Help with my XP system

Hello! I have been working with Ken from TomCoyote and he referred me to you all as "A class act site ". Ken discovered and eliminated a virus from my computer that all major scans were missing. The computer worked fine for a couple of days and then began to take 10-20 min to boot and programs are hanging and unresponsive. My HJT report is clean and he has deemed this a OS issue. Can you please help me?

Thank you.

SueW

 

In the end it may just be that all will fix your problem is a clean reinstall of windows.
Have you run antispyware scan ?
or an online scan sich as housecall in safe mode with networking ?

http://housecall.trendmicro.com/

 

Welcome to WindowsBBS SueW

Will you post a link to the topic at TC so that we can get a better picture of things?

BTW, I do not recommend any internet access while using safe mode with networking.... leaves your system much more vulnerable.

 

Problem History

This is the link at TC
http://forums.tomcoyote.org/Help_W_Hjt_Log_File_t80541.html

Here is the final log w/ Ken when he referred me to you all:

Logfile of HijackThis v1.99.1
Scan saved at 6:21:59 PM, on 6/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\APV.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe "
O4 - HKLM\..\Run: [IntelMeM] "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe "
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe "
O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\APV.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01010200-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Installer) - http://supportcenter.rr.com/sdccommon/download/tgctlins.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://supportcenter.rr.com/sdccommon/download/tgctlsi.cab
O16 - DPF: {010136FD-5E80-11D8-9E86-0007E96C65AE} (SprtWMIControl Class) - http://supportcenter.rr.com/sdccommon/download/sprtctlwmi.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {01118F00-3E00-11D2-8470-0060089874ED} (SupportSoft RemoteControl Class) - http://supportcenter.rr.com/sdccommon/download/ssrc.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0854D220-A90A-466D-BC02-6683183802B7} (PrintPreview Class) - http://crmls.fnismls.com/Paragon/Codebase/FNISPrintControl.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://www.winkflash.com/PHOTO/loaders/SAXFile.cab
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM_ca.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5057/mcfscan.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)


Thank you for the fast response. On his advice I did run sfc /scannow and it said I was missing some dll files and to put in my original XP disk. Then it said it was the wrong version - it wanted XP pro but the disk came w/ the new computer and it is the meda center edition and wouldn't accept any thing but pro. I never had a pro edition or anthing installed that way.

Thank you again.

SueW

 

That link to TC appears to be only one post from you with a HijackThis log. Was Ken helping you in another topic, or anywhere visible to the public? I was hoping for a bit of background info ..... steps that had been taken already, what infection was found, etc.

 

Sorry - this is it from the beginning.

http://forums.tomcoyote.org/search....82bb42d55e9&search_in=posts&result_type=posts

and you must have the last one.
I had to re-register because I forgot my password, etc. and it gave me a very hard time... I have not patience sometimes....

Thank you.

 

WinXP Media Edition is based on XP Pro. Read the tips at the following site to run sfc.

http://dwightblackburn.com/winxp/

 

I would like for you to run a tool that will show us a few more things as well.

Note: You must be logged onto an account with administrator privileges to complete the following.
Download Deckard's System Scanner (dss.exe) to your desktop.
Close all applications and windows.
Double-click on dss.exe to run it and follow the prompts.
When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.

Post the contents of main.txt only for now.

 

Uh...Dave, that link you posted goes to comboscan.exe (not dss.exe).

 

Thanks mailman. It's fixed.

 

New Information

Hello!
I have subsequently discovered that my desktop arrangement was corrupted and was a major contributor to the slow bootup. Apparently the system no longer fond of Windows Classic! It seems that several individuals have the same problem. So now that's coming up at a swift rate but I'm still getting some unresponsive programs error messages and a few other strange things. Did you come up with anything from the DSS.exe I ran?

Thank you.

SueW

 

Glad to hear you have at least part of the problem sorted.

You need to post the log that was created from the dss scan. It will be located in a subfolder of C:\Deckard\System Scanner, whose name is a string of numbers that reflects the date and time of the scan. The log I want to see is named main.txt

 

Resend...

I'm sending this again as I don't see it posted from last night when I sent it out to you. That's twice I've posted and it hasn't arrived!!

Here goes again....

