1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Trouble removing Trojan.Downloader.Ruins

Discussion in 'Malware and Virus Removal Archive' started by chiefyj, 2007/09/19.

Page 1 of 2
  1. 2007/09/19
    chiefyj

    chiefyj Inactive Thread Starter

    Joined:
    2007/09/06
    Messages:
    15
    Likes Received:
    0
    [Resolved] Trouble removing Trojan.Downloader.Ruins

    A while back while doing a routine scan of my computer for viruses, spyware, and ad-ware, one of the spyware programs (Spyware Doctor) discovered a few trojans on my computer. Spyware Doctor was able to successfully remove all the trouble EXCEPT Trojan.Downloader.Ruins.

    Since I came across this problem, my computer has been running at a significantly slower speed and when I open certain folders, a pop-up appears saying that "windows explorer has experience an error and needs to shut down ". Also, when I try to shut down my computer, my PC has trouble closing down certain programs, sometimes my wireless VPN client, sometimes Adobe Reader, it really depends.

    Here is my HijackThis log... any help in removing this problem would be GREATLY appreciated. Thanks :)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:32:37 PM, on 9/19/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\SCardSvr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\WLTRAY.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\keyacc32.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system\CmFlywav.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Apoint\HidFind.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Spyware Doctor\swdoctor.exe
    C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\DOCUME~1\Jeff\LOCALS~1\Temp\d2l_PlayD2.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Documents and Settings\Jeff\My Documents\downloads\FAH504-Console.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\Documents and Settings\Jeff\My Documents\downloads\FahCore_80.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system\CMAS2DS.EXE
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Linksys\WMB54G\WMB54G.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Documents and Settings\Jeff\My Documents\downloads\HiJackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.case.edu/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - (no file)
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - (no file)
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe "
    O4 - HKLM\..\Run: [EPSON Stylus CX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE /P26 "EPSON Stylus CX4200 Series" /O6 "USB001" /M "Stylus CX4200 "
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe "
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [KeyAccess] C:\WINDOWS\keyacc32.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe "
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll "
    O4 - HKLM\..\Run: [CmFlywav] C:\WINDOWS\system\CmFlywav.exe
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'Default user')
    O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {59F156FC-9BC4-11D5-B0A5-0060085A719D} (Opalplayerx5 Control) - ftp://ftp.ca.com/pub/Opal/plugins/x_plugin/opalplayerx5.cab
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
    O20 - AppInit_DLLs: KATRACK.DLL C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Broadcom ASF IP Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: FAH@C:+Documents and Settings+Jeff+My Documents+downloads+FAH504-Console(2).exe - Unknown owner - C:\Documents and Settings\Jeff\My Documents\downloads\FAH504-Console(2).exe (file missing)
    O23 - Service: FAH@C:+Documents and Settings+Jeff+My Documents+downloads+FAH504-Console.exe - Stanford University - C:\Documents and Settings\Jeff\My Documents\downloads\FAH504-Console.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE (file missing)

    --
    End of file - 12557 bytes
     
    chiefyj,
    #1
  2. 2007/09/19
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Welcome to WindowsBBS chiefyj :)

    Please download FixWareout from here:
    http://downloads.subratam.org/Fixwareout.exe

    Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
    The fix will begin; follow the prompts. If your firewall gives an alert, (because this tool will download an additional file from the internet), please don't let your firewall block it, but allow it instead.
    Then you will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.
    Once the desktop loads please post the text that will open (report.txt) and a new Hijackthis log.
     
    noahdfear,
    #2


  3. to hide this advert.

  4. 2007/09/20
    chiefyj

    chiefyj Inactive Thread Starter

    Joined:
    2007/09/06
    Messages:
    15
    Likes Received:
    0
    Ok, well I downloaded the program and ran it. It told me it would reboot, which it did, and when it came back and said "Start fix" I hit ok. I waited. About 2 hours later, there was still no response from the program, meaning there is no report.txt for me to post. Here's my HijackThis log again incase anything has changed.... any suggestions?

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:26:00 AM, on 9/20/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\SCardSvr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Documents and Settings\Jeff\My Documents\downloads\FAH504-Console.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Documents and Settings\Jeff\My Documents\downloads\FahCore_80.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\cmd.exe
    C:\fixwareout\FindT\vfind.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Jeff\My Documents\downloads\HiJackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.case.edu/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - (no file)
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - (no file)
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe "
    O4 - HKLM\..\Run: [EPSON Stylus CX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE /P26 "EPSON Stylus CX4200 Series" /O6 "USB001" /M "Stylus CX4200 "
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe "
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [KeyAccess] C:\WINDOWS\keyacc32.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe "
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll "
    O4 - HKLM\..\Run: [CmFlywav] C:\WINDOWS\system\CmFlywav.exe
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'Default user')
    O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {59F156FC-9BC4-11D5-B0A5-0060085A719D} (Opalplayerx5 Control) - ftp://ftp.ca.com/pub/Opal/plugins/x_plugin/opalplayerx5.cab
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
    O20 - AppInit_DLLs: KATRACK.DLL C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Broadcom ASF IP Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: FAH@C:+Documents and Settings+Jeff+My Documents+downloads+FAH504-Console(2).exe - Unknown owner - C:\Documents and Settings\Jeff\My Documents\downloads\FAH504-Console(2).exe (file missing)
    O23 - Service: FAH@C:+Documents and Settings+Jeff+My Documents+downloads+FAH504-Console.exe - Stanford University - C:\Documents and Settings\Jeff\My Documents\downloads\FAH504-Console.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE (file missing)

    --
    End of file - 11420 bytes
     
    chiefyj,
    #3
  5. 2007/09/20
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Not sure why fixwareout hung ........ odd though, one of it's processes was still running when you created the HijackThis log.

    C:\fixwareout\FindT\vfind.exe

    Open task manager and kill that process if it's still running.

    Please see if the report is located at C:\fixwareout\report.txt and post it's contents if it is.
     
    noahdfear,
    #4
  6. 2007/09/21
    chiefyj

    chiefyj Inactive Thread Starter

    Joined:
    2007/09/06
    Messages:
    15
    Likes Received:
    0
    Hah.. not much to post...

    Username "Jeff" - 09/20/2007 2:12:55 [Fixwareout edited 9/01/2007]

    ~~~~~ Prerun check


    ~~~~~ Postrun check
    HKLM\SOFTWARE\~\Winlogon\ "system "=" "
    ....
     
    chiefyj,
    #5
  7. 2007/09/21
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Please try to run Fixwareout again, using the same instructions as above. If it hangs again, I'll contact the author to see if he has suggestions.
     
    noahdfear,
    #6
  8. 2007/09/23
    chiefyj

    chiefyj Inactive Thread Starter

    Joined:
    2007/09/06
    Messages:
    15
    Likes Received:
    0
    Yeah, I ran it again, and it hung after it restarted. I left it on overnight to see if I was just impatient before, but nothing happened. The report is exacty the same as the one posted earlier.
     
    chiefyj,
    #7
  9. 2007/09/23
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    I'll see if I can contact the author of fixwareout and see what he recommends.

    Lets run another scan tool that will show us a bit more.

    Note: You must be logged onto an account with administrator privileges to complete the following.

