Deckard's System Scanner v20071014.68
Run by Michael on 2008-06-12 23:41:37
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 3 Restore Point(s) --
3: 2008-06-12 15:41:39 UTC - RP3 - Deckard's System Scanner Restore Point
2: 2008-06-12 14:58:25 UTC - RP2 - Installed Windows Installer KB893803.
1: 2008-06-12 10:57:12 UTC - RP1 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Michael.exe) ---------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:41:59 PM, on 6/12/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Michael\Desktop\dss.exe
C:\DOCUME~1\Michael\Desktop\Michael.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.redtube.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Long Live Sowar!!!
F2 - REG:system.ini: Shell=explorer.exe "C:\WINDOWS\Fonts\wmsncs.exe"
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvidMediaCenter] C:\Program Files\Common Files\System\wmsncs.exe
O4 - HKLM\..\Run: [Wmsncs Service] C:\WINDOWS\Fonts\wmsncs.exe
O4 - HKLM\..\Run: [Spool Driver Service] C:\WINDOWS\System32\spool\drivers\wmsncs.exe
O4 - HKLM\..\Run: [Wins Service] C:\WINDOWS\System32\wins\wmsncs.exe
O4 - HKLM\..\Run: [WinDLL (winsro.exe)] rundll32.exe C:\WINDOWS\System32\winsro.exe,start
O4 - HKLM\..\Run: [System Restore] wscript.exe "C:\WINDOWS\SysRes.vbs"
O4 - HKLM\..\Run: [Topic cPanl] cPanel.com
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\RunServices: [Topic cPanl] cPanel.com
O4 - HKCU\..\Run: [NvidMediaCenter] C:\Program Files\Common Files\System\wmsncs.exe
O4 - HKCU\..\Run: [Wmsncs Service] C:\WINDOWS\Fonts\wmsncs.exe
O4 - HKCU\..\Run: [Spool Driver Service] C:\WINDOWS\System32\spool\drivers\wmsncs.exe
O4 - HKCU\..\Run: [Wins Service] C:\WINDOWS\System32\wins\wmsncs.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [NvidMediaCenter] C:\Program Files\Common Files\System\wmsncs.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [Wmsncs Service] C:\WINDOWS\Fonts\wmsncs.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [Spool Driver Service] C:\WINDOWS\System32\spool\drivers\wmsncs.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [Wins Service] C:\WINDOWS\System32\wins\wmsncs.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [NvidMediaCenter] C:\Program Files\Common Files\System\wmsncs.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [NvidMediaCenter] C:\Program Files\Common Files\System\wmsncs.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvidMediaCenter] C:\Program Files\Common Files\System\wmsncs.exe (User 'Default user')
O4 - Global Startup: wmsncs.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
--
End of file - 5700 bytes
-- File Associations -----------------------------------------------------------
.vbs - unable to read key
.vbs - unable to read key
.vbs - unable to read key
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
All drivers whitelisted.
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 NET Runtime Optimization Service v2.1.41329_X86 - "c:\windows\fonts\wmsncs.exe" <Not Verified; Microsoft® Windows NET Runtime Optimization Service; Microsoft® Windows® Operating System>
R2 WmdmPmSp (Portable Media Serial Number) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Device
Device ID: PCI\VEN_8086&DEV_27D8&SUBSYS_817F1043&REV_01\3&11583659&0&D8
Manufacturer:
Name: PCI Device
PNP Device ID: PCI\VEN_8086&DEV_27D8&SUBSYS_817F1043&REV_01\3&11583659&0&D8
Service:
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_81AA1043&REV_01\4&AD17F01&0&00E3
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_81AA1043&REV_01\4&AD17F01&0&00E3
Service: RTLE8023xp
-- Scheduled Tasks -------------------------------------------------------------
2008-06-12 23:15:25 416 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
2008-06-12 20:59:26 534 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Michael.job
-- Files created between 2008-05-12 and 2008-06-12 -----------------------------
