Thread: Pop Ups - Vundo.GN
View Single Post
Old 12-05-2007, 11:25 AM   #1 (permalink)
laughalot
Registered User
 
Join Date: Dec 2007
Posts: 12
OS: XP


Pop Ups - Vundo.GN
My e-Trust agent found Vundo.GN in C:\Windows\System32\awvtt.dll. I contacted CA's tech. support and they removed the Vundo, and now I'm getting IE Pop Ups whenever I launch an IE session. CA can't seem to fix the pop up issue.

The Panda ActiveScan failed stating An Error has occurred. It has not been possible to start the scan system.

Deckard's System Scanner v20071014.68
Run by lcramer on 2007-12-05 12:11:04
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
85: 2007-12-05 17:11:16 UTC - RP348 - Deckard's System Scanner Restore Point
84: 2007-12-05 16:36:52 UTC - RP347 - Installed AVG 7.5
83: 2007-12-05 16:35:51 UTC - RP346 - Removed AVG 7.5
82: 2007-12-04 13:33:16 UTC - RP345 - System Checkpoint
81: 2007-11-30 18:45:07 UTC - RP344 - Installed AVG 7.5


-- First Restore Point --
1: 2007-11-01 04:28:29 UTC - RP264 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as lcramer.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:19:09 PM, on 12/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Rockwell Software\RSCommon\RSOBSERV.EXE
C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
C:\Program Files\CA\eTrustITM\InoRpc.exe
C:\Program Files\CA\eTrustITM\InoRT.exe
C:\Program Files\CA\eTrustITM\InoTask.exe
C:\Program Files\CA\SharedComponents\PPRealtime\bin\ITMRTSVC.exe
C:\Program Files\Motion Selector\Application\tomcat\bin\tomcat.exe
C:\Program Files\Motion Selector\Application\mysql\bin\mysqld-max-nt.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\ROCKWE~1\RSLinx\RSLINX.EXE
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\Apoint.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
C:\Novell\GroupWise\Notify.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\lcramer\Desktop\dss.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\PROGRA~1\TRENDM~1\HIJACK~1\lcramer.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.phoenixspecialty.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrustITM\realmon.exe" -s
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
O4 - Global Startup: GroupWise Notify.lnk = C:\Novell\GroupWise\Notify.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1189175730336
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = phoenixssc.com
O17 - HKLM\Software\..\Telephony: DomainName = phoenixssc.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B3B76F5-1223-48FE-B8AA-6C2B23E150FF}: NameServer = 192.25.25.15,192.25.25.17
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = phoenixssc.com
O18 - Protocol: WebCD - {41AAF073-8687-4877-AAA2-228AB7D195AD} - C:\Program Files\Motion Selector\WebCD\FirstProtocol.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: dnWhoDisp - Unknown owner - C:\Program Files\Rockwell Software\RSLINX\dnwhodisp.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Harmony - Rockwell Software Inc. - C:\Program Files\Rockwell Software\RSCommon\RSOBSERV.EXE
O23 - Service: iTechnology iGateway 4.2 (iGateway) - CA, Inc. - C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
O23 - Service: eTrust ITM RPC Service (InoRPC) - CA - C:\Program Files\CA\eTrustITM\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Service (InoRT) - CA - C:\Program Files\CA\eTrustITM\InoRT.exe
O23 - Service: eTrust ITM Job Service (InoTask) - CA - C:\Program Files\CA\eTrustITM\InoTask.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRealtime\bin\ITMRTSVC.exe
O23 - Service: MB4-TOMCAT - Alexandria Software Consulting - C:\Program Files\Motion Selector\Application\tomcat\bin\tomcat.exe
O23 - Service: MySql - Unknown owner - C:\Program Files\Motion Selector\Application\mysql\bin\mysqld-max-nt.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: OracleOraHome81ClientCache - Unknown owner - C:\oracle\ora81\BIN\ONRSD.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: FactoryTalk Diagnostics Local Reader (RNADiagnosticsService) - Rockwell Automation - C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe
O23 - Service: RSLinx Classic (RSLinx) - Rockwell Software, Inc. - C:\PROGRA~1\ROCKWE~1\RSLinx\RSLINX.EXE
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: NTRU Hybrid TSS v2.0.7 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9987 bytes

