Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Hijack This Log After Deleting Brave Sentry


  • This topic is locked This topic is locked
3 replies to this topic

#1 SFJenn

SFJenn

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:27 PM

Posted 19 May 2008 - 10:24 PM

I just deleted Brave Sentry from a topic on this site and it worked thank you very much. Below is my hijack this! log. I appreciate your expert advice on this log.

Jennifer

Deckard's System Scanner v20071014.68
Run by Jennifer on 2008-05-19 19:15:25
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
27: 2008-05-20 03:15:35 UTC - RP101 - Deckard's System Scanner Restore Point
26: 2008-05-19 23:36:24 UTC - RP100 - System Checkpoint
25: 2008-05-18 20:17:14 UTC - RP99 - System Checkpoint
24: 2008-05-17 01:44:01 UTC - RP98 - Software Distribution Service 3.0
23: 2008-05-16 04:34:44 UTC - RP97 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-05-05 23:39:26 UTC - RP75 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Jennifer.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:20:13 PM, on 5/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\explorer.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Windows Live\Family Safety\fssui.exe
C:\Program Files\Creative\ShareDLL\Mediadet.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
C:\Program Files\NETGEAR\WPN111\wpn111.exe
C:\WINDOWS\FSScrCtl.exe
C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\DellSupport\brkrsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\NCS\Sync\NetSvc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\windows\System32\nvsvc32.exe
C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
C:\windows\System32\snmp.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\windows\System32\svchost.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Skyhook Wireless\Wi-Fi Service\WPSScannerSvc.exe
C:\windows\System32\dmadmin.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\cidaemon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jennifer\Desktop\dss.exe
C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Jennifer.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS10
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - (no file)
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~2.DLL
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~2.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fssui.exe" -autorun
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\RunOnce: [] C:\Program Files\Internet Explorer\iexplore.exe http://www.symantec.com/techsupp/servlet/P...00006f.00000148
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?
O4 - Global Startup: Screen Saver Control.lnk = C:\WINDOWS\FSScrCtl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm414YYUS
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?11c305ecba7c4201a676df7194613738
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?11c305ecba7c4201a676df7194613738
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (file missing)
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Jennifer\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} (ActiveWorldsDownload Control) - http://www.activeworlds.com/products/Activ...ldsDownload.cab
O16 - DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} (CPlayFirstmsiControl Object) - http://games.bigfishgames.com/en_mysteryof...Web.1.0.0.8.cab
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Resources/...ns.10.4.0.2.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite...vex-2.0.3.5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - http://www.symantec.com/techsupp/activedata/nprdtinf.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {38A5F6F0-0B64-421B-A553-3D49A76ECDCD} (CPlayFirstMythicMarblesControl Object) - http://games.bigfishgames.com/en_mythic-ma...les.1.0.0.2.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} (CPlayFirstPiratePoppersControl Object) - http://zone.msn.com/bingame/pppp/default/P...rs.1.0.0.39.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://lovefreegames.aavalue.com/LFG/Toolbar/LFG-toolbar.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/m...83/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {528C14CD-CF9E-489C-A365-5999F17B69B9} (LightSurfUploadCtl Class) - http://pictures.sprintpcs.com/activex/Ligh...loadControl.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1096339029718
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1124419657125
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.cherrytap.com/imgs/ImageUploader4.cab
O16 - DPF: {733A5CA7-C0E1-41D7-9506-F4AA354B4500} (ActiveFormX Control) - file://C:\Program Files\Intelore\AnimatedDesktop\advThemes\WorkDir\3449031\Files\ActiveFormProj1.inf
O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} (CPlayFirstdreamControl Object) - http://games.bigfishgames.com/en_dream-chr...web.1.0.0.9.cab
O16 - DPF: {83EF1847-D835-490B-8D9D-90B2987D66E8} - http://pictures.aolcdn.com/ap/Resources/1....der.9.3.2.3.cab
O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} (SpinTop Games Launcher) - http://aolsvc.aol.com/onlinegames/free-tri...mesLauncher.cab
O16 - DPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} (Jolly Bear Games Player) - http://games.bigfishgames.com/en_bigcityad...BGamePlayer.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab60231.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - https://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {BAC761D3-DFFD-4DB4-A01D-173346E090A7} (CPlayFirstzenerchiControl Object) - http://games.bigfishgames.com/en_zenerchi/...eb.1.0.0.10.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/shared/m...,20/mcgdmgr.cab
O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} (BewitchedGameClass Control) - http://aolsvc.aol.com/onlinegames/sonybewitched/main.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/free-tri...zylomplayer.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/pla...0/Installer.exe
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} (AstoundLauncher Control) - http://zone.msn.com/bingame/jobo/default/A...ersion=1,0,0,10
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://chill.comcast.net/Gameshell/GameHos...ronGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://aolsvc.aol.com/onlinegames/shapo/shapo.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://fortunelounge.microgaming.com/freeplay/FlashAX.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://aolsvc.aol.com/onlinegames/oberonma...ameLauncher.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by12fd.bay12.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F46BD8B1-DE4C-4A4F-B6F6-8FB68D25342D} (CPlayFirstMahjongRoaControl Object) - http://games.bigfishgames.com/en_mahjong-r...eb.1.0.0.17.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.2.1.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (file missing)
O21 - SSODL: mEekqTR - {6CA0F85E-C60A-52F4-B310-791C7FE67F01} - C:\windows\System32\zbuo.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WPS Scanner Service (WPSScannerSvc) - Skyhook Wireless - C:\Program Files\Skyhook Wireless\Wi-Fi Service\WPSScannerSvc.exe