2008-06-13 02:40:38 0 d-------- C:\Program Files\Common Files\ODBC
2008-06-13 02:40:35 0 d-------- C:\Program Files\Common Files
2008-06-13 02:40:35 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-06-13 02:40:34 0 dr------- C:\Program Files
2008-06-13 02:40:22 25088 --a------ C:\WINDOWS\TASKMAN.EXE <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-13 02:40:22 75776 --a------ C:\WINDOWS\NOTEPAD.EXE <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-13 02:40:13 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-06-13 02:40:13 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-06-13 02:40:13 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-06-13 02:40:13 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-06-13 02:40:13 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-06-13 02:40:13 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-06-13 02:40:13 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-06-13 02:40:13 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-06-13 02:40:13 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-06-13 02:40:13 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-06-13 02:40:13 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-06-13 02:40:13 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-06-13 02:40:13 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-06-13 02:40:13 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-06-13 02:40:13 0 dr------- C:\Documents and Settings\All Users\Documents
2008-06-13 02:40:13 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-06-13 02:40:04 0 d-------- C:\WINDOWS\System32\CatRoot2
2008-06-13 02:40:04 0 d-------- C:\WINDOWS\System32\CatRoot
2008-06-13 02:39:59 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-06-13 02:39:59 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-06-13 02:39:58 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-06-13 02:39:58 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-06-13 02:39:39 0 d-------- C:\Documents and Settings
2008-06-13 02:34:46 0 d-------- C:\WINDOWS
2008-06-13 02:34:46 0 d-------- C:\WINDOWS\WinSxS
2008-06-13 02:34:46 0 dr------- C:\WINDOWS\Web
2008-06-13 02:34:46 0 d-------- C:\WINDOWS\twain_32
2008-06-13 02:34:46 0 d-------- C:\WINDOWS\system32
2008-06-13 02:34:46 0 d-------- C:\WINDOWS\System32\wins
2008-06-13 02:34:46 0 d-------- C:\WINDOWS\System32\wbem
2008-06-13 02:34:46 0 d-------- C:\WINDOWS\System32\usmt
2008-06-13 02:34:46 0 d-------- C:\WINDOWS\System32\spool
2008-06-13 02:34:46 0 d-------- C:\WINDOWS\System32\ShellExt
2008-06-13 02:34:46 0 d-------- C:\WINDOWS\System32\Setup
2008-06-13 02:34:46 0 d-------- C:\WINDOWS\System32\ras
2008-06-13 02:34:46 0 d-------- C:\WINDOWS\System32\oobe
2008-06-13 02:34:46 0 d-------- C:\WINDOWS\System32\npp
2008-06-13 02:34:46 0 d-------- C:\WINDOWS\System32\mui
2008-06-13 02:34:46 0 d-------- C:\WINDOWS\System32\inetsrv
2008-06-13 02:34:46 0 d-------- C:\WINDOWS\System32\IME
2008-06-13 02:34:46 0 d-------- C:\WINDOWS\System32\icsxml
2008-06-13 02:34:46 0 d-------- C:\WINDOWS\System32\ias
2008-06-13 02:34:46 0 d-------- C:\WINDOWS\System32\export
2008-06-13 02:34:46 0 d-------- C:\WINDOWS\System32\drivers
2008-06-13 02:34:46 0 d-------- C:\WINDOWS\System32\drivers\etc
2008-06-13 02:34:46 0 d-------- C:\WINDOWS\System32\drivers\disdn
2008-06-13 02:34:46 0 dr-hs--c- C:\WINDOWS\System32\dllcache
2008-06-13 02:34:46 0 d-------- C:\WINDOWS\System32\dhcp
2008-06-13 02:34:46 0 d-------- C:\WINDOWS\System32\config
2008-06-13 02:34:46 0 d-------- C:\WINDOWS\System32\3com_dmi
2008-06-13 02:34:46 0 d-------- C:\WINDOWS\System32\3076
2008-06-13 02:34:46 0 d-------- C:\WINDOWS\System32\2052
2008-06-13 02:34:46 0 d-------- C:\WINDOWS\System32\1054
2008-06-13 02:34:46 0 d-------- C:\WINDOWS\System32\1042
2008-06-13 02:34:46 0 d-------- C:\WINDOWS\System32\1041
2008-06-13 02:34:46 0 d-------- C:\WINDOWS\System32\1037
