Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Am I Infected?


  • This topic is locked This topic is locked
4 replies to this topic

#1 kegroening

kegroening

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 19 July 2008 - 05:41 AM

Deckard's System Scanner v20071014.68
Run by Keith on 2008-07-19 05:33:17
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 3 Restore