Hello All,
This is a repost to my post on March 6th. Any help would be greatly appreciated.
It seems I have the a.doginhispen, b.skitodayplease malware. It shows in my history and periodically as a tab in IE 7. IE 7 sometimes shuts down without warning.
I followed the 5 steps but could not get the panda scan to work. I hope this gives enough. Thank you in advance for your help
Deckard's System Scanner v20071014.68
Run by Scott on 2008-03-06 20:51:12
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
System Restore is disabled; attempting to re-enable...success.
-- Last 1 Restore Point(s) --
1: 2008-03-07 03:51:14 UTC - RP1 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-03-06 20:54:09
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Lexmark 9300 Series\lxcqmon.exe
C:\Program Files\Lexmark 9300 Series\ezprint.exe
C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\lxcqcoms.exe
C:\Program Files\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
C:\Program Files\McAfee\VirusScan\Mcshield.exe
C:\Program Files\M-Audio\MobilePre\Install\MPInst.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\VirusScan\mcsysmon.exe
C:\Documents and Settings\Scott\Desktop\dss.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\McAfee\MPF\MC\MpfAlert.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: (no name) - {3C7195F6-D788-4D50-BA72-2EE212EDAC78} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O3 - Toolbar: (no name) - {2C0A5F28-48D8-408B-9172-9C6121025BCE} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\bak\isuspm.exe" -startup
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [lxcqmon.exe] "C:\Program Files\Lexmark 9300 Series\lxcqmon.exe"
O4 - HKLM\..\Run: [Lexmark 9300 Series Fax Server] "C:\Program Files\Lexmark 9300 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 9300 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCQCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCQtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {03A0F84E-3E69-4B3E-B4D3-019CB73B57B3} () - http://www3.authentium.com/cssrelease/bin/WizMain.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} (CNavigationManager Object) - http://www3.authentium.com/cssrelease/bin/wizard.exe
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/downlo...22/wmv9VCM.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/re...s/MSNPUpld.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.maricopa.gov/assessor/gis...n/mgaxctrl.cab
O16 - DPF: {62CEC9E0-3811-4C36-A94E-4F7565DCD23F} (DDSC Class) - http://phnet/InsidePulte/Portal/resources/msddsc.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} () - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {819EDD4C-7EB6-4D97-B831-D68B57E7D3ED} (Wyncs Control) - https://www.thewiseagent.com/Wyncs.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get.../ultrashim.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/sof...iveXPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://avidratings.webex.com/client...ex/ieatgpc.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/...l/gtdownde.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O23 - Service: McAfee Application Installer Cleanup (0249851204221239) (0249851204221239mcinstcleanup) - Unknown owner - C:\DOCUME~1\Scott\LOCALS~1\Temp\024985~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: lxcq_device - Unknown owner - C:\WINDOWS\system32\lxcqcoms.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\Mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcsysmon.exe
O23 - Service: MobilePre Installer (MobilePreInstallerService) - M-Audio - C:\Program Files\M-Audio\MobilePre\Install\MPInst.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MpfSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
--
End of file - 14560 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R2 dsunidrv (DellSupport UniDriver) - c:\windows\system32\drivers\dsunidrv.sys <Not Verified; Gteko Ltd.; Gteko Diagnostics>
S3 DSPROCT - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
S3 ma763004 (M-Audio MobilePre USB) - c:\windows\system32\drivers\ma763004.sys <Not Verified; M-Audio; M-Audio MobilePre Driver>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)
S3 YMIDUSB (YAMAHA Corporation USB MIDI Driver) - c:\windows\system32\drivers\ymidusb.sys <Not Verified; YAMAHA CORPORATION; YAMAHA USB-MIDI Driver>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >
R2 MobilePreInstallerService (MobilePre Installer) - c:\program files\m-audio\mobilepre\install\mpinst.exe <Not Verified; M-Audio; MobilePre Installer Service>
S2 0249851204221239mcinstcleanup (McAfee Application Installer Cleanup (0249851204221239)) - c:\docume~1\scott\locals~1\temp\024985~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service (file missing)
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2008-03-06 20:46:21 448 --a------ C:\WINDOWS\Tasks\XoftSpySE 2.job
2008-03-03 09:34:49 362 --a------ C:\WINDOWS\Tasks\XoftSpySE.job
2008-02-28 10:53:48 340 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2008-02-28 10:53:47 332 --a------ C:\WINDOWS\Tasks\McQcTask.job
2008-02-23 21:59:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
-- Files created between 2008-02-06 and 2008-03-06 -----------------------------
2008-03-04 13:33:30 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-03-03 09:34:47 0 d-------- C:\Program Files\XoftSpySE
2008-03-01 14:58:30 0 d-------- C:\Documents and Settings\Scott\Contacts
2008-03-01 14:57:36 0 d-------- C:\Program Files\MSN Messenger
2008-02-29 15:22:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Logishrd
2008-02-29 15:22:23 0 d-------- C:\Program Files\Common Files\LogiShrd
2008-02-29 15:22:15 0 d-------- C:\Program Files\Logitech
2008-02-29 15:22:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-02-29 15:01:19 0 d-------- C:\Program Files\Lavasoft
2008-02-29 15:01:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-29 15:00:49 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-29 07:52:59 0 d-------- C:\Program Files\WinBudget
2008-02-28 11:00:15 0 d-------- C:\Documents and Settings\Scott\Application Data\pdf995
2008-02-28 10:55:58 143360 --a------ C:\WINDOWS\system32\dunzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading UnZIP DLL>
2008-02-28 10:53:31 0 d-------- C:\Program Files\McAfee.com
2008-02-28 10:53:26 0 d-------- C:\Program Files\Common Files\McAfee
2008-02-07 1652 0 d-------- C:\aiofw
-- Find3M Report ---------------------------------------------------------------
2008-03-06 20:47:51 0 d-------- C:\Program Files\Lx_cats
2008-03-06 12:54:35 0 d-------- C:\Documents and Settings\Scott\Application Data\ZoomBrowser EX
2008-03-05 12:00:53 32074 --a------ C:\WINDOWS\system32\NEWSOFT
2008-02-29 15:22:23 0 d-------- C:\Program Files\Common Files
2008-02-29 12:59:10 0 d-------- C:\Documents and Settings\Scott\Application Data\webex
2008-02-28 10:55:54 0 d-------- C:\Program Files\McAfee
2008-02-28 10:46:30 0 d--h----- C:\Program Files\Common Files\Authentium Shared
2008-02-28 09:04:20 249856 --a------ C:\WINDOWS\system32\pdfmona.dll <Not Verified; TODO: <Company name>; TODO: <Product name>>
2008-02-28 09:04:19 51716 --a------ C:\WINDOWS\system32\pdf995mon.dll
2008-02-28 09:04:17 0 d-------- C:\Program Files\PDF995
2008-02-26 11:11:21 0 d-------- C:\Program Files\iTunes
2008-02-26 11:11:20 0 d-------- C:\Program Files\QuickTime
2008-02-26 11:11:20 0 d-------- C:\Program Files\Lexmark 9300 Series
2008-02-26 11:09:18 14348 --a------ C:\WINDOWS\system32\M-AudioTaskBarIcon.exe
2008-02-24 07:15:32 0 d-------- C:\Program Files\iPod
2008-02-04 19:50:15 0 d-------- C:\Program Files\Messenger
2008-02-04 16:35:02 0 d-------- C:\Program Files\DeductionPro 2007
2008-02-04 11:59:02 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-04 11:56:52 0 d-------- C:\Program Files\TaxCut06
2008-02-04 11:56:47 0 d-------- C:\Documents and Settings\Scott\Application Data\TaxCut
2008-02-04 11:56:42 0 d-------- C:\Program Files\TaxCut07
2008-01-10 08:28:52 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-01-09 11:19:49 96288 -----n--- C:\Documents and Settings\Scott\Application Data\GDIPFONTCACHEV1.DAT
2008-01-08 09:01:10 0 d-------- C:\Documents and Settings\Scott\Application Data\NewSoft
2008-01-07 20:20:16 0 d-------- C:\Program Files\Creative
2008-01-07 20:03:22 0 d-------- C:\Program Files\FreeRIP3
2008-01-07 19:49:48 0 d-------- C:\Documents and Settings\Scott\Application Data\Winamp
2008-01-07 19:49:46 0 d-------- C:\Program Files\Winamp
2008-01-06 08:51:49 0 d-------- C:\Program Files\Safari
2007-12-21 16:24:43 36764 --ah----- C:\WINDOWS\system32\mlfcache.dat
2007-12-17 18:10:35 13020 -----n--- C:\Documents and Settings\Scott\Application Data\Comma Separated Values (DOS).CAL
