0

Hey all ive been having alot of problems with my computer recently and i was wondering if you could help ...


ok now heres the problems

1) MASSIVE LAG . i mean slow as HELL . and my computer is not a panzy its really pretty good its fast and hasnt caused many problems in the past . what i get is times when i start up the computer and it literally takes a hour for it to load up the main screen or like to open up something . the spikes are insane .
- this usually occurs after installing something
-- no dont say that i installed a virus , cause i only downlaod from legit sources ( e.g. download.com, cnet.com ect) and i virus scan the file first .

2) the computer will not load up properly . it will start up fine , go to the account choices . i pick mine its usually slow loading , and it will just kinda freeze ... there is four different things that happen
A) the bottom tool bar doesnt load up , its there but its black no words on it ( example "start" ) ... the startup programs on the system try dont appear ... ect
B) the tool bar will open but the rest of the desktop wont ... ( all the folders and stuff ) the backround image does load up but thats it
C) the tool bar and the desk top dont load up ... no folders no tool bar nothing just the backround image ... mouse worke but u cant click anything nor can u use the task manager
D) everything loads up ( except the startup programs in the system tray ) but like either SEVERE lag or like a freeze ... u can move the mouse but clicking does nothing task manager doesnt work ... nothing

- this happens 99.99999999% of the time after i restart from installing a security anything ( firewall , virus scanner , norton , mcafee, zonealarm , comodo , ect )
-- this only happens from installing a secuirty thingy it doesnt happen any other time to the best of my knowledge .

3) task magager wont stay up .. like if it opens it will stay up for 3 secs that minimize than disapear ... this happens like all the time about 95% of the time i cannot get it to open
-it will not stay open long enough to click something ( ive tried )

well thats it i hope someone can help me ... i dont know how to you hijack thir or w.e it is so if someone could help me with like download links and instructions that would help ... also dont tell me to search or w.e cause my comp is lagging and having enough problems i kinda wanna fix it without having to spend 2 hours waiting for a search to go through ( internet gets lagged at random times , especially in the last few days )


thank you all very very much

Deckard's System Scanner v20070426.43
Run by billy riley on 2007-05-30 at 18:09:54
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as billy riley.exe) -----------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 6:10:08 PM, on 5/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\SYSTEM2.EXE
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\billy riley\Desktop\Security\dss.exe
C:\PROGRA~1\HIJACK~1\BILLYR~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 129.24.17.69:3124->United States(high-anonymous )
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {D185228E-1AD1-1A93-3CDA-507B4DD63879} - C:\DOCUME~1\BILLYR~1\APPLIC~1\LITELI~1\funk once.exe (file missing)
O2 - BHO: (no name) - {f2893a15-00a0-4e47-90a9-bc4d8651355c} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: Protection Bar - {0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} - C:\Program Files\Video ActiveX Object\iesplugin.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [System Terminal] SYSTEM2.EXE
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [freestyle] lockx.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [FlashMute] C:\Program Files\FlashMute\FlashMute.exe
O4 - HKCU\..\RunOnce: [System Terminal] SYSTEM2.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138562528640
O16 - DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} (Sandlot Loader Control) - http://www.shockwave.com/content/ballistik/sis/slgwebinstall.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: CMPRAW - CMPRAW.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: altmannsberger - {210b4043-35ca-4aa0-8796-191f9663dfb3} - (no file)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: carbinyl - {8d8c2387-7f80-4022-9be6-43630a969558} - (no file)
O23 - Service: Abel - Unknown owner - C:\Program Files\Cain\Abel.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Comodo Anti-Virus and Anti-Spyware Service - Comodo Inc. - C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


