Mouse cursor virus and slow computer

kmac59 · 10-05-2008, 07:17 AM

Many thanks for this great website. I've gone thru the process for posting log. My Panda virus scan took many hours...whew...

A few months ago, I opened a file sent to me from yahoo messenger friend. After that, my mouse cursor took control. Even now as I try to post this log... I'm fighting it!

It moves up the screen to the top and across to the right and then tries to click the X. Yesterday when scanning with Panda, it closed the virus scan twice... so frustrating.

My start up is now taking close to 10 minutes from turning computer on to finally being able to start work.

Please let me know if I can provide further info such as the ActiveScan.txt

Kind regards,

Keith

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:03:28, on 10/5/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\StacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Webroot\Webroot Desktop Firewall\wdfsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\GhostWall\ghostwall.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Webroot\Webroot Desktop Firewall\WDF.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://10.0.0.9:83/Index.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=2070926
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [Dell QuickSet] "C:\Program Files\Dell\QuickSet\quickset.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] "C:\WINDOWS\stsystra.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] "C:\WINDOWS\system32\WLTRAY.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Acrobat Speed Launch] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe"
O4 - HKLM\..\Run: [GhostWall] "C:\Program Files\GhostWall\ghostwall.exe" -minimize
O4 - HKLM\..\Run: [LVCOMSX] "C:\WINDOWS\system32\LVCOMSX.EXE"
O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
O4 - HKLM\..\Run: [Synchronization Manager] "C:\WINDOWS\system32\mobsync.exe" /logon
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] "C:\WINDOWS\system32\igfxtray.exe"
O4 - HKLM\..\Run: [HotKeysCmds] "C:\WINDOWS\system32\hkcmd.exe"
O4 - HKLM\..\Run: [Persistence] "C:\WINDOWS\system32\igfxpers.exe"
O4 - HKLM\..\Run: [Webroot Desktop Firewall] "C:\Program Files\Webroot\Webroot Desktop Firewall\WDF.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted IP range: http://10.0.0.9
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase5036.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://mail.kittiwake.com/Remote/msrdp.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Kittiwake.local
O17 - HKLM\Software\..\Telephony: DomainName = Kittiwake.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Kittiwake.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Kittiwake.local
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: ,
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: SMART Mirror Driver Monitor Service - SMART Technologies Inc. - C:\Documents and Settings\Keith Macaluso\Application Data\SMART Technologies Inc\Bridgit\monitorservice.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: NTRU TSS v1.2.1.12 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: Webroot Desktop Firewall network service (WDFNet) - Webroot Software Inc (www.webroot.com) - C:\Program Files\Webroot\Webroot Desktop Firewall\wdfsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 13435 bytes

kmac59 · 10-08-2008, 08:07 AM

Bump! Please...

kmac59 · 10-17-2008, 11:17 AM

All,
I know you are very busy as I read all your post helping others.

However, I posted on Oct 5th, bumped 72 hrs later and not one reply... which is OK..I know you are busy.

But it is frustrating to see others get replies right after posting a message?

Did I do something wrong?

With original request back 18 screens ago, anyone looking at those or...

Should I delete original post and repost, go back through the instructions to post and this time put exclamation points and lots of drama... I intentionally avoided doing that on my original post.

Not wanting to upset the cart here.. just like to know what to do after 12 days of silence.

No disrespect and much appreciate your assistance.

Kind regards,

Keith

tetonbob · 10-17-2008, 01:26 PM

Hello -

Yes, we're very busy as you noted. There are hundreds of members like yourself, in need of help, some with malware issues, some who just think they have malware issues. There are only a handful of active, volunteer analysts. We do the best we can. Some threads just don't get replies. Do we like that? No, it's just the reality. Not every view of a thread represents an approved, trained staff member who is allowed to respond. Some are other members looking at the topic.

We also have to perform triage. Those with obvious malware signs often get taken before those without. Some new threads get taken due to new infections presenting themselves, as helpers try to grab new samples to submit to vendors.

We do say in our pre-posting topic that if there is an immediate need, to take the machine to a local technician.

I see no sign of infection in that log. It seems possible to me there's an issue with the trackball. Is it one of those trackballs embedded in the keyboard? They are notorious for this type of behavior.

If it's not malware, you're better off asking for help in the Hardware section of the forum.

Try this first....

In windows xp go into start menu, then into control panel then click on appearance and themes (or Mouse in Classic View), On the left, click on mouse pointers, On the Pointer Options tab, uncheck "enhance pointer precision", and click apply, that may help the issue, this should work with dell mouse pointers and most others.

All that said, HijackThis is somewhat limited. We have other tools at our disposal which give a more detailed view of what's running on the machine.

You mentioned an ActiveScan log. It should have been attached to your initial post. If you have it, please attach it. Though it will be old by now, it may help shed some light on the situation.

Download RSIT by random/random and save it to your desktop.
Double click RSIT.exe to start the tool and click Continue at the disclaimer.
When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of log.txt here.
Please attach info.txt to your post.

To attach a file to a new post, simply

Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:
C:\rsit\info.txt
Click Upload.

---------------------------------------------------------------------------------------------

kmac59 · 10-17-2008, 02:20 PM

TetonBob,

Much understood as I have followed many of these threads and see the level of the volunteers activity.

I've made the change to the mouse pointer. You feel this could be a software or mechanical issue? I have an optical mouse attached and even when computer is out of docking station and using the mousepad, the cursor will have a mind of it's own.. It will even select programs or close programs... When I was running Panda On-line Virus...it closed the program the first time and I had to sit there and keep moving the mouse to keep it from closing on the next try.