    Download Deckard's System Scanner (dss.exe) to your desktop.
    • Close all applications and windows.
    • Double click on dss.exe to run it and follow the prompts.
    • When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.
    Post the contents of main.txt only for now.
     
    noahdfear,
    #8
  10. 2007/09/23
    chiefyj

    chiefyj Inactive Thread Starter

    Joined:
    2007/09/06
    Messages:
    15
    Likes Received:
    0
    Yay for scans that work!



    Deckard's System Scanner v20070905.67
    Run by Jeff on 2007-09-23 21:34:09
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- System Restore --------------------------------------------------------------



    -- Last 5 Restore Point(s) --
    70: 2007-09-24 00:27:59 UTC - RP286 - Deckard's System Scanner Restore Point
    69: 2007-09-23 21:10:45 UTC - RP285 - System Checkpoint
    68: 2007-09-21 05:30:46 UTC - RP284 - Software Distribution Service 3.0
    67: 2007-09-20 06:39:52 UTC - RP283 - System Checkpoint
    66: 2007-09-19 05:52:36 UTC - RP282 - Software Distribution Service 3.0


    -- First Restore Point --
    1: 2007-06-27 21:28:59 UTC - RP217 - System Checkpoint


    Backed up registry hives.
    Performed disk cleanup.



    -- HijackThis (run as Jeff.exe) ------------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:35:51 PM, on 9/23/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\SCardSvr.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Documents and Settings\Jeff\My Documents\downloads\FAH504-Console.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\Documents and Settings\Jeff\My Documents\downloads\FahCore_80.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\WINDOWS\stsystra.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\keyacc32.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Apoint\HidFind.exe
    C:\WINDOWS\system\CmFlywav.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Spyware Doctor\swdoctor.exe
    C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\WINDOWS\system\CMAS2DS.EXE
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Documents and Settings\Jeff\Desktop\dss.exe
    C:\Program Files\Linksys\WMB54G\WMB54G.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\DOCUME~1\Jeff\MYDOCU~1\DOWNLO~1\Jeff.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.case.edu/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - (no file)
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - (no file)
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe "
    O4 - HKLM\..\Run: [EPSON Stylus CX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE /P26 "EPSON Stylus CX4200 Series" /O6 "USB001" /M "Stylus CX4200 "
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe "
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [KeyAccess] C:\WINDOWS\keyacc32.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe "
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll "
    O4 - HKLM\..\Run: [CmFlywav] C:\WINDOWS\system\CmFlywav.exe
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'Default user')
    O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {59F156FC-9BC4-11D5-B0A5-0060085A719D} (Opalplayerx5 Control) - ftp://ftp.ca.com/pub/Opal/plugins/x_plugin/opalplayerx5.cab
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
    O20 - AppInit_DLLs: KATRACK.DLL C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Broadcom ASF IP Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: FAH@C:+Documents and Settings+Jeff+My Documents+downloads+FAH504-Console(2).exe - Unknown owner - C:\Documents and Settings\Jeff\My Documents\downloads\FAH504-Console(2).exe (file missing)
    O23 - Service: FAH@C:+Documents and Settings+Jeff+My Documents+downloads+FAH504-Console.exe - Stanford University - C:\Documents and Settings\Jeff\My Documents\downloads\FAH504-Console.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE (file missing)

    --
    End of file - 12487 bytes

    -- File Associations -----------------------------------------------------------

    All associations okay.


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>

    S0 szkg - c:\windows\system32\drivers\szkg.sys (file missing)
    S3 hamachi_oem (PlayLinc Adapter) - c:\windows\system32\drivers\gan_adapter.sys <Not Verified; Applied Networking Inc.; Hamachi Virtual Network Interface Driver, OEM>
    S3 PSSdk23 - c:\windows\system32\drivers\pssdk23.drv (file missing)
    S3 UIUSys (Conexant Setup API) - c:\windows\system32\drivers\uiusys.sys (file missing)
    S3 vaxscsi - c:\windows\system32\drivers\vaxscsi.sys (file missing)


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
    R2 FAH@C:+Documents and Settings+Jeff+My Documents+downloads+FAH504-Console.exe - c:\documents and settings\jeff\my documents\downloads\fah504-console.exe -svcstart <Not Verified; Stanford University; Folding@Home Client>

    S2 wltrysvc (Dell Wireless WLAN Tray Service) - c:\windows\system32\wltrysvc.exe c:\windows\system32\bcmwltry.exe (file missing)
    S3 FAH@C:+Documents and Settings+Jeff+My Documents+downloads+FAH504-Console(2).exe - c:\documents and settings\jeff\my documents\downloads\fah504-console(2).exe -svcstart (file missing)


    -- Device Manager: Disabled ----------------------------------------------------

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Dell Wireless 1490 Dual Band WLAN Mini-Card
    Device ID: PCI\VEN_14E4&DEV_4312&SUBSYS_00071028&REV_01\4&360A6DE&0&00E1
    Manufacturer: Broadcom
    Name: Dell Wireless 1490 Dual Band WLAN Mini-Card
    PNP Device ID: PCI\VEN_14E4&DEV_4312&SUBSYS_00071028&REV_01\4&360A6DE&0&00E1
    Service: BCM43XX

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Cisco Systems VPN Adapter
    Device ID: ROOT\NET\0000
    Manufacturer: Cisco Systems
    Name: Cisco Systems VPN Adapter
    PNP Device ID: ROOT\NET\0000
    Service: CVirtA


    -- Scheduled Tasks -------------------------------------------------------------

    2007-09-23 21:00:51 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
    2007-09-18 20:31:03 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    2007-09-17 20:21:54 620 --a------ C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Jeff.job


    -- Files created between 2007-08-23 and 2007-09-23 -----------------------------

    2007-09-21 13:43:11 16996 --a------ C:\WINDOWS\DIIUnin.dat
    2007-09-21 13:43:11 0 d-------- C:\Documents and Settings\All Users\Desktop
    2007-09-21 13:43:09 2829 --a------ C:\WINDOWS\DIIUnin.pif
    2007-09-21 13:43:08 94208 --a------ C:\WINDOWS\DIIUnin.exe <Not Verified; Blizzard Entertainment; Diablo II Uninstaller>
    2007-09-21 13:40:46 0 d-------- C:\Program Files\Diablo 2
    2007-09-19 14:19:59 0 dr-h----- C:\Documents and Settings\Jeff\Application Data\SecuROM
    2007-09-18 23:49:50 0 d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
    2007-09-18 23:46:45 0 d-------- C:\Program Files\NCH Swift Sound
    2007-09-18 22:41:27 0 d-------- C:\Program Files\Sierra Entertainment
    2007-09-18 22:40:51 0 d-------- C:\Documents and Settings\Jeff\Application Data\InstallShield
    2007-09-18 20:57:24 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
    2007-09-17 21:19:05 21840 --a-----t C:\WINDOWS\system32\SIntfNT.dll
    2007-09-17 21:19:05 17212 --a-----t C:\WINDOWS\system32\SIntf32.dll
    2007-09-17 21:19:05 12067 --a-----t C:\WINDOWS\system32\SIntf16.dll
    2007-09-17 20:55:41 0 d-------- C:\Program Files\Diablo II
    2007-09-17 13:16:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Musicnotes
    2007-09-17 13:16:36 0 d-------- C:\Program Files\Musicnotes
    2007-09-06 09:48:26 0 d-------- C:\Program Files\iPod
    2007-09-06 09:48:14 0 d-------- C:\Program Files\iTunes
    2007-09-06 09:47:06 0 d-------- C:\Program Files\Apple Software Update
    2007-09-06 02:35:23 120 --a------ C:\drmHeader.bin
    2007-09-04 00:20:58 0 d-------- C:\WINDOWS\system32\Lang
    2007-09-04 00:20:50 0 d-------- C:\Intel
    2007-08-28 11:07:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
    2007-08-28 01:19:22 158 --a------ C:\WINDOWS\system\Flywave.dll
    2007-08-27 23:07:33 40960 --a------ C:\WINDOWS\system32\WMB54G.dll
    2007-08-27 23:07:25 0 d-------- C:\Program Files\Linksys