Deckard's System Scanner v20070611.50
Run by Susan on 2007-06-24 at 21:08:00
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
41: 2007-06-25 01:08:05 UTC - RP259 - Deckard's System Scanner Restore Point
40: 2007-06-24 15:49:00 UTC - RP258 - Installed Iomega HotBurn
39: 2007-06-24 14:19:46 UTC - RP257 - Installed iTunes
38: 2007-06-23 14:54:01 UTC - RP256 - Software Distribution Service 3.0
37: 2007-06-23 03:57:21 UTC - RP255 - Restore Operation


-- First Restore Point --
1: 2007-03-29 00:02:40 UTC - RP219 - Software Distribution Service 2.0


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Susan.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 9:09:37 PM, on 6/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\APV.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Iomega HotBurn\Autolaunch.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ROADRU~1\ROADRU~1\data\Xtras\mssysmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Susan\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Susan.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe "
O4 - HKLM\..\Run: [IntelMeM] "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe "
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe "
O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\APV.exe "
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega HotBurn\Autolaunch.exe "
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Road Runner PhotoShow Media Manager] C:\PROGRA~1\ROADRU~1\ROADRU~1\data\Xtras\mssysmgr.exe
O4 - Startup: PowerReg SchedulerV2.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01010200-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Installer) - http://supportcenter.rr.com/sdccommon/download/tgctlins.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://supportcenter.rr.com/sdccommon/download/tgctlsi.cab
O16 - DPF: {010136FD-5E80-11D8-9E86-0007E96C65AE} (SprtWMIControl Class) - http://supportcenter.rr.com/sdccommon/download/sprtctlwmi.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {01118F00-3E00-11D2-8470-0060089874ED} (SupportSoft RemoteControl Class) - http://supportcenter.rr.com/sdccommon/download/ssrc.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0854D220-A90A-466D-BC02-6683183802B7} (PrintPreview Class) - http://crmls.fnismls.com/Paragon/Codebase/FNISPrintControl.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://www.winkflash.com/PHOTO/loaders/SAXFile.cab
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM_ca.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe


-- HijackThis Fixed Entries (C:\PROGRA~1\HIJACK~1\backups\) --------------------

backup-20070530-231225-114 O20 - Winlogon Notify: windii32 - windii32.dll (file missing)
backup-20070531-223609-301 O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.0.6.5.cab
backup-20070531-223609-383 F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
backup-20070618-193308-688 O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
backup-20070618-193308-817 O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
backup-20070618-193308-864 O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 iomdisk (Iomega Devices Disk Filter Services) - c:\windows\system32\drivers\iomdisk.sys <Not Verified; Iomega Corporation; Microsoft(R) Windows NT(R) Operating System>
R0 PenClass (Pen Class) - c:\windows\system32\drivers\penclass.sys <Not Verified; Wacom Technology Corporation; Wacom Pen Class Driver>
R1 PCLEPCI - c:\windows\system32\drivers\pclepci.sys <Not Verified; Pinnacle Systems GmbH; PCLEPCI>
R3 ASAPIW2K - c:\windows\system32\drivers\asapiw2k.sys <Not Verified; VOB Computersysteme GmbH; asapi>
R3 MarvinBus (Pinnacle Marvin Bus) - c:\windows\system32\drivers\marvinbus.sys <Not Verified; Pinnacle Systems GmbH; Pinnacle Marvin Discrete>
R3 PLUsbbc2 (Hi-Speed USB Bridge Cable Driver) - c:\windows\system32\drivers\usbbc2.sys <Not Verified; Prolific Technology Inc.; High Speed USB-USB Bridge Cable Driver>
R3 tbhsd (Tunebite High-Speed Dubbing) - c:\windows\system32\drivers\tbhsd.sys <Not Verified; RapidSolution Software AG; Tunebite High-Speed Dubbing>

S1 WINIO - ˆý (file missing)
S3 P2k (Motorola iDEN P2k Device) - c:\windows\system32\drivers\p2k.sys <Not Verified; Motorola Inc; P2k Driver>
S3 PL2501NW (Hi-Speed USB-USB Network Adapter) - c:\windows\system32\drivers\pl2501nw.sys <Not Verified; Prolific Technology Inc. (www.prolific.com.tw); USB-USB Network Bridge>
S3 SSKBFD (Webroot Spy Sweeper Keylogger Shield Keyboard Filter) - c:\windows\system32\drivers\sskbfd.sys <Not Verified; Webroot Software Inc (www.webroot.com); Spy Sweeper SDK>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Iomega App Services - "c:\progra~1\iomega\system32\appservices.exe" <Not Verified; Iomega Corporation; Iomega App Services>