Thank you for your help.
Keith

Logfile of random's system information tool 1.04 (written by random/random)
Run by Keith Macaluso at 2008-10-17 15:07:44
Microsoft Windows XP Professional Service Pack 3
System drive C: has 45 GB (39%) free of 114 GB
Total RAM: 2038 MB (9% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:08:23 PM, on 10/17/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\StacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Webroot\Webroot Desktop Firewall\wdfsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Apoint\HidFind.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\GhostWall\ghostwall.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Webroot\Webroot Desktop Firewall\WDF.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Dell\Dell Mobile Broadband\DMBCU.exe
C:\PROGRA~1\Dell\DELLMO~1\Phoenix.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe
C:\GoldMine\gmw7.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Microsoft Streets & Trips\Streets.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Documents and Settings\Keith Macaluso\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Keith Macaluso.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://10.0.0.9:83/Index.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=2070926
O1 - Hosts: 194.74.11.228 BridgitServer
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [Dell QuickSet] "C:\Program Files\Dell\QuickSet\quickset.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] "C:\WINDOWS\stsystra.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] "C:\WINDOWS\system32\WLTRAY.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Acrobat Speed Launch] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe"
O4 - HKLM\..\Run: [GhostWall] "C:\Program Files\GhostWall\ghostwall.exe" -minimize
O4 - HKLM\..\Run: [LVCOMSX] "C:\WINDOWS\system32\LVCOMSX.EXE"
O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
O4 - HKLM\..\Run: [Synchronization Manager] "C:\WINDOWS\system32\mobsync.exe" /logon
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] "C:\WINDOWS\system32\igfxtray.exe"
O4 - HKLM\..\Run: [HotKeysCmds] "C:\WINDOWS\system32\hkcmd.exe"
O4 - HKLM\..\Run: [Persistence] "C:\WINDOWS\system32\igfxpers.exe"
O4 - HKLM\..\Run: [Webroot Desktop Firewall] "C:\Program Files\Webroot\Webroot Desktop Firewall\WDF.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted IP range: http://10.0.0.9
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase5036.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://mail.kittiwake.com/Remote/msrdp.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Kittiwake.local
O17 - HKLM\Software\..\Telephony: DomainName = Kittiwake.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{FD459B4C-0326-4DD1-B1E7-C1ECD38E0259}: NameServer = 209.183.50.151 209.183.48.10
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Kittiwake.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Kittiwake.local
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: ,
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: SMART Mirror Driver Monitor Service - SMART Technologies Inc. - C:\Documents and Settings\Keith Macaluso\Application Data\SMART Technologies Inc\Bridgit\monitorservice.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: NTRU TSS v1.2.1.12 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: Webroot Desktop Firewall network service (WDFNet) - Webroot Software Inc (www.webroot.com) - C:\Program Files\Webroot\Webroot Desktop Firewall\wdfsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 14110 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\jucheck.job
C:\WINDOWS\tasks\wrSpySweeperFullSweep.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2007-12-12 222448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2007-04-15 159744]
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2007-05-14 1191936]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2007-02-18 303104]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2007-03-16 1392640]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2006-09-11 218032]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-09-11 86960]
"RoxioDragToDisc"=C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe [2006-08-17 1116920]
"PDVDDXSrv"=C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2006-10-20 118784]
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2008-01-11 623992]
"Acrobat Speed Launch"=C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe [2006-10-23 46200]
"GhostWall"=C:\Program Files\GhostWall\ghostwall.exe [2005-09-29 217088]
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [2005-07-19 221184]
"LogitechVideoRepair"=C:\Program Files\Logitech\Video\ISStart.exe [2005-06-08 458752]
"LogitechVideoTray"=C:\Program Files\Logitech\Video\LogiTray.exe [2005-06-08 217088]
"Synchronization Manager"=C:\WINDOWS\system32\mobsync.exe [2008-04-13 143360]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2007-02-05 849280]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-02-28 141848]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-02-28 166424]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-02-28 137752]
""= []
"Webroot Desktop Firewall"=C:\Program Files\Webroot\Webroot Desktop Firewall\WDF.exe [2008-07-31 2401672]
"SpySweeper"=C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-08-09 5418864]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"LogitechSoftwareUpdate"=C:\Program Files\Logitech\Video\ManifestEngine.exe [2005-06-08 196608]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-04-23 22058792]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CardScanAgent]
C:\Program Files\CardScan\CardScan\CardScanAgent.exe [2007-08-14 152824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Document Manager]
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe [2007-01-30 102400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KADxMain]
C:\WINDOWS\system32\KADxMain.exe [2006-11-02 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2007-08-16 236016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecureUpgrade]
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe [2007-01-22 212992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
NETGEAR WG111v2 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111v2\WG111v2.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=","

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [2008-07-28 10536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-02-15 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\GoToAssist]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WDFNet]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoWelcomeScreen"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Documents and Settings\Keith Macaluso\Desktop\CITYPRO connect\CITYPRO connect\winvnc.exe"="C:\Documents and Settings\Keith Macaluso\Desktop\CITYPRO connect\CITYPRO connect\winvnc.exe:*:Enabled:TightVNC Win32 Server"
"C:\GoldMine\gmw6.exe"="C:\GoldMine\gmw6.exe:*:Enabled:GoldMine 6.7 Corporate Edition"
"C:\WINDOWS\system32\fxsclnt.exe"="C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console"
"C:\Program Files\icuii\ICUII.exe"="C:\Program Files\icuii\ICUII.exe:*:Enabled:ICUII Video Chat Client"
"C:\Program Files\Pando Networks\Pando\pando.exe"="C:\Program Files\Pando Networks\Pando\pando.exe:*:Enabled:Pando Application"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Documents and Settings\Keith Macaluso\Local Settings\Temporary Internet Files\Content.Outlook\O25MFWQR\ERMconnect\winvnc.exe"="C:\Documents and Settings\Keith Macaluso\Local Settings\Temporary Internet Files\Content.Outlook\O25MFWQR\ERMconnect\winvnc.exe:*:Enabled:TightVNC Win32 Server"
"C:\Documents and Settings\Keith Macaluso\Desktop\ERMconnect\winvnc.exe"="C:\Documents and Settings\Keith Macaluso\Desktop\ERMconnect\winvnc.exe:*:Enabled:TightVNC Win32 Server"
"C:\Documents and Settings\Keith Macaluso\Desktop\ERMconnect(2)\winvnc.exe"="C:\Documents and Settings\Keith Macaluso\Desktop\ERMconnect(2)\winvnc.exe:*:Enabled:TightVNC Win32 Server"
"C:\Documents and Settings\Keith Macaluso\Desktop\ERMconnect(3)\winvnc.exe"="C:\Documents and Settings\Keith Macaluso\Desktop\ERMconnect(3)\winvnc.exe:*:Enabled:TightVNC Win32 Server"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Documents and Settings\Keith Macaluso\Local Settings\Temporary Internet Files\Content.Outlook\31M447RU\ERM-connect\ERM connect\winvnc.exe"="C:\Documents and Settings\Keith Macaluso\Local Settings\Temporary Internet Files\Content.Outlook\31M447RU\ERM-connect\ERM connect\winvnc.exe:*:Enabled:TightVNC Win32 Server"
"C:\Documents and Settings\Keith Macaluso\Desktop\ERM-connect\ERM connect\winvnc.exe"="C:\Documents and Settings\Keith Macaluso\Desktop\ERM-connect\ERM connect\winvnc.exe:*:Enabled:TightVNC Win32 Server"
"C:\Mailbox\Attach\ERM-connect\ERM connect\winvnc.exe"="C:\Mailbox\Attach\ERM-connect\ERM connect\winvnc.exe:*:Enabled:TightVNC Win32 Server"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\keithm\Desktop\CITYPRO connect\WinVNC.exe"="C:\Documents and Settings\keithm\Desktop\CITYPRO connect\WinVNC.exe:*:Enabled:TightVNC Win32 Server"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\icuii\ICUII.exe"="C:\Program Files\icuii\ICUII.exe:*:Enabled:ICUII Video Chat Client"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{70439880-a3f7-11dc-93c5-001c23a7240f}]
shell\AutoRun\command - E:\LaunchU3.exe -a