    -- Find3M Report ---------------------------------------------------------------

    2007-09-23 20:29:02 0 d-------- C:\Program Files\Common Files\Symantec Shared
    2007-09-21 13:46:17 0 d-------- C:\Program Files\DC++
    2007-09-20 20:50:42 0 d-------- C:\Documents and Settings\Jeff\Application Data\.gaim
    2007-09-20 14:09:41 0 d-------- C:\Program Files\Symantec
    2007-09-18 22:41:26 0 d--h----- C:\Program Files\InstallShield Installation Information
    2007-09-18 20:57:24 0 d-------- C:\Program Files\Common Files
    2007-09-17 20:34:18 0 d-------- C:\Program Files\Sibelius Software
    2007-09-12 00:32:59 0 d-------- C:\Documents and Settings\Jeff\Application Data\Adobe
    2007-09-02 22:59:16 0 d-------- C:\Documents and Settings\Jeff\Application Data\DivX
    2007-08-28 10:28:31 0 d-------- C:\Program Files\Google
    2007-08-28 10:27:41 0 d-------- C:\Program Files\DivX
    2007-08-27 21:12:51 0 d-------- C:\Documents and Settings\Jeff\Application Data\Apple Computer
    2007-08-21 06:48:27 0 d-------- C:\Program Files\THQ
    2007-08-14 23:42:50 0 d-------- C:\Program Files\Norton Internet Security
    2007-07-26 19:06:22 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
    2007-07-26 19:03:48 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
    2007-07-26 19:03:48 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
    2007-07-26 19:03:38 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
    2007-07-26 19:03:38 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
    2007-07-26 19:03:38 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
    2007-07-26 19:03:38 740442 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
    2007-07-26 19:03:02 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Broadcom Wireless Manager UI "= "C:\WINDOWS\system32\WLTRAY.exe" [12/19/2005 10:08 AM]
    "SigmatelSysTrayApp "= "stsystra.exe" [11/16/2005 04:35 PM C:\WINDOWS\stsystra.exe]
    "Apoint "= "C:\Program Files\Apoint\Apoint.exe" [10/07/2005 03:13 PM]
    "Acrobat Assistant 7.0 "= "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [12/14/2004 03:12 AM]
    "@ "=" " []
    "EPSON Stylus CX4200 Series "= "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.exe" [03/08/2005 05:00 AM]
    "SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 04:00 AM]
    "TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [11/20/2006 09:33 PM]
    "KeyAccess "= "C:\WINDOWS\keyacc32.exe" [06/01/2006 02:00 PM]
    "Windows Defender "= "C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
    "QuickTime Task "= "C:\Program Files\QuickTime\QTTask.exe" [06/29/2007 06:24 AM]
    "ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/10/2007 01:59 AM]
    "osCheck "= "C:\Program Files\Norton Internet Security\osCheck.exe" [01/14/2007 03:11 AM]
    "Symantec PIF AlertEng "= "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [03/12/2007 06:30 PM]
    "CmFlywav "= "C:\WINDOWS\system\CmFlywav.exe" [05/19/2006 03:44 PM]
    "Google Desktop Search "= "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [08/28/2007 06:50 PM]
    "IgfxTray "= "C:\WINDOWS\system32\igfxtray.exe" [03/30/2007 08:00 PM]
    "HotKeysCmds "= "C:\WINDOWS\system32\hkcmd.exe" [03/30/2007 08:00 PM]
    "Persistence "= "C:\WINDOWS\system32\igfxpers.exe" [03/30/2007 07:59 PM]
    "iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [08/15/2007 08:15 PM]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DAEMON Tools "= "C:\Program Files\DAEMON Tools\daemon.exe" [11/12/2006 06:48 AM]
    "Spyware Doctor "= "C:\Program Files\Spyware Doctor\swdoctor.exe" [12/11/2006 04:35 PM]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "Spyware Doctor "= "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    "DWQueuedReporting "= "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

    C:\Documents and Settings\Jeff\Start Menu\Programs\Startup\
    Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 8:16:50 PM]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [11/14/2006 7:19:06 PM]
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 11:05:26 PM]
    Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe [11/14/2006 8:06:24 PM]



    SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.




    -- Hosts -----------------------------------------------------------------------

    127.0.0.1 localhost #***Inserted By STOPzilla***
    127.0.0.1 2005-search.com # ***Inserted By STOPzilla***
    127.0.0.1 600pics.com # ***Inserted By STOPzilla***
    127.0.0.1 a1.interclick.com # ***Inserted By STOPzilla***
    127.0.0.1 absolutepics.net # ***Inserted By STOPzilla***
    127.0.0.1 ad.yieldmanager.com # ***Inserted By STOPzilla***
    127.0.0.1 alex.fileburst.com # ***Inserted By STOPzilla***
    127.0.0.1 all-tgp.org # ***Inserted By STOPzilla***
    127.0.0.1 all-websearch.com # ***Inserted By STOPzilla***
    127.0.0.1 apps.deskwizz.com # ***Inserted By STOPzilla***

    129 more entries in hosts file.


    -- End of Deckard's System Scanner: finished at 2007-09-23 21:37:05 ------------
     
    chiefyj,
    #9
  11. 2007/09/24
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Not much showing in that log either. It does show us that the registry has been compromised in a way that makes safe mode impossible for you, so lets get the safeboot key fixed.

    Please download SafeBootKeyRepair
    Save it to your desktop.
    Double click to run it then post the log it produces.

    Lets also see if this online scanner picks up anything.

    http://www.ewido.net/en/onlinescan/

    Allow the ActiveX control to be installed. Wait for the signature database to be downloaded, then click Scan. When the scan completes, click the Save Report button, then save it to your desktop. If you have time and anything is reported infected you're unsure of, post the log while those scan results are up and I'll look over it. Otherwise, check the list of items found closely, and uncheck anything you KNOW to be safe (any application can have false positives ;) ). Now click Remove Infections. Reboot.

    Post the contents of the ewido-report.log on your desktop along with a new HijackThis log. Let me know if you opted to not have any of the items removed.
     
    noahdfear,
    #10
  12. 2007/09/25
    chiefyj

    chiefyj Inactive Thread Starter

    Joined:
    2007/09/06
    Messages:
    15
    Likes Received:
    0
    Here's the SafeBoot log...

