Thread: persistent rootkit and messenger service pop-ups
View Single Post
Old 02-17-2007, 06:53 PM   #1 (permalink)
dbstone
Registered User
 
Join Date: Oct 2006
Posts: 79
OS: winxp


persistent rootkit and messenger service pop-ups
Hi,

I'm back! I posted here a few months ago and am still having problems. Originally, I sought help with the removal of x-cleaner and then to regain control of my computer back.

I did two clean installs and ran into the same problems both times. First, when connected to the internet, I would get messenger service popups saying I had 55 critical system errors or that my registry was damaged or corrupted. The popups would instruct me to log onto certain websites such as: registryalert.com. helpfix.com, or registrycleanerxp.com to rid me of these popups. Ofcourse, I did not.

I have dial up and it was taking considerable time to download my virus protection and explorer updates. I kept getting kicked off the computer. Once I got trend pc-cillin downloaded, it never worked.

I tried to download ad-aware and run it and my computer went kafluwey! I couldn't connect to the internet anymore and something in my computer was trying to connect by itself.

I had to take it to the shop. After two weeks, all they were able to do was remove the virus' and spyware programs. The said I had some devils, but gave me no particulars.

When I got it home and tried to log on, I was unable to download websites. I would have blank screens. I decided to reinstall again. And I'm still getting messenger service pop-ups and got kicked off the internet when I tried to do the panda scan. Here's what I've been able to do so far:

I downloaded pc-cillin from disk and ran it. It found no virus', but removed some spyware. logs below.

I downloaded ad-aware with the vx2 tool and ran them. Adaware found 2 alexa items and some MRU list items, which I removed with the program. I also downloaded spyware blaster and spygaurd and have them running.

Have tried doing two panda active scans and got kicked off both times. last time things got dicey, I got an "lsass.exe application error" which said "0x77f5234e" memory could not be written. Then my spygaurd program kicked in and said I had a BHO called toolbar trying to download. then i got kicked off. there must have been some changes made to my computer, because I had trouble logging on to the internet again and had to dial up from earthinlinks disk.

I have windows xp with sp1 and I did manage to download sp1a. it took 6 hours, but I didn't get kicked off....

I downloaded comboscan and highjack this and ran them. logs below.

When I was trying to do my panda scan, my pc-cillin was trying to update. the update stopped when i got kicked off, but when i looked at my trend's logs I saw it found two virus right around the time I thought it was updating....(log below).

I will continue, cautiously, to download my updates for pc-cillin and do a panda scan, but I wanted to get this thread in in case I have trouble getting back on.

Here's my logs so far:

Trend: (took one spyware log taken out to shorten per request)

"Virus Scan Logs","2007/02/17","GALAXY"
"Time","Security Feature","Source Type","Virus Name","File Name","First Action","Second Action"
"19:19","File Monitor","File","BKDR_SDBOT.GAA","C:\WINDOWS\system32\.exe","Quarantine Success",""
"19:57","File Monitor","File","WORM_SDBOT.DYX","C:\WINDOWS\system32\TFTP3172","Quarantine Success",""