--
End of file - 23762 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 agp440 (Intel AGP Bus Filter) - c:\windows\\systemroot\system32\drivers\agp440.sys (file missing)
R0 MtxDma0 (Matrox Dma Manager (0)) - c:\windows\system32\drivers\mtxdma0.sys <Not Verified; Matrox Electronic Systems Ltd.; IM-MIL>
R1 moufiltr (Mouse Filter Driver) - c:\windows\system32\drivers\moufiltr.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R1 UsbFltr (WayTechUSBFilterDriver) - c:\windows\system32\drivers\usbfltr.sys <Not Verified; Waytech Development, Inc.; Keyboard>
R2 BCMNTIO - c:\program files\checkit\diagnostics\bcmntio.sys
R2 CdaD10BA - c:\windows\system32\drivers\cdad10ba.sys <Not Verified; Macrovision Europe Ltd; Security Windows NT>
R2 MAPMEM - c:\program files\checkit\diagnostics\mapmem.sys
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
R3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
R3 Wpsnuio (WPS NDIS Usermode I/O Protocol) - c:\windows\system32\drivers\wpsnuio.sys <Not Verified; Skyhook Wireless; WPS NDIS User Mode I/O Driver>

S1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys (file missing)
S1 SASKUTIL - c:\program files\superantispyware\saskutil.sys (file missing)
S3 bvrp_pci - c:\windows\system32\drivers\bvrp_pci.sys
S3 CoachUsb (Coach Digital Camera on USB) - c:\windows\system32\drivers\coachusb.sys <Not Verified; Accapella Ltd.; USB Driver for Digital Camera>
S3 CoachVc (Coach Video Capture) - c:\windows\system32\drivers\coachvc.sys <Not Verified; Accapella Ltd.; Video Capture Minidriver for Digital Camera>
S3 iAimTV2 - c:\windows\system32\drivers\watv03nt.sys (file missing)
S3 SASENUM - c:\program files\superantispyware\sasenum.sys (file missing)
S3 SDdriver - c:\windows\system32\drivers\sddriver.sys <Not Verified; Symantec Corporation; Norton Speed Disk>
S3 SymIM (Symantec Network Security Intermediate Filter Service) - c:\windows\system32\drivers\symim.sys (file missing)
S3 SymIMMP - c:\windows\system32\drivers\symim.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Speed Disk service - c:\progra~1\norton~1\norton~1\speedd~1\nopdb.exe <Not Verified; Symantec Corporation; Norton Speed Disk>
R2 sprtsvc_dellsupportcenter (SupportSoft Sprocket Service (dellsupportcenter)) - c:\program files\dell support center\bin\sprtsvc.exe /service /p dellsupportcenter
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>
R2 WPSScannerSvc (WPS Scanner Service) - c:\program files\skyhook wireless\wi-fi service\wpsscannersvc.exe <Not Verified; Skyhook Wireless; Wi-Fi Scanner Service>