    Reg export of SafeBoot key after repair:
    ========================

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot]
    "AlternateShell "= "cmd.exe "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\AppMgmt]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Base]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot Bus Extender]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot file system]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\CryptSvc]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\DcomLaunch]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmadmin]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmboot.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmio.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmload.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmserver]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\EventLog]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\File system]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Filter]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\HelpSvc]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Netlogon]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PCI Configuration]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PlugPlay]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PNP Filter]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Primary disk]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\RpcSs]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SCSI Class]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sermouse.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sr.sys]
    @= "FSFilter System Recovery "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SRService]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\System Bus Extender]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vga.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vgasave.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\WinDefend]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\WinMgmt]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
    @= "Universal Serial Bus controllers "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
    @= "CD-ROM Drive "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
    @= "DiskDrive "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
    @= "Standard floppy disk controller "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
    @= "Hdc "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
    @= "Keyboard "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
    @= "Mouse "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
    @= "PCMCIA Adapters "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
    @= "SCSIAdapter "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
    @= "System "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
    @= "Floppy disk drive "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
    @= "Volume "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
    @= "Human Interface Devices "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AFD]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AppMgmt]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Base]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot Bus Extender]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot file system]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Browser]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\CryptSvc]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DcomLaunch]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Dhcp]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmadmin]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmboot.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmio.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmload.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmserver]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DnsCache]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\EventLog]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\File system]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Filter]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\HelpSvc]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ip6fw.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ipnat.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanServer]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanWorkstation]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LmHosts]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Messenger]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS Wrapper]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Ndisuio]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOS]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOSGroup]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBT]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetDDEGroup]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Netlogon]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetMan]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Network]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetworkProvider]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NtLmSsp]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PCI Configuration]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PlugPlay]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP Filter]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP_TDI]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Primary disk]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpcdd.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpdd.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpwd.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdsessmgr]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\RpcSs]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SCSI Class]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sermouse.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SharedAccess]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sr.sys]
    @= "FSFilter System Recovery "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SRService]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Streams Drivers]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\System Bus Extender]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Tcpip]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\TDI]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdpipe.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdtcp.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\termservice]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vga.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vgasave.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WinDefend]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WinMgmt]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WZCSVC]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
    @= "Universal Serial Bus controllers "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
    @= "CD-ROM Drive "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
    @= "DiskDrive "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
    @= "Standard floppy disk controller "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
    @= "Hdc "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
    @= "Keyboard "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
    @= "Mouse "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
    @= "Net "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
    @= "NetClient "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
    @= "NetService "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
    @= "NetTrans "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
    @= "PCMCIA Adapters "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
    @= "SCSIAdapter "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
    @= "System "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
    @= "Floppy disk drive "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
    @= "Volume "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
    @= "Human Interface Devices "

    ========================


    Annnnnd here's the Ewido report...

    __________________________________________________
    ewido anti-spyware online scanner
    http://www.ewido.net
    __________________________________________________


    Name: Proxy.Agent.ls
    Path: C:\Deckard\System Scanner\20070923205857\backup\WINDOWS\temp\4678.tmp
    Risk: High

    Name: Proxy.Agent.ls
    Path: C:\Deckard\System Scanner\20070923205857\backup\WINDOWS\temp\8780.tmp
    Risk: High

    Name: Proxy.Agent.ls
    Path: C:\Deckard\System Scanner\20070923205857\backup\WINDOWS\temp\ABFD.tmp
    Risk: High

    Name: Proxy.Agent.ls
    Path: C:\Deckard\System Scanner\20070923205857\backup\WINDOWS\temp\B371.tmp
    Risk: High


    Finally, here's the new HijackThis log...

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:32:42 AM, on 9/25/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\SCardSvr.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Documents and Settings\Jeff\My Documents\downloads\FAH504-Console.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\Documents and Settings\Jeff\My Documents\downloads\FahCore_80.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\WINDOWS\stsystra.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\WINDOWS\keyacc32.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Apoint\HidFind.exe
    C:\WINDOWS\system\CmFlywav.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Spyware Doctor\swdoctor.exe
    C:\WINDOWS\system\CMAS2DS.EXE
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Linksys\WMB54G\WMB54G.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\Jeff\My Documents\downloads\HiJackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.case.edu/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - (no file)
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - (no file)
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe "
    O4 - HKLM\..\Run: [EPSON Stylus CX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE /P26 "EPSON Stylus CX4200 Series" /O6 "USB001" /M "Stylus CX4200 "
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe "
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [KeyAccess] C:\WINDOWS\keyacc32.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe "
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll "
    O4 - HKLM\..\Run: [CmFlywav] C:\WINDOWS\system\CmFlywav.exe
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'Default user')
    O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {59F156FC-9BC4-11D5-B0A5-0060085A719D} (Opalplayerx5 Control) - ftp://ftp.ca.com/pub/Opal/plugins/x_plugin/opalplayerx5.cab
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
    O20 - AppInit_DLLs: KATRACK.DLL C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Broadcom ASF IP Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: FAH@C:+Documents and Settings+Jeff+My Documents+downloads+FAH504-Console(2).exe - Unknown owner - C:\Documents and Settings\Jeff\My Documents\downloads\FAH504-Console(2).exe (file missing)
    O23 - Service: FAH@C:+Documents and Settings+Jeff+My Documents+downloads+FAH504-Console.exe - Stanford University - C:\Documents and Settings\Jeff\My Documents\downloads\FAH504-Console.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE (file missing)

    --
    End of file - 12638 bytes
     
    chiefyj,
    #11
  13. 2007/09/25
    chiefyj

    chiefyj Inactive Thread Starter

    Joined:
    2007/09/06
    Messages:
    15
    Likes Received:
    0
    Here's the SafeBoot log...

    Reg export of SafeBoot key after repair:
    ========================

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot]
    "AlternateShell "= "cmd.exe "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\AppMgmt]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Base]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot Bus Extender]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot file system]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\CryptSvc]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\DcomLaunch]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmadmin]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmboot.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmio.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmload.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmserver]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\EventLog]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\File system]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Filter]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\HelpSvc]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Netlogon]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PCI Configuration]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PlugPlay]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PNP Filter]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Primary disk]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\RpcSs]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SCSI Class]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sermouse.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sr.sys]
    @= "FSFilter System Recovery "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SRService]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\System Bus Extender]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vga.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vgasave.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\WinDefend]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\WinMgmt]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
    @= "Universal Serial Bus controllers "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
    @= "CD-ROM Drive "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
    @= "DiskDrive "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
    @= "Standard floppy disk controller "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
    @= "Hdc "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
    @= "Keyboard "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
    @= "Mouse "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
    @= "PCMCIA Adapters "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
    @= "SCSIAdapter "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
    @= "System "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
    @= "Floppy disk drive "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
    @= "Volume "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
    @= "Human Interface Devices "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AFD]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AppMgmt]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Base]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot Bus Extender]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot file system]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Browser]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\CryptSvc]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DcomLaunch]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Dhcp]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmadmin]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmboot.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmio.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmload.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmserver]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DnsCache]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\EventLog]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\File system]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Filter]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\HelpSvc]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ip6fw.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ipnat.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanServer]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanWorkstation]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LmHosts]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Messenger]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS Wrapper]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Ndisuio]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOS]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOSGroup]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBT]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetDDEGroup]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Netlogon]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetMan]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Network]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetworkProvider]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NtLmSsp]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PCI Configuration]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PlugPlay]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP Filter]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP_TDI]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Primary disk]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpcdd.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpdd.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpwd.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdsessmgr]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\RpcSs]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SCSI Class]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sermouse.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SharedAccess]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sr.sys]
    @= "FSFilter System Recovery "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SRService]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Streams Drivers]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\System Bus Extender]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Tcpip]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\TDI]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdpipe.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdtcp.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\termservice]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vga.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vgasave.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WinDefend]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WinMgmt]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WZCSVC]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
    @= "Universal Serial Bus controllers "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
    @= "CD-ROM Drive "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
    @= "DiskDrive "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
    @= "Standard floppy disk controller "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
    @= "Hdc "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
    @= "Keyboard "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
    @= "Mouse "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
    @= "Net "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
    @= "NetClient "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
    @= "NetService "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
    @= "NetTrans "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
    @= "PCMCIA Adapters "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
    @= "SCSIAdapter "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
    @= "System "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
    @= "Floppy disk drive "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
    @= "Volume "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
    @= "Human Interface Devices "

