Mozilla\Firefox\Profiles\wy8emg6y.default\COOKIES.TXT[.advertising.com/]
Spyware:Cookie/Adviva Not disinfected C:\Documents and Settings\Alfonso\Application Data\Mozilla\Firefox\Profiles\wy8emg6y.default\COOKIES.TXT[.adviva.net/]
|
I also include the hijack this report
Code:
Deckard's System Scanner v20071014.68
Run by Alfonso on 2007-11-22 12:32:35
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
25: 2007-11-22 11:32:46 UTC - RP415 - Deckard's System Scanner Restore Point
24: 2007-11-22 10:14:09 UTC - RP414 - Installed Kaspersky Anti-Virus 7.0.
23: 2007-11-21 20:56:25 UTC - RP413 - Installed Kaspersky Anti-Virus 7.0.
22: 2007-11-21 10:00:21 UTC - RP412 - Installed AVG 7.5
21: 2007-11-20 16:52:29 UTC - RP411 - Removed Windows Live Messenger
-- First Restore Point --
1: 2007-11-16 17:47:47 UTC - RP391 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
System Drive C: has 2.43 GiB (less than 15%) free.
-- HijackThis (run as Alfonso.exe) ---------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:35:19, on 22/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Alfonso\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Alfonso.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.google.com/mail/?hl=en-GB
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.onetel.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O1 - Hosts: 207.44.196.219 auto.search.msn.com #NETVISION
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [epm-dm] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?e587b18f9a8141e8a79824a0060d3d3c
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?e587b18f9a8141e8a79824a0060d3d3c
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm (file missing)
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.supertraffic.info
O16 - DPF: {083DB4B1-8108-42E3-AC45-A042C1631CA3} (ImportCtl Class) - http://www.wayn.com/activex/WAYNImportOE.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} (TraderMediaImgX Control) - http://sell.autotrader.co.uk/uk-ola/common/TraderMediaX.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by112fd.bay112.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bluetooth Service (btwdins) - Unknown owner - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (file missing)
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
--
End of file - 8506 bytes
-- File Associations -----------------------------------------------------------
.scr - AutoCADScriptFile - shell\open\command - "C:\WINDOWS\notepad.exe" "%1"
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 srosa (Megadrv3) - c:\windows\system32\drivers\srosa.sys
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.1.6.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.1.6.0>
R2 EpmPsd (Acer EPM Power Scheme Driver) - c:\windows\system32\drivers\epm-psd.sys <Not Verified; Acer Value Labs, USA; Acer EPM Power Scheme Driver>
R2 EpmShd (Acer EPM System Hardware Driver) - c:\windows\system32\drivers\epm-shd.sys <Not Verified; Acer Value Labs, USA; Acer EPM System Hardware Driver>
R2 int15.sys - c:\program files\acer\erecovery\int15.sys
R2 osaio - c:\windows\system32\drivers\osaio.sys <Not Verified; OSA Technologies, An Avocent Company; Windows (R) 2000 DDK driver>
R2 osanbm - c:\windows\system32\drivers\osanbm.sys <Not Verified; Windows (R) 2000 DDK provider; OSA int15 Driver>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 DKbFltr (Dritek HotKey Keyboard Filter Driver) - c:\windows\system32\drivers\dkbfltr.sys <Not Verified; Dritek System Inc.; Dritek Keyboard Filter>
R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
R4 klif - c:\windows\system32\drivers\klif.sys (file missing)
S0 BTKRNL (Bluetooth Protocol Stack) - c:\windows\system32\drivers\btkrnl.sys (file missing)
S2 BTSERIAL (Bluetooth Serial Driver) - c:\windows\system32\drivers\btserial.sys (file missing)
S2 BTSLBCSP (Bluetooth Port Client Driver) - c:\windows\system32\drivers\btslbcsp.sys (file missing)