S2 AOLService (AOL Spyware Protection Service) - c:\progra~1\common~1\aol\aolspy~1\\aolserv.exe (file missing)
S2 SymAppCore (Symantec AppCore Service) - "c:\program files\common files\symantec shared\appcore\appsvc32.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-05-19 19:15:00 260 --a------ C:\windows\Tasks\Check Updates for Windows Live Toolbar.job
2008-04-25 20:46:05 284 --a------ C:\windows\Tasks\AppleSoftwareUpdate.job
2008-04-14 11:55:36 326 --a------ C:\windows\Tasks\Norton SystemWorks One Button Checkup.job


-- Files created between 2008-04-19 and 2008-05-19 -----------------------------

2008-05-19 19:19:40 0 d-------- C:\Program Files\Trend Micro
2008-05-16 16:53:41 3282 --a------ C:\windows\system32\tmp.reg
2008-05-16 16:53:14 25600 --a------ C:\windows\system32\WS2Fix.exe
2008-05-16 16:53:14 289144 --a------ C:\windows\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-05-16 16:53:14 86528 --a------ C:\windows\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-05-16 16:53:14 288417 --a------ C:\windows\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-05-16 16:53:14 53248 --a------ C:\windows\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-05-16 16:53:14 82944 --a------ C:\windows\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-05-16 16:53:14 51200 --a------ C:\windows\system32\dumphive.exe
2008-05-16 16:53:14 82944 --a------ C:\windows\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-05-15 20:27:29 0 d-------- C:\Program Files\SystemDefender
2008-05-15 20:27:29 0 d-------- C:\Documents and Settings\Jennifer\Application Data\SystemDefender
2008-05-15 20:26:54 0 d-------- C:\Program Files\Norton Internet Security
2008-05-15 18:31:57 27008 --a------ C:\windows\system32\drivers\Hmq64.sys
2008-05-15 18:31:57 27008 --a------ C:\windows\system32\drivers\Hmq64(3).sys
2008-05-15 18:31:57 27008 --a------ C:\windows\system32\drivers\Hmq64(2).sys
2008-05-15 18:20:19 1336012 --ahs---- C:\windows\system32\gjkmp.ini2
2008-05-15 18:20:17 298048 --a------ C:\windows\system32\pmkjg.dll
2008-05-15 17:46:14 40310 --a------ C:\windows\system32\dllgh8jkd1q2.exe
2008-05-15 17:46:12 21878 --a------ C:\windows\system32\dllgh8jkd1q1.exe
2008-05-15 17:46:11 3 --a------ C:\windows\system32\dllgh8jkd1q8.exe
2008-05-15 17:46:08 10 --a------ C:\windows\system32\kr_done1
2008-05-15 17:46:06 207360 --a------ C:\windows\totacon.exe
2008-05-15 17:46:05 13312 --a------ C:\Documents and Settings\NetworkService\cftmon.exe
2008-05-15 17:46:00 29136 --a------ C:\windows\system32\wind32.exe
2008-05-15 17:46:00 160256 --a------ C:\windows\system32\blackster.scr <Not Verified; Peter's Productions; Bugs!>
2008-05-15 17:45:57 5120 --a------ C:\windows\system32\ftpdll.dll
2008-05-15 17:45:57 5120 --a------ C:\Documents and Settings\NetworkService\ftpdll.dll
2008-05-15 17:45:56 13312 --a------ C:\windows\system32\drivers\spools.exe
2008-05-15 17:45:48 233006 --a------ C:\windows\system32\omnc550.exe
2008-05-15 17:45:38 3121 --a----c- C:\ie_updater.exe
2008-05-15 17:45:37 3121 --a------ C:\Documents and Settings\Jennifer\ie_updates3r.exe
2008-05-15 17:40:02 321 --ahs---- C:\windows\system32\knnmp.ini2
2008-05-15 17:25:25 346112 --a------ C:\windows\system32\nnnklkh.dll