    ========================


    Annnnnd here's the Ewido report...

    __________________________________________________
    ewido anti-spyware online scanner
    http://www.ewido.net
    __________________________________________________


    Name: Proxy.Agent.ls
    Path: C:\Deckard\System Scanner\20070923205857\backup\WINDOWS\temp\4678.tmp
    Risk: High

    Name: Proxy.Agent.ls
    Path: C:\Deckard\System Scanner\20070923205857\backup\WINDOWS\temp\8780.tmp
    Risk: High

    Name: Proxy.Agent.ls
    Path: C:\Deckard\System Scanner\20070923205857\backup\WINDOWS\temp\ABFD.tmp
    Risk: High

    Name: Proxy.Agent.ls
    Path: C:\Deckard\System Scanner\20070923205857\backup\WINDOWS\temp\B371.tmp
    Risk: High


    Finally, here's the new HijackThis log...

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:32:42 AM, on 9/25/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\SCardSvr.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Documents and Settings\Jeff\My Documents\downloads\FAH504-Console.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\Documents and Settings\Jeff\My Documents\downloads\FahCore_80.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\WINDOWS\stsystra.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\WINDOWS\keyacc32.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Apoint\HidFind.exe
    C:\WINDOWS\system\CmFlywav.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Spyware Doctor\swdoctor.exe
    C:\WINDOWS\system\CMAS2DS.EXE
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Linksys\WMB54G\WMB54G.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\Jeff\My Documents\downloads\HiJackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.case.edu/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - (no file)
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - (no file)
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe "
    O4 - HKLM\..\Run: [EPSON Stylus CX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE /P26 "EPSON Stylus CX4200 Series" /O6 "USB001" /M "Stylus CX4200 "
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe "
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [KeyAccess] C:\WINDOWS\keyacc32.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe "
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll "
    O4 - HKLM\..\Run: [CmFlywav] C:\WINDOWS\system\CmFlywav.exe
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'Default user')
    O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {59F156FC-9BC4-11D5-B0A5-0060085A719D} (Opalplayerx5 Control) - ftp://ftp.ca.com/pub/Opal/plugins/x_plugin/opalplayerx5.cab
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
    O20 - AppInit_DLLs: KATRACK.DLL C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Broadcom ASF IP Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: FAH@C:+Documents and Settings+Jeff+My Documents+downloads+FAH504-Console(2).exe - Unknown owner - C:\Documents and Settings\Jeff\My Documents\downloads\FAH504-Console(2).exe (file missing)
    O23 - Service: FAH@C:+Documents and Settings+Jeff+My Documents+downloads+FAH504-Console.exe - Stanford University - C:\Documents and Settings\Jeff\My Documents\downloads\FAH504-Console.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE (file missing)

    --
    End of file - 12638 bytes
     
    chiefyj,
    #12
  14. 2007/09/25
    chiefyj

    chiefyj Inactive Thread Starter

    Joined:
    2007/09/06
    Messages:
    15
    Likes Received:
    0
    Here's the SafeBoot log...

    Reg export of SafeBoot key after repair:
    ========================

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot]
    "AlternateShell "= "cmd.exe "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\AppMgmt]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Base]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot Bus Extender]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot file system]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\CryptSvc]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\DcomLaunch]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmadmin]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmboot.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmio.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmload.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmserver]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\EventLog]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\File system]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Filter]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\HelpSvc]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Netlogon]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PCI Configuration]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PlugPlay]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PNP Filter]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Primary disk]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\RpcSs]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SCSI Class]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sermouse.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sr.sys]
    @= "FSFilter System Recovery "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SRService]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\System Bus Extender]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vga.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vgasave.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\WinDefend]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\WinMgmt]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
    @= "Universal Serial Bus controllers "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
    @= "CD-ROM Drive "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
    @= "DiskDrive "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
    @= "Standard floppy disk controller "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
    @= "Hdc "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
    @= "Keyboard "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
    @= "Mouse "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
    @= "PCMCIA Adapters "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
    @= "SCSIAdapter "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
    @= "System "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
    @= "Floppy disk drive "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
    @= "Volume "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
    @= "Human Interface Devices "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AFD]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AppMgmt]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Base]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot Bus Extender]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot file system]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Browser]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\CryptSvc]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DcomLaunch]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Dhcp]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmadmin]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmboot.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmio.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmload.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmserver]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DnsCache]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\EventLog]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\File system]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Filter]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\HelpSvc]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ip6fw.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ipnat.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanServer]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanWorkstation]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LmHosts]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Messenger]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS Wrapper]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Ndisuio]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOS]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOSGroup]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBT]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetDDEGroup]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Netlogon]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetMan]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Network]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetworkProvider]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NtLmSsp]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PCI Configuration]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PlugPlay]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP Filter]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP_TDI]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Primary disk]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpcdd.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpdd.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpwd.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdsessmgr]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\RpcSs]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SCSI Class]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sermouse.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SharedAccess]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sr.sys]
    @= "FSFilter System Recovery "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SRService]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Streams Drivers]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\System Bus Extender]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Tcpip]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\TDI]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdpipe.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdtcp.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\termservice]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vga.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vgasave.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WinDefend]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WinMgmt]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WZCSVC]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
    @= "Universal Serial Bus controllers "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
    @= "CD-ROM Drive "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
    @= "DiskDrive "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
    @= "Standard floppy disk controller "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
    @= "Hdc "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
    @= "Keyboard "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
    @= "Mouse "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
    @= "Net "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
    @= "NetClient "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
    @= "NetService "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
    @= "NetTrans "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
    @= "PCMCIA Adapters "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
    @= "SCSIAdapter "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
    @= "System "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
    @= "Floppy disk drive "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
    @= "Volume "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
    @= "Human Interface Devices "

    ========================


    Annnnnd here's the Ewido report...