S2 AVP (Kaspersky Internet Security 6.0) - "c:\program files\kaspersky lab\kaspersky internet security 6.0\avp.exe" -r (file missing)
S4 Iomega Activity Disk2 - " "
S4 nmraapache (Pure Networks Net2Go Service) - "c:\program files\pure networks\network magic\webserver\bin\nmraapache.exe" -k runservice (file missing)
S4 nmservice (Pure Networks Network Magic Service) - "c:\program files\pure networks\network magic\nmsrvc.exe" (file missing)
S4 TabletService - c:\windows\system32\tablet.exe <Not Verified; Wacom Technology, Corp.; Wacom Win32 Tablet Service>


-- Scheduled Tasks -------------------------------------------------------------

2007-06-24 10:33:02 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2007-04-20 21:08:02 390 --a------ C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1144199148.job
2007-04-20 18:40:43 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-05-24 and 2007-06-24 -----------------------------

2007-06-24 20:49:41 0 d-------- C:\WINDOWS\LastGood
2007-06-24 12:57:16 0 dr-h----- C:\Documents and Settings\Susan\Recent
2007-06-24 11:49:03 37376 -ra------ C:\WINDOWS\system32\lttwn11n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-06-24 11:49:03 226816 -ra------ C:\WINDOWS\system32\ltefx11n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-06-24 11:49:02 742400 -ra------ C:\WINDOWS\system32\ltann11N.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-06-24 11:49:02 31744 -ra------ C:\WINDOWS\system32\lflmb11n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-06-24 11:49:02 100352 -ra------ C:\WINDOWS\system32\lfjbg11n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-06-24 11:48:55 375040 -----n--- C:\WINDOWS\system32\drivers\dnbudf.sys <Not Verified; Iomega Corporation; Iomega HotBurn(R) Drag'n'Drop File System>
2007-06-24 11:48:45 0 d-------- C:\Program Files\Iomega HotBurn
2007-06-24 11:45:18 0 d-------- C:\Program Files\Iomega
2007-06-24 10:20:21 0 d-------- C:\Program Files\iTunes
2007-06-23 21:56:43 0 d-------- C:\Documents and Settings\Susan\Application Data\Simple Star
2007-06-23 21:56:42 282624 --a------ C:\WINDOWS\Road Runner PhotoShow.scr <Not Verified; Simple Star, Inc.; Road Runner PhotoShow Screen Saver>
2007-06-23 21:56:19 364544 --a------ C:\WINDOWS\system32\TwnLib4.dll <Not Verified; Pegasus Imaging Corp.; TwnLib4>
2007-06-23 21:56:19 106496 --a------ C:\WINDOWS\system32\TwnLib20.dll <Not Verified; Pegasus Software; TWNLIB20>
2007-06-23 21:56:19 38912 --a------ C:\WINDOWS\system32\picn20.dll <Not Verified; Pegasus Imaging Corp.; PEGASUS>
2007-06-23 21:56:19 471040 --a------ C:\WINDOWS\system32\ImagXRA7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2007-06-23 21:56:19 262144 --a------ C:\WINDOWS\system32\ImagXR7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2007-06-23 21:56:19 1568768 --a------ C:\WINDOWS\system32\ImagX7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2007-06-23 21:52:52 0 d-------- C:\Program Files\Road Runner
2007-06-23 21:52:52 0 d-------- C:\Program Files\Common Files\Simple Star Shared
2007-06-23 21:51:13 0 d-------- C:\Documents and Settings\Susan\Application Data\Road Runner
2007-06-23 00:00:31 0 d-------- C:\Program Files\Sunbelt Software
2007-06-23 00:00:31 0 d------c- C:\Documents and Settings\All Users\Application Data\Sunbelt Software
2007-06-22 23:53:36 0 d-------- C:\WINDOWS\LastGood(2)
2007-06-20 22:55:11 0 d-------- C:\WINDOWS\McAfee.com
2007-06-20 22:39:57 0 d-------- C:\Documents and Settings\Susan\.housecall6.6
2007-06-19 22:57:53 0 d-------- C:\Program Files\Promosoft Corporation
2007-06-19 20:35:41 0 d-------- C:\Documents and Settings\Susan\Application Data\Uniblue
2007-06-19 20:33:59 0 d-------- C:\Program Files\Uniblue
2007-06-19 08:41:55 0 d-------- C:\Program Files\QuickTime
2007-06-14 18:14:36 7077888 --a------ C:\Documents and Settings\Susan\ntuser.dat
2007-06-14 18:14:36 704512 --a------ C:\Documents and Settings\LocalService\ntuser.dat
2007-06-09 15:45:35 0 d-------- C:\Program Files\iTunes(2)
2007-06-09 15:37:48 0 d-------- C:\Program Files\QuickTime(2)
2007-06-07 20:49:24 0 d-------- C:\Program Files\iPodSync
2007-05-31 21:22:46 0 d------c- C:\Documents and Settings\All Users\Application Data\Adobe
2007-05-27 10:04:47 0 d-------- C:\Program Files\SpywareBlaster
2007-05-24 18:34:00 0 d------c- C:\!KillBox