2008-05-15 16:59:26 98709 --a------ C:\Documents and Settings\Jennifer\Application Data\sysdefender.exe
2008-05-15 16:54:39 57856 --a------ C:\windows\system32\vedxg3am1et3.exe
2008-05-15 16:53:52 29136 --a------ C:\windows\system32\omnc618.exe
2008-05-15 16:53:46 0 --a----c- C:\d1.exe
2008-05-15 16:53:44 28672 --a----c- C:\d.exe
2008-05-15 16:53:43 62386 --a------ C:\windows\system32\nzqtegh.sys
2008-05-15 16:53:38 0 --a----c- C:\1822488669
2008-05-15 16:53:33 232931 --a------ C:\windows\system32\omnc451.exe
2008-05-15 16:53:09 11776 --a------ C:\windows\system32\omnc534.exe
2008-05-15 16:52:57 14848 --a----c- C:\prkh.exe
2008-05-15 16:52:55 71680 --a------ C:\windows\system32\ntpl.bin
2008-05-15 16:52:53 17408 --a------ C:\windows\system32\omnc514.exe
2008-05-15 16:52:53 71680 --a----c- C:\sdcnls.exe
2008-05-15 16:52:52 13312 --a----c- C:\tuhkkvg.exe
2008-05-15 16:52:49 66048 --a----c- C:\kskbd.exe
2008-05-15 16:52:48 600576 --a------ C:\windows\system32\qtplugin.exe
2008-05-15 16:52:42 0 d-------- C:\Program Files\syscmd
2008-05-15 16:52:41 9216 --a------ C:\windows\system32\omnc615.exe
2008-05-15 16:52:38 86016 --a------ C:\windows\system32\39813.exe
2008-05-15 16:52:07 444416 --a----c- C:\autoex.dll
2008-05-15 16:52:03 106496 --a------ C:\windows\system32\cborqhef.exe
2008-05-15 16:52:01 233984 --a------ C:\windows\system32\omnc617.exe
2008-05-15 16:50:25 16384 --a------ C:\Documents and Settings\Jennifer\cftmon.exe
2008-05-15 16:49:53 16384 --a------ C:\Documents and Settings\LocalService\cftmon.exe
2008-05-15 16:48:02 37376 --a------ C:\windows\17PHolmes27.exe
2008-05-15 16:47:31 27008 --a------ C:\windows\system32\drivers\Pdx82.sys
2008-05-15 16:47:30 12288 --a------ C:\windows\system32\WLCtrl32.dll
2008-05-15 16:47:30 12288 --a------ C:\windows\system32\WLCtrl32(2).dll
2008-05-15 16:47:28 167936 --a------ C:\windows\system32\drivers\Snm39.sys
2008-05-15 16:47:17 52224 --a------ C:\windows\taskmon.exe
2008-05-15 16:47:09 6400 --a------ C:\windows\system32\drivers\tcpsr.sys
2008-05-15 16:47:08 0 --a------ C:\windows\mpfanvqg.dll
2008-05-15 16:47:07 225280 --a------ C:\windows\vbksrofa.dll
2008-05-15 16:47:04 245 --a------ C:\windows\tmp3218312.bat
2008-05-15 16:47:03 0 d-------- C:\Documents and Settings\NetworkService\Start Menu
2008-05-15 16:47:00 12288 --a------ C:\windows\system32\WinNt32.dll
2008-05-15 16:47:00 12288 --a------ C:\windows\system32\WinNt32(2).dll
2008-05-15 16:47:00 27136 --a------ C:\windows\system32\drivers\Liq03.sys
2008-05-15 16:47:00 27136 --a------ C:\windows\system32\drivers\Liq03(6).sys
2008-05-15 16:47:00 27136 --a------ C:\windows\system32\drivers\Liq03(5).sys
2008-05-15 16:47:00 14976 --a------ C:\windows\system32\drivers\Liq03(4).sys
2008-05-15 16:47:00 27136 --a------ C:\windows\system32\drivers\Liq03(3).sys
2008-05-15 16:47:00 27136 --a------ C:\windows\system32\drivers\Liq03(2).sys
2008-05-15 16:46:58 25084 --a------ C:\windows\system32\maxpaynow1.exe
2008-05-15 16:46:47 52224 --a------ C:\windows\system32\vedxga4m1et4.exe
2008-05-15 16:46:43 0 dr------- C:\Documents and Settings\NetworkService\Favorites
2008-05-15 16:46:41 22528 --a------ C:\windows\system32\vedxg4am1et2.exe
2008-05-15 16:46:41 0 d------c- C:\Brave-Sentry