    __________________________________________________
    ewido anti-spyware online scanner
    http://www.ewido.net
    __________________________________________________


    Name: Proxy.Agent.ls
    Path: C:\Deckard\System Scanner\20070923205857\backup\WINDOWS\temp\4678.tmp
    Risk: High

    Name: Proxy.Agent.ls
    Path: C:\Deckard\System Scanner\20070923205857\backup\WINDOWS\temp\8780.tmp
    Risk: High

    Name: Proxy.Agent.ls
    Path: C:\Deckard\System Scanner\20070923205857\backup\WINDOWS\temp\ABFD.tmp
    Risk: High

    Name: Proxy.Agent.ls
    Path: C:\Deckard\System Scanner\20070923205857\backup\WINDOWS\temp\B371.tmp
    Risk: High


    Finally, here's the new HijackThis log...

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:32:42 AM, on 9/25/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\SCardSvr.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Documents and Settings\Jeff\My Documents\downloads\FAH504-Console.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\Documents and Settings\Jeff\My Documents\downloads\FahCore_80.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\WINDOWS\stsystra.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\WINDOWS\keyacc32.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Apoint\HidFind.exe
    C:\WINDOWS\system\CmFlywav.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Spyware Doctor\swdoctor.exe
    C:\WINDOWS\system\CMAS2DS.EXE
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Linksys\WMB54G\WMB54G.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\Jeff\My Documents\downloads\HiJackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.case.edu/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - (no file)
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - (no file)
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe "
    O4 - HKLM\..\Run: [EPSON Stylus CX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE /P26 "EPSON Stylus CX4200 Series" /O6 "USB001" /M "Stylus CX4200 "
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe "
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [KeyAccess] C:\WINDOWS\keyacc32.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe "
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll "
    O4 - HKLM\..\Run: [CmFlywav] C:\WINDOWS\system\CmFlywav.exe
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'Default user')
    O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {59F156FC-9BC4-11D5-B0A5-0060085A719D} (Opalplayerx5 Control) - ftp://ftp.ca.com/pub/Opal/plugins/x_plugin/opalplayerx5.cab
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
    O20 - AppInit_DLLs: KATRACK.DLL C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Broadcom ASF IP Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: FAH@C:+Documents and Settings+Jeff+My Documents+downloads+FAH504-Console(2).exe - Unknown owner - C:\Documents and Settings\Jeff\My Documents\downloads\FAH504-Console(2).exe (file missing)
    O23 - Service: FAH@C:+Documents and Settings+Jeff+My Documents+downloads+FAH504-Console.exe - Stanford University - C:\Documents and Settings\Jeff\My Documents\downloads\FAH504-Console.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE (file missing)

    --
    End of file - 12638 bytes
     
    chiefyj,
    #13
  15. 2007/09/25
    chiefyj

    chiefyj Inactive Thread Starter

    Joined:
    2007/09/06
    Messages:
    15
    Likes Received:
    0
    Here's the SafeBoot log...

    Reg export of SafeBoot key after repair:
    ========================

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot]
    "AlternateShell "= "cmd.exe "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\AppMgmt]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Base]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot Bus Extender]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot file system]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\CryptSvc]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\DcomLaunch]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmadmin]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmboot.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmio.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmload.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmserver]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\EventLog]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\File system]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Filter]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\HelpSvc]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Netlogon]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PCI Configuration]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PlugPlay]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PNP Filter]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Primary disk]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\RpcSs]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SCSI Class]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sermouse.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sr.sys]
    @= "FSFilter System Recovery "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SRService]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\System Bus Extender]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vga.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vgasave.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\WinDefend]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\WinMgmt]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
    @= "Universal Serial Bus controllers "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
    @= "CD-ROM Drive "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
    @= "DiskDrive "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
    @= "Standard floppy disk controller "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
    @= "Hdc "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
    @= "Keyboard "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
    @= "Mouse "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
    @= "PCMCIA Adapters "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
    @= "SCSIAdapter "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
    @= "System "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
    @= "Floppy disk drive "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
    @= "Volume "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
    @= "Human Interface Devices "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AFD]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AppMgmt]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Base]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot Bus Extender]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot file system]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Browser]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\CryptSvc]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DcomLaunch]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Dhcp]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmadmin]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmboot.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmio.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmload.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmserver]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DnsCache]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\EventLog]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\File system]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Filter]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\HelpSvc]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ip6fw.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ipnat.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanServer]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanWorkstation]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LmHosts]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Messenger]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS Wrapper]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Ndisuio]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOS]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOSGroup]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBT]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetDDEGroup]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Netlogon]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetMan]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Network]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetworkProvider]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NtLmSsp]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PCI Configuration]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PlugPlay]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP Filter]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP_TDI]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Primary disk]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpcdd.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpdd.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpwd.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdsessmgr]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\RpcSs]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SCSI Class]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sermouse.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SharedAccess]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sr.sys]
    @= "FSFilter System Recovery "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SRService]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Streams Drivers]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\System Bus Extender]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Tcpip]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\TDI]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdpipe.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdtcp.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\termservice]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vga.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vgasave.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WinDefend]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WinMgmt]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WZCSVC]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
    @= "Universal Serial Bus controllers "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
    @= "CD-ROM Drive "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
    @= "DiskDrive "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
    @= "Standard floppy disk controller "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
    @= "Hdc "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
    @= "Keyboard "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
    @= "Mouse "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
    @= "Net "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
    @= "NetClient "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
    @= "NetService "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
    @= "NetTrans "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
    @= "PCMCIA Adapters "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
    @= "SCSIAdapter "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
    @= "System "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
    @= "Floppy disk drive "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
    @= "Volume "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
    @= "Human Interface Devices "

    ========================


    Annnnnd here's the Ewido report...

    __________________________________________________
    ewido anti-spyware online scanner
    http://www.ewido.net
    __________________________________________________


    Name: Proxy.Agent.ls
    Path: C:\Deckard\System Scanner\20070923205857\backup\WINDOWS\temp\4678.tmp
    Risk: High

    Name: Proxy.Agent.ls
    Path: C:\Deckard\System Scanner\20070923205857\backup\WINDOWS\temp\8780.tmp
    Risk: High

    Name: Proxy.Agent.ls
    Path: C:\Deckard\System Scanner\20070923205857\backup\WINDOWS\temp\ABFD.tmp
    Risk: High

    Name: Proxy.Agent.ls
    Path: C:\Deckard\System Scanner\20070923205857\backup\WINDOWS\temp\B371.tmp
    Risk: High


    Finally, here's the new HijackThis log...