2008-06-13 02:34:46 0 d-------- C:\WINDOWS\System32\1033
2008-06-13 02:34:46 0 d-------- C:\WINDOWS\System32\1031
2008-06-13 02:34:46 0 d-------- C:\WINDOWS\System32\1028
2008-06-13 02:34:46 0 d-------- C:\WINDOWS\System32\1025
2008-06-13 02:34:46 0 d-------- C:\WINDOWS\system
2008-06-13 02:34:46 0 d-------- C:\WINDOWS\security
2008-06-13 02:34:46 0 d-------- C:\WINDOWS\Resources
2008-06-13 02:34:46 0 d-------- C:\WINDOWS\repair
2008-06-13 02:34:46 0 d-------- C:\WINDOWS\mui
2008-06-13 02:34:46 0 d-------- C:\WINDOWS\msapps
2008-06-13 02:34:46 0 d-------- C:\WINDOWS\msagent
2008-06-13 02:34:46 0 d-------- C:\WINDOWS\Media
2008-06-13 02:34:46 0 d-------- C:\WINDOWS\java
2008-06-13 02:34:46 0 d--h----- C:\WINDOWS\inf
2008-06-13 02:34:46 0 d-------- C:\WINDOWS\ime
2008-06-13 02:34:46 0 d-------- C:\WINDOWS\Help
2008-06-13 02:34:46 0 dr--s---- C:\WINDOWS\Fonts
2008-06-13 02:34:46 0 d-------- C:\WINDOWS\Driver Cache
2008-06-13 02:34:46 0 d-------- C:\WINDOWS\Debug
2008-06-13 02:34:46 0 d-------- C:\WINDOWS\Cursors
2008-06-13 02:34:46 0 d-------- C:\WINDOWS\Connection Wizard
2008-06-13 02:34:46 0 d-------- C:\WINDOWS\Config
2008-06-13 02:34:46 0 d-------- C:\WINDOWS\AppPatch
2008-06-13 02:34:46 0 d-------- C:\WINDOWS\addins
2008-06-12 23:21:49 0 d-------- C:\WINDOWS\BDOSCAN8
2008-06-12 23:21:45 0 d-------- C:\WINDOWS\LastGood
2008-06-12 23:20:45 65536 --a------ C:\WINDOWS\UpdtNv28.exe
2008-06-12 23:17:43 0 d---s---- C:\Documents and Settings\Michael\UserData
2008-06-12 21:56:28 0 d-------- C:\Documents and Settings\Michael\Application Data\Macromedia
2008-06-12 21:56:28 0 d-------- C:\Documents and Settings\Michael\Application Data\Adobe
2008-06-12 21:55:11 1160 --a------ C:\WINDOWS\mozver.dat
2008-06-12 21:10:33 0 --a------ C:\adware.exe
2008-06-12 21:04:43 0 d-------- C:\Program Files\SymNetDrv
2008-06-12 20:56:59 4096 --a------ C:\WINDOWS\System32\drivers\symlcbrd.sys
2008-06-12 20:56:57 0 d-------- C:\Program Files\Norton AntiVirus
2008-06-12 20:56:42 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-12 20:56:42 0 d-------- C:\Documents and Settings\Michael\Application Data\Symantec
2008-06-12 20:56:34 0 d-------- C:\Program Files\Symantec
2008-06-12 20:56:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-12 20:48:24 0 d-------- C:\Documents and Settings\Michael\Application Data\WinRAR
2008-06-12 19:23:43 4533 --a------ C:\Cool USEP Scandal.vbs
2008-06-12 19:23:29 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-12 19:23:28 0 d-------- C:\Documents and Settings\Michael\Application Data\Mozilla
2008-06-12 19:19:59 0 d-------- C:\WINDOWS\Windows Update Setup Files
2008-06-12 19:00:37 0 d-------- C:\WINDOWS\System32\ReinstallBackups
2008-06-12 19:00:35 0 d-------- C:\Program Files\Intel
2008-06-12 18:59:52 5824 --a------ C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
2008-06-12 18:58:47 4533 -rahs---- C:\WINDOWS\SysRes.vbs
2008-06-12 18:57:13 389120 ---hs---- C:\WINDOWS\System32\winsro.exe
2008-06-12 18:56:59 0 d--hs---- C:\WINDOWS\Installer
2008-06-12 18:56:57 0 d-------- C:\Documents and Settings\Michael\Application Data\Identities
2008-06-12 18:56:48 0 dr------- C:\Documents and Settings\Michael\Favorites
2008-06-12 18:56:48 0 d-------- C:\Documents and Settings\Michael\Desktop
2008-06-12 18:56:48 0 d---s---- C:\Documents and Settings\Michael\Cookies
2008-06-12 18:56:48 0 dr-h----- C:\Documents and Settings\Michael\Application Data
2008-06-12 18:56:47 0 d--h----- C:\Documents and Settings\Michael\Templates
2008-06-12 18:56:47 0 dr------- C:\Documents and Settings\Michael\Start Menu
2008-06-12 18:56:47 0 dr-h----- C:\Documents and Settings\Michael\SendTo
2008-06-12 18:56:47 0 dr-h----- C:\Documents and Settings\Michael\Recent
2008-06-12 18:56:47 0 d--h----- C:\Documents and Settings\Michael\PrintHood
2008-06-12 18:56:47 786432 --ah----- C:\Documents and Settings\Michael\NTUSER.DAT
2008-06-12 18:56:47 0 d--h----- C:\Documents and Settings\Michael\NetHood