-- Find3M Report ---------------------------------------------------------------

2007-06-24 12:07:09 1039 --a------ C:\WINDOWS\PowerReg.dat
2007-06-24 11:49:00 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-06-24 10:20:25 0 d-------- C:\Program Files\iPod
2007-06-23 22:53:05 0 d-------- C:\Documents and Settings\Susan\Application Data\tunebite
2007-06-23 21:56:43 68 --a------ C:\Documents and Settings\Susan\Application Data\photoshow_deluxe_setup.txt
2007-06-22 23:58:44 0 d-------- C:\Program Files\Common Files\Scanner
2007-06-22 22:57:24 0 d-------- C:\Program Files\MTV Networks
2007-06-22 22:02:43 0 d-------- C:\Program Files\PCPitstop
2007-06-19 18:10:11 320 --a------ C:\WINDOWS\system32\wacom.dat
2007-06-19 08:39:47 0 d-------- C:\Program Files\a-squared Anti-Malware
2007-06-09 15:34:53 0 d-------- C:\Program Files\Apple Software Update
2007-06-09 10:04:30 0 d-------- C:\Program Files\PDF-Creator and PDF-Editor 2
2007-06-04 19:42:37 0 d-------- C:\Program Files\Kaspersky Lab
2007-05-31 21:20:55 0 d-------- C:\Documents and Settings\Susan\Application Data\AdobeUM
2007-05-19 16:07:34 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-19 11:44:18 0 --a------ C:\WINDOWS\system32\SBRC.dat
2007-05-19 11:44:18 0 --a------ C:\WINDOWS\system32\SBFC.dat
2007-05-19 09:32:21 0 d-------- C:\Program Files\InterMute
2007-05-16 22:24:55 0 d-------- C:\Program Files\Open Contacts
2007-05-16 06:50:25 0 d-------- C:\Program Files\XoftSpy
2007-05-05 11:31:21 0 d-------- C:\Program Files\3ivx


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} C:\Program Files\Yahoo!\Common\yiesrvc.dll
{5CA3D70E-1895-11CF-8E15-001234567890} C:\WINDOWS\system32\dla\tfswshx.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
{CA6319C0-31B7-401E-A518-A07C3DB8F777} c:\Program Files\GoogleAFE\GoogleAE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATIPTA "= "\ "C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\" "
"IntelMeM "= "\ "C:\\Program Files\\Intel\\Modem Event Monitor\\IntelMEM.exe\" "
"Windows Defender "= "\ "C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide "
"ATICCC "= "\ "C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLIStart.exe\" "
"kis "= "\ "C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 6.0\\APV.exe\" "
"SBCSTray "= "C:\\Program Files\\Sunbelt Software\\CounterSpy\\SBCSTray.exe "
"QuickTime Task "= "\ "C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime "
"iTunesHelper "= "\ "C:\\Program Files\\iTunes\\iTunesHelper.exe\" "
"Drag'n'Drop_Autolaunch "= "\ "C:\\Program Files\\Iomega HotBurn\\Autolaunch.exe\" "
"SsAAD.exe "= "C:\\PROGRA~1\\Sony\\SONICS~1\\SsAAD.exe "