-- File Associations -----------------------------------------------------------

.scr - AutoCADScriptFile - shell\open\command - "C:\WINDOWS\system32\notepad.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 PBADRV - c:\windows\system32\drivers\pbadrv.sys <Not Verified; Dell Inc; PBA Driver>
R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
R1 core - c:\windows\system32\drivers\core.sys
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.9.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.9.0>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R2 Sentinel - c:\windows\system32\drivers\sentinel.sys <Not Verified; Rainbow Technologies, Inc.; Sentinel System Driver>

S1 abpicw2k (AB PIC/AIC+ Driver) - c:\windows\system32\drivers\abpicw2k.sys <Not Verified; Rockwell Software, Inc.; RSLinx>
S1 VirtualBackplane (A-B Virtual Backplane) - c:\windows\system32\drivers\virtualbackplane.sys (file missing)
S2 DS1410D - c:\windows\system32\drivers\ds1410d.sys (file missing)
S3 ABKTCX (Rockwell Software 1784-KTC(X) Driver) - c:\windows\system32\drivers\abktcx.sys <Not Verified; Rockwell Software Inc.; abktcx Driver>
S3 HMI - c:\windows\system32\drivers\g3usb.sys <Not Verified; Red Lion Controls Inc.; G3 HMI USB Driver>
S3 RS_SS_NT (RSLinx Classic S-S SD/SD2 Device Driver) - c:\windows\system32\rs_ss_nt.sys <Not Verified; Rockwell Software, Inc.; RSLinx>
S3 RsiKtControl - c:\windows\system32\rsikt.sys <Not Verified; Rockwell Software, Inc.; RSLinx>
S3 RSSERIAL (RSLinx Classic Serial Driver) - c:\windows\system32\rsserial.sys <Not Verified; Rockwell Software Inc.; Rsserial Driver>
S3 Sntnlusb (Rainbow USB SuperPro) - c:\windows\system32\drivers\sntnlusb.sys <Not Verified; Rainbow Technologies Inc.; Rainbow Technologies USB Security Device Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 DataSvr2 - "c:\program files\wave systems corp\common\dataserver.exe" <Not Verified; Wave Systems Corp.; Authentication Manager>
R2 iGateway (iTechnology iGateway 4.2) - "c:\program files\ca\sharedcomponents\itechnology\igateway.exe" <Not Verified; CA, Inc.; iTechnology iGateway>
R2 MB4-TOMCAT - c:\program files\motion selector\application\tomcat\bin\tomcat.exe <Not Verified; Alexandria Software Consulting; JavaService>
R2 MySql - c:\program files\motion selector\application\mysql\bin\mysqld-max-nt.exe
R2 NICCONFIGSVC - c:\program files\dell\nicconfigsvc\nicconfigsvc.exe <Not Verified; Dell Inc.; NicConfigSvc>
R2 RegSrvc (Intel(R) PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel(R) PROSet/Wireless Registry Service>
R2 RSLinx (RSLinx Classic) - c:\progra~1\rockwe~1\rslinx\rslinx.exe /service <Not Verified; Rockwell Software, Inc.; RSLinx Classic>
R2 tcsd_win32.exe (NTRU Hybrid TSS v2.0.7 TCS) - "c:\program files\ntru cryptosystems\ntru hybrid tss v2.0.7\bin\tcsd_win32.exe"
R2 WLANKEEPER (Intel(R) PROSet/Wireless SSO Service) - c:\program files\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel(R) Corporation; SSO Service>
R3 Harmony - "c:\program files\rockwell software\rscommon\rsobserv.exe" <Not Verified; Rockwell Software Inc.; Rockwell Software Harmony services>