======List of files/folders created in the last 3 months======

2008-10-17 15:07:44 ----D---- C:\rsit
2008-10-05 07:58:12 ----D---- C:\7cb87968faa8959e964e23ab50
2008-10-05 07:46:07 ----D---- C:\ie-spyad_zo
2008-10-05 07:40:06 ----D---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-05 07:39:41 ----D---- C:\Program Files\SpywareBlaster
2008-10-01 19:39:27 ----D---- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-10-01 19:39:21 ----D---- C:\Program Files\Security Task Manager
2008-10-01 19:32:12 ----D---- C:\WINDOWS\pss
2008-10-01 15:44:27 ----D---- C:\Program Files\InterMute
2008-09-26 04:04:01 ----D---- C:\WINDOWS\SQLTools9_KB948109_ENU
2008-09-25 21:29:08 ----D---- C:\WINDOWS\LastGood
2008-09-25 21:16:18 ----D---- C:\WINDOWS\Prefetch
2008-09-25 19:23:06 ----D---- C:\WINDOWS\LastGood.Tmp
2008-09-25 19:05:00 ----D---- C:\WINDOWS\system32\scripting
2008-09-25 19:04:58 ----D---- C:\WINDOWS\l2schemas
2008-09-25 19:04:50 ----D---- C:\WINDOWS\system32\en
2008-09-25 19:04:37 ----D---- C:\WINDOWS\system32\bits
2008-09-25 18:40:41 ----D---- C:\WINDOWS\ServicePackFiles
2008-09-25 18:17:12 ----D---- C:\WINDOWS\network diagnostic
2008-09-25 18:02:37 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-09-24 02:49:01 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-09-24 02:48:00 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-09-24 02:47:59 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-09-24 02:46:54 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2008-09-24 02:46:46 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-09-24 02:46:33 ----N---- C:\WINDOWS\system32\slserv.exe
2008-09-24 02:46:33 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-09-24 02:46:33 ----N---- C:\WINDOWS\system32\slgen.dll
2008-09-24 02:46:33 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-09-24 02:46:33 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-09-24 02:46:33 ----N---- C:\WINDOWS\slrundll.exe
2008-09-24 02:46:22 ----N---- C:\WINDOWS\system32\setupn.exe
2008-09-24 02:46:19 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-09-24 02:46:15 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-09-24 02:46:13 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-09-24 02:46:12 ----N---- C:\WINDOWS\system32\qutil.dll
2008-09-24 02:46:07 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-09-24 02:46:07 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-09-24 02:46:07 ----N---- C:\WINDOWS\system32\qagent.dll
2008-09-24 02:45:56 ----N---- C:\WINDOWS\system32\onex.dll
2008-09-24 02:45:30 ----N---- C:\WINDOWS\system32\napstat.exe
2008-09-24 02:45:30 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-09-24 02:45:30 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-09-24 02:45:28 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-09-24 02:45:20 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-09-24 02:45:19 ----N---- C:\WINDOWS\system32\mssha.dll
2008-09-24 02:44:26 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-09-24 02:44:25 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-09-24 02:44:25 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-09-24 02:44:24 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-09-24 02:43:37 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-09-24 02:43:36 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-09-24 02:43:35 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-09-24 02:43:35 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-09-24 02:43:35 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-09-24 02:43:34 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-09-24 02:42:59 ----N---- C:\WINDOWS\system32\smtpapi.dll
2008-09-24 02:42:59 ----N---- C:\WINDOWS\system32\rwnh.dll
2008-09-24 02:42:47 ----N---- C:\WINDOWS\system32\comsdupd.exe
2008-09-24 02:42:38 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-09-24 02:42:25 ----N---- C:\WINDOWS\system32\faxpatch.exe
2008-09-24 02:42:25 ----A---- C:\WINDOWS\003086_.tmp
2008-09-24 02:42:19 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-09-24 02:42:19 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-09-24 02:42:19 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-09-24 02:42:19 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-09-24 02:42:19 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-09-24 02:42:19 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-09-24 02:42:19 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-09-24 02:42:19 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-09-24 02:42:12 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-09-24 02:42:12 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-09-24 02:42:12 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-09-24 02:42:12 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-09-24 02:42:12 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-09-24 02:42:12 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-09-24 02:42:12 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-09-24 02:42:08 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-09-24 02:42:08 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-09-24 02:42:06 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-09-24 02:41:58 ----N---- C:\WINDOWS\system32\credssp.dll
2008-09-24 02:41:36 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-09-24 02:41:36 ----N---- C:\WINDOWS\system32\azroles.dll
2008-09-24 02:41:33 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2008-09-24 02:41:33 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-09-24 02:41:31 ----N---- C:\WINDOWS\system32\ati3duag.dll
2008-09-24 02:41:31 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-09-24 02:41:30 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2008-09-24 02:41:30 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-09-24 02:41:30 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2008-09-24 02:41:23 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-09-23 13:56:43 ----D---- C:\WINDOWS\SQL9_KB948109_ENU
2008-09-23 13:56:00 ----D---- C:\644b7b3619954a10e4d1a921eb
2008-09-11 07:25:12 ----D---- C:\Documents and Settings\Keith Macaluso\Application Data\Blackberry Desktop
2008-09-09 11:28:51 ----D---- C:\Documents and Settings\Keith Macaluso\Application Data\Research In Motion
2008-09-09 10:55:39 ----D---- C:\Program Files\Common Files\Research In Motion
2008-09-05 23:30:42 ----N---- C:\WINDOWS\system32\WgaLogon.dll
2008-09-05 23:29:58 ----N---- C:\WINDOWS\system32\WgaTray.exe
2008-08-26 05:37:12 ----D---- C:\Documents and Settings\Keith Macaluso\Application Data\Yahoo!
2008-08-11 08:17:21 ----D---- C:\Documents and Settings\Keith Macaluso\Application Data\Malwarebytes
2008-08-11 08:17:13 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-11 08:17:13 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-10 11:50:41 ----D---- C:\Program Files\Windows Live Safety Center
2008-08-09 14:42:08 ----A---- C:\WINDOWS\system32\wrLZMA.dll
2008-08-09 14:42:00 ----A---- C:\WINDOWS\system32\SsiEfr.exe
2008-07-31 15:19:40 ----A---- C:\WINDOWS\system32\wdfproc.dll
2008-07-31 15:18:08 ----RA---- C:\WINDOWS\system32\capicom.dll
2008-07-28 19:49:20 ----A---- C:\WINDOWS\system32\igfxres.dll
2008-07-28 19:33:02 ----A---- C:\WINDOWS\system32\igklg400.dll
2008-07-28 19:33:02 ----A---- C:\WINDOWS\system32\igfxCoIn_v4926.dll
2008-07-28 19:33:01 ----A---- C:\WINDOWS\system32\igmedcompkrn.dll
2008-07-28 19:33:01 ----A---- C:\WINDOWS\system32\igklg450.dll
2008-07-28 19:23:48 ----D---- C:\Documents and Settings\All Users\Application Data\Citrix
2008-07-28 19:22:41 ----D---- C:\Program Files\Citrix
2008-07-28 11:25:36 ----D---- C:\Documents and Settings\Keith Macaluso\Application Data\Yahoo! Messenger
2008-07-26 09:56:59 ----D---- C:\Documents and Settings\Keith Macaluso\Application Data\drms