2008-06-12 18:56:47 0 dr------- C:\Documents and Settings\Michael\My Documents
2008-06-12 18:56:47 0 d--h----- C:\Documents and Settings\Michael\Local Settings
2008-06-12 18:55:30 0 d---s---- C:\WINDOWS\System32\Microsoft
2008-06-12 18:52:55 0 d--hs---- C:\System Volume Information
2008-06-12 18:52:54 0 d-------- C:\WINDOWS\Prefetch
2008-06-12 18:52:53 233472 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-06-12 18:52:53 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-06-12 18:52:53 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2008-06-12 18:52:53 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-06-12 18:52:53 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-06-12 18:52:52 233472 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-06-12 18:52:52 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-06-12 18:52:52 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2008-06-12 18:52:52 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-06-12 18:52:52 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-06-12 18:50:19 0 d-------- C:\WINDOWS\System32\xircom
2008-06-12 18:50:19 0 d-------- C:\Program Files\microsoft frontpage
2008-06-12 18:50:10 233472 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-06-12 18:50:04 0 --a------ C:\CONFIG.SYS
2008-06-12 18:50:04 0 --a------ C:\AUTOEXEC.BAT
2008-06-12 18:49:32 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-06-12 18:49:24 0 dr------- C:\WINDOWS\Offline Web Pages
2008-06-12 18:49:24 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-06-12 18:48:57 0 d-------- C:\WINDOWS\System32\DirectX
2008-06-12 18:48:27 45056 --a------ C:\WINDOWS\System32\mnmsrvc.exe <Not Verified; Microsoft Corporation; Windows® NetMeeting®>
2008-06-12 18:48:21 0 d---s---- C:\WINDOWS\Tasks
2008-06-12 18:48:19 0 d-------- C:\Program Files\Common Files\MSSoap
2008-06-12 18:48:14 0 d-------- C:\WINDOWS\srchasst
2008-06-12 18:48:13 136551 --a------ C:\WINDOWS\System32\wmsoft85141.exe <Not Verified; Microsoft® Windows NET Runtime Optimization Service; Microsoft® Windows® Operating System>
2008-06-12 18:48:13 0 d-------- C:\WINDOWS\System32\Macromed
2008-06-12 18:48:12 0 d-------- C:\Program Files\Movie Maker
2008-06-12 18:48:08 0 d-------- C:\WINDOWS\System32\Restore
2008-06-12 18:48:08 0 d-------- C:\WINDOWS\PCHealth
2008-06-12 18:48:03 19456 --a------ C:\WINDOWS\System32\mstinit.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-12 18:48:01 34304 --a------ C:\WINDOWS\System32\xpsp1hfm.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-12 18:47:58 573440 -ra------ C:\WINDOWS\System32\service.exe
2008-06-12 18:47:39 21640 --a------ C:\WINDOWS\System32\emptyregdb.dat
2008-06-12 18:47:26 0 --a------ C:\WINDOWS\System32\wmsoft80233.exe
2008-06-12 18:47:19 0 d-------- C:\WINDOWS\Registration
2008-06-12 18:47:12 0 d--h----- C:\Program Files\WindowsUpdate
2008-06-12 18:47:11 0 d-------- C:\Program Files\Online Services
2008-06-12 18:47:05 0 d-------- C:\Program Files\Messenger
2008-06-12 18:47:01 15360 --a------ C:\WINDOWS\System32\write.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-12 18:47:01 0 d-------- C:\Program Files\MSN Gaming Zone
2008-06-12 18:46:55 188928 --a------ C:\WINDOWS\System32\accwiz.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-12 18:46:54 148480 --a------ C:\WINDOWS\System32\sndvol32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-12 18:46:54 134144 --a------ C:\WINDOWS\System32\sndrec32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-12 18:46:48 90112 --a------ C:\WINDOWS\System32\charmap.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-12 18:46:48 124416 --a------ C:\WINDOWS\System32\calc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-12 18:46:47 129536 --a------ C:\WINDOWS\System32\winmine.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-12 18:46:47 66560 --a------ C:\WINDOWS\System32\sol.