S2 RNADiagnosticsService (FactoryTalk Diagnostics Local Reader) - "c:\program files\common files\rockwell\rnadiagnosticssrv.exe" <Not Verified; Rockwell Automation; Factory Talk Diagnostics>
S3 Autodesk Network Licensing Service - c:\program files\common files\autodesk shared\service\adsknetsrv.exe
S3 dnWhoDisp - c:\program files\rockwell software\rslinx\dnwhodisp.exe <Not Verified; ; dnWhoDisp Module>
S3 OpcEnum - c:\windows\system32\opcenum.exe <Not Verified; OPC Foundation; OPC Server Enumerator 1.10>
S3 OracleOraHome81ClientCache - c:\oracle\ora81\bin\onrsd.exe


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\197F121434FC000
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\197F121434FC000
Service: NIC1394


-- Files created between 2007-11-05 and 2007-12-05 -----------------------------

2007-12-05 12:18:31 0 d-------- C:\Program Files\Trend Micro
2007-12-05 12:10:45 0 d-------- H:\Deckard
2007-12-05 11:44:02 0 d-------- C:\Program Files\SpywareBlaster
2007-12-05 11:36:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-12-05 11:22:06 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-12-03 16:13:29 0 d-------- C:\Documents and Settings\bblakeney\Application Data\Autodesk
2007-12-03 16:11:01 0 dr-h----- C:\Documents and Settings\bblakeney\Application Data
2007-12-03 16:11:01 0 d-------- C:\Documents and Settings\bblakeney\Application Data\Sun
2007-12-03 16:11:01 0 d---s---- C:\Documents and Settings\bblakeney\Application Data\Microsoft
2007-12-03 16:11:01 0 d-------- C:\Documents and Settings\bblakeney\Application Data\Intel
2007-12-03 16:11:01 0 d-------- C:\Documents and Settings\bblakeney\Application Data\Identities
2007-12-03 16:11:00 0 dr------- C:\Documents and Settings\bblakeney\Favorites
2007-12-03 16:11:00 0 d-------- C:\Documents and Settings\bblakeney\Desktop
2007-12-03 16:11:00 0 d--hs---- C:\Documents and Settings\bblakeney\Cookies
2007-12-03 16:10:59 0 dr-h----- C:\Documents and Settings\bblakeney\SendTo
2007-12-03 16:10:59 0 dr-h----- C:\Documents and Settings\bblakeney\Recent
2007-12-03 16:10:59 0 d--h----- C:\Documents and Settings\bblakeney\PrintHood
2007-12-03 16:10:59 0 d--h----- C:\Documents and Settings\bblakeney\NetHood
2007-12-03 16:10:59 0 dr------- C:\Documents and Settings\bblakeney\My Documents
2007-12-03 16:10:59 0 d--h----- C:\Documents and Settings\bblakeney\Local Settings
2007-12-03 16:10:58 0 d--h----- C:\Documents and Settings\bblakeney\Templates
2007-12-03 16:10:58 0 dr------- C:\Documents and Settings\bblakeney\Start Menu
2007-12-03 16:10:58 634880 --a------ C:\Documents and Settings\bblakeney\NTUSER.DAT
2007-11-29 13:46:15 0 d-------- C:\WINDOWS\pss
2007-11-29 13:40:22 0 d-------- C:\Program Files\RealVNC
2007-11-28 12:55:51 0 d-------- C:\Documents and Settings\arodgers\Application Data\Macromedia
2007-11-28 12:15:42 0 d-------- C:\Documents and Settings\arodgers\Application Data\Intel
2007-11-28 12:15:42 0 d-------- C:\Documents and Settings\arodgers\Application Data\Identities
2007-11-28 12:15:41 0 dr------- C:\Documents and Settings\arodgers\Favorites
2007-11-28 12:15:41 0 d-------- C:\Documents and Settings\arodgers\Desktop
2007-11-28 12:15:41 0 d--hs---- C:\Documents and Settings\arodgers\Cookies
2007-11-28 12:15:41 0 dr-h----- C:\Documents and Settings\arodgers\Application Data
2007-11-28 12:15:41 0 d-------- C:\Documents and Settings\arodgers\Application Data\Sun
2007-11-28 12:15:41 0 d---s---- C:\Documents and Settings\arodgers\Application Data\Microsoft
2007-11-28 12:15:39 0 d--h----- C:\Documents and Settings\arodgers\Templates
2007-11-28 12:15:39 0 dr------- C:\Documents and Settings\arodgers\Start Menu
2007-11-28 12:15:39 0 dr-h----- C:\Documents and Settings\arodgers\SendTo
2007-11-28 12:15:39 0 dr-h----- C:\Documents and Settings\arodgers\Recent
2007-11-28 12:15:39 0 d--h----- C:\Documents and Settings\arodgers\PrintHood
2007-11-28 12:15:39 0 d--h----- C:\Documents and Settings\arodgers\NetHood
2007-11-28 12:15:39 0 dr------- C:\Documents and Settings\arodgers\My Documents
2007-11-28 12:15:39 0 d--h----- C:\Documents and Settings\arodgers\Local Settings
2007-11-28 12:15:38 962560 --a------ C:\Documents and Settings\arodgers\NTUSER.DAT
2007-11-20 14:59:27 0 d-------- C:\WINDOWS\system32\Debug
2007-11-09 11:01:42 0 d-------- H:\CA-REPORT
2007-11-09 09:18:30 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2007-11-07 16:38:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-06 13:46:56 0 d-------- C:\Program Files\XoftSpySE
2007-11-06 13:07:34 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2007-11-06 12:15:32 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2007-11-05 13:35:50 0 d-------- C:\Documents and Settings\Administrator\Application Data\Google
2007-11-05 06:01:56 378721 ---hs---- C:\WINDOWS\system32\ttvwa.ini2