"Spyware Scan Logs","2007/02/16","GALAXY"
"Time","Area","Item Name","Detected Resource","Target","Action"
"21:14","Bad Internet Browser Cookies","Cookie_2o7","Internet Explorer Cache","2o7.net","Detected"
"21:14","Bad Internet Browser Cookies","Cookie_Tacoda","Internet Explorer Cache","tacoda.net","Detected"
"21:14","Registry","TSPY_Clicker.CP","HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main","Search Page","Detected"
"21:14","Registry","TSPY_Clicker.CP","HKU\S-1-5-21-602162358-2052111302-725345543-1004\Software\Microsoft\Internet Explorer\Main","Search Page","Detected"
"21:14","Registry","TSPY_Clicker.CP","HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main","Search Page","Detected"
"21:22","Bad Internet Browser Cookies","Cookie_2o7","Internet Explorer Cache","2o7.net","Quarantined"
"21:22","Bad Internet Browser Cookies","Cookie_Tacoda","Internet Explorer Cache","tacoda.net","Quarantined"
"21:22","Registry","TSPY_Clicker.CP","HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main","Search Page","Quarantined"
"21:22","Registry","TSPY_Clicker.CP","HKU\S-1-5-21-602162358-2052111302-725345543-1004\Software\Microsoft\Internet Explorer\Main","Search Page","Quarantined"
"21:22","Registry","TSPY_Clicker.CP","HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main","Search Page","Quarantined"
"22:48","Your computer's memory","aawsepersonal.exe","C:\Documents and Settings\deborah stone\Desktop","aawsepersonal.exe","Detected"
"22:53","Your computer's memory","vx2cleaner_inst.exe","C:\Documents and Settings\deborah stone\Desktop","vx2cleaner_inst.exe","Detected"
"23:05","Your computer's memory","spywareblastersetup351.exe","C:\Documents and Settings\deborah stone\Desktop","spywareblastersetup351.exe","Detected"
"23:05","Your computer's memory","is-N71PS.tmp","C:\DOCUME~1\DEBORA~1\LOCALS~1\Temp\is-0NV6C.tmp","is-N71PS.tmp","Detected"
"23:05","Your computer's memory","spywareblaster.exe","C:\Program Files\SpywareBlaster","spywareblaster.exe","Detected"
"23:12","Your computer's memory","spywareguardsetup.exe","C:\Documents and Settings\deborah stone\Desktop","spywareguardsetup.exe","Detected"
"23:12","Your computer's memory","INS6B.tmp","C:\DOCUME~1\DEBORA~1\LOCALS~1\Temp","INS6B.tmp","Detected"
"23:13","Internet Explorer plug-ins","C:\Program Files\SpywareGuard\dlprotect.dll","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects","{4A368E80-174F-4872-96B5-0B27DDD11DB2}","Detected"
"23:13","Your computer's startup software","C:\Program Files\SpywareGuard\sgmain.exe","C:\Documents and Settings\deborah stone\Start Menu\Programs\StartUp\SpywareGuard.lnk","C:\Program Files\SpywareGuard\sgmain.exe","Detected"
"23:44","Your computer's memory","spybotsd14.exe","C:\Documents and Settings\deborah stone\Desktop","spybotsd14.exe","Detected"
"23:44","Your computer's memory","is-QA8RD.tmp","C:\DOCUME~1\DEBORA~1\LOCALS~1\Temp\is-29QJ5.tmp","is-QA8RD.tmp","Detected"
"23:44","Internet Explorer plug-ins","C:\Program Files\Spybot - Search & Destroy\SDHelper.dll","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects","{53707962-6F74-2D53-2644-206D7942484F}","Detected"
"23:45","Your computer's memory","SpybotSD.exe","C:\Program Files\Spybot - Search & Destroy","SpybotSD.exe","Detected"
"23:58","Your computer's memory","update.exe","C:\Program Files\Spybot - Search & Destroy","update.exe","Detected"


comboscan:

ComboScan v20070212.14 run by deborah stone on 2007-02-17 at 19:42:31
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Successfully created restore point.
Performed disk cleanup.


-- HijackThis log (run as deborah stone.com) ------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 7:42:43 PM, on 2/17/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchosts.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\WINDOWS\System32\lssas.exe
C:\Program Files\Common Files\{1873997D-0702-1033-1002-020105290001}\Update.exe
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\Documents and Settings\deborah stone\Desktop\comboscan.exe
C:\DOCUME~1\DEBORA~1\LOCALS~1\Temp\~hrjcqec.tmp\deborah stone.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/mor...on/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{38739~1\Bar888.dll
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINDOWS\System32\lssas.exe
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\EarthLink TotalAccess\Accelerator\\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\EarthLink TotalAccess\Accelerator\\pac-image.html
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1171679163515
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1171679115937
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\System32\svchosts.exe" -e mc-110-12-0000144 (file missing)
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe


-- File Associations ------------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------

3 aeaudio - system32\drivers\aeaudio.sys
3 ati2mtaa - System32\DRIVERS\ati2mtaa.sys
3 basic2 - System32\DRIVERS\HSF_BSC2.sys
3 E100B (Intel(R) PRO Adapter Driver) - System32\DRIVERS\e100b325.sys
2 Fallback - System32\DRIVERS\HSF_FALL.sys
2 Fsks - System32\DRIVERS\HSF_FSKS.sys
3 hsf_msft - System32\DRIVERS\HSF_MSFT.sys
2 K56 - System32\DRIVERS\HSF_K56K.sys
3 MODEMCSA (Unimodem Streaming Filter Device) - system32\drivers\MODEMCSA.sys
1 OMCI - \SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS
0 PCIIde - System32\DRIVERS\pciide.sys
3 Rksample - System32\DRIVERS\HSF_SAMP.sys
3 smwdm - system32\drivers\smwdm.sys
2 SoftFax - System32\DRIVERS\HSF_FAXX.sys
2 SpeakerPhone - System32\DRIVERS\HSF_SPKP.sys
3 tmcfw (Trend Micro Common Firewall Service) - System32\DRIVERS\TM_CFW.sys
2 tmcomm - \??\C:\WINDOWS\System32\drivers\tmcomm.sys
2 tmmbd (Trend Micro MBD Driver) - System32\DRIVERS\tm_mbd_c.sys
2 Tmpreflt - System32\drivers\Tmpreflt.sys
1 tmtdi (Trend Micro TDI Driver) - System32\DRIVERS\tmtdi.sys
2 tmxpflt - System32\drivers\TmXPFlt.sys
2 Tones - System32\DRIVERS\HSF_TONE.sys
3 usbccgp (Microsoft USB Generic Parent Driver) - System32\DRIVERS\usbccgp.sys
3 usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - System32\DRIVERS\usbehci.sys
3 usbprint (Microsoft USB PRINTER Class) - System32\DRIVERS\usbprint.sys
2 V124 - System32\DRIVERS\HSF_V124.sys
2 Vsapint - System32\drivers\VsapiNT.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