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:32:42 AM, on 9/25/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\SCardSvr.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Documents and Settings\Jeff\My Documents\downloads\FAH504-Console.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\Documents and Settings\Jeff\My Documents\downloads\FahCore_80.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\WINDOWS\stsystra.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\WINDOWS\keyacc32.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Apoint\HidFind.exe
    C:\WINDOWS\system\CmFlywav.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Spyware Doctor\swdoctor.exe
    C:\WINDOWS\system\CMAS2DS.EXE
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Linksys\WMB54G\WMB54G.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\Jeff\My Documents\downloads\HiJackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.case.edu/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - (no file)
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - (no file)
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe "
    O4 - HKLM\..\Run: [EPSON Stylus CX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE /P26 "EPSON Stylus CX4200 Series" /O6 "USB001" /M "Stylus CX4200 "
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe "
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [KeyAccess] C:\WINDOWS\keyacc32.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe "
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll "
    O4 - HKLM\..\Run: [CmFlywav] C:\WINDOWS\system\CmFlywav.exe
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'Default user')
    O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {59F156FC-9BC4-11D5-B0A5-0060085A719D} (Opalplayerx5 Control) - ftp://ftp.ca.com/pub/Opal/plugins/x_plugin/opalplayerx5.cab
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
    O20 - AppInit_DLLs: KATRACK.DLL C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Broadcom ASF IP Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: FAH@C:+Documents and Settings+Jeff+My Documents+downloads+FAH504-Console(2).exe - Unknown owner - C:\Documents and Settings\Jeff\My Documents\downloads\FAH504-Console(2).exe (file missing)
    O23 - Service: FAH@C:+Documents and Settings+Jeff+My Documents+downloads+FAH504-Console.exe - Stanford University - C:\Documents and Settings\Jeff\My Documents\downloads\FAH504-Console.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE (file missing)

    --
    End of file - 12638 bytes
     
    chiefyj,
    #14
  16. 2007/09/25
    chiefyj

    chiefyj Inactive Thread Starter

    Joined:
    2007/09/06
    Messages:
    15
    Likes Received:
    0
    Here's the SafeBoot log...

    Reg export of SafeBoot key after repair:
    ========================

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot]
    "AlternateShell "= "cmd.exe "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\AppMgmt]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Base]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot Bus Extender]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot file system]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\CryptSvc]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\DcomLaunch]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmadmin]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmboot.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmio.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmload.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmserver]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\EventLog]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\File system]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Filter]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\HelpSvc]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Netlogon]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PCI Configuration]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PlugPlay]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PNP Filter]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Primary disk]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\RpcSs]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SCSI Class]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sermouse.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sr.sys]
    @= "FSFilter System Recovery "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SRService]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\System Bus Extender]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vga.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vgasave.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\WinDefend]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\WinMgmt]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
    @= "Universal Serial Bus controllers "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
    @= "CD-ROM Drive "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
    @= "DiskDrive "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
    @= "Standard floppy disk controller "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
    @= "Hdc "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
    @= "Keyboard "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
    @= "Mouse "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
    @= "PCMCIA Adapters "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
    @= "SCSIAdapter "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
    @= "System "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
    @= "Floppy disk drive "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
    @= "Volume "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
    @= "Human Interface Devices "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AFD]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AppMgmt]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Base]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot Bus Extender]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot file system]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Browser]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\CryptSvc]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DcomLaunch]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Dhcp]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmadmin]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmboot.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmio.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmload.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmserver]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DnsCache]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\EventLog]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\File system]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Filter]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\HelpSvc]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ip6fw.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ipnat.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanServer]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanWorkstation]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LmHosts]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Messenger]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS Wrapper]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Ndisuio]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOS]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOSGroup]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBT]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetDDEGroup]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Netlogon]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetMan]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Network]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetworkProvider]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NtLmSsp]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PCI Configuration]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PlugPlay]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP Filter]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP_TDI]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Primary disk]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpcdd.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpdd.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpwd.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdsessmgr]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\RpcSs]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SCSI Class]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sermouse.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SharedAccess]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sr.sys]
    @= "FSFilter System Recovery "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SRService]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Streams Drivers]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\System Bus Extender]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Tcpip]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\TDI]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdpipe.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdtcp.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\termservice]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vga.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vgasave.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WinDefend]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WinMgmt]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WZCSVC]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
    @= "Universal Serial Bus controllers "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
    @= "CD-ROM Drive "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
    @= "DiskDrive "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
    @= "Standard floppy disk controller "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
    @= "Hdc "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
    @= "Keyboard "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
    @= "Mouse "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
    @= "Net "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
    @= "NetClient "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
    @= "NetService "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
    @= "NetTrans "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
    @= "PCMCIA Adapters "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
    @= "SCSIAdapter "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
    @= "System "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
    @= "Floppy disk drive "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
    @= "Volume "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
    @= "Human Interface Devices "

    ========================


    Annnnnd here's the Ewido report...

    __________________________________________________
    ewido anti-spyware online scanner
    http://www.ewido.net
    __________________________________________________


    Name: Proxy.Agent.ls
    Path: C:\Deckard\System Scanner\20070923205857\backup\WINDOWS\temp\4678.tmp
    Risk: High

    Name: Proxy.Agent.ls
    Path: C:\Deckard\System Scanner\20070923205857\backup\WINDOWS\temp\8780.tmp
    Risk: High

    Name: Proxy.Agent.ls
    Path: C:\Deckard\System Scanner\20070923205857\backup\WINDOWS\temp\ABFD.tmp
    Risk: High

    Name: Proxy.Agent.ls
    Path: C:\Deckard\System Scanner\20070923205857\backup\WINDOWS\temp\B371.tmp
    Risk: High


    Finally, here's the new HijackThis log...

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:32:42 AM, on 9/25/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\SCardSvr.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Documents and Settings\Jeff\My Documents\downloads\FAH504-Console.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\Documents and Settings\Jeff\My Documents\downloads\FahCore_80.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\WINDOWS\stsystra.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\WINDOWS\keyacc32.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Apoint\HidFind.exe
    C:\WINDOWS\system\CmFlywav.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Spyware Doctor\swdoctor.exe
    C:\WINDOWS\system\CMAS2DS.EXE
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Linksys\WMB54G\WMB54G.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\Jeff\My Documents\downloads\HiJackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.case.edu/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - (no file)
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - (no file)
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe "
    O4 - HKLM\..\Run: [EPSON Stylus CX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE /P26 "EPSON Stylus CX4200 Series" /O6 "USB001" /M "Stylus CX4200 "
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe "
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [KeyAccess] C:\WINDOWS\keyacc32.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe "
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll "
    O4 - HKLM\..\Run: [CmFlywav] C:\WINDOWS\system\CmFlywav.exe
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'Default user')
    O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {59F156FC-9BC4-11D5-B0A5-0060085A719D} (Opalplayerx5 Control) - ftp://ftp.ca.com/pub/Opal/plugins/x_plugin/opalplayerx5.cab
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
    O20 - AppInit_DLLs: KATRACK.DLL C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Broadcom ASF IP Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: FAH@C:+Documents and Settings+Jeff+My Documents+downloads+FAH504-Console(2).exe - Unknown owner - C:\Documents and Settings\Jeff\My Documents\downloads\FAH504-Console(2).exe (file missing)
    O23 - Service: FAH@C:+Documents and Settings+Jeff+My Documents+downloads+FAH504-Console.exe - Stanford University - C:\Documents and Settings\Jeff\My Documents\downloads\FAH504-Console.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE (file missing)

    --
    End of file - 12638 bytes
     
    chiefyj,
    #15
  17. 2007/09/25
    chiefyj

    chiefyj Inactive Thread Starter

    Joined:
    2007/09/06
    Messages:
    15
    Likes Received:
    0
    Here's the SafeBoot log...