-- Find3M Report ---------------------------------------------------------------

2007-12-03 16:11:20 101419 --a------ C:\WINDOWS\system32\nvModes.dat
2007-11-21 13:03:17 0 d-------- C:\Program Files\Common Files
2007-11-07 14:02:45 0 d-------- C:\Program Files\Yahoo!
2007-11-07 09:26:01 0 d-------- C:\Program Files\Google
2007-11-06 13:07:36 0 d-------- C:\Program Files\Common Files\Adobe
2007-11-06 11:58:09 377566 ---hs---- C:\WINDOWS\system32\ttvwa.bak2
2007-11-05 16:15:57 0 d-------- C:\Program Files\Temporary
2007-10-31 23:29:00 6470 --ahs---- C:\WINDOWS\system32\ttvwa.bak1
2007-10-31 23:23:56 41723 ---hs---- C:\Program Files\Common Files\Yazzle1549OinUninstaller.exe
2007-09-07 09:32:31 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [01/19/2006 03:14 PM]
"SigmatelSysTrayApp"="stsystra.exe" [11/16/2005 09:35 PM C:\WINDOWS\stsystra.exe]
"Realtime Monitor"="C:\Program Files\CA\eTrustITM\realmon.exe" [01/16/2007 09:27 PM]
"nwiz"="nwiz.exe" [01/19/2006 03:14 PM C:\WINDOWS\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [01/19/2006 03:14 PM C:\WINDOWS\system32\nvhotkey.dll]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [07/27/2004 04:50 PM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [07/27/2004 04:50 PM]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [12/28/2005 11:55 AM]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [12/28/2005 11:56 AM]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [12/09/2005 08:29 PM]
"Document Manager"="C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [03/09/2006 12:26 PM]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [09/08/2005 05:20 AM]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [02/20/2006 12:39 PM]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [10/07/2005 07:13 PM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/06/2005 10:46 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00 AM]
"WinAble"="C:\Program Files\WinAble\winable.exe" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [09/10/2003 02:24 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 9:05:26 PM]
AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [3/5/2005 8:18:22 AM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [4/28/2006 9:31:58 PM]
EMBASSY Trust Suite Secure Update.lnk - C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe [11/30/2005 9:39:02 AM]
GroupWise Notify.lnk - C:\Novell\GroupWise\Notify.exe [5/12/2006 7:34:00 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1/21/2000 3:15:54 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wxvault.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 wvauth C:\WINDOWS\system32\awvtt.dll




-- End of Deckard's System Scanner: finished at 2007-12-05 12:19:35 ------------
Attached Files
File Type: txt extra.txt (17.5 KB, 3 views)
Last edited by laughalot; 12-05-2007 at 11:31 AM.
laughalot is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here