2 Client IP-IPX - "C:\WINDOWS\System32\svchosts.exe" -e mc-110-12-0000144
2 PcCtlCom (Trend Micro Central Control Component) - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
3 PcScnSrv (Trend Micro Protection Against Spyware ) - "C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe"
3 SCardDrv (Smart Card Helper) - %SystemRoot%\System32\SCardSvr.exe
2 Tmntsrv (Trend Micro Real-time Service) - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
2 TmPfw (Trend Micro Personal Firewall) - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
2 tmproxy (Trend Micro Proxy Service) - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
2 uploadmgr (Upload Manager) - %SystemRoot%\System32\svchost.exe -k netsvcs
2 WmdmPmSp (Portable Media Serial Number) - %SystemRoot%\System32\svchost.exe -k netsvcs


-- Files created between 2007-01-17 and 2007-02-17 ------------------------------

2007-02-17 19:42:39 0 d-------- C:\Program Files\HijackThis<HIJACK~1>
2007-02-17 19:30:06 0 d-------- C:\Program Files\Common Files\{1873997D-0702-1033-1002-020105290001}<{18739~1>
2007-02-17 19:28:40 0 d-------- C:\Program Files\Common Files\{3873997D-0702-1033-1002-020105290001}<{38739~1>
2007-02-17 19:28:38 2560 --a------ C:\WINDOWS\System32\unsvchosts.exe<UNSVCH~1.EXE><Unsigned: n/a>
2007-02-17 19:28:38 36864 --a------ C:\WINDOWS\System32\svchosts.exe<Unsigned: n/a>
2007-02-17 19:25:52 90437 --a------ C:\WINDOWS\System32\mc-110-12-0000144.exe<MC-110~1.EXE><Unsigned: n/a>
2007-02-17 19:03:32 13728 --a------ C:\WINDOWS\System32\setup_57320.exe<SETUP_~1.EXE><Unsigned: n/a>
2007-02-17 18:17:10 0 d-------- C:\WINDOWS\Prefetch
2007-02-17 18:13:24 0 d-------- C:\WINDOWS\ServicePackFiles<SERVIC~1>
2007-02-17 18:13:24 0 d-------- C:\WINDOWS\ehome
2007-02-17 18:13:23 450176 -----n--- C:\WINDOWS\System32\drivers\ati2mtag.sys<Signed: ATI Technologies Inc.>
2007-02-17 18:13:22 34735 -----n--- C:\WINDOWS\System32\drivers\atinxsxx.sys<Signed: ATI Technologies Inc.>
2007-02-17 18:13:22 29455 -----n--- C:\WINDOWS\System32\drivers\atinxbxx.sys<Signed: ATI Technologies Inc.>
2007-02-17 18:13:22 36463 -----n--- C:\WINDOWS\System32\drivers\atintuxx.sys<Signed: ATI Technologies Inc.>
2007-02-17 18:13:22 21343 -----n--- C:\WINDOWS\System32\drivers\atinttxx.sys<Signed: ATI Technologies Inc.>
2007-02-17 18:13:22 26367 -----n--- C:\WINDOWS\System32\drivers\atinsnxx.sys<Signed: ATI Technologies Inc.>
2007-02-17 18:13:22 63663 -----n--- C:\WINDOWS\System32\drivers\atinrvxx.sys<Signed: ATI Technologies Inc.>
2007-02-17 18:13:22 30671 -----n--- C:\WINDOWS\System32\drivers\atinraxx.sys<Signed: ATI Technologies Inc.>
2007-02-17 18:13:22 12047 -----n--- C:\WINDOWS\System32\drivers\atinpdxx.sys<Signed: ATI Technologies Inc.>
2007-02-17 18:13:22 11615 -----n--- C:\WINDOWS\System32\drivers\atinmdxx.sys<Signed: ATI Technologies Inc.>
2007-02-17 18:13:22 56591 -----n--- C:\WINDOWS\System32\drivers\atinbtxx.sys<Signed: ATI Technologies Inc.>
2007-02-17 18:13:21 921475 -----n--- C:\WINDOWS\System32\ati3d2ag.dll<Signed: ATI Technologies Inc. >
2007-02-17 18:13:21 844675 -----n--- C:\WINDOWS\System32\ati3d1ag.dll<Signed: ATI Technologies Inc. >
2007-02-17 18:13:21 202496 -----n--- C:\WINDOWS\System32\ati2dvag.dll<Signed: ATI Technologies Inc.>
2007-02-17 10:30:48 0 d-------- C:\WINDOWS\System32\ActiveScan<ACTIVE~1>
2007-02-17 10:21:56 1168 --a------ C:\WINDOWS\mozver.dat
2007-02-17 10:07:15 0 --a------ C:\WINDOWS\nsreg.dat
2007-02-17 1054 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>
2007-02-17 09:11:43 0 d-------- C:\WINDOWS\System32\NtmsData
2007-02-17 08:50:15 0 d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2007-02-17 08:49:55 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-02-16 23:44:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy<SPYBOT~1>
2007-02-16 23:13:18 0 d-------- C:\Program Files\SpywareGuard<SPYWAR~2>
2007-02-16 23:05:12 118784 --a------ C:\WINDOWS\System32\MSSTDFMT.DLL<Unsigned: Microsoft Corporation>
2007-02-16 23:05:12 0 d-------- C:\Program Files\SpywareBlaster<SPYWAR~1>