======List of files/folders modified in the last 3 months======

2008-10-17 15:07:54 ----D---- C:\WINDOWS\Temp
2008-10-17 15:07:52 ----A---- C:\WINDOWS\ModemLog_Dell Wireless 5520 Cingular Mobile Broadband (3G HSDPA) Minicard.txt
2008-10-17 15:02:42 ----D---- C:\Documents and Settings\Keith Macaluso\Application Data\Skype
2008-10-17 14:41:51 ----D---- C:\Program Files\Mozilla Firefox
2008-10-17 14:15:35 ----D---- C:\WINDOWS
2008-10-17 10:12:00 ----D---- C:\WINDOWS\system32
2008-10-17 06:17:03 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-17 06:16:57 ----A---- C:\WINDOWS\RTacDbg.txt
2008-10-17 06:14:59 ----D---- C:\WINDOWS\Registration
2008-10-17 06:14:48 ----A---- C:\WINDOWS\ModemLog_Standard Modem.txt
2008-10-17 06:14:43 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D330 MDC V.92 Modem.txt
2008-10-17 06:14:07 ----D---- C:\MDT
2008-10-16 18:32:08 ----N---- C:\WINDOWS\SchedLgU.Txt
2008-10-16 05:31:48 ----D---- C:\WINDOWS\Debug
2008-10-15 20:16:12 ----HD---- C:\Config.Msi
2008-10-15 20:16:07 ----SHD---- C:\WINDOWS\Installer
2008-10-15 20:16:00 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-15 20:15:21 ----HD---- C:\WINDOWS\inf
2008-10-15 20:15:20 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-10-15 20:15:19 ----D---- C:\WINDOWS\system32\drivers
2008-10-15 20:15:11 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-15 20:13:52 ----D---- C:\Program Files\Internet Explorer
2008-10-11 06:58:57 ----RD---- C:\Program Files
2008-10-09 10:37:52 ----D---- C:\Downloads
2008-10-09 06:17:01 ----A---- C:\xpbootlog.txt
2008-10-07 14:19:40 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-06 21:01:40 ----A---- C:\WINDOWS\win.ini
2008-10-05 07:55:42 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-04 14:25:18 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-10-04 14:23:27 ----D---- C:\Program Files\Common Files\QuoteWerks
2008-10-03 12:41:15 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-10-02 00:49:08 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-10-02 00:49:06 ----D---- C:\Program Files\Common Files
2008-10-01 19:48:14 ----D---- C:\Program Files\Windows Live Toolbar
2008-10-01 19:46:47 ----D---- C:\Program Files\Google
2008-10-01 19:46:43 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-10-01 19:37:21 ----RASH---- C:\boot.ini
2008-10-01 19:37:21 ----N---- C:\WINDOWS\system.ini
2008-09-30 11

56 ----D---- C:\Documents and Settings\Keith Macaluso\Application Data\Wave Systems Corp
2008-09-26 04:31:03 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-09-26 04:04:28 ----D---- C:\Program Files\Microsoft SQL Server
2008-09-25 21:14:05 ----D---- C:\WINDOWS\system32\Setup
2008-09-25 21:14:04 ----D---- C:\WINDOWS\system32\wbem
2008-09-25 21:14:04 ----D---- C:\WINDOWS\AppPatch
2008-09-25 21:14:02 ----RSD---- C:\WINDOWS\Fonts
2008-09-25 21:12:45 ----D---- C:\WINDOWS\security
2008-09-25 19:23:38 ----D---- C:\Program Files\Messenger
2008-09-25 19:13:02 ----D---- C:\WINDOWS\WinSxS
2008-09-25 19:10:41 ----D---- C:\Program Files\Windows Media Player
2008-09-25 19:07:16 ----D---- C:\WINDOWS\system32\inetsrv
2008-09-25 19:07:09 ----D---- C:\WINDOWS\ime
2008-09-25 19:07:08 ----D---- C:\WINDOWS\Help
2008-09-25 19:05:05 ----D---- C:\WINDOWS\system32\en-US
2008-09-25 19:05:04 ----D---- C:\WINDOWS\system32\usmt
2008-09-25 19:04:37 ----D---- C:\WINDOWS\PeerNet
2008-09-25 19:04:35 ----D---- C:\Program Files\Movie Maker
2008-09-25 18:38:41 ----D---- C:\WINDOWS\system32\Restore
2008-09-25 18:38:39 ----D---- C:\WINDOWS\system32\npp
2008-09-25 18:38:39 ----D---- C:\WINDOWS\mui
2008-09-25 18:38:34 ----D---- C:\WINDOWS\msagent
2008-09-25 18:38:10 ----D---- C:\WINDOWS\srchasst
2008-09-25 18:37:20 ----D---- C:\Program Files\NetMeeting
2008-09-25 18:36:17 ----D---- C:\WINDOWS\system32\Com
2008-09-25 18:35:44 ----D---- C:\Program Files\Windows NT
2008-09-25 18:35:42 ----D---- C:\Program Files\Outlook Express
2008-09-25 18:35:16 ----D---- C:\Program Files\Common Files\System
2008-09-25 18:33:33 ----D---- C:\WINDOWS\system32\oobe
2008-09-25 18:33:21 ----D---- C:\WINDOWS\system
2008-09-25 18:11:13 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-09-25 17:55:18 ----D---- C:\WINDOWS\ehome
2008-09-24 16

