1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Last dss run after atf cleaner, prefetch will not enable me to empty

Discussion in 'Malware and Virus Removal Archive' started by MrsStress, 2008/06/01.

  1. 2008/06/01
    MrsStress

    MrsStress Inactive Thread Starter

    Joined:
    2008/06/01
    Messages:
    3
    Likes Received:
    0
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:39:56 PM, on 6/1/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\hp\support\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
    C:\Windows\system32\schtasks.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Windows\system32\jusched.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
    C:\WINDOWS\RtHDVCpl.exe
    C:\Program Files\AVG\AVG8\avgtray.exe
    C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Online Backup\OnlineBackup.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\hp\kbd\kbd.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
    O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe "
    O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe "
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [Skytel] Skytel.exe
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe "
    O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [@BackupScheduler] C:\Program Files\Online Backup\OnlineBackup.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\RunOnce: [LabelMaker2.0] regsvr32 C:\Program Files\Common Files\MySoftware\regdll.dll /s (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [LabelMaker2.0] regsvr32 C:\Program Files\Common Files\MySoftware\regdll.dll /s (User 'Default user')
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\scieplugin.dll
    O13 - Gopher Prefix:
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: C:\PROGRA~1\PCSECU~1\THESHI~1\r3hook.dll,avgrsstx.dll
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: The Shield Deluxe 2008 (AVP) - PCSecurityShield - C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Kodak AiO Device Service (KodakSvc) - Eastman Kodak Company - C:\Program Files\Kodak\printer\center\KodakSvc.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 7772 bytes
     
    MrsStress,
    #1
  2. 2008/06/01
    MrsStress

    MrsStress Inactive Thread Starter

    Joined:
    2008/06/01
    Messages:
    3
    Likes Received:
    0
    Deckard's System Scanner v20071014.68
    Run by Cindy on 2008-06-01 13:58:14
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------



    -- HijackThis (run as Cindy.exe) -----------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:58:20 PM, on 6/1/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\hp\support\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
    C:\Windows\system32\schtasks.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
    C:\WINDOWS\RtHDVCpl.exe
    C:\Windows\system32\jusched.exe
    C:\Program Files\AVG\AVG8\avgtray.exe
    C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Online Backup\OnlineBackup.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\hp\kbd\kbd.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\sdclt.exe
    C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe
    C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\Users\Cindy\Desktop\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Cindy.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
    O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe "
    O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe "
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [Skytel] Skytel.exe
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe "
    O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [@BackupScheduler] C:\Program Files\Online Backup\OnlineBackup.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\RunOnce: [LabelMaker2.0] regsvr32 C:\Program Files\Common Files\MySoftware\regdll.dll /s (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [LabelMaker2.0] regsvr32 C:\Program Files\Common Files\MySoftware\regdll.dll /s (User 'Default user')
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\scieplugin.dll
    O13 - Gopher Prefix:
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: C:\PROGRA~1\PCSECU~1\THESHI~1\r3hook.dll,avgrsstx.dll
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: The Shield Deluxe 2008 (AVP) - PCSecurityShield - C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Kodak AiO Device Service (KodakSvc) - Eastman Kodak Company - C:\Program Files\Kodak\printer\center\KodakSvc.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 7892 bytes

    -- Files created between 2008-05-01 and 2008-06-01 -----------------------------

    2008-06-01 12:38:25 0 d-------- C:\Program Files\Trend Micro
    2008-05-28 21:45:59 0 d--h----- C:\$AVG8.VAULT$
    2008-05-28 14:26:43 0 d-------- C:\Windows\system32\drivers\Avg
    2008-05-28 14:26:19 0 d-------- C:\Program Files\AVG
    2008-05-28 14:26:18 0 d-------- C:\Users\All Users\avg8
    2008-05-12 10:44:57 0 d-------- C:\Program Files\Realtek
    2008-05-09 18:24:06 520192 --a------ C:\Windows\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
    2008-05-04 02:20:58 506368 --a------ C:\Windows\system32\msxml.dll <Not Verified; Microsoft Corporation; Microsoft XML Core Services>
    2008-05-04 02:08:51 0 d-------- C:\Users\All Users\eSellerate
    2008-05-04 01:59:38 0 d-a------ C:\Users\All Users\TEMP
    2008-05-04 01:59:35 0 d-------- C:\Program Files\PC Doc Pro
    2008-05-02 01:34:55 0 d-------- C:\Program Files\Cosmi
    2008-05-02 01:34:55 0 d-------- C:\Program Files\Common Files\Cosmi
    2008-05-01 16:55:18 0 d-------- C:\Program Files\Online Backup
    2008-05-01 14:58:57 0 d-------- C:\Program Files\Broderbund
    2008-05-01 01:29:22 40960 --a------ C:\Windows\system32\VBAME.DLL <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
    2008-05-01 01:28:36 0 d-------- C:\Program Files\Reasonable
    2008-05-01 01:13:35 0 d-------- C:\Users\All Users\CyberLink