2007-02-16 22:49:13 0 d-------- C:\Documents and Settings\deborah stone\Application Data\Lavasoft
2007-02-16 22:49:08 0 d-------- C:\Program Files\Lavasoft
2007-02-16 22:48:48 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard<WISEIN~1>
2007-02-16 22:11:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage<WINDOW~1>
2007-02-16 21:54:44 0 d-------- C:\WINDOWS\System32\PreInstall<PREINS~1>
2007-02-16 21:54:40 0 d--h----- C:\WINDOWS\$hf_mig$
2007-02-16 21:53:53 0 d-------- C:\WINDOWS\System32\bits
2007-02-16 21:25:46 0 d-------- C:\WINDOWS\SoftwareDistribution<SOFTWA~1>
2007-02-16 21:10:21 101376 --a------ C:\WINDOWS\System32\drivers\tm_mbd_c.sys<Unsigned: Trend Micro Inc.>
2007-02-16 21:10:20 281600 --a------ C:\WINDOWS\System32\drivers\TM_CFW.sys<Signed: Trend Micro Inc.>
2007-02-16 21:09:53 0 d-------- C:\Program Files\Trend Micro<TRENDM~1>
2007-02-16 21:09:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro<TRENDM~1>
2007-02-16 2158 0 d-------- C:\Program Files\Sophos
2007-02-16 21:03:24 0 d---s---- C:\Documents and Settings\deborah stone\UserData
2007-02-16 20:57:30 0 d-------- C:\Documents and Settings\deborah stone\Application Data\EarthLink Toolbar<EARTHL~2>
2007-02-16 20:54:42 0 d-------- C:\Documents and Settings\deborah stone\Application Data\Earthlink<EARTHL~1>
2007-02-16 20:52:24 0 d-------- C:\Program Files\EarthLink TotalAccess<EARTHL~1>
2007-02-16 20:50:28 0 d-------- C:\Program Files\UIU
2007-02-16 20:38:29 0 d-------- C:\Program Files\Common Files\Hewlett-Packard<HEWLET~1>
2007-02-16 20:37:34 0 d-------- C:\Program Files\Hewlett-Packard<HEWLET~1>
2007-02-16 20:30:35 53248 --a------ C:\WINDOWS\System32\Prounstl.exe<Signed: Intel Corporation>
2007-02-16 20:30:35 23040 --a------ C:\WINDOWS\System32\IntelNic.dll<Signed: Intel Corporation>
2007-02-16 20:30:35 139776 --a------ C:\WINDOWS\System32\drivers\e100b325.sys<Signed: Intel Corporation>
2007-02-16 20:29:38 3744 --a------ C:\WINDOWS\System32\drivers\smsens.sys<Signed: Analog Devices, Inc.>
2007-02-16 20:29:38 4816 --a------ C:\WINDOWS\System32\drivers\aeaudio.sys<Signed: Andrea Electronics Corporation>
2007-02-16 20:29:37 45056 --a------ C:\WINDOWS\System32\DSndUp.exe<Unsigned: Analog Devices Inc.>
2007-02-16 20:29:37 545208 --a------ C:\WINDOWS\System32\drivers\smwdm.sys<Signed: Analog Devices, Inc.>
2007-02-16 20:29:37 45056 --a------ C:\WINDOWS\System32\CleanUp.exe<Unsigned: adi>
2007-02-16 20:29:37 720896 --a------ C:\WINDOWS\System32\a3d.dll<Signed: Sensaura Ltd>
2007-02-16 20:29:37 0 d-------- C:\Program Files\Analog Devices<ANALOG~1>
2007-02-16 20:28:58 4557 -----n--- C:\WINDOWS\System32\atiicdxx.sys<Unsigned: ATI Technologies Inc.>
2007-02-16 20:28:45 295168 --a------ C:\WINDOWS\System32\drivers\ati2mtaa.sys<Signed: ATI Technologies Inc.>
2007-02-16 20:28:45 1175642 --a------ C:\WINDOWS\System32\atioglaa.dll<Signed: ATI Technologies Inc.>
2007-02-16 20:28:45 98304 --a------ C:\WINDOWS\System32\atiiprxx.exe<Signed: ATI Technologies Inc.>
2007-02-16 20:28:45 229376 --a------ C:\WINDOWS\System32\atiiiexx.dll<Signed: ATI Technologies Inc.>
2007-02-16 20:28:45 102400 --a------ C:\WINDOWS\System32\Atiidtxx.dll<Signed: ATI Technologies Inc.>
2007-02-16 20:28:45 45056 --a------ C:\WINDOWS\System32\atiicpxx.dll<Signed: ATI Technologies Inc.>
2007-02-16 20:28:45 327774 --a------ C:\WINDOWS\System32\atiicdxx.dll<Signed: ATI Technologies Inc.>
2007-02-16 20:28:45 40960 --a------ C:\WINDOWS\System32\Ati2mdxx.exe<Signed: ATI Technologies, Inc.>
2007-02-16 20:28:45 318080 --a------ C:\WINDOWS\System32\ati2dvaa.dll<Signed: ATI Technologies Inc.>
2007-02-16 20:27:48 0 d--hs---- C:\RECYCLER
2007-02-16 20:25:17 0 d-------- C:\Program Files\Intel
2007-02-16 20:24:57 0 d-------- C:\WINDOWS\System32\ReinstallBackups<REINST~1>
2007-02-16 20:23:43 176128 --a------ C:\WINDOWS\System32\RcdScan.dll<Unsigned: Dell Computer Corporation>
2007-02-16 20:23:43 446464 -ra------ C:\WINDOWS\System32\hhactivex.dll<HHACTI~1.DLL><Unsigned: Blue Sky Software Corporation.>
2007-02-16 20:23:41 89360 --a------ C:\WINDOWS\System32\VB5DB.DLL<Unsigned: Microsoft Corporation>