57 ----RSD---- C:\WINDOWS\assembly
2008-09-23 04:15:22 ----A---- C:\WINDOWS\ODBC.INI
2008-09-23 04:15:18 ----D---- C:\Documents and Settings\All Users\Application Data\Webroot
2008-09-23 04:15:16 ----D---- C:\Program Files\Webroot
2008-09-22 17:22:22 ----D---- C:\SDFix
2008-09-22 10:45:34 ----D---- C:\Documents and Settings\All Users\Application Data\Novatel Wireless
2008-09-21 14:07:11 ----D---- C:\Program Files\QuickXpense
2008-09-09 11:14:06 ----D---- C:\Program Files\Common Files\Sonic Shared
2008-09-09 11:12:38 ----D---- C:\Program Files\Roxio
2008-09-09 11:08:42 ----D---- C:\Program Files\Common Files\Roxio Shared
2008-09-09 11:07:05 ----D---- C:\Documents and Settings\All Users\Application Data\Roxio
2008-09-09 11:01:29 ----D---- C:\temp
2008-09-05 23:30:06 ----A---- C:\WINDOWS\system32\LegitCheckControl.dll
2008-09-01 10:46:35 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-09-01 10:46:27 ----D---- C:\Documents and Settings\Keith Macaluso\Application Data\Adobe
2008-08-30 09:34:05 ----D---- C:\Program Files\Yahoo!
2008-08-27 03:24:32 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-08-26 02:24:31 ----A---- C:\WINDOWS\system32\wininet.dll
2008-08-26 02:24:31 ----A---- C:\WINDOWS\system32\webcheck.dll
2008-08-26 02:24:31 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-08-26 02:24:30 ----A---- C:\WINDOWS\system32\url.dll
2008-08-26 02:24:30 ----A---- C:\WINDOWS\system32\pngfilt.dll
2008-08-26 02:24:30 ----A---- C:\WINDOWS\system32\occache.dll
2008-08-26 02:24:30 ----A---- C:\WINDOWS\system32\mstime.dll
2008-08-26 02:24:30 ----A---- C:\WINDOWS\system32\msrating.dll
2008-08-26 02:24:30 ----A---- C:\WINDOWS\system32\mshtmled.dll
2008-08-26 02:24:30 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2008-08-26 02:24:30 ----A---- C:\WINDOWS\system32\msfeeds.dll
2008-08-26 02:24:30 ----A---- C:\WINDOWS\system32\jsproxy.dll
2008-08-26 02:24:29 ----A---- C:\WINDOWS\system32\iertutil.dll
2008-08-26 02:24:29 ----A---- C:\WINDOWS\system32\iernonce.dll
2008-08-26 02:24:29 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2008-08-26 02:24:28 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2008-08-26 02:24:28 ----A---- C:\WINDOWS\system32\ieaksie.dll
2008-08-26 02:24:28 ----A---- C:\WINDOWS\system32\ieakeng.dll
2008-08-26 02:24:28 ----A---- C:\WINDOWS\system32\icardie.dll
2008-08-26 02:24:28 ----A---- C:\WINDOWS\system32\extmgr.dll
2008-08-26 02:24:28 ----A---- C:\WINDOWS\system32\dxtrans.dll
2008-08-26 02:24:28 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2008-08-26 02:24:28 ----A---- C:\WINDOWS\system32\advpack.dll
2008-08-25 13:24:24 ----SD---- C:\WINDOWS\Tasks
2008-08-25 10:08:34 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-08-25 10:07:37 ----A---- C:\YServer.txt
2008-08-25 03:38:00 ----A---- C:\WINDOWS\system32\ieudinit.exe
2008-08-25 03:37:59 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2008-08-23 00:54:51 ----A---- C:\WINDOWS\system32\ieakui.dll
2008-08-19 06:56:45 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-08-18 14:22:55 ----D---- C:\WINDOWS\ie7updates
2008-08-14 05:09:26 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 04:33:16 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-10 11:50:42 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-08-09 16:04:56 ----A---- C:\WINDOWS\WRSetup.dll
2008-08-06 00:03:32 ----D---- C:\Documents and Settings\Keith Macaluso\Application Data\skypePM
2008-07-31 10:33:26 ----D---- C:\GoldMine
2008-07-18 22:10:48 ----A---- C:\WINDOWS\system32\cdm.dll
2008-07-18 22:10:42 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-07-18 22:10:40 ----A---- C:\WINDOWS\system32\wups2.dll
2008-07-18 22:10:24 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-07-18 22:10:20 ----A---- C:\WINDOWS\system32\wups.dll
2008-07-18 22:09:46 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-07-18 22:09:44 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-07-18 22:09:44 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-07-18 22:09:42 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-07-18 22:09:42 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-07-18 22:08:34 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-07-18 22:07:34 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-07-18 22:07:32 ----A---- C:\WINDOWS\system32\muweb.dll
2008-07-18 22:07:32 ----A---- C:\WINDOWS\system32\mucltui.dll.mui

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2006-08-11 12920]
R1 DLARTL_M;DLARTL_M; C:\WINDOWS\System32\Drivers\DLARTL_M.SYS [2006-08-11 28184]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 pwipf6;pwipf6; C:\WINDOWS\system32\drivers\pwipf6.sys [2008-07-31 103304]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R1 Tosrfcom;Bluetooth RFCOMM; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2007-04-26 64896]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-10-15 21035]
R2 BASFND;BASFND; \??\C:\Program Files\Broadcom\ASFIPMon\BASFND.sys []
R2 DLABMFSM;DLABMFSM; C:\WINDOWS\System32\DLA\DLABMFSM.SYS [2006-08-18 35096]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2006-08-18 32472]
R2 DLADResM;DLADResM; C:\WINDOWS\System32\DLA\DLADResM.SYS [2006-08-18 9400]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2006-08-18 104472]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2006-08-18 26008]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2006-08-18 14520]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2006-08-18 97848]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2006-08-18 94648]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2006-08-11 51768]
R2 ghstwall;ghstwall; \??\C:\WINDOWS\system32\drivers\ghstwall.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2007-01-31 12672]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-04 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-04 55936]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2007-04-15 132608]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-03-18 160256]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2007-03-16 604928]
R3 BCMTPM;BCMTPM; C:\WINDOWS\system32\DRIVERS\btpmw32.sys [2005-10-14 17290]
R3 CamDrL;Logitech QuickCam Pro 3000(CamDrl); C:\WINDOWS\system32\DRIVERS\Camdrl.sys [2004-10-08 326656]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 Dot4;MS IEEE-1284.4 Driver; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-13 206976]
R3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
R3 DXEC01;DXEC01; C:\WINDOWS\system32\drivers\dxec01.sys [2006-11-02 97536]
R3 guardian2;guardian2; C:\WINDOWS\System32\Drivers\oz776.sys [2007-01-30 56320]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HPFXBULK;HPFXBULK; C:\WINDOWS\system32\drivers\hpfxbulk.sys [2005-09-20 9344]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2007-01-31 989696]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2007-01-31 209152]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-15 5854752]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-05-27 22016]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NWADI;NWADI Bus Enumerator; C:\WINDOWS\system32\DRIVERS\NWADIenum.sys [2007-06-01 178176]
R3 NWDellModem;Dell Wireless Mobile Broadband Modem Driver; C:\WINDOWS\system32\DRIVERS\nwdelmdm.sys [2007-05-30 92288]
R3 NWDellPort;Dell Wireless Mobile Broadband Status Port Driver; C:\WINDOWS\system32\DRIVERS\nwdelser.sys [2007-05-30 92288]
R3 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys [2007-05-30 27072]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2006-11-08 21760]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
R3 smrtdrv;SMART Technologies Inc. Mirror Driver; C:\WINDOWS\system32\DRIVERS\smrtdrv.sys [2008-01-04 2432]
R3 SSKBFD;Webroot Spy Sweeper Keylogger Shield Keyboard Filter; C:\WINDOWS\System32\Drivers\sskbfd.sys [2008-01-04 23920]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-02-18 1228296]
R3 TcUsb;TC USB Kernel Driver; C:\WINDOWS\System32\Drivers\tcusb.sys [2006-11-13 38288]
R3 tosporte;Bluetooth COM Port; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2007-04-26 41600]
R3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\system32\DRIVERS\tosrfusb.sys [2007-04-26 41856]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2007-01-31 730112]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 CamdDriverV32;CamdDriverV32; C:\WINDOWS\system32\drivers\CamdDriverV32.sys [2008-06-04 508544]
S3 CamdVideo32;CamdVideo32; C:\WINDOWS\system32\DRIVERS\CamdVideo32.sys [2008-06-04 3768]
S3 catchme;catchme; \??\C:\DOCUME~1\KEITHM~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 MusCDriverV32;MusCDriverV32; C:\WINDOWS\system32\drivers\MusCDriverV32.sys [2008-06-04 508544]
S3 MusCVideo32;MusCVideo32; C:\WINDOWS\system32\DRIVERS\MusCVideo32.sys [2008-06-04 3768]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [2007-05-31 22656]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\wg111v2.sys [2006-03-27 167808]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 tosrfbd;Bluetooth RFBUS; C:\WINDOWS\system32\DRIVERS\tosrfbd.sys [2007-04-26 113920]
S3 tosrfbnp;Bluetooth RFBNEP; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2007-04-26 36480]
S3 Tosrfhid;Bluetooth RFHID; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2007-04-26 73600]
S3 tosrfnds;Bluetooth Personal Area Network; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2007-04-26 18612]
S3 TosRfSnd;Bluetooth Audio; C:\WINDOWS\system32\drivers\tosrfsnd.sys [2007-04-26 53504]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2008-06-11 607576]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor; C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe [2006-12-19 79432]
R2 Capture Device Service;Capture Device Service; C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe [2006-08-11 200704]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440]
R2 MSSQLSERVER;SQL Server (MSSQLSERVER); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [2007-05-14 475136]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R2 STacSV;SigmaTel Audio Service; C:\WINDOWS\system32\StacSV.exe [2007-02-18 90112]
R2 tcsd_win32.exe;NTRU TSS v1.2.1.12 TCS; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [2007-02-01 1466368]
R2 Wave UCSPlus;Wave UCSPlus; C:\WINDOWS\system32\dllhost.exe [2008-04-13 5120]
R2 WDFNet;Webroot Desktop Firewall network service; C:\Program Files\Webroot\Webroot Desktop Firewall\wdfsvc.exe [2008-07-31 353672]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine; C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [2008-08-09 3585384]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2007-03-16 20480]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-09-26 654848]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-07-24 358896]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2007-08-16 309744]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2007-08-16 166384]
S2 SMART Mirror Driver Monitor Service;SMART Mirror Driver Monitor Service; C:\Documents and Settings\Keith Macaluso\Application Data\SMART Technologies Inc\Bridgit\monitorservice.exe [2008-01-04 135680]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 GoToAssist;GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe [2008-07-28 16680]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-07-24 88560]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-08-16 1092080]
S3 SecureStorageService;SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [2007-01-29 487424]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-09-14 73728]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]
S4 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]
S4 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe /Embedding []