S3 alcan5wn (SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)) - c:\windows\system32\drivers\alcan5wn.sys <Not Verified; THOMSON; SpeedTouch USB>
S3 alcaudsl (SpeedTouch ADSL Modem ATM Transport) - c:\windows\system32\drivers\alcaudsl.sys <Not Verified; THOMSON; SpeedTouch USB>
S3 NPF (NetGroup Packet Filter Driver) - c:\windows\system32\drivers\npf.sys (file missing)
S3 usbsermpt (Motorola USB Modem Driver for MPT) - c:\windows\system32\drivers\usbsermpt.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 anbmService (Notebook Manager Service) - c:\acer\emanager\anbmserv.exe <Not Verified; OSA Technologies Inc.; Acer eManager for Notebook>
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 RegSrvc - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; RegSrvc Module>
S2 btwdins (Bluetooth Service) - c:\program files\widcomm\bluetooth software\bin\btwdins.exe (file missing)
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2007-11-22 12:07:02 256 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2007-11-19 01:52:02 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2007-11-17 08:23:08 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-11-16 17:15:50 394 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job
-- Files created between 2007-10-22 and 2007-11-22 -----------------------------
2007-11-22 12:34:31 0 d-------- C:\Program Files\Trend Micro
2007-11-22 12:22:05 0 d-------- C:\ie-spyad_zo
2007-11-22 12:14:24 0 d-------- C:\Program Files\SpywareBlaster
2007-11-20 17:58:09 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-11-20 17:08:43 0 d--h----- C:\WINDOWS\PIF
2007-11-20 16:55:58 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-11-20 16:55:58 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-11-20 14:52:14 0 d-------- C:\kav
2007-11-20 10:34:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-20 10:34:27 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-19 13:01:08 0 d-------- C:\Program Files\Alwil Software
2007-11-19 02:34:36 1025 --a------ C:\WINDOWS\system32\sysprs7.dll
2007-11-19 02:34:36 73 --a------ C:\WINDOWS\system32\ssprs.dll
2007-11-19 02:34:36 205 --a------ C:\WINDOWS\system32\lsprst7.dll
2007-11-19 02:34:36 1025 --a------ C:\WINDOWS\system32\clauth2.dll
2007-11-19 02:34:36 1025 --a------ C:\WINDOWS\system32\clauth1.dll
2007-11-19 01:25:09 0 d-------- C:\Program Files\Sunbelt Software
2007-11-18 23:26:41 0 d-------- C:\WINDOWS\exefld
2007-11-18 23:20:18 0 d-------- C:\Program Files\Common Files\KORG
2007-11-18 23:19:53 0 d-------- C:\Program Files\KORG
2007-11-18 02:56:47 0 d-------- C:\Program Files\VirtualDJ
2007-11-18 02:54:36 0 d-------- C:\Program Files\Studio Devil
2007-11-18 02:53:42 311295 --a------ C:\WINDOWS\LOOP.exe
2007-11-18 02:48:33 2291734 --a------ C:\WINDOWS\system32\TmpA753500
2007-11-18 02:48:11 0 d-------- C:\Program Files\Nomad Factory
2007-11-18 02:33:35 153088 --a------ C:\WINDOWS\system32\IWUninstall.exe
2007-11-18 02:26:32 0 d-------- C:\Program Files\Ozone 3
2007-11-17 12:35:37 0 d-------- C:\Program Files\QuickTime
2007-11-15 20:52:28 0 d-------- C:\Program Files\ASIO4ALL v2
2007-11-15 15:06:45 0 d-------- C:\Program Files\SAGEM
2007-11-15 15:06:33 0 d-------- C:\Documents and Settings\Alfonso\Application Data\InstallShield
2007-11-03 03:10:55 0 d-------- C:\Program Files\Steinberg
2007-11-03 03:06:23 0 d-------- C:\Program Files\VSTplugins
2007-11-03 03:06:11 0 d-------- C:\Documents and Settings\Alfonso\Application Data\Publish Providers
2007-11-03 03:02:47 0 d-------- C:\Documents and Settings\Alfonso\Application Data\Sony
2007-11-03 03:02:03 0 d-------- C:\Program Files\Sony
2007-11-03 02:52:59 0 d-------- C:\Program Files\Common Files\iZotope
2007-11-03 02:42:44 0 d-------- C:\Program Files\Ableton
2007-11-03 02:41:11 1777664 --a------ C:\WINDOWS\system32\gdiplus.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-11-03 02:30:24 233472 --a------ C:\WINDOWS\system32\REX Shared Library.dll <Not Verified; Propellerhead Software AB; REX SDK>