2007-02-16 20:23:40 13632 -----n--- C:\WINDOWS\System32\drivers\omci.sys<Unsigned: Dell Computer Corporation>
2007-02-16 20:23:40 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-02-16 20:23:34 0 d-------- C:\Program Files\Common Files\InstallShield<INSTAL~1>
2007-02-16 20:22:13 0 d--hs---- C:\WINDOWS\Installer<INSTAL~1>
2007-02-16 20:21:57 1310720 --ah----- C:\Documents and Settings\deborah stone\NTUSER.DAT
2007-02-16 20:20:57 0 d--hs---- C:\System Volume Information<SYSTEM~1>
2007-02-16 20:20:56 229376 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2007-02-16 20:20:55 229376 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2007-02-16 20:18:12 0 d-------- C:\WINDOWS\System32\xircom
2007-02-16 20:18:12 0 d-------- C:\Program Files\microsoft frontpage<MICROS~1>
2007-02-16 20:18:09 229376 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2007-02-16 20:18:09 0 d-------- C:\DELL
2007-02-16 20:18:00 0 -rahs---- C:\MSDOS.SYS<Unsigned: n/a>
2007-02-16 20:18:00 0 -rahs---- C:\IO.SYS<Unsigned: n/a>
2007-02-16 20:18:00 0 --a------ C:\CONFIG.SYS<Unsigned: n/a>
2007-02-16 20:18:00 0 --a------ C:\AUTOEXEC.BAT
2007-02-16 20:17:07 0 d--hs---- C:\Documents and Settings\All Users\DRM
2007-02-16 20:16:58 0 dr------- C:\WINDOWS\Offline Web Pages<OFFLIN~1>
2007-02-16 20:16:58 0 d---s---- C:\WINDOWS\Downloaded Program Files<DOWNLO~1>
2007-02-16 20:16:30 0 d-------- C:\WINDOWS\System32\DirectX
2007-02-16 20:15:55 28672 --a------ C:\WINDOWS\System32\isrdbg32.dll<Signed: Intel Corporation>
2007-02-16 20:15:49 0 d---s---- C:\WINDOWS\Tasks
2007-02-16 20:15:46 0 d-------- C:\Program Files\Common Files\MSSoap
2007-02-16 20:15:42 0 d-------- C:\WINDOWS\System32\Macromed
2007-02-16 20:15:42 0 d-------- C:\WINDOWS\srchasst
2007-02-16 20:15:40 0 d-------- C:\Program Files\Movie Maker<MOVIEM~1>
2007-02-16 20:15:37 0 d-------- C:\WINDOWS\PCHealth
2007-02-16 20:15:36 0 d-------- C:\WINDOWS\System32\Restore
2007-02-16 20:15:22 21640 --a------ C:\WINDOWS\System32\emptyregdb.dat<EMPTYR~1.DAT>
2007-02-16 20:15:06 0 d-------- C:\WINDOWS\Registration<REGIST~1>
2007-02-16 20:14:37 0 d--h----- C:\Program Files\WindowsUpdate<WINDOW~3>
2007-02-16 20:14:37 0 d-------- C:\Program Files\Online Services<ONLINE~1>
2007-02-16 20:14:31 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-02-16 20:14:27 0 d-------- C:\Program Files\MSN Gaming Zone<MSNGAM~1>
2007-02-16 20:14:20 489984 --a------ C:\WINDOWS\System32\hypertrm.dll<Signed: Hilgraeve, Inc.>
2007-02-16 20:14:20 44544 --a------ C:\WINDOWS\System32\hticons.dll<Signed: Hilgraeve, Inc.>
2007-02-16 20:14:10 1161 --a------ C:\WINDOWS\System32\usrlogon.cmd
2007-02-16 20:13:57 0 d-------- C:\Program Files\Windows NT<WINDOW~1>
2007-02-16 20:13:54 0 d-------- C:\WINDOWS\System32\MsDtc
2007-02-16 20:13:54 0 d-------- C:\WINDOWS\System32\Com
2007-02-16 15:09:27 9759 --a------ C:\WINDOWS\System32\HSF_INST.dll<Signed: Conexant>
2007-02-16 15:09:27 488383 --a------ C:\WINDOWS\System32\drivers\HSF_V124.sys<Signed: Conexant>
2007-02-16 15:09:27 50751 --a------ C:\WINDOWS\System32\drivers\HSF_TONE.sys<Signed: Conexant>
2007-02-16 15:09:27 73279 --a------ C:\WINDOWS\System32\drivers\HSF_SPKP.sys<Signed: Conexant>
2007-02-16 15:09:27 44863 --a------ C:\WINDOWS\System32\drivers\HSF_SOAR.sys<Signed: Conexant>
2007-02-16 15:09:27 57471 --a------ C:\WINDOWS\System32\drivers\HSF_SAMP.sys<Signed: Conexant>
2007-02-16 15:09:27 542879 --a------ C:\WINDOWS\System32\drivers\HSF_MSFT.sys<Signed: Conexant>
2007-02-16 15:09:27 391199 --a------ C:\WINDOWS\System32\drivers\HSF_K56K.sys<Signed: Conexant>
2007-02-16 15:09:27 115807 --a------ C:\WINDOWS\System32\drivers\HSF_FSKS.sys<Signed: Conexant>
2007-02-16 15:09:27 199711 --a------ C:\WINDOWS\System32\drivers\HSF_FAXX.sys<Signed: Conexant>
2007-02-16 15:09:27 289887 --a------ C:\WINDOWS\System32\drivers\HSF_FALL.sys<Signed: Conexant>
2007-02-16 15:09:27 67167 --a------ C:\WINDOWS\System32\drivers\HSF_BSC2.sys<Signed: Conexant>
2007-02-16 15:09:27 150239 --a------ C:\WINDOWS\System32\drivers\HSF_AMOS.sys<Signed: Conexant>