    Reg export of SafeBoot key after repair:
    ========================

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot]
    "AlternateShell "= "cmd.exe "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\AppMgmt]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Base]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot Bus Extender]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot file system]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\CryptSvc]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\DcomLaunch]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmadmin]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmboot.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmio.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmload.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmserver]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\EventLog]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\File system]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Filter]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\HelpSvc]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Netlogon]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PCI Configuration]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PlugPlay]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PNP Filter]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Primary disk]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\RpcSs]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SCSI Class]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sermouse.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sr.sys]
    @= "FSFilter System Recovery "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SRService]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\System Bus Extender]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vga.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vgasave.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\WinDefend]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\WinMgmt]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
    @= "Universal Serial Bus controllers "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
    @= "CD-ROM Drive "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
    @= "DiskDrive "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
    @= "Standard floppy disk controller "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
    @= "Hdc "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
    @= "Keyboard "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
    @= "Mouse "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
    @= "PCMCIA Adapters "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
    @= "SCSIAdapter "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
    @= "System "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
    @= "Floppy disk drive "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
    @= "Volume "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
    @= "Human Interface Devices "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AFD]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AppMgmt]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Base]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot Bus Extender]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot file system]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Browser]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\CryptSvc]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DcomLaunch]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Dhcp]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmadmin]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmboot.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmio.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmload.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmserver]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DnsCache]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\EventLog]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\File system]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Filter]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\HelpSvc]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ip6fw.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ipnat.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanServer]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanWorkstation]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LmHosts]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Messenger]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS Wrapper]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Ndisuio]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOS]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOSGroup]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBT]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetDDEGroup]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Netlogon]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetMan]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Network]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetworkProvider]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NtLmSsp]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PCI Configuration]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PlugPlay]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP Filter]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP_TDI]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Primary disk]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpcdd.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpdd.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpwd.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdsessmgr]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\RpcSs]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SCSI Class]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sermouse.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SharedAccess]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sr.sys]
    @= "FSFilter System Recovery "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SRService]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Streams Drivers]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\System Bus Extender]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Tcpip]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\TDI]
    @= "Driver Group "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdpipe.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdtcp.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\termservice]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vga.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vgasave.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WinDefend]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WinMgmt]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WZCSVC]
    @= "Service "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
    @= "Universal Serial Bus controllers "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
    @= "CD-ROM Drive "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
    @= "DiskDrive "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
    @= "Standard floppy disk controller "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
    @= "Hdc "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
    @= "Keyboard "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
    @= "Mouse "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
    @= "Net "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
    @= "NetClient "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
    @= "NetService "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
    @= "NetTrans "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
    @= "PCMCIA Adapters "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
    @= "SCSIAdapter "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
    @= "System "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
    @= "Floppy disk drive "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
    @= "Volume "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
    @= "Human Interface Devices "

    ========================


    Annnnnd here's the Ewido report...

    __________________________________________________
    ewido anti-spyware online scanner
    http://www.ewido.net
    __________________________________________________


    Name: Proxy.Agent.ls
    Path: C:\Deckard\System Scanner\20070923205857\backup\WINDOWS\temp\4678.tmp
    Risk: High

    Name: Proxy.Agent.ls
    Path: C:\Deckard\System Scanner\20070923205857\backup\WINDOWS\temp\8780.tmp
    Risk: High

    Name: Proxy.Agent.ls
    Path: C:\Deckard\System Scanner\20070923205857\backup\WINDOWS\temp\ABFD.tmp
    Risk: High

    Name: Proxy.Agent.ls
    Path: C:\Deckard\System Scanner\20070923205857\backup\WINDOWS\temp\B371.tmp
    Risk: High


    Finally, here's the new HijackThis log...

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:32:42 AM, on 9/25/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\SCardSvr.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Documents and Settings\Jeff\My Documents\downloads\FAH504-Console.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\Documents and Settings\Jeff\My Documents\downloads\FahCore_80.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\WINDOWS\stsystra.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\WINDOWS\keyacc32.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Apoint\HidFind.exe
    C:\WINDOWS\system\CmFlywav.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Spyware Doctor\swdoctor.exe
    C:\WINDOWS\system\CMAS2DS.EXE
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Linksys\WMB54G\WMB54G.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\Jeff\My Documents\downloads\HiJackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.case.edu/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - (no file)
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - (no file)
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe "
    O4 - HKLM\..\Run: [EPSON Stylus CX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE /P26 "EPSON Stylus CX4200 Series" /O6 "USB001" /M "Stylus CX4200 "
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe "
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [KeyAccess] C:\WINDOWS\keyacc32.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe "
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll "
    O4 - HKLM\..\Run: [CmFlywav] C:\WINDOWS\system\CmFlywav.exe
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'Default user')
    O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {59F156FC-9BC4-11D5-B0A5-0060085A719D} (Opalplayerx5 Control) - ftp://ftp.ca.com/pub/Opal/plugins/x_plugin/opalplayerx5.cab
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
    O20 - AppInit_DLLs: KATRACK.DLL C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Broadcom ASF IP Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: FAH@C:+Documents and Settings+Jeff+My Documents+downloads+FAH504-Console(2).exe - Unknown owner - C:\Documents and Settings\Jeff\My Documents\downloads\FAH504-Console(2).exe (file missing)
    O23 - Service: FAH@C:+Documents and Settings+Jeff+My Documents+downloads+FAH504-Console.exe - Stanford University - C:\Documents and Settings\Jeff\My Documents\downloads\FAH504-Console.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE (file missing)

    --
    End of file - 12638 bytes
     
    chiefyj,
    #16
  18. 2007/09/25
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Great! Looks like repair of the safeboot key was successful, and a clean scan.

    I got a response from the author of fixwareout, and here's what he wants to do to pinpoint the problem.

    Highlight and copy the contents of the quote box below to a blank notepad. Save it to the desktop as;

    Filename: test.bat
    Save as type: All Files (*.*)

    Double click test.bat to run it. It will open report.txt when it/if completes. Please post it's contents. Let me know if it hangs and what the screen displays at that time.

    Is your computer still behaving the way it was when you first posted? Have you run Spyware Doctor again since then, and is it still finding ruins?
     
    noahdfear,
    #17
  19. 2007/09/27
    chiefyj

    chiefyj Inactive Thread Starter

    Joined:
    2007/09/06
    Messages:
    15
    Likes Received:
    0
    So I don't know why, but it says you responded to my post but I can't seem to find your response. Also, I apologize for the 1203890234 posts of the same thing.. my internet was being all screwing and I wasn't sure if the post had sent until it was too late. Sorry! :(
     
    chiefyj,
    #18
  20. 2007/09/27
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    It's post #17, just above your last reply.
     
    noahdfear,
    #19
  21. 2007/10/03
    chiefyj

    chiefyj Inactive Thread Starter

    Joined:
    2007/09/06
    Messages:
    15
    Likes Received:
    0
    Ok, I ran the new file from my desktop. It loaded the screen, went through a bunch of commands very fast, then the screen disappeared. There was no further windows, no report, nothing.

    As for the current health of my PC, I re-ran SpywareDoctor and Ruins is gone! However, I am still getting that Windows Explorer needs to shut down message whenever I open certain folders. Also, a new problem that I just started to notice is that more likely than not, my computer will not fully shut down/restart. It will get to the "Windows is shutting down" screen, and then just stop. The screen doesn't change at all. Lately I've had to just hold down the power button to shut it down when it does this, then hit it again to start it back up. So one problem went away, now i'm presented with a whooole new one :(
     
    chiefyj,
    #20
Page 1 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...