-----------------EOF-----------------

tetonbob · 10-17-2008, 04:21 PM

Still not seeing any malware. The issue raises more questions than answers. Please respond to each as best you can.

This is just a default entry whose value data is askew.

Open HijackThis and click on 'Do a System Scan Only'. Place a check next to the following entries if they exist (make sure you do not miss any) and click Fix Checked

O20 - AppInit_DLLs: ,

Close HijackThis now.

---------------------------------------------------------------------------------------------

The items found by Panda ActiveScan are cookies, or related to malware removal tools, and not a concern.

Example:

process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

http://www.beyondlogic.org/consultin...rocessutil.htm

====================================================

Did making the mouse settings adjustment in Control Panel affect the issue?

I still would like to know if the trackball you mentioned is built into the keyboard.

====================================================

GhostWall is a firewall. Webroot also has a firewall installed. I'm not suggesting this is related to the mouse, just something I see which should be addressed. Having more than one third party firewall installed can cause system issues. Since Webroot is a suite, you may want to choose to uninstall Ghostwall...whatever you choose, you should have only one software firewall installed.

====================================================

For what purpose is GoToAssist installed? Does anyone else have access to it?

I see a couple of references to VNC applications in the Firewall permissions.

CITYPRO connect

ERMconnect

Are you aware of VNC applications having been installed on this machine? Were they used for your work? Remote access troubleshooting?

---------------------------------------------------------------------------------------------

I also see a custom entry in your hosts file.

194.74.11.228 BridgitServer

BridgitServer seems to be associated with KITTWAKE-DEVELOPMENTS, whose name appears in your TCP/IP entries. It doesn't line up with your own IP address. Is this also work related? Is this a company machine?

kmac59 · 10-18-2008, 06:38 AM

Good morning,

I'll go down the list and try not to miss anything:

1. This is a Dell with the touchpad and eraser head between the G&H Keys. The problem happens sporatically... so far this morning ok... other times, it takes over.

Is there a way to disable the mouse between the keys? I never use it.

2. O20 - AppInit_DLLs disabled thru HiJackthis.

3. Ghostwall removed. I didn't realize that Webroot had a built in firewall.

4. GoToAssist... removed... don't know why I had it.

5. Citypro & ERMconnect, used by Techs to configure and repair Goldmine software.

How do I remove? They do not show up on add/remove.

6. BridgitServer is a conference call software, that I need every so often.

7. Home computer but use for work also.

Would any of these items be causing the long start up. It takes 8 minutes to completely start up.

After I send this message, I'm going to restart and time the start up again.

Kind regards,
Keith

kmac59 · 10-18-2008, 06:59 AM

TetonBob...

Did a restart and it took 9.5 minutes.

Thanks,
Keith

kmac59 · 10-18-2008, 11:04 AM

Noon and the mouse just started moving on its own... First went to top and then across to right corner. I moved it back down to this screen...it then went down across bottom to Start button...

Computer is in docking station and I have optical mouse attached with a keyboard.

I won't let me click to submit this... I have to click esc and control/alt/delete and then cancel to try and regain control of the cursor...

Keith

tetonbob · 10-18-2008, 11:16 AM

Hi Keith -

I'll answer within the quote

Quote:

Originally Posted by kmac59

1. This is a Dell with the touchpad and eraser head between the G&H Keys. The problem happens sporatically... so far this morning ok... other times, it takes over.

Is there a way to disable the mouse between the keys? I never use it.

I think the trackball (eraser head, called trackstick by Dell, I believe) and touchpad may be linked, but this seems to suggest you can disable one and keep the other.

Exact instructions would likely vary from machine to machine. Using Dell's support page, you can input the exact model number or service tag for the machine, and get specific information for it.

One method....

Disable the Trackstick

1.Click the Start button, point to Settings, and then click Control Panel.
2.Double-click the Mouse icon.
3.Click the Touchpad tab.
4.Click the pull-down menu and choose Pointing Stick instead of TouchPad Device.
5.Click the checkbox to check Disable this Device.
6.Click OK to restart your computer.

Another method:

You can use the Mouse Properties window to disable the touch pad and track stick or adjust their settings.

1. Open the Control Panel, and then click Mouse. For information about the Control Panel, see Windows Help and Support Center.

2. In the Mouse Properties window:

* Click the Device Select tab to disable the touch pad and track stick.

* Click the Touch Pad tab to adjust touch pad and track stick settings.

3. Click OK to save the settings and close the window.

If you don't have an option in the Mouse options control panel to disable the touchpad, visit Dell for the appropriate driver downloads.

http://support.dell.com/support/down...n&s=gen&~ck=gp

It's also been suggested that installing Synaptic Touchpad drivers then gives an option to disable touchpad. This is more a question for the guys in Laptop support. I would ask there first, before installing new drivers.