-- Files created between 2007-04-30 and 2007-05-30 -----------------------------

2007-05-26 10:39:51 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-05-26 02:10:05 0 d-------- C:\Documents and Settings\billy riley\Application Data\MailFrontier
2007-05-26 02:02:09 2080 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-05-26 02:02:09 240160 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-05-26 01:57:20 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-05-26 01:56:01 0 d-------- C:\WINDOWS\Internet Logs
2007-05-26 01:07:53 0 d-------- C:\Documents and Settings\billy riley\Application Data\SiteAdvisor
2007-05-26 00:41:16 0 d-------- C:\Documents and Settings\Administrator.DJ5LBR61\Application Data\Talkback
2007-05-26 00:40:53 0 d-------- C:\Documents and Settings\Administrator.DJ5LBR61\Application Data\Mozilla
2007-05-25 22:50:48 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-05-25 19:45:36 0 d-------- C:\Program Files\Bonjour
2007-05-25 19:35:06 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2007-05-24 22:27:51 5 --ahs---- C:\WINDOWS\system32\faedddfbc_d.dll
2007-05-24 22:27:21 0 d-------- C:\Program Files\RegSupreme Pro
2007-05-24 21:10:22 0 d-------- C:\Documents and Settings\Administrator.DJ5LBR61\Application Data\Comodo
2007-05-24 21:05:00 0 dr------- C:\Documents and Settings\Administrator.DJ5LBR61\Favorites
2007-05-24 21:05:00 0 d-------- C:\Documents and Settings\Administrator.DJ5LBR61\Desktop
2007-05-24 21:05:00 0 d--hs---- C:\Documents and Settings\Administrator.DJ5LBR61\Cookies
2007-05-24 21:05:00 0 dr-h----- C:\Documents and Settings\Administrator.DJ5LBR61\Application Data
2007-05-24 21:05:00 0 d-------- C:\Documents and Settings\Administrator.DJ5LBR61\Application Data\Sun
2007-05-24 21:05:00 0 d-------- C:\Documents and Settings\Administrator.DJ5LBR61\Application Data\Sonic
2007-05-24 21:05:00 0 d---s---- C:\Documents and Settings\Administrator.DJ5LBR61\Application Data\Microsoft
2007-05-24 21:05:00 0 d-------- C:\Documents and Settings\Administrator.DJ5LBR61\Application Data\Jasc Software Inc
2007-05-24 21:05:00 0 d-------- C:\Documents and Settings\Administrator.DJ5LBR61\Application Data\Identities
2007-05-24 21:04:59 0 d--h----- C:\Documents and Settings\Administrator.DJ5LBR61\Templates
2007-05-24 21:04:59 0 dr------- C:\Documents and Settings\Administrator.DJ5LBR61\Start Menu
2007-05-24 21:04:59 0 dr-h----- C:\Documents and Settings\Administrator.DJ5LBR61\SendTo
2007-05-24 21:04:59 0 dr-h----- C:\Documents and Settings\Administrator.DJ5LBR61\Recent
2007-05-24 21:04:59 0 d--h----- C:\Documents and Settings\Administrator.DJ5LBR61\PrintHood
2007-05-24 21:04:59 0 d--h----- C:\Documents and Settings\Administrator.DJ5LBR61\NetHood
2007-05-24 21:04:59 0 dr------- C:\Documents and Settings\Administrator.DJ5LBR61\My Documents
2007-05-24 21:04:59 0 d--h----- C:\Documents and Settings\Administrator.DJ5LBR61\Local Settings
2007-05-24 21:04:58 786432 --ah----- C:\Documents and Settings\Administrator.DJ5LBR61\NTUSER.DAT
2007-05-22 00:06:24 36864 --a------ C:\WINDOWS\system32\wbsys.dll <Not Verified; Stardock.Net, Inc; WindowBlinds 4.x for x86 machines>
2007-05-22 00:06:23 0 d-------- C:\Program Files\Common Files\Stardock
2007-05-22 00:06:23 0 d-------- C:\Program Files\AlienGUIse
2007-05-13 21:47:03 0 d-------- C:\Documents and Settings\Administrator\Templates
2007-05-13 21:47:03 0 d-------- C:\Documents and Settings\Administrator\SendTo
2007-05-13 21:47:03 0 d-------- C:\Documents and Settings\Administrator\My Documents
2007-05-13 21:47:03 0 d-------- C:\Documents and Settings\Administrator\Local Settings
2007-05-13 21:47:03 0 d-------- C:\Documents and Settings\Administrator\Favorites
2007-05-13 21:47:03 0 d-------- C:\Documents and Settings\Administrator\Cookies
2007-05-13 21:47:03 0 d-------- C:\Documents and Settings\Administrator\Application Data
2007-05-13 21:47:03 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2007-05-13 21:47:03 0 d-------- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-05-13 21:47:02 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-05-13 19:23:12 0 d-------- C:\Program Files\Alwil Software
2007-05-12 06:52:50 9699328 --a------ C:\Documents and Settings\billy riley\ntuser.dat
2007-05-12 06:52:48 708608 --a------ C:\Documents and Settings\LocalService\ntuser.dat
2007-05-11 22:00:28 35840 ---h----- C:\WINDOWS\system32\menjgkn.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-05-11 21:59:39 35840 -----n--- C:\WINDOWS\system32\system2.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-05-11 06:42:43 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-03 16:22:46 0 d-------- C:\Program Files\iTunes
2007-05-03 15:55:11 0 d-------- C:\Program Files\Alcohol Soft
2007-05-01 17:06:22 682232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-05-01 16:46:00 0 d--h----- C:\WINDOWS\PIF
2007-05-01 16:13:46 0 d-------- C:\Program Files\MagicISO