2008-05-15 16:46:39 25084 --a------ C:\windows\system32\vedxga1me4t1.exe
2008-05-15 16:46:38 13824 --a------ C:\windows\system32\maxpaynowti.exe
2008-05-15 16:46:37 19456 --a------ C:\windows\system32\vedxg6ame4.exe
2008-05-15 16:46:35 25970 --a------ C:\windows\system32\maxpaynowti1.exe
2008-05-15 16:46:34 8780 --a------ C:\windows\system32\vedxga5me3.exe
2008-05-15 16:46:31 27648 --a------ C:\windows\system32\vedxga3me2.exe
2008-05-15 16:46:29 9728 --a----c- C:\findfast.exe
2008-05-15 16:46:28 1632 --a------ C:\windows\system32\vedxga4me1.exe
2008-05-15 16:46:28 9728 --a------ C:\Documents and Settings\NetworkService\Application Data\printer.exe
2008-05-15 16:46:28 1086470 --a------ C:\Documents and Settings\NetworkService\Application Data\Install.dat
2008-05-15 16:46:19 26174 --a------ C:\windows\system32\dllgh8jkd1q7.exe
2008-05-15 16:46:19 0 d-------- C:\Documents and Settings\All Users\Application Data\qdovchyf
2008-05-15 16:46:18 106496 --a------ C:\windows\system32\opkdmtih.exe
2008-05-15 16:46:17 25738 --a------ C:\windows\system32\dllgh8jkd1q6.exe
2008-05-15 16:46:17 31232 --a------ C:\windows\system32\crypts.dll
2008-05-15 16:46:16 25970 --a------ C:\windows\system32\dllgh8jkd1q5.exe
2008-05-14 18:23:56 17801 --a------ C:\windows\system32\drivers\AegisP.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
2008-05-14 18:21:30 17149 --a------ C:\windows\system32\DNINDIS5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2008-05-14 18:21:29 147456 --a------ C:\windows\system32\ssleay32.dll
2008-05-14 18:21:29 651264 --a------ C:\windows\system32\libeay32.dll
2008-05-14 18:21:29 94208 --a------ C:\windows\system32\DNIN50.dll <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2008-05-14 18:21:29 192512 -ra------ C:\windows\system32\AegisI5.exe <Not Verified; ; AegisInstall Application>
2008-05-14 18:21:29 0 d-------- C:\Program Files\NETGEAR
2008-05-12 17:34:51 0 d-------- C:\Documents and Settings\NetworkService\Desktop
2008-05-05 20:16:50 0 d-------- C:\Documents and Settings\All Users\Application Data\PopCap
2008-05-05 20:06:12 0 d-------- C:\Program Files\Java
2008-05-05 20:06:11 0 d-------- C:\Program Files\Common Files\Java
2008-05-05 19:34:17 0 d-------- C:\windows\nview
2008-05-05 19:33:21 0 d------c- C:\NVIDIA
2008-05-05 19:32:09 552 --a------ C:\windows\system32\d3d8caps.dat
2008-05-05 19:32:07 0 d-------- C:\Program Files\SystemRequirementsLab
2008-05-05 19:31:17 664 --a------ C:\windows\system32\d3d9caps.dat
2008-04-30 17:21:34 12234752 --a------ C:\Documents and Settings\Jennifer\ntuser.dat
2008-04-21 18:51:42 45056 --a------ C:\windows\system32\sstunst3.exe <Not Verified; Stardust Software; Stardust Screen Saver Toolkit 2003>
2008-04-21 18:51:39 956 --a------ C:\windows\unins000.dat
2008-04-21 18:51:38 402944 --a------ C:\windows\system32\Amazing Fractal Visions.scr <Not Verified; Stardust Software; Stardust Screen Saver Toolkit 2003>
2008-04-21 18:51:38 0 d-------- C:\Program Files\Stardust
2008-04-21 18:45:55 1564672 --a------ C:\windows\Variations.scr
2008-04-21 18:45:55 0 d-------- C:\Program Files\Variations
2008-04-21 18:45:55 0 d-------- C:\Documents and Settings\Jennifer\Application Data\Variations
2008-04-21 18:21:19 0 d-------- C:\windows\system32\Uninstall