It does seem like this might be the cause of the uncontrollable cursor.

2. O20 - AppInit_DLLs disabled thru HiJackthis.

OK.

3. Ghostwall removed. I didn't realize that Webroot had a built in firewall.

OK.

4. GoToAssist... removed... don't know why I had it.

OK.

5. Citypro & ERMconnect, used by Techs to configure and repair Goldmine software.

How do I remove? They do not show up on add/remove.

This is likely ok to keep since you're aware of their use, and they appear only as Firewall authorized applications. They likely were not applications ever installed on the machine, just run locally, and permissions granted during a remote access session.

It seems like they were run from an email connection, and a local file on your desktop.

We can remove the references in the Firewall permissions via a registry fix if you like, and delete the folders the executables are in, if they still remain. Let me know.

6. BridgitServer is a conference call software, that I need every so often.

OK, we'll leave it.

7. Home computer but use for work also.

Would any of these items be causing the long start up. It takes 8 minutes to completely start up.

After I send this message, I'm going to restart and time the start up again.

Kind regards,
Keith

The boot time for a machine with that much memory is way too long. You may want to have a look at this topic, to see if there are any procedures there which will help.

http://www.techsupportforum.com/secu...ning-slow.html

Otherwise, you may want to ask in the Windows XP section of the forum.

The issues with this machine are beyond the designed scope of this section of the forums, which is malware removal. Since we've identified the remote access applications as programs you've been aware of, I don't think there's any malicious intent in their being on the machine.

I've seen those laptop eraser head tracksticks go buggy before. It's aggravating, but I don't think it's malware. Short of replacing the trackstick, disabling may be your best option.

kmac59 · 10-18-2008, 02:28 PM

I've gone thru and disable the trackstick. Will give it some time to see if it solves the problem.

Went thru the procedures listed for speeding up computer... have done most of that previously. Will try that defrag and go to the other area of the forum for help.

Thanks for all you help!

Much appreciated.

Kind regards,

Keith

tetonbob · 10-18-2008, 03:40 PM

Cheers, Keith.

Please do let me know if disabling the trackstick takes care of the wandering cursor.

kmac59 · 11-06-2008, 10:01 PM

Tetonbob,

I think the mouse problem is gone... however, it did appear over the weekend when I was working with Dell Support on the slow computer issue (solved with Windows Repair).

I had not seen the mouse move on its own since we turned off the trackball. However, while working with Dell and computer in Safe Mode... it took off on its own. I could only gain control by pressing ESC a few times. That was it and back to normal.

Very strange...

Thanks for the help.

Keith

10-05-2008, 07:17 AM	#1 (permalink)
kmac59 Registered User Join Date: Oct 2008 Location: Spring, TX (Houston) Posts: 27 OS: Win XP Pro, Ser Pk 3	Mouse cursor virus and slow computer Many thanks for this great website. I've gone thru the process for posting log. My Panda virus scan took many hours...whew... A few months ago, I opened a file sent to me from yahoo messenger friend. After that, my mouse cursor took control. Even now as I try to post this log... I'm fighting it! It moves up the screen to the top and across to the right and then tries to click the X. Yesterday when scanning with Panda, it closed the virus scan twice... so frustrating. My start up is now taking close to 10 minutes from turning computer on to finally being able to start work. Please let me know if I can provide further info such as the ActiveScan.txt Kind regards, Keith Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 08:03:28, on 10/5/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\StacSV.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Webroot\Webroot Desktop Firewall\wdfsvc.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\system32\fxssvc.exe C:\Program Files\Apoint\ApMsgFwd.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\WINDOWS\stsystra.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\Apoint\HidFind.exe C:\Program Files\Apoint\Apntex.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\GhostWall\ghostwall.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Webroot\Webroot Desktop Firewall\WDF.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\NETGEAR\WG111v2\WG111v2.exe C:\Program Files\Webroot\Spy Sweeper\SSU.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://10.0.0.9:83/Index.asp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=2070926 O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe" O4 - HKLM\..\Run: [Dell QuickSet] "C:\Program Files\Dell\QuickSet\quickset.exe" O4 - HKLM\..\Run: [SigmatelSysTrayApp] "C:\WINDOWS\stsystra.exe" O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] "C:\WINDOWS\system32\WLTRAY.exe" O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Acrobat Speed Launch] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe" O4 - HKLM\..\Run: [GhostWall] "C:\Program Files\GhostWall\ghostwall.exe" -minimize O4 - HKLM\..\Run: [LVCOMSX] "C:\WINDOWS\system32\LVCOMSX.EXE" O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe" O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe" O4 - HKLM\..\Run: [Synchronization Manager] "C:\WINDOWS\system32\mobsync.exe" /logon O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [IgfxTray] "C:\WINDOWS\system32\igfxtray.exe" O4 - HKLM\..\Run: [HotKeysCmds] "C:\WINDOWS\system32\hkcmd.exe" O4 - HKLM\..\Run: [Persistence] "C:\WINDOWS\system32\igfxpers.exe" O4 - HKLM\..\Run: [Webroot Desktop Firewall] "C:\Program Files\Webroot\Webroot Desktop Firewall\WDF.exe" O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe" O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O15 - Trusted IP range: http://10.0.0.9 O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/reso...an8/oscan8.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase5036.cab O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://mail.kittiwake.com/Remote/msrdp.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/actives...ree/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Kittiwake.local O17 - HKLM\Software\..\Telephony: DomainName = Kittiwake.local O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Kittiwake.local O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Kittiwake.local O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: , O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe O23 - Service: SMART Mirror Driver Monitor Service - SMART Technologies Inc. - C:\Documents and Settings\Keith Macaluso\Application Data\SMART Technologies Inc\Bridgit\monitorservice.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: NTRU TSS v1.2.1.12 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe O23 - Service: Webroot Desktop Firewall network service (WDFNet) - Webroot Software Inc (www.webroot.com) - C:\Program Files\Webroot\Webroot Desktop Firewall\wdfsvc.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 13435 bytes

10-08-2008, 08:07 AM	#2 (permalink)
kmac59 Registered User Join Date: Oct 2008 Location: Spring, TX (Houston) Posts: 27 OS: Win XP Pro, Ser Pk 3	Re: Mouse cursor virus and slow computer Bump! Please...