    -- Find3M Report ---------------------------------------------------------------

    2008-06-01 12:04:46 1808 --a------ C:\Users\Cindy\AppData\Roaming\wklnhst.dat
    2008-05-22 16:27:50 0 d-------- C:\Users\Cindy\AppData\Roaming\CyberLink
    2008-05-20 11:42:20 0 d-------- C:\Program Files\Microsoft Silverlight
    2008-05-16 17:27:42 401408 --a------ C:\Windows\system32\EKIJ5000MON.dll <Not Verified; Eastman Kodak Company; KODAK AiO Printer Driver>
    2008-05-14 10:01:04 0 d-------- C:\Program Files\Windows Mail
    2008-05-12 10:44:56 0 d--h----- C:\Program Files\InstallShield Installation Information
    2008-05-02 01:34:55 0 d-------- C:\Program Files\Common Files
    2008-05-01 16:55:49 0 d-------- C:\Users\Cindy\AppData\Roaming\Online Backup
    2008-05-01 15:01:11 0 d-------- C:\Users\Cindy\AppData\Roaming\Broderbund Software
    2008-05-01 02:10:05 0 d-------- C:\Users\Cindy\AppData\Roaming\Reasonable Software House Ltd
    2008-04-27 11:30:45 0 d-------- C:\Users\Cindy\AppData\Roaming\Adobe
    2008-04-25 15:32:34 0 d-------- C:\Users\Cindy\AppData\Roaming\Avanquest
    2008-04-25 10:38:43 0 d-------- C:\Program Files\Common Files\PX Storage Engine
    2008-04-25 10:38:38 0 d-------- C:\Program Files\Kodak
    2008-04-25 10:35:14 0 d-------- C:\Program Files\Common Files\MSSoap
    2008-04-22 19:18:37 0 d-------- C:\Program Files\Common Files\Crystal Decisions
    2008-04-22 11:41:38 869144 --ah----- C:\Windows\system32\mlfcache.dat
    2008-04-20 04:42:08 0 d-------- C:\Users\Cindy\AppData\Roaming\Apple Computer
    2008-04-20 04:07:51 0 d-------- C:\Program Files\Avanquest update
    2008-04-20 04:07:19 0 d-------- C:\Program Files\Seagate Software
    2008-04-20 04:07:04 0 d-------- C:\Program Files\MapInfo MapX
    2008-04-20 04:06:39 0 d-------- C:\Program Files\Common Files\MySoftware
    2008-04-20 04:05:54 0 d-------- C:\Program Files\MySoftware
    2008-04-20 01:20:36 0 d-------- C:\Program Files\HP
    2008-04-20 01:04:11 0 d-------- C:\Users\Cindy\AppData\Roaming\WinBatch
    2008-04-18 03:01:08 0 d-------- C:\Program Files\MSXML 4.0
    2008-04-17 15:11:59 0 d-------- C:\Program Files\QuickTime
    2008-04-17 15:07:48 0 d-------- C:\Program Files\Common Files\Kodak
    2008-04-17 00:20:44 0 d-------- C:\Users\Cindy\AppData\Roaming\Macromedia
    2008-04-17 00:20:24 0 d-------- C:\Program Files\Web Publish
    2008-04-17 00:19:33 0 d-------- C:\Program Files\The Print Shop 21
    2008-04-17 00:17:28 0 d-------- C:\Program Files\Common Files\Broderbund
    2008-04-16 19:07:03 0 d-------- C:\Users\Cindy\AppData\Roaming\Template
    2008-04-16 18:56:05 174 --ahs---- C:\Program Files\desktop.ini
    2008-04-16 18:48:10 0 d-------- C:\Program Files\Windows Sidebar
    2008-04-16 18:48:10 0 d-------- C:\Program Files\Windows Collaboration
    2008-04-16 18:48:10 0 d-------- C:\Program Files\Windows Calendar
    2008-04-16 18:48:10 0 d-------- C:\Program Files\Movie Maker
    2008-04-16 18:48:09 0 d-------- C:\Program Files\Windows Photo Gallery
    2008-04-16 18:48:09 0 d-------- C:\Program Files\Windows Journal
    2008-04-16 18:48:07 0 d-------- C:\Program Files\Windows Defender
    2008-04-14 01:28:47 0 d-------- C:\Users\Cindy\AppData\Roaming\Yahoo!
    2008-04-13 23:55:52 0 --a------ C:\Windows\nsreg.dat
    2008-04-13 23:55:49 0 d-------- C:\Users\Cindy\AppData\Roaming\Mozilla
    2008-04-13 23:26:43 0 d-------- C:\Program Files\Avanquest
    2008-04-13 23:24:54 0 d-------- C:\Users\Cindy\AppData\Roaming\InstallShield
    2008-04-13 12:24:41 0 dr------- C:\Users\Cindy\AppData\Roaming\Brother
    2008-04-13 12:08:11 0 d-------- C:\Program Files\Quicken
    2008-04-13 12:01:58 0 d-------- C:\Users\Cindy\AppData\Roaming\Intuit
    2008-04-13 12:01:41 0 d-------- C:\Program Files\Common Files\Palo Alto Software
    2008-04-13 12:01:27 0 d-------- C:\Program Files\Common Files\Intuit
    2008-04-13 11:09:25 0 d-------- C:\Program Files\PCSecurityShield
    2008-04-13 09:35:39 0 d-------- C:\Program Files\Common Files\Symantec Shared
    2008-04-13 08:52:25 0 d-------- C:\Users\Cindy\AppData\Roaming\Hewlett-Packard
    2008-04-13 08:51:48 0 d-------- C:\Users\Cindy\AppData\Roaming\Symantec
    2008-04-13 08:51:20 0 d-------- C:\Users\Cindy\AppData\Roaming\Snapfish
    2008-04-13 08:50:40 0 d-------- C:\Users\Cindy\AppData\Roaming\Identities