2007-02-16 15:08:13 0 d-------- C:\Program Files\Common Files\ODBC
2007-02-16 15:08:10 0 dr------- C:\Program Files<PROGRA~1>
2007-02-16 15:08:10 0 d-------- C:\Program Files\Common Files\SpeechEngines<SPEECH~1>
2007-02-16 15:07:59 24661 --a------ C:\WINDOWS\System32\spxcoins.dll<Signed: Perle Systems Ltd.>
2007-02-16 15:07:59 103424 --a------ C:\WINDOWS\System32\EqnClass.Dll<Signed: Equinox Systems Inc.>
2007-02-16 15:07:59 85020 --a------ C:\WINDOWS\System32\dgsetup.dll<Signed: Digi International>
2007-02-16 15:07:59 176157 --a------ C:\WINDOWS\System32\dgrpsetu.dll<Signed: Digi International, Inc.>
2007-02-16 15:07:49 0 dr------- C:\Documents and Settings\All Users\Documents<DOCUME~1>
2007-02-16 15:07:36 0 d-------- C:\WINDOWS\System32\CatRoot2
2007-02-16 15:07:36 0 d-------- C:\WINDOWS\System32\CatRoot
2007-02-16 15:07:15 0 d-------- C:\Documents and Settings<DOCUME~1>
2007-02-16 15:03:03 0 d-------- C:\WINDOWS
2007-02-16 15:03:03 0 d-------- C:\WINDOWS\WinSxS
2007-02-16 15:03:03 0 dr------- C:\WINDOWS\Web
2007-02-16 15:03:03 0 d-------- C:\WINDOWS\twain_32
2007-02-16 15:03:03 0 d-------- C:\WINDOWS\system32
2007-02-16 15:03:03 0 d-------- C:\WINDOWS\System32\wins
2007-02-16 15:03:03 0 d-------- C:\WINDOWS\System32\wbem
2007-02-16 15:03:03 0 d-------- C:\WINDOWS\System32\usmt
2007-02-16 15:03:03 0 d-------- C:\WINDOWS\System32\spool
2007-02-16 15:03:03 0 d-------- C:\WINDOWS\System32\ShellExt
2007-02-16 15:03:03 0 d-------- C:\WINDOWS\System32\Setup
2007-02-16 15:03:03 0 d-------- C:\WINDOWS\System32\ras
2007-02-16 15:03:03 0 d-------- C:\WINDOWS\System32\oobe
2007-02-16 15:03:03 0 d-------- C:\WINDOWS\System32\npp
2007-02-16 15:03:03 0 d-------- C:\WINDOWS\System32\mui
2007-02-16 15:03:03 0 d-------- C:\WINDOWS\System32\inetsrv
2007-02-16 15:03:03 0 d-------- C:\WINDOWS\System32\IME
2007-02-16 15:03:03 0 d-------- C:\WINDOWS\System32\icsxml
2007-02-16 15:03:03 0 d-------- C:\WINDOWS\System32\ias
2007-02-16 15:03:03 0 d-------- C:\WINDOWS\System32\export
2007-02-16 15:03:03 0 d-------- C:\WINDOWS\System32\drivers
2007-02-16 15:03:03 0 d-------- C:\WINDOWS\System32\drivers\etc
2007-02-16 15:03:03 0 d-------- C:\WINDOWS\System32\drivers\disdn
2007-02-16 15:03:03 0 dr-hs--c- C:\WINDOWS\System32\dllcache
2007-02-16 15:03:03 0 d-------- C:\WINDOWS\System32\dhcp
2007-02-16 15:03:03 0 d-------- C:\WINDOWS\System32\config
2007-02-16 15:03:03 0 d-------- C:\WINDOWS\System32\3com_dmi
2007-02-16 15:03:03 0 d-------- C:\WINDOWS\System32\3076
2007-02-16 15:03:03 0 d-------- C:\WINDOWS\System32\2052
2007-02-16 15:03:03 0 d-------- C:\WINDOWS\System32\1054
2007-02-16 15:03:03 0 d-------- C:\WINDOWS\System32\1042
2007-02-16 15:03:03 0 d-------- C:\WINDOWS\System32\1041
2007-02-16 15:03:03 0 d-------- C:\WINDOWS\System32\1037
2007-02-16 15:03:03 0 d-------- C:\WINDOWS\System32\1033
2007-02-16 15:03:03 0 d-------- C:\WINDOWS\System32\1031
2007-02-16 15:03:03 0 d-------- C:\WINDOWS\System32\1028
2007-02-16 15:03:03 0 d-------- C:\WINDOWS\System32\1025
2007-02-16 15:03:03 0 d-------- C:\WINDOWS\system
2007-02-16 15:03:03 0 d-------- C:\WINDOWS\security
2007-02-16 15:03:03 0 d-------- C:\WINDOWS\Resources<RESOUR~1>
2007-02-16 15:03:03 0 d-------- C:\WINDOWS\repair
2007-02-16 15:03:03 0 d-------- C:\WINDOWS\mui
2007-02-16 15:03:03 0 d-------- C:\WINDOWS\msapps
2007-02-16 15:03:03 0 d-------- C:\WINDOWS\msagent
2007-02-16 15:03:03 0 d-------- C:\WINDOWS\Media
2007-02-16 15:03:03 0 d-------- C:\WINDOWS\java
2007-02-16 15:03:03 0 d--h----- C:\WINDOWS\inf
2007-02-16 15:03:03 0 d-------- C:\WINDOWS\ime
2007-02-16 15:03:03 0 d-------- C:\WINDOWS\Help
2007-02-16 15:03:03 0 dr--s---- C:\WINDOWS\Fonts
2007-02-16 15:03:03 0 d-------- C:\WINDOWS\Driver Cache<DRIVER~1>
2007-02-16 15:03:03 0 d-------- C:\WINDOWS\Debug
2007-02-16 15:03:03 0 d-------- C:\WINDOWS\Cursors
2007-02-16 15:03:03 0 d-------- C:\WINDOWS\Connection Wizard<CONNEC~1>
2007-02-16 15:03:03 0 d-------- C:\WINDOWS\Config
2007-02-16 15:03:03 0 d-------- C:\WINDOWS\AppPatch
2007-02-16 15:03:03 0 d-------- C:\WINDOWS\addins