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe "= "C:\\WINDOWS\\system32\\ctfmon.exe "
"Road Runner PhotoShow Media Manager "= "C:\\PROGRA~1\\ROADRU~1\\ROADRU~1\\data\\Xtras\\mssysmgr.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle "=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme "=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00
"DisableTaskMgr "=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr "=dword:00000000
"NoDispAppearancePage "=dword:00000000
"NoColorChoice "=dword:00000000
"NoSizeChoice "=dword:00000000
"NoDispBackgroundPage "=dword:00000000
"NoDispScrSavPage "=dword:00000000
"NoDispCPL "=dword:00000000
"NoVisualStyleChoice "=dword:00000000
"NoDispSettingsPage "=dword:00000000
"DisableRegistryTools "=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges "=dword:00000000
"NoCDBurning "=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop "=dword:00000000
"NoSaveSettings "=dword:00000000
"NoThemesTab "=dword:00000000
"ForceActiveDesktopOn "=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source REG_SZ http://a.abc.com/images/20050919/subnav/subnav_bg_b.jpg

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8} "= "AVG Anti-Spyware 7.5 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls "= "C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll "

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\SBCSSvc

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Susan^Start Menu^Programs^Startup^Microsoft Outlook.lnk]
"path "= "C:\\Documents and Settings\\Susan\\Start Menu\\Programs\\Startup\\Microsoft Outlook.lnk "
"backup "= "C:\\WINDOWS\\pss\\Microsoft Outlook.lnkStartup "
"location "= "Startup "
"command "= "C:\\WINDOWS\\Installer\\{90280409-6000-11D3-8CFE-0050048383C9}\\outicon.exe "
"item "= "Microsoft Outlook "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "aim "
"hkey "= "HKCU "
"command "= "\\\\1fra2\\rrim\\aim.exe -cnetwait.odl "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "MediaDetect "
"hkey "= "HKLM "
"command "= "C:\\Program Files\\Corel\\Corel Photo Album 6\\MediaDetect.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "ctfmon "
"hkey "= "HKCU "
"command "= "C:\\WINDOWS\\system32\\ctfmon.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "DSAgnt "
"hkey "= "HKCU "
"command "= "\ "C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "tfswctrl "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\system32\\dla\\tfswctrl.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "DVDLauncher "
"hkey "= "HKLM "
"command "= "\ "C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\" "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "ehtray "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\ehome\\ehtray.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "isuspm "
"hkey "= "HKLM "
"command "= "\ "C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "issch "
"hkey "= "HKLM "
"command "= "\ "C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "iTunesHelper "
"hkey "= "HKLM "
"command "= "\ "C:\\Program Files\\iTunes\\iTunesHelper.exe\" "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\j2 4.2]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "J2GDllCmd "
"hkey "= "HKLM "
"command "= "\ "C:\\Program Files\\j2 Messenger 4.2\\J2GDllCmd.exe\" /R "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "dumprep 0 -k "
"hkey "= "HKLM "
"command "= "%systemroot%\\system32\\dumprep 0 -k "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McafWelcome]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "mcwelcom "
"hkey "= "HKLM "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "mcagent "
"hkey "= "HKLM "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "mcupdate "
"hkey "= "HKLM "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "mimboot "
"hkey "= "HKLM "
"command "= "C:\\PROGRA~1\\MUSICM~1\\MUSICM~3\\mimboot.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "mm_tray "
"hkey "= "HKLM "
"command "= "C:\\PROGRA~1\\MUSICM~1\\MUSICM~3\\mm_tray.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "MpfTray "
"hkey "= "HKLM "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "MSKAgent "
"hkey "= "HKLM "
"command "= "C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MSKAgent.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "MSKDetct "
"hkey "= "HKLM "
"command "= "C:\\Program Files\\McAfee\\SpamKiller\\MSKDetct.exe /uninstall "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsmqIntCert]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "regsvr32 /s mqrt "
"hkey "= "HKLM "
"command "= "regsvr32 /s mqrt.dll "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "msmsgs "
"hkey "= "HKCU "
"command "= "\ "C:\\Program Files\\Messenger\\msmsgs.exe\" /background "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "oasclnt "
"hkey "= "HKLM "
"command "= "C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "PSDrvCheck "
"hkey "= "HKLM "
"command "= "C:\\WINDOWS\\system32\\\\PSDrvCheck.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QAGENT]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "QAGENT "
"hkey "= "HKCU "
"command "= "C:\\QUICKENW\\QAGENT.EXE "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "qttask "
"hkey "= "HKLM "
"command "= "\ "C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "RealPlay "
"hkey "= "HKLM "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBCSTray]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "SBCSTray "
"hkey "= "HKLM "
"command "= "C:\\Program Files\\Sunbelt Software\\CounterSpy\\SBCSTray.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "stsystra "
"hkey "= "HKLM "
"command "= "stsystra.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareBot]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "SpywareBot "
"hkey "= "HKLM "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "SsAAD "
"hkey "= "HKLM "
"command "= "C:\\PROGRA~1\\Sony\\SONICS~1\\SsAAD.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "jusched "
"hkey "= "HKLM "
"command "= "C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THGuard]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "THGuard "
"hkey "= "HKLM "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "realsched "
"hkey "= "HKLM "
"command "= "\ "C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "mcvsshld "
"hkey "= "HKLM "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "mcmnhdlr "
"hkey "= "HKLM "
"command "= "\ "C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc "=dword:00000003
"WinDefend "=dword:00000002
"TabletService "=dword:00000002
"SSScsiSV "=dword:00000003
"SPTISRV "=dword:00000003
"SBCSSvc "=dword:00000002
"Pml Driver HPZ12 "=dword:00000003
"PACSPTISVR "=dword:00000003
"nmservice "=dword:00000002
"nmraapache "=dword:00000003
"NetSvc "=dword:00000003
"MSCSPTISRV "=dword:00000003
"MDM "=dword:00000002
"iPod Service "=dword:00000003
"IDriverT "=dword:00000003
"AVP "=dword:00000002
"AVG Anti-Spyware Guard "=dword:00000002
"ATI Smart "=dword:00000002
"Ati HotKey Poller "=dword:00000002