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
    05/28/2008 02:26 PM 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender "= "C:\Program Files\Windows Defender\MSASCui.exe" [01/19/2008 02:38 AM]
    "hpsysdrv "= "c:\hp\support\hpsysdrv.exe" [04/18/2007 10:01 AM]
    "KBD "= "C:\HP\KBD\KbdStub.EXE" [12/08/2006 11:16 AM]
    "OsdMaestro "= "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [02/15/2007 06:59 AM]
    "HP Health Check Scheduler "= "[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" []
    "Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 06:06 AM]
    "SunJavaUpdateReg "= "C:\Windows\system32\jureg.exe" [04/07/2007 05:56 AM]
    "@ "=" " []
    "NvSvc "= "C:\Windows\system32\nvsvc.dll" [12/12/2007 02:50 AM]
    "NvCplDaemon "= "C:\Windows\system32\NvCpl.dll" [12/12/2007 02:50 AM]
    "NvMediaCenter "= "C:\Windows\system32\NvMcTray.dll" [12/12/2007 02:50 AM]
    "QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [09/01/2006 03:57 PM]
    "HP Software Update "= "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/08/2007 04:24 PM]
    "EKIJ5000StatusMonitor "= "C:\Windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [05/16/2008 05:27 PM]
    "RtHDVCpl "= "RtHDVCpl.exe" [01/15/2008 11:26 AM C:\WINDOWS\RtHDVCpl.exe]
    "Skytel "= "Skytel.exe" [08/03/2007 08:22 AM C:\WINDOWS\SkyTel.exe]
    "AVG8_TRAY "= "C:\PROGRA~1\AVG\AVG8\avgtray.exe" [05/28/2008 02:26 PM]
    "AVP "= "C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe" [08/23/2007 02:16 PM]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar "= "C:\Program Files\Windows Sidebar\sidebar.exe" [01/19/2008 02:33 AM]
    "@BackupScheduler "= "C:\Program Files\Online Backup\OnlineBackup.exe" [05/01/2008 04:55 PM]
    "WMPNSCFG "= "C:\Program Files\Windows Media Player\WMPNSCFG.exe" [01/19/2008 02:33 AM]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
    "Launcher "=%WINDIR%\SMINST\launcher.exe

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "LabelMaker2.0 "=regsvr32 C:\Program Files\Common Files\MySoftware\regdll.dll /s

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [9/19/2007 4:33:46 AM]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin "=2 (0x2)
    "EnableUIADesktopToggle "=0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls "=C:\PROGRA~1\PCSECU~1\THESHI~1\r3hook.dll,avgrsstx.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @= "Volume shadow copy "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
    @= "IEEE 1394 Bus host controllers "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
    @= "SBP2 IEEE 1394 Devices "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
    @= "SecurityDevices "

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
    LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
    iissvcs w3svc was
    apphost apphostsvc


    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    C:\Windows\system32\unregmp2.exe /ShowWMP

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



    -- End of Deckard's System Scanner: finished at 2008-06-01 13:58:58 ------------
     
    MrsStress,
    #2


  3. to hide this advert.

  4. 2008/06/01
    Admin.

    Admin. Administrator Administrator Staff

    Joined:
    2001/12/30
    Messages:
    6,687
    Likes Received:
    107
    Admin: These do not belong in the Vista forum. I've moved them.
     
    Admin.,
    #3
  5. 2008/06/01
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi MrsStress
    The Prefetch option with ATF will not work with Vista.
    Not Deleting the prefetch is not that big a problem and is really nothing to worry about.

    I'm not really seeing anything in your logs, Are you having any certain malware issues?

    Geri
     
    Geri,
    #4

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...