10-17-2008, 11:17 AM	#3 (permalink)
kmac59 Registered User Join Date: Oct 2008 Location: Spring, TX (Houston) Posts: 27 OS: Win XP Pro, Ser Pk 3	Log is 18 screens ago, followed rules, bumped 72 hrs, what to do now? All, I know you are very busy as I read all your post helping others. However, I posted on Oct 5th, bumped 72 hrs later and not one reply... which is OK..I know you are busy. But it is frustrating to see others get replies right after posting a message? Did I do something wrong? With original request back 18 screens ago, anyone looking at those or... Should I delete original post and repost, go back through the instructions to post and this time put exclamation points and lots of drama... I intentionally avoided doing that on my original post. Not wanting to upset the cart here.. just like to know what to do after 12 days of silence. No disrespect and much appreciate your assistance. Kind regards, Keith

10-17-2008, 01:26 PM	#4 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,561 OS: 2000 Pro; XP Pro; XP Home	Re: Mouse cursor virus and slow computer Hello - Yes, we're very busy as you noted. There are hundreds of members like yourself, in need of help, some with malware issues, some who just think they have malware issues. There are only a handful of active, volunteer analysts. We do the best we can. Some threads just don't get replies. Do we like that? No, it's just the reality. Not every view of a thread represents an approved, trained staff member who is allowed to respond. Some are other members looking at the topic. We also have to perform triage. Those with obvious malware signs often get taken before those without. Some new threads get taken due to new infections presenting themselves, as helpers try to grab new samples to submit to vendors. We do say in our pre-posting topic that if there is an immediate need, to take the machine to a local technician. I see no sign of infection in that log. It seems possible to me there's an issue with the trackball. Is it one of those trackballs embedded in the keyboard? They are notorious for this type of behavior. If it's not malware, you're better off asking for help in the Hardware section of the forum. Try this first.... In windows xp go into start menu, then into control panel then click on appearance and themes (or Mouse in Classic View), On the left, click on mouse pointers, On the Pointer Options tab, uncheck "enhance pointer precision", and click apply, that may help the issue, this should work with dell mouse pointers and most others. All that said, HijackThis is somewhat limited. We have other tools at our disposal which give a more detailed view of what's running on the machine. You mentioned an ActiveScan log. It should have been attached to your initial post. If you have it, please attach it. Though it will be old by now, it may help shed some light on the situation. Download RSIT by random/random and save it to your desktop. Double click RSIT.exe to start the tool and click Continue at the disclaimer. When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of log.txt here. Please attach info.txt to your post. To attach a file to a new post, simply Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and copy and paste the following into the "Upload File from your Computer" box: C:\rsit\info.txt Click Upload. --------------------------------------------------------------------------------------------- __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009 Last edited by tetonbob; 10-17-2008 at 01:28 PM.

10-17-2008, 04:21 PM	#6 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,561 OS: 2000 Pro; XP Pro; XP Home	Re: Mouse cursor virus and slow computer Still not seeing any malware. The issue raises more questions than answers. Please respond to each as best you can. This is just a default entry whose value data is askew. Open HijackThis and click on 'Do a System Scan Only'. Place a check next to the following entries if they exist (make sure you do not miss any) and click Fix Checked O20 - AppInit_DLLs: , Close HijackThis now. --------------------------------------------------------------------------------------------- The items found by Panda ActiveScan are cookies, or related to malware removal tools, and not a concern. Example: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. http://www.beyondlogic.org/consultin...rocessutil.htm ==================================================== Did making the mouse settings adjustment in Control Panel affect the issue? I still would like to know if the trackball you mentioned is built into the keyboard. ==================================================== GhostWall is a firewall. Webroot also has a firewall installed. I'm not suggesting this is related to the mouse, just something I see which should be addressed. Having more than one third party firewall installed can cause system issues. Since Webroot is a suite, you may want to choose to uninstall Ghostwall...whatever you choose, you should have only one software firewall installed. ==================================================== For what purpose is GoToAssist installed? Does anyone else have access to it? I see a couple of references to VNC applications in the Firewall permissions. CITYPRO connect ERMconnect Are you aware of VNC applications having been installed on this machine? Were they used for your work? Remote access troubleshooting? --------------------------------------------------------------------------------------------- I also see a custom entry in your hosts file. 194.74.11.228 BridgitServer BridgitServer seems to be associated with KITTWAKE-DEVELOPMENTS, whose name appears in your TCP/IP entries. It doesn't line up with your own IP address. Is this also work related? Is this a company machine? __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

10-18-2008, 06:38 AM	#7 (permalink)
kmac59 Registered User Join Date: Oct 2008 Location: Spring, TX (Houston) Posts: 27 OS: Win XP Pro, Ser Pk 3	Re: Mouse cursor virus and slow computer Good morning, I'll go down the list and try not to miss anything: 1. This is a Dell with the touchpad and eraser head between the G&H Keys. The problem happens sporatically... so far this morning ok... other times, it takes over. Is there a way to disable the mouse between the keys? I never use it. 2. O20 - AppInit_DLLs disabled thru HiJackthis. 3. Ghostwall removed. I didn't realize that Webroot had a built in firewall. 4. GoToAssist... removed... don't know why I had it. 5. Citypro & ERMconnect, used by Techs to configure and repair Goldmine software. How do I remove? They do not show up on add/remove. 6. BridgitServer is a conference call software, that I need every so often. 7. Home computer but use for work also. Would any of these items be causing the long start up. It takes 8 minutes to completely start up. After I send this message, I'm going to restart and time the start up again. Kind regards, Keith

10-18-2008, 06:59 AM	#8 (permalink)
kmac59 Registered User Join Date: Oct 2008 Location: Spring, TX (Houston) Posts: 27 OS: Win XP Pro, Ser Pk 3	Re: Mouse cursor virus and slow computer TetonBob... Did a restart and it took 9.5 minutes. Thanks, Keith

10-18-2008, 11:04 AM	#9 (permalink)
kmac59 Registered User Join Date: Oct 2008 Location: Spring, TX (Houston) Posts: 27 OS: Win XP Pro, Ser Pk 3	Re: Mouse cursor virus and slow computer Noon and the mouse just started moving on its own... First went to top and then across to right corner. I moved it back down to this screen...it then went down across bottom to Start button... Computer is in docking station and I have optical mouse attached with a keyboard. I won't let me click to submit this... I have to click esc and control/alt/delete and then cancel to try and regain control of the cursor... Keith

10-18-2008, 02:28 PM	#11 (permalink)
kmac59 Registered User Join Date: Oct 2008 Location: Spring, TX (Houston) Posts: 27 OS: Win XP Pro, Ser Pk 3	Re: Mouse cursor virus and slow computer I've gone thru and disable the trackstick. Will give it some time to see if it solves the problem. Went thru the procedures listed for speeding up computer... have done most of that previously. Will try that defrag and go to the other area of the forum for help. Thanks for all you help! Much appreciated. Kind regards, Keith

10-18-2008, 03:40 PM	#12 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,561 OS: 2000 Pro; XP Pro; XP Home	Re: Mouse cursor virus and slow computer Cheers, Keith. Please do let me know if disabling the trackstick takes care of the wandering cursor. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

11-06-2008, 10:01 PM	#13 (permalink)
kmac59 Registered User Join Date: Oct 2008 Location: Spring, TX (Houston) Posts: 27 OS: Win XP Pro, Ser Pk 3	Re: Mouse cursor virus and slow computer Tetonbob, I think the mouse problem is gone... however, it did appear over the weekend when I was working with Dell Support on the slow computer issue (solved with Windows Repair). I had not seen the mouse move on its own since we turned off the trackball. However, while working with Dell and computer in Safe Mode... it took off on its own. I could only gain control by pressing ESC a few times. That was it and back to normal. Very strange... Thanks for the help. Keith