2007-12-16 20:05:46 13023 -----n--- C:\Documents and Settings\Scott\Application Data\Comma Separated Values (Windows).CAL
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [02/26/2008 11:09 AM]
"SigmatelSysTrayApp"="stsystra.exe" [03/22/2005 11:20 PM C:\WINDOWS\stsystra.exe]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [02/26/2008 11:09 AM]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\bak\isuspm.exe" [06/10/2005 09:44 AM]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [02/26/2008 11:09 AM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [02/26/2008 11:09 AM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [02/26/2008 11:09 AM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [02/26/2008 11:09 AM]
"M-Audio Taskbar Icon"="C:\WINDOWS\System32\M-AudioTaskBarIcon.exe" [02/26/2008 11:09 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [02/26/2008 11:09 AM]
"lxcqmon.exe"="C:\Program Files\Lexmark 9300 Series\lxcqmon.exe" [01/11/2007 01:57 PM]
"Lexmark 9300 Series Fax Server"="C:\Program Files\Lexmark 9300 Series\fm3032.exe" [02/26/2008 11:09 AM]
"EzPrint"="C:\Program Files\Lexmark 9300 Series\ezprint.exe" [12/05/2006 09:35 AM]
"LXCQCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCQtime.dll" [11/21/2006 12:27 PM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [02/26/2008 11:09 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/26/2008 11:09 AM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [08/03/2007 10:33 PM]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [10/25/2007 04:37 PM]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [10/25/2007 04:33 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 04:00 AM]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [01/19/2007 12:54 PM]
C:\Documents and Settings\Scott\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 8:16:50 PM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [12/12/2005 5:39:19 PM]
dlbcserv.lnk - C:\Program Files\Dell Photo Printer 720\dlbcserv.exe [12/26/2005 12:17:12 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\DellSupport\DSAgnt.exe" /startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CurtainsSysSvc"=2 (0x2)
"AuthSysSvc"=3 (0x3)
This is a repost to my post on March 6th. Any help would be greatly appreciated.
It seems I have the a.doginhispen, b.skitodayplease malware. It shows in my history and periodically as a tab in IE 7. IE 7 sometimes shuts down without warning.
I followed the 5 steps but could not get the panda scan to work. I hope this gives enough. Thank you in advance for your help
Deckard's System Scanner v20071014.68
Run by Scott on 2008-03-06 20:51:12
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
System Restore is disabled; attempting to re-enable...success.
-- Last 1 Restore Point(s) --
1: 2008-03-07 03:51:14 UTC - RP1 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-03-06 20:54:09
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Lexmark 9300 Series\lxcqmon.exe
C:\Program Files\Lexmark 9300 Series\ezprint.exe
C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\lxcqcoms.exe
C:\Program Files\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
C:\Program Files\McAfee\VirusScan\Mcshield.exe
C:\Program Files\M-Audio\MobilePre\Install\MPInst.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\VirusScan\mcsysmon.exe
C:\Documents and Settings\Scott\Desktop\dss.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\McAfee\MPF\MC\MpfAlert.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: (no name) - {3C7195F6-D788-4D50-BA72-2EE212EDAC78} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O3 - Toolbar: (no name) - {2C0A5F28-48D8-408B-9172-9C6121025BCE} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\bak\isuspm.exe" -startup
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [lxcqmon.exe] "C:\Program Files\Lexmark 9300 Series\lxcqmon.exe"
O4 - HKLM\..\Run: [Lexmark 9300 Series Fax Server] "C:\Program Files\Lexmark 9300 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 9300 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCQCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCQtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {03A0F84E-3E69-4B3E-B4D3-019CB73B57B3} () - http://www3.authentium.com/cssrelease/bin/WizMain.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} (CNavigationManager Object) - http://www3.authentium.com/cssrelease/bin/wizard.exe