-- Find3M Report ---------------------------------------------------------------

2007-05-29 21:25:09 0 d-------- C:\Documents and Settings\billy riley\Application Data\Xfire
2007-05-29 16:33:40 0 d-------- C:\Program Files\Mozilla Thunderbird
2007-05-27 16:59:30 0 d-------- C:\Documents and Settings\billy riley\Application Data\Lavasoft
2007-05-27 16:59:06 0 d-------- C:\Program Files\Lavasoft
2007-05-27 16:58:45 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-05-26 01:13:12 0 d-------- C:\Program Files\McAfee
2007-05-25 23:01:06 0 d-------- C:\Documents and Settings\billy riley\Application Data\Adobe
2007-05-25 19:45:33 0 d-------- C:\Program Files\Common Files\Adobe
2007-05-25 19:10:23 0 d-------- C:\Program Files\SmartFTP Client 2.0
2007-05-21 20:28:20 0 d-------- C:\Program Files\America's Army
2007-05-13 23:02:56 0 d-------- C:\Program Files\Microsoft Games
2007-05-06 21:24:14 0 d-------- C:\Program Files\MyPhoneExplorer
2007-05-04 17:04:45 0 d-------- C:\Program Files\Tales of Pirates Online
2007-05-03 16:23:11 0 d-------- C:\Program Files\iPod
2007-05-03 16:21:10 0 d-------- C:\Program Files\QuickTime
2007-04-26 17:54:45 0 d-------- C:\Program Files\Viewpoint
2007-04-22 22:27:33 0 d-------- C:\Program Files\AIM
2007-04-18 15:08:36 0 d-------- C:\Program Files\Internet Download Manager
2007-04-18 15:08:36 0 d-------- C:\Documents and Settings\billy riley\Application Data\IDM
2007-04-18 15:04:27 0 d-------- C:\Documents and Settings\billy riley\Application Data\DMCache
2007-04-17 17:29:36 0 d-------- C:\Program Files\FlashGet
2007-04-14 21:17:29 0 d-------- C:\Program Files\WinPcap
2007-04-14 16:59:57 0 d-------- C:\Program Files\Project64 1.6
2007-04-11 16:41:04 0 d--h----- C:\Documents and Settings\billy riley\Application Data\Gtek
2007-04-10 17:46:15 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-04-10 17:44:09 0 d-------- C:\Program Files\Global Star
2007-04-09 19:47:57 0 d-------- C:\Program Files\DellSupport
2007-04-08 11:34:18 0 d-------- C:\Program Files\America's Army Server Manager
2007-04-06 21:13:25 0 d-------- C:\Program Files\FlashMute
2007-03-21 20:54:16 69632 --a------ C:\WINDOWS\system32\TWUNK_32.EXE <Not Verified; Twain Working Group; Twain Thunker>
2007-03-21 20:54:16 48560 --a------ C:\WINDOWS\system32\TWUNK_16.EXE <Not Verified; Twain Working Group; Twain Thunker>
2007-03-21 20:54:16 77312 --a------ C:\WINDOWS\system32\TWAIN_32.DLL <Not Verified; Twain Working Group; Twain_32 Source Manager>
2007-03-11 15:30:33 333 --a------ C:\Documents and Settings\billy riley\Application Data\AdobeDLM.log


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} C:\PROGRA~1\FlashGet\jccatch.dll
{5CA3D70E-1895-11CF-8E15-001234567890} C:\WINDOWS\system32\dla\tfswshx.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
{955BE0B8-BC85-4CAF-856E-8E0D8B610560} C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar1.dll
{D185228E-1AD1-1A93-3CDA-507B4DD63879} C:\DOCUME~1\BILLYR~1\APPLIC~1\LITELI~1\funk once.exe [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"System Terminal"="SYSTEM2.EXE"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"DellSupport"="\"C:\\Program Files\\DellSupport\\DSAgnt.exe\" /startup"
"freestyle"="lockx.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Aim6"="\"C:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US ee://aol/imApp"
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_8 -reboot 1"
"FlashMute"="C:\\Program Files\\FlashMute\\FlashMute.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AdobeUpdater]
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"System Terminal"="SYSTEM2.EXE"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source REG_SZ