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-12 18:46:47 19456 --a------ C:\WINDOWS\System32\reset.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-12 18:46:47 71680 --a------ C:\WINDOWS\System32\rdshost.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-12 18:46:47 136704 --a------ C:\WINDOWS\System32\mshearts.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-12 18:46:47 65024 --a------ C:\WINDOWS\System32\freecell.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-12 18:46:46 26624 --a------ C:\WINDOWS\System32\tsshutdn.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-12 18:46:46 26112 --a------ C:\WINDOWS\System32\tskill.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-12 18:46:46 24576 --a------ C:\WINDOWS\System32\tsdiscon.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-12 18:46:46 24576 --a------ C:\WINDOWS\System32\tscon.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-12 18:46:46 24576 --a------ C:\WINDOWS\System32\shadow.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-12 18:46:46 25600 --a------ C:\WINDOWS\System32\rwinsta.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-12 18:46:46 43520 --a------ C:\WINDOWS\System32\regini.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-12 18:46:46 31744 --a------ C:\WINDOWS\System32\qwinsta.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-12 18:46:46 28160 --a------ C:\WINDOWS\System32\qprocess.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-12 18:46:46 26624 --a------ C:\WINDOWS\System32\qappsrv.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-12 18:46:46 30720 --a------ C:\WINDOWS\System32\msg.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-12 18:46:46 25088 --a------ C:\WINDOWS\System32\logoff.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-12 18:46:45 15872 --a------ C:\WINDOWS\System32\msdtc.exe <Not Verified; Microsoft Corporation; Microsoft Distributed Transaction Coordinator>
2008-06-12 18:46:44 14848 --a------ C:\WINDOWS\System32\dcomcnfg.exe <Not Verified; Microsoft Corporation; COM Services>
2008-06-12 18:46:31 149504 --a------ C:\WINDOWS\System32\wuauclt.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-12 18:46:31 543744 --a------ C:\WINDOWS\System32\spider.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-12 18:46:31 349696 --a------ C:\WINDOWS\System32\mspaint.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-12 18:46:31 126464 --a------ C:\WINDOWS\System32\mplay32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-12 18:46:31 108544 --a------ C:\WINDOWS\System32\clipbrd.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-12 18:46:31 0 d-------- C:\Program Files\Windows NT
2008-06-12 18:46:30 22016 --a------ C:\WINDOWS\System32\rdsaddin.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-12 18:46:30 398336 --a------ C:\WINDOWS\System32\mstsc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-12 18:46:29 50688 --a------ C:\WINDOWS\System32\tscupgrd.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-12 18:46:29 138752 --a------ C:\WINDOWS\System32\sessmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-12 18:46:29 53760 --a------ C:\WINDOWS\System32\rdpclip.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-12 18:46:29 0 d-------- C:\WINDOWS\System32\MsDtc
2008-06-12 18:46:28 0 d-------- C:\WINDOWS\System32\Com
2008-06-12 18:46:17 0 --a------ C:\WINDOWS\System32\wmsoft88107.exe
2008-06-12 18:46:16 80 --a------ C:\WINDOWS\System32\i
-- Find3M Report ---------------------------------------------------------------
2008-06-13 02:40:13 62 --ahs---- C:\Documents and Settings\Michael\Application Data\desktop.ini
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvidMediaCenter"="C:\Program Files\Common Files\System\wmsncs.exe" [06/12/2008 06:48 PM]
"Wmsncs Service"="C:\WINDOWS\Fonts\wmsncs.exe" [06/12/2008 06:48 PM]
"Spool Driver Service"="C:\WINDOWS\System32\spool\drivers\wmsncs.exe" [06/12/2008 06:48 PM]