-- Find3M Report ----------------------------------------------------------------

2007-02-17 10:22:59 0 d-------- C:\Documents and Settings\deborah stone\Application Data\Macromedia<MACROM~1>
2007-02-17 10:07:05 0 d-------- C:\Documents and Settings\deborah stone\Application Data\Mozilla
2007-02-16 22:19:07 0 d---s---- C:\Documents and Settings\deborah stone\Application Data\Microsoft<MICROS~1>
2007-02-16 20:22:10 0 d-------- C:\Documents and Settings\deborah stone\Application Data\Identities<IDENTI~1>
2007-02-16 15:07:49 62 --ahs---- C:\Documents and Settings\deborah stone\Application Data\desktop.ini


-- Registry Dump ----------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"SpySweeper"=""
"OE"="\"C:\\Program Files\\Trend Micro\\Internet Security 2007\\TMAS_OE\\TMAS_OEMon.exe\""
"E6TaskPanel"="\"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe\" -winstart"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"pccguide.exe"="\"C:\\Program Files\\Trend Micro\\Internet Security 2007\\pccguide.exe\""
"Local Security Authority Service"="C:\\WINDOWS\\System32\\lssas.exe"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"{1873997D-0702-1033-1002-020105290001}"="\"C:\\Program Files\\Common Files\\{1873997D-0702-1033-1002-020105290001}\\Update.exe\" mc-110-12-0000144"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\Run]
"{1873997D-0702-1033-1002-020105290001}"="\"C:\\Program Files\\Common Files\\{1873997D-0702-1033-1002-020105290001}\\Update.exe\" mc-110-12-0000144"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\Run]
"{1873997D-0702-1033-1002-020105290001}"="\"C:\\Program Files\\Common Files\\{1873997D-0702-1033-1002-020105290001}\\Update.exe\" mc-110-12-0000144"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_CLIENT_IP-IPX