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"altmannsberger"="{210b4043-35ca-4aa0-8796-191f9663dfb3}"
"{8d8c2387-7f80-4022-9be6-43630a969558}"="carbinyl"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"altmannsberger"="{210b4043-35ca-4aa0-8796-191f9663dfb3}"
"carbinyl"="{8d8c2387-7f80-4022-9be6-43630a969558}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\CMPRAW
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="wbsys.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

-- End of Deckard's System Scanner: finished at 2007-05-30 at 18:10:40 ---------

2
Contributors
6
Replies
7
Views
10 Years
Discussion Span
Last Post by pro-n00b
0

Hello There! Welcome to DaniWeb

Please download SmitfraudFix

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

0

SmitFraudFix v2.190

Scan done at 0:55:04.85, Sat 06/02/2007
Run from C:\Documents and Settings\billy riley\Desktop\Security\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\SYSTEM2.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\a-squared Anti-Malware\a2wizard.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\CSCRIPT.EXE

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\ot.ico FOUND !
C:\WINDOWS\system32\1024\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\billy riley


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\billy riley\Application Data

C:\Documents and Settings\billy riley\Application Data\Install.dat FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\BILLYR~1\FAVORI~1

C:\DOCUME~1\BILLYR~1\FAVORI~1\Online Security Test.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\Video ActiveX Object\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"=""
"SubscribedURL"=""
"FriendlyName"="Desktop Uninstall"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"altmannsberger"="{210b4043-35ca-4aa0-8796-191f9663dfb3}"

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="wbsys.dll"
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32-xpdt

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel(R) PRO/100 VE Network Connection
DNS Server Search Order: 167.206.3.209
DNS Server Search Order: 167.206.3.212
DNS Server Search Order: 167.206.3.143

HKLM\SYSTEM\CCS\Services\Tcpip\..\{1943B5E6-6A0F-404F-B3CC-6FDC0965B4FB}: DhcpNameServer=167.206.3.209 167.206.3.212 167.206.3.143
HKLM\SYSTEM\CS1\Services\Tcpip\..\{1943B5E6-6A0F-404F-B3CC-6FDC0965B4FB}: DhcpNameServer=167.206.3.209 167.206.3.212 167.206.3.143
HKLM\SYSTEM\CS2\Services\Tcpip\..\{1943B5E6-6A0F-404F-B3CC-6FDC0965B4FB}: DhcpNameServer=167.206.3.209 167.206.3.212 167.206.3.143
HKLM\SYSTEM\CS3\Services\Tcpip\..\{1943B5E6-6A0F-404F-B3CC-6FDC0965B4FB}: DhcpNameServer=167.206.3.209 167.206.3.212 167.206.3.143
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=167.206.3.209 167.206.3.212 167.206.3.143
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=167.206.3.209 167.206.3.212 167.206.3.143
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=167.206.3.209 167.206.3.212 167.206.3.143
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=167.206.3.209 167.206.3.212 167.206.3.143


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

0

You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please reboot your computer in Safe Mode by doing the following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.

Once in Safe Mode, double-click SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new HijackThis log.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background

0

SmitFraudFix v2.190

Scan done at 18:22:03.59, Sat 06/02/2007
Run from C:\Documents and Settings\billy riley\Desktop\Security\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"altmannsberger"="{210b4043-35ca-4aa0-8796-191f9663dfb3}"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost
127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 www.drivecleaner.com ## added by CiD
127.0.0.1 www.errorprotector.com ## added by CiD
127.0.0.1 www.errorsafe.com ## added by CiD
127.0.0.1 www.systemdoctor.com ## added by CiD
127.0.0.1 www.utils.winfixer.com ## added by CiD
127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
127.0.0.1 www.win-virus-pro.com ## added by CiD
127.0.0.1 www.winantispam.com ## added by CiD
127.0.0.1 www.winantispy.com ## added by CiD
127.0.0.1 www.winantispyware.com ## added by CiD
127.0.0.1 www.winantivirus.com ## added by CiD
127.0.0.1 www.winantiviruspro.com ## added by CiD
127.0.0.1 www.windrivecleaner.com ## added by CiD
127.0.0.1 www.windrivesafe.com ## added by CiD
127.0.0.1 www.winfixer.com ## added by CiD
127.0.0.1 www.winfixer2006.com ## added by CiD
127.0.0.1 www.winsoftware.com ## added by CiD