2007-11-03 02:30:24 368640 --a------ C:\WINDOWS\system32\ReWire.dll <Not Verified; Propellerhead Software AB; ReWire>
2007-11-03 02:26:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Propellerhead Software
2007-11-03 02:26:22 0 d-------- C:\Documents and Settings\Alfonso\Application Data\Propellerhead Software
2007-11-03 02:25:52 0 d-------- C:\Program Files\Propellerhead
2007-11-03 02:17:36 5248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
2007-11-03 02:17:36 155136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
2007-11-03 02:17:34 0 d-------- C:\Program Files\D-Tools
2007-10-28 22:15:50 0 d-------- C:\Program Files\SigmaPlot
2007-10-28 22:14:19 0 d-------- C:\Program Files\Downloaded Installations
2007-10-28 22:12:51 0 d-------- C:\Program Files\InStat3
2007-10-26 00:30:07 0 d-------- C:\Documents and Settings\Alfonso\Application Data\Help
2007-10-25 22:31:17 0 d-------- C:\Program Files\VVSN
2007-10-25 22:26:59 96256 --a------ C:\WINDOWS\system32\drivers\sptd7597.sys
2007-10-25 22:26:59 664064 --a------ C:\WINDOWS\system32\drivers\sptd.sys
-- Find3M Report ---------------------------------------------------------------
2007-11-19 16:36:40 87024 --a------ C:\Documents and Settings\Alfonso\Application Data\GDIPFONTCACHEV1.DAT
2007-10-12 16:23:06 0 dr------- C:\Documents and Settings\Alfonso\Application Data\Brother
2007-10-10 00:07:58 0 d-------- C:\Program Files\ALCATEL PC Suite
2007-10-02 18:20:06 0 d-------- C:\Program Files\ALCATech
2007-10-02 18:18:44 0 d-------- C:\Program Files\BPM studio
2007-09-26 15:55:34 50 --a------ C:\WINDOWS\system32\bridf06a.dat
2007-09-26 15:52:18 0 d-------- C:\Program Files\Brother
2007-09-26 15:46:40 0 d-------- C:\Program Files\Common Files\ScanSoft Shared
2007-09-26 15:46:12 0 d-------- C:\Program Files\ScanSoft
2007-09-26 00:51:42 84776400 --a------ C:\Program Files\130INSTA.EXE <Not Verified; A.I.SOFT,INC.; FileCompact>
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"epm-dm"="c:\acer\epm\epm-dm.exe" [28/03/2005 18:04]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12/07/2007 04:00]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03/11/2006 18:20]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [22/08/2004 17:05]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [15/11/2007 13:11]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 05:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [04/04/2007 17:51]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" []
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^OneCare.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\OneCare.lnk
backup=C:\WINDOWS\pss\OneCare.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPM-DM]
c:\acer\epm\epm-dm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePowerManagement]
C:\Acer\ePM\ePM.exe boot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
C:\Program Files\Acer\eRecovery\Monitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]
"C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp]
Alaunch
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
C:\Program Files\Launch Manager\QtZgAcer.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
C:\PROGRA~1\ONECARE\SMARTB~1\MotiveSB.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
"C:\Program Files\Arcade\PCMService.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
"C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Workflow]
E:\Workflow.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
-- Hosts -----------------------------------------------------------------------
207.44.196.219 auto.search.msn.com #NETVISION
-- End of Deckard's System Scanner: finished at 2007-11-22 12:36:04 ------------
The extra text from the DSS report is attached.
Thank you very much again.
Cheers
Alfonso (fae Broxburn!!)