-- End of ComboScan: finished at 2007-02-17 at 19:45:14 -------------------------
ComboScan v20070212.14 run by deborah stone on 2007-02-17 at 19:42:31
Supplementary logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information -----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 1.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 1.80GHz
Percentage of Memory in Use: 51%
Physical Memory (total/avail): 511 MiB / 250.25 MiB
Pagefile Memory (total/avail): 1250.19 MiB / 1037.05 MiB
Virtual Memory (total/avail): 2047.88 MiB / 2006.11 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 55.84 GiB total, 52.01 GiB free.
D: is CDROM (No Media)


-- Security Center --------------------------------------------------------------

AUOptions is not configured.
Windows Internal Firewall is unknown.

-- Environment Variables --------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\deborah stone\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=GALAXY
ComSpec=C:\WINDOWS\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\deborah stone
LOGONSERVER=\\GALAXY
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0207
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\DEBORA~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\DEBORA~1\LOCALS~1\Temp
USERDOMAIN=GALAXY
USERNAME=deborah stone
USERPROFILE=C:\Documents and Settings\deborah stone
windir=C:\WINDOWS


-- User Profiles ----------------------------------------------------------------

deborah stone (admin)
Administrator (admin)


-- Add/Remove Programs ----------------------------------------------------------

--> MsiExec.exe /I{95D9B4D8-B091-4fab-80EA-313EB4B82FD6}
--> MsiExec.exe /I{EB997E90-5EB0-4eb5-90D0-90B1D2F0CA03}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> MsiExec.exe /X{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747}
ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Bar888 --> C:\Program Files\Common Files\{3873997D-0702-1033-1002-020105290001}\UnInstall.exe
Dell ResourceCD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
EarthLink Software --> "C:\Program Files\EarthLink TotalAccess\uninstll.exe" /W
Intel(R) PRO Ethernet Adapter and Software --> Prounstl.exe
Lavasoft VX2 Cleaner --> C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\INSTALL.LOG
Mozilla Firefox (2.0.0.1) --> C:\Program Files\Mozilla Firefox\uninstall\uninst.exe
Panda ActiveScan --> C:\WINDOWS\System32\ASUninst.exe Panda ActiveScan
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe"
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
SpywareGuard v2.2 --> "C:\Program Files\SpywareGuard\unins000.exe"
Trend Micro PC-cillin Internet Security 2007 --> msiexec.exe /i {BB4B6355-D38A-492C-873B-A1B2CF6C3832}
Trend Micro PC-cillin Internet Security 2007 --> MsiExec.exe /X{BB4B6355-D38A-492C-873B-A1B2CF6C3832}


-- End of ComboScan: finished at 2007-02-17 at 19:45:14

-------------------------
Hope you can help me fix this bug. thanks. db
dbstone is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here