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\ot.ico Deleted
C:\WINDOWS\system32\1024\ Deleted
C:\Documents and Settings\billy riley\Application Data\Install.dat Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted
C:\DOCUME~1\BILLYR~1\FAVORI~1\Online Security Test.url Deleted
C:\Program Files\Video ActiveX Object\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{1943B5E6-6A0F-404F-B3CC-6FDC0965B4FB}: DhcpNameServer=167.206.3.209 167.206.3.212 167.206.3.143
HKLM\SYSTEM\CS1\Services\Tcpip\..\{1943B5E6-6A0F-404F-B3CC-6FDC0965B4FB}: DhcpNameServer=167.206.3.209 167.206.3.212 167.206.3.143
HKLM\SYSTEM\CS2\Services\Tcpip\..\{1943B5E6-6A0F-404F-B3CC-6FDC0965B4FB}: DhcpNameServer=167.206.3.209 167.206.3.212 167.206.3.143
HKLM\SYSTEM\CS3\Services\Tcpip\..\{1943B5E6-6A0F-404F-B3CC-6FDC0965B4FB}: DhcpNameServer=167.206.3.209 167.206.3.212 167.206.3.143
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=167.206.3.209 167.206.3.212 167.206.3.143
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=167.206.3.209 167.206.3.212 167.206.3.143
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=167.206.3.209 167.206.3.212 167.206.3.143
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=167.206.3.209 167.206.3.212 167.206.3.143


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

0

Deckard's System Scanner v20070426.43
Run by billy riley on 2007-06-02 at 23:43:29
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as billy riley.exe) -----------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 11:43:40 PM, on 6/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\billy riley\Desktop\Security\dss.exe
C:\PROGRA~1\HIJACK~1\BILLYR~1.EXE

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 129.24.17.69:3124->United States(high-anonymous )
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {D185228E-1AD1-1A93-3CDA-507B4DD63879} - C:\DOCUME~1\BILLYR~1\APPLIC~1\LITELI~1\funk once.exe (file missing)
O2 - BHO: (no name) - {f2893a15-00a0-4e47-90a9-bc4d8651355c} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [freestyle] lockx.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138562528640
O16 - DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} (Sandlot Loader Control) - http://www.shockwave.com/content/ballistik/sis/slgwebinstall.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: CMPRAW - CMPRAW.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Abel - Unknown owner - C:\Program Files\Cain\Abel.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Comodo Anti-Virus and Anti-Spyware Service - Comodo Inc. - C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