"Wins Service"="C:\WINDOWS\System32\wins\wmsncs.exe" [06/12/2008 06:48 PM]
"WinDLL (winsro.exe)"="C:\WINDOWS\System32\winsro.exe" [06/12/2008 06:57 PM]
"System Restore"="wscript.exe" [03/31/2003 08:00 PM C:\WINDOWS\system32\wscript.exe]
"Topic cPanl"="cPanel.com" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [12/12/2005 02:37 PM]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [06/12/2008 09:04 PM]
"SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [11/02/2004 04:59 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvidMediaCenter"="C:\Program Files\Common Files\System\wmsncs.exe" [06/12/2008 06:48 PM]
"Wmsncs Service"="C:\WINDOWS\Fonts\wmsncs.exe" [06/12/2008 06:48 PM]
"Spool Driver Service"="C:\WINDOWS\System32\spool\drivers\wmsncs.exe" [06/12/2008 06:48 PM]
"Wins Service"="C:\WINDOWS\System32\wins\wmsncs.exe" [06/12/2008 06:48 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [08/20/2002 03:08 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Topic cPanl"=cPanel.com
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"NvidMediaCenter"=C:\Program Files\Common Files\System\wmsncs.exe
"Wmsncs Service"=C:\WINDOWS\Fonts\wmsncs.exe
"Spool Driver Service"=C:\WINDOWS\System32\spool\drivers\wmsncs.exe
"Wins Service"=C:\WINDOWS\System32\wins\wmsncs.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=1 (0x1)
"DisableTaskMgr"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="explorer.exe \"C:\WINDOWS\Fonts\wmsncs.exe\""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2965121e-38ae-11dd-bb68-806d6172696f}]
AutoPlay\Command- wscript.exe sowar.vbs
AutoRun\command- wscript.exe sowar.vbs
Explore\Command- wscript.exe sowar.vbs
Open\Command- wscript.exe sowar.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2965121f-38ae-11dd-bb68-806d6172696f}]
AutoPlay\Command- wscript.exe sowar.vbs
AutoRun\command- wscript.exe sowar.vbs
Explore\Command- wscript.exe sowar.vbs
Open\Command- wscript.exe sowar.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7859c0fd-386f-11dd-bc5e-0008a1960a8b}]
AutoPlay\Command- wscript.exe sowar.vbs
AutoRun\command- wscript.exe sowar.vbs
Explore\Command- wscript.exe sowar.vbs
Open\Command- wscript.exe sowar.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7859c0fe-386f-11dd-bc5e-0008a1960a8b}]
AutoPlay\Command- wscript.exe sowar.vbs
AutoRun\command- wscript.exe sowar.vbs
Explore\Command- wscript.exe sowar.vbs
Open\Command- wscript.exe sowar.vbs
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{103L3C30-C3B3-4130-9363-E59E1375PERM}]
C:\WINDOWS\Fonts\wmsncs.exe
-- End of Deckard's System Scanner: finished at 2008-06-12 23:42:50 ------------
Full Version: Hijackthis Log: Please Help Diagnose
Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. 
Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Please post the contents of the log from DrWeb and a new DSS log in your next reply.
Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
- Doubleclick the drweb-cureit.exe file and Allow to run the express scan
- This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
- Once the short scan has finished, mark the drives that you want to scan.
- Select all drives. A red dot shows which drives have been chosen.
- Click the green arrow at the right, and the scan will start.
- Click 'Yes to all' if it asks if you want to cure/move the file.
- When the scan has finished, in the menu, click file and choose save report list
- Save the report to your desktop. The report will be called DrWeb.csv
- Close Dr.Web Cureit.
Please post the contents of the log from DrWeb and a new DSS log in your next reply.
As there has been no response, this thread will now be closed.
If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this thread in your request.
If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this thread in your request.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.