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
Shell\AutoRun\command E:\setup.exe


-- End of Deckard's System Scanner: finished at 2007-06-24 at 21:13:09 ---------

Hope you get this one! Thanks...

 

Hi Sue,

I would like to see if we can get some information about something in that log. Please download "Registry Search Tool" (RegSrch.vbs) from here
http://www.billsway.com/vbspage/
start it and paste in WINIO .......wait for it to complete the search, click ok at the prompt. Then when wordpad opens, copy that and post it here please.

 

Here's the results...

Good evening!

Here are the results of that search you wanted.

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "WINIO" 6/28/2007 9:24:58 PM

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WINIO]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WINIO]
"DisplayName "= "WINIO "

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WINIO\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\WINIO]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\WINIO]
"DisplayName "= "WINIO "

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\WINIO\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WINIO]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WINIO]
"DisplayName "= "WINIO "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WINIO\Security]



Thank you!

SueW

 

Thanks

Now copy the following command, then click Start>Run and paste it in .... hit enter.

regedit /e C:\winio.txt "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WINIO "

Post the contents of the C:\winio.txt it creates.

 

Results...

Here it is....

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WINIO]
"Type "=dword:00000001
"Start "=dword:00000001
"ErrorControl "=dword:00000001
"ImagePath "=hex(2):c6,02,fd,00,12,00,00,00
"DisplayName "= "WINIO "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WINIO\Security]
"Security "=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00


Anything good/bad?

S.

 

Well, I certainly don't like it. Click Start>Run, type services.msc and hit enter. Look for the service name WINIO and double click it if found. Set the Startup type to disabled, click Apply and OK. Reboot and check if it stays disabled, and if there's any difference.

Let me know as well if you don't see it listed.

 

WINIO Service...

Good Morning!

I do not see that service listed anywhere in the services area.

Thank you.

SueW

 

Mornin'!

Copy the contents of the quote box below to a blank notepad. Make sure the formatting stays the same!

Save it (on the desktop) as:

Filename: winio.reg
Save As Type: All Files (*.*)

The file should now look like a green rubics cube. Double click the file and allow it to merge with the registry. Reboot.

Now delete the C:\winio.txt file and run the command line from a couple posts up again, then post the contents of winio.txt