-- Files created between 2007-05-02 and 2007-06-02 -----------------------------

2007-06-02 12:59:08 0 d-------- C:\44a9cf51ff7864c8b868d4796a
2007-06-02 01:08:19 0 d-------- C:\ea09c62ddf2905cb145f27
2007-06-02 01:01:11 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-06-02 01:01:11 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2007-06-02 01:01:11 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-06-02 00:57:30 1240 --a------ C:\WINDOWS\system32\tmp.reg
2007-06-02 00:50:46 0 d-------- C:\Program Files\a-squared Anti-Malware
2007-05-31 16:18:57 0 d-------- C:\Program Files\iTunes
2007-05-26 10:39:51 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-05-26 02:10:05 0 d-------- C:\Documents and Settings\billy riley\Application Data\MailFrontier
2007-05-26 02:02:09 2080 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-05-26 02:02:09 240160 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-05-26 01:57:20 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-05-26 01:56:01 0 d-------- C:\WINDOWS\Internet Logs
2007-05-26 01:07:53 0 d-------- C:\Documents and Settings\billy riley\Application Data\SiteAdvisor
2007-05-26 00:41:16 0 d-------- C:\Documents and Settings\Administrator.DJ5LBR61\Application Data\Talkback
2007-05-26 00:40:53 0 d-------- C:\Documents and Settings\Administrator.DJ5LBR61\Application Data\Mozilla
2007-05-25 22:50:48 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-05-25 19:45:36 0 d-------- C:\Program Files\Bonjour
2007-05-25 19:35:06 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2007-05-24 22:27:51 5 --ahs---- C:\WINDOWS\system32\faedddfbc_d.dll
2007-05-24 22:27:21 0 d-------- C:\Program Files\RegSupreme Pro
2007-05-24 21:10:22 0 d-------- C:\Documents and Settings\Administrator.DJ5LBR61\Application Data\Comodo
2007-05-24 21:05:00 0 dr------- C:\Documents and Settings\Administrator.DJ5LBR61\Favorites
2007-05-24 21:05:00 0 d-------- C:\Documents and Settings\Administrator.DJ5LBR61\Desktop
2007-05-24 21:05:00 0 d--hs---- C:\Documents and Settings\Administrator.DJ5LBR61\Cookies
2007-05-24 21:05:00 0 dr-h----- C:\Documents and Settings\Administrator.DJ5LBR61\Application Data
2007-05-24 21:05:00 0 d-------- C:\Documents and Settings\Administrator.DJ5LBR61\Application Data\Sun
2007-05-24 21:05:00 0 d-------- C:\Documents and Settings\Administrator.DJ5LBR61\Application Data\Sonic
2007-05-24 21:05:00 0 d---s---- C:\Documents and Settings\Administrator.DJ5LBR61\Application Data\Microsoft
2007-05-24 21:05:00 0 d-------- C:\Documents and Settings\Administrator.DJ5LBR61\Application Data\Jasc Software Inc
2007-05-24 21:05:00 0 d-------- C:\Documents and Settings\Administrator.DJ5LBR61\Application Data\Identities
2007-05-24 21:04:59 0 d--h----- C:\Documents and Settings\Administrator.DJ5LBR61\Templates
2007-05-24 21:04:59 0 dr------- C:\Documents and Settings\Administrator.DJ5LBR61\Start Menu
2007-05-24 21:04:59 0 dr-h----- C:\Documents and Settings\Administrator.DJ5LBR61\SendTo
2007-05-24 21:04:59 0 dr-h----- C:\Documents and Settings\Administrator.DJ5LBR61\Recent
2007-05-24 21:04:59 0 d--h----- C:\Documents and Settings\Administrator.DJ5LBR61\PrintHood
2007-05-24 21:04:59 0 d--h----- C:\Documents and Settings\Administrator.DJ5LBR61\NetHood
2007-05-24 21:04:59 0 dr------- C:\Documents and Settings\Administrator.DJ5LBR61\My Documents
2007-05-24 21:04:59 0 d--h----- C:\Documents and Settings\Administrator.DJ5LBR61\Local Settings
2007-05-24 21:04:58 786432 --ah----- C:\Documents and Settings\Administrator.DJ5LBR61\NTUSER.DAT
2007-05-22 00:06:24 36864 --a------ C:\WINDOWS\system32\wbsys.dll <Not Verified; Stardock.Net, Inc; WindowBlinds 4.x for x86 machines>
2007-05-22 00:06:23 0 d-------- C:\Program Files\Common Files\Stardock
2007-05-22 00:06:23 0 d-------- C:\Program Files\AlienGUIse
2007-05-13 21:47:03 0 d-------- C:\Documents and Settings\Administrator\Templates
2007-05-13 21:47:03 0 d-------- C:\Documents and Settings\Administrator\SendTo
2007-05-13 21:47:03 0 d-------- C:\Documents and Settings\Administrator\My Documents
2007-05-13 21:47:03 0 d-------- C:\Documents and Settings\Administrator\Local Settings
2007-05-13 21:47:03 0 d-------- C:\Documents and Settings\Administrator\Favorites
2007-05-13 21:47:03 0 d-------- C:\Documents and Settings\Administrator\Cookies
2007-05-13 21:47:03 0 d-------- C:\Documents and Settings\Administrator\Application Data
2007-05-13 21:47:03 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2007-05-13 21:47:03 0 d-------- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-05-13 21:47:02 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-05-13 19:23:12 0 d-------- C:\Program Files\Alwil Software
2007-05-12 06:52:50 9699328 --a------ C:\Documents and Settings\billy riley\ntuser.dat
2007-05-12 06:52:48 786432 --a------ C:\Documents and Settings\LocalService\ntuser.dat
2007-05-11 22:00:28 35840 ---h----- C:\WINDOWS\system32\menjgkn.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-05-11 06:42:43 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-03 15:55:11 0 d-------- C:\Program Files\Alcohol Soft