-- Find3M Report ---------------------------------------------------------------

2008-05-19 15:20:52 256 --a------ C:\windows\system32\pool.bin
2008-05-16 17:35:53 0 d-------- C:\Program Files\FBrowsingAdvisor
2008-05-15 20:27:20 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-15 20:26:49 0 d-------- C:\Program Files\Symantec
2008-05-15 17:04:16 0 d-------- C:\Program Files\Common Files
2008-05-15 16:46:18 17408 --a------ C:\windows\system32\svchost.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-14 18:21:28 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-13 19:24:00 0 d-------- C:\Program Files\Mahjong Towers II
2008-05-05 19:48:15 0 d-------- C:\Documents and Settings\Jennifer\Application Data\Adobe
2008-05-05 18:14:42 0 d-------- C:\Program Files\Norton SystemWorks Basic Edition
2008-05-04 13:50:42 0 d-------- C:\Program Files\Common Files\Research In Motion
2008-04-30 17:57:47 0 d-------- C:\Program Files\Yahoo! Games
2008-04-30 17:21:45 0 d-------- C:\Documents and Settings\Jennifer\Application Data\SUPERAntiSpyware.com
2008-04-30 17:21:42 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-04-30 16:40:14 0 d-------- C:\Program Files\Common Files\Real
2008-04-30 16:40:00 0 d-------- C:\Documents and Settings\Jennifer\Application Data\Real
2008-04-24 18:37:37 0 d-------- C:\Documents and Settings\Jennifer\Application Data\Roxio
2008-04-21 18:51:39 72164 --a------ C:\windows\unins000.exe <Not Verified; Jordan Russell; >
2008-04-21 16:59:14 0 d-------- C:\Documents and Settings\Jennifer\Application Data\Apple Computer
2008-04-17 08:44:28 0 d-------- C:\Program Files\Apple Software Update
2008-04-16 12:04:33 0 d-------- C:\Program Files\iTunes
2008-04-16 12:04:19 0 d-------- C:\Program Files\iPod
2008-04-16 12:02:29 0 d-------- C:\Program Files\QuickTime
2008-04-16 11:46:02 0 d-------- C:\Program Files\Safari
2008-04-04 14:33:14 96992 --a------ C:\windows\system32\GDIPFONTCACHEV1.DAT
2008-03-31 16:46:32 1232 --a------ C:\windows\checkip.dat
2008-03-30 00:47:02 0 d-------- C:\Program Files\Chill
2008-03-29 23:35:51 0 d-------- C:\Program Files\GamesBar
2008-03-29 23:35:48 0 d-------- C:\Program Files\Common Files\Oberon Media
2008-03-22 18:10:41 0 d-------- C:\Program Files\MSXML 6.0
2008-03-22 14:49:37 0 d-------- C:\Program Files\Yahoo!
2008-03-22 14:47:46 0 d-------- C:\Program Files\ScenicReflections
2008-03-21 12:15:52 0 d-------- C:\Program Files\Linksys
2008-03-21 12:15:04 0 d-------- C:\Program Files\MSBuild
2008-03-21 12:09:30 0 d-------- C:\Program Files\Reference Assemblies
2008-03-21 12:05:06 0 d-------- C:\Program Files\WebEx
2008-03-21 12:04:14 0 d-------- C:\Program Files\Common Files\Pure Networks Shared


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
12/17/2007 10:12 AM 56360 --a------ C:\Program Files\Windows Live\Family Safety\fssbho.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Disc Detector"="C:\Program Files\Creative\ShareDLL\CtNotify.exe" [12/25/2001 11:00 PM]
"diagent"="C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" [04/02/2002 10:01 PM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/06/2005 11:46 PM]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [11/15/2007 09:24 AM]
"fssui"="C:\Program Files\Windows Live\Family Safety\fssui.exe" [12/17/2007 10:12 AM]
"@"="" []
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [03/26/2007 06:07 AM]
"nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [01/08/2008 04:20 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 10:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 09:36 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [08/24/2007 09:07 PM]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [11/15/2007 09:23 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\windows\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 08:24 AM]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 10:09 AM]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [11/13/2006 12:39 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
@=C:\Program Files\Internet Explorer\iexplore.exe http://www.symantec.com/techsupp/servlet/P...00006f.00000148