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/downlo...22/wmv9VCM.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/re...s/MSNPUpld.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.maricopa.gov/assessor/gis...n/mgaxctrl.cab
O16 - DPF: {62CEC9E0-3811-4C36-A94E-4F7565DCD23F} (DDSC Class) - http://phnet/InsidePulte/Portal/resources/msddsc.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} () - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {819EDD4C-7EB6-4D97-B831-D68B57E7D3ED} (Wyncs Control) - https://www.thewiseagent.com/Wyncs.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get.../ultrashim.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/sof...iveXPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://avidratings.webex.com/client...ex/ieatgpc.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/...l/gtdownde.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O23 - Service: McAfee Application Installer Cleanup (0249851204221239) (0249851204221239mcinstcleanup) - Unknown owner - C:\DOCUME~1\Scott\LOCALS~1\Temp\024985~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: lxcq_device - Unknown owner - C:\WINDOWS\system32\lxcqcoms.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\Mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcsysmon.exe
O23 - Service: MobilePre Installer (MobilePreInstallerService) - M-Audio - C:\Program Files\M-Audio\MobilePre\Install\MPInst.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MpfSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
--
End of file - 14560 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R2 dsunidrv (DellSupport UniDriver) - c:\windows\system32\drivers\dsunidrv.sys <Not Verified; Gteko Ltd.; Gteko Diagnostics>
S3 DSPROCT - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
S3 ma763004 (M-Audio MobilePre USB) - c:\windows\system32\drivers\ma763004.sys <Not Verified; M-Audio; M-Audio MobilePre Driver>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)
S3 YMIDUSB (YAMAHA Corporation USB MIDI Driver) - c:\windows\system32\drivers\ymidusb.sys <Not Verified; YAMAHA CORPORATION; YAMAHA USB-MIDI Driver>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >
R2 MobilePreInstallerService (MobilePre Installer) - c:\program files\m-audio\mobilepre\install\mpinst.exe <Not Verified; M-Audio; MobilePre Installer Service>
S2 0249851204221239mcinstcleanup (McAfee Application Installer Cleanup (0249851204221239)) - c:\docume~1\scott\locals~1\temp\024985~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service (file missing)
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2008-03-06 20:46:21 448 --a------ C:\WINDOWS\Tasks\XoftSpySE 2.job
2008-03-03 09:34:49 362 --a------ C:\WINDOWS\Tasks\XoftSpySE.job
2008-02-28 10:53:48 340 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2008-02-28 10:53:47 332 --a------ C:\WINDOWS\Tasks\McQcTask.job
2008-02-23 21:59:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
-- Files created between 2008-02-06 and 2008-03-06 -----------------------------
2008-03-04 13:33:30 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-03-03 09:34:47 0 d-------- C:\Program Files\XoftSpySE
2008-03-01 14:58:30 0 d-------- C:\Documents and Settings\Scott\Contacts
2008-03-01 14:57:36 0 d-------- C:\Program Files\MSN Messenger
2008-02-29 15:22:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Logishrd
2008-02-29 15:22:23 0 d-------- C:\Program Files\Common Files\LogiShrd
2008-02-29 15:22:15 0 d-------- C:\Program Files\Logitech
2008-02-29 15:22:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-02-29 15:01:19 0 d-------- C:\Program Files\Lavasoft
2008-02-29 15:01:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-29 15:00:49 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-29 07:52:59 0 d-------- C:\Program Files\WinBudget
2008-02-28 11:00:15 0 d-------- C:\Documents and Settings\Scott\Application Data\pdf995
2008-02-28 10:55:58 143360 --a------ C:\WINDOWS\system32\dunzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading UnZIP DLL>
2008-02-28 10:53:31 0 d-------- C:\Program Files\McAfee.com
2008-02-28 10:53:26 0 d-------- C:\Program Files\Common Files\McAfee
2008-02-07 1652 0 d-------- C:\aiofw
-- Find3M Report ---------------------------------------------------------------
2008-03-06 20:47:51 0 d-------- C:\Program Files\Lx_cats
2008-03-06 12:54:35 0 d-------- C:\Documents and Settings\Scott\Application Data\ZoomBrowser EX
2008-03-05 12:00:53 32074 --a------ C:\WINDOWS\system32\NEWSOFT
2008-02-29 15:22:23 0 d-------- C:\Program Files\Common Files
2008-02-29 12:59:10 0 d-------- C:\Documents and Settings\Scott\Application Data\webex
2008-02-28 10:55:54 0 d-------- C:\Program Files\McAfee
2008-02-28 10:46:30 0 d--h----- C:\Program Files\Common Files\Authentium Shared
2008-02-28 09:04:20 249856 --a------ C:\WINDOWS\system32\pdfmona.dll <Not Verified; TODO: <Company name>; TODO: <Product name>>
2008-02-28 09:04:19 51716 --a------ C:\WINDOWS\system32\pdf995mon.dll
2008-02-28 09:04:17 0 d-------- C:\Program Files\PDF995
2008-02-26 11:11:21 0 d-------- C:\Program Files\iTunes
2008-02-26 11:11:20 0 d-------- C:\Program Files\QuickTime
2008-02-26 11:11:20 0 d-------- C:\Program Files\Lexmark 9300 Series
2008-02-26 11:09:18 14348 --a------ C:\WINDOWS\system32\M-AudioTaskBarIcon.exe
2008-02-24 07:15:32 0 d-------- C:\Program Files\iPod
2008-02-04 19:50:15 0 d-------- C:\Program Files\Messenger
2008-02-04 16:35:02 0 d-------- C:\Program Files\DeductionPro 2007
2008-02-04 11:59:02 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-04 11:56:52 0 d-------- C:\Program Files\TaxCut06
2008-02-04 11:56:47 0 d-------- C:\Documents and Settings\Scott\Application Data\TaxCut
2008-02-04 11:56:42 0 d-------- C:\Program Files\TaxCut07
2008-01-10 08:28:52 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-01-09 11:19:49 96288 -----n--- C:\Documents and Settings\Scott\Application Data\GDIPFONTCACHEV1.DAT
2008-01-08 09:01:10 0 d-------- C:\Documents and Settings\Scott\Application Data\NewSoft
2008-01-07 20:20:16 0 d-------- C:\Program Files\Creative
2008-01-07 20:03:22 0 d-------- C:\Program Files\FreeRIP3
2008-01-07 19:49:48 0 d-------- C:\Documents and Settings\Scott\Application Data\Winamp
2008-01-07 19:49:46 0 d-------- C:\Program Files\Winamp
2008-01-06 08:51:49 0 d-------- C:\Program Files\Safari
2007-12-21 16:24:43 36764 --ah----- C:\WINDOWS\system32\mlfcache.dat
2007-12-17 18:10:35 13020 -----n--- C:\Documents and Settings\Scott\Application Data\Comma Separated Values (DOS).CAL
2007-12-16 20:05:46 13023 -----n--- C:\Documents and Settings\Scott\Application Data\Comma Separated Values (Windows).CAL
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [02/26/2008 11:09 AM]
"SigmatelSysTrayApp"="stsystra.exe" [03/22/2005 11:20 PM C:\WINDOWS\stsystra.exe]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [02/26/2008 11:09 AM]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\bak\isuspm.exe" [06/10/2005 09:44 AM]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [02/26/2008 11:09 AM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [02/26/2008 11:09 AM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [02/26/2008 11:09 AM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [02/26/2008 11:09 AM]
"M-Audio Taskbar Icon"="C:\WINDOWS\System32\M-AudioTaskBarIcon.exe" [02/26/2008 11:09 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [02/26/2008 11:09 AM]
"lxcqmon.exe"="C:\Program Files\Lexmark 9300 Series\lxcqmon.exe" [01/11/2007 01:57 PM]
"Lexmark 9300 Series Fax Server"="C:\Program Files\Lexmark 9300 Series\fm3032.exe" [02/26/2008 11:09 AM]
"EzPrint"="C:\Program Files\Lexmark 9300 Series\ezprint.exe" [12/05/2006 09:35 AM]
"LXCQCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCQtime.dll" [11/21/2006 12:27 PM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [02/26/2008 11:09 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/26/2008 11:09 AM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [08/03/2007 10:33 PM]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [10/25/2007 04:37 PM]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [10/25/2007 04:33 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 04:00 AM]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [01/19/2007 12:54 PM]
C:\Documents and Settings\Scott\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 8:16:50 PM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [12/12/2005 5:39:19 PM]
dlbcserv.lnk - C:\Program Files\Dell Photo Printer 720\dlbcserv.exe [12/26/2005 12:17:12 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\DellSupport\DSAgnt.exe" /startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CurtainsSysSvc"=2 (0x2)
"AuthSysSvc"=3 (0x3)