-- Find3M Report ---------------------------------------------------------------

2007-06-02 12:53:33 0 d-------- C:\Program Files\MyPhoneExplorer
2007-05-31 16:19:21 0 d-------- C:\Program Files\iPod
2007-05-29 21:25:09 0 d-------- C:\Documents and Settings\billy riley\Application Data\Xfire
2007-05-29 16:33:40 0 d-------- C:\Program Files\Mozilla Thunderbird
2007-05-27 16:59:30 0 d-------- C:\Documents and Settings\billy riley\Application Data\Lavasoft
2007-05-27 16:59:06 0 d-------- C:\Program Files\Lavasoft
2007-05-27 16:58:45 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-05-26 01:13:12 0 d-------- C:\Program Files\McAfee
2007-05-25 23:01:06 0 d-------- C:\Documents and Settings\billy riley\Application Data\Adobe
2007-05-25 19:45:33 0 d-------- C:\Program Files\Common Files\Adobe
2007-05-25 19:10:23 0 d-------- C:\Program Files\SmartFTP Client 2.0
2007-05-21 20:28:20 0 d-------- C:\Program Files\America's Army
2007-05-13 23:02:56 0 d-------- C:\Program Files\Microsoft Games
2007-05-04 17:04:45 0 d-------- C:\Program Files\Tales of Pirates Online
2007-05-03 16:21:10 0 d-------- C:\Program Files\QuickTime
2007-05-02 23:51:32 0 d-------- C:\Program Files\MagicISO
2007-04-26 17:54:45 0 d-------- C:\Program Files\Viewpoint
2007-04-22 22:27:33 0 d-------- C:\Program Files\AIM
2007-04-18 15:08:36 0 d-------- C:\Program Files\Internet Download Manager
2007-04-18 15:08:36 0 d-------- C:\Documents and Settings\billy riley\Application Data\IDM
2007-04-18 15:04:27 0 d-------- C:\Documents and Settings\billy riley\Application Data\DMCache
2007-04-17 17:29:36 0 d-------- C:\Program Files\FlashGet
2007-04-14 21:17:29 0 d-------- C:\Program Files\WinPcap
2007-04-14 16:59:57 0 d-------- C:\Program Files\Project64 1.6
2007-04-11 16:41:04 0 d--h----- C:\Documents and Settings\billy riley\Application Data\Gtek
2007-04-10 17:46:15 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-04-10 17:44:09 0 d-------- C:\Program Files\Global Star
2007-04-09 19:47:57 0 d-------- C:\Program Files\DellSupport
2007-04-08 11:34:18 0 d-------- C:\Program Files\America's Army Server Manager
2007-04-06 21:13:25 0 d-------- C:\Program Files\FlashMute
2007-03-21 20:54:16 69632 --a------ C:\WINDOWS\system32\TWUNK_32.EXE <Not Verified; Twain Working Group; Twain Thunker>
2007-03-21 20:54:16 48560 --a------ C:\WINDOWS\system32\TWUNK_16.EXE <Not Verified; Twain Working Group; Twain Thunker>
2007-03-21 20:54:16 77312 --a------ C:\WINDOWS\system32\TWAIN_32.DLL <Not Verified; Twain Working Group; Twain_32 Source Manager>
2007-03-11 15:30:33 333 --a------ C:\Documents and Settings\billy riley\Application Data\AdobeDLM.log


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} C:\PROGRA~1\FlashGet\jccatch.dll
{53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{5CA3D70E-1895-11CF-8E15-001234567890} C:\WINDOWS\system32\dla\tfswshx.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
{955BE0B8-BC85-4CAF-856E-8E0D8B610560} C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar1.dll
{D185228E-1AD1-1A93-3CDA-507B4DD63879} C:\DOCUME~1\BILLYR~1\APPLIC~1\LITELI~1\funk once.exe [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"a-squared"="\"C:\\Program Files\\a-squared Anti-Malware\\a2guard.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"DellSupport"="\"C:\\Program Files\\DellSupport\\DSAgnt.exe\" /startup"
"freestyle"="lockx.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Aim6"="\"C:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US ee://aol/imApp"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AdobeUpdater]
@=""

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\CMPRAW
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="wbsys.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

-- End of Deckard's System Scanner: finished at 2007-06-02 at 23:44:15 ---------

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.