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\Jennifer\Start Menu\Programs\Startup\
DESKTOP.INI [9/3/2002 6:00:00 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Desktop Manager.lnk - C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe [3/28/2007 10:32:56 AM]
DESKTOP.INI [9/3/2002 6:00:00 AM]
NETGEAR WPN111 Smart Wizard.lnk - C:\Program Files\NETGEAR\WPN111\wpn111.exe [5/14/2008 6:21:29 PM]
Screen Saver Control.lnk - C:\WINDOWS\FSScrCtl.exe [8/8/2001 5:14:07 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HideClock"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"mEekqTR"= {6CA0F85E-C60A-52F4-B310-791C7FE67F01} - C:\windows\System32\zbuo.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="explorer.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= :\windows\system32\srrstr.dll cli scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ Labtec Mouse Software 2.0.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Labtec Mouse Software 2.0.lnk
backup=C:\windows\pss\ Labtec Mouse Software 2.0.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk
backup=C:\windows\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
"C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
"C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
"C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1126331122\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
\Program\BackWeb-8876480.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeScape Media Detector]
C:\Program Files\Picasa\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
Logi_MwX.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Location Finder]
"C:\Program Files\Microsoft Location Finder\LocationFinder.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
"C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSWosCheck]
C:\Program Files\Norton SystemWorks Basic Edition\osCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
"C:\Program Files\Norton Internet Security\osCheck.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
"C:\Program Files\Dell\Media Experience\PCMService.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]
C:\PROGRA~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmd]
C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tweak UI]
RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\UpdReg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YCentral]
c:\progra~1\yahoo!\YCentral\YahooCentral.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"odserv"=3 (0x3)
"ISPwdSvc"=3 (0x3)


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{c23dd370-cb79-11d2-898a-00c04f80a47f}]
rundll32.exe advpack.dll,LaunchINFSectionEx %SystemRoot%\INF\toolimg.inf,PerUserStub.Install,,260



-- Hosts -----------------------------------------------------------------------

10.18.250.4 ad.doubleclick.net
10.18.250.4 ad.fastclick.net
10.18.250.4 ads.fastclick.net
10.18.250.4 ar.atwola.com
10.18.250.4 atdmt.com
10.18.250.4 avp.ch
10.18.250.4 avp.com
10.18.250.4 avp.ru
10.18.250.4 awaps.net
10.18.250.4 banner.fastclick.net

79 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-05-19 19:20:59 ------------

BC AdBot (Login to Remove)

 


#2 SFJenn

SFJenn
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:27 PM

Posted 22 May 2008 - 01:08 PM

I would appreciate it if someone would reply on this subject.
Thanks in advance.

#3 RenatoMejias

RenatoMejias

  • Malware Response Team
  • 913 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:27 PM

Posted 15 June 2008 - 10:44 PM

Hello


Apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so I can have a look at the current condition of your machine.

Thanks and again sorry for the delay.

Please download Deckard's System Scanner (DSS) and save to your Desktop.
alternate download site

DSS will do the following:
  • Create a new System Restore point in Windows XP and Vista.
  • Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.
  • Check some important areas of your system and produce a report for an analyst to review.
  • Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.
You must be logged onto an account with administrator privileges when using.
  • Close all applications and windows.
  • Double-click on dss.exe to run it and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not
    malicious.
  • When the scan is complete, two text files will open in Notepad:
    • main.txt <- this one will be maximized
    • extra.txt <- this one will be minimized
  • If not, they both can be found in the C:\Deckard\System Scanner folder.
  • Please copy (Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply.
-- When running DSS, some firewalls may warn that it is trying to access the Internet especially if your asked to download the most current version of HijackThis. Please ensure that you allow it permission to do so.
-- If you get a warning from your anti-virus while DSS is scanning, please allow DSS to continue as the scan is not harmful.



Next
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Renato Victor Mejias
Malware help in portuguese
jetian6yw.jpg

#4 don77

don77

    Forum Regular


  • Members
  • 3,212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston Mass
  • Local time:02:27 PM

Posted 21 June 2008 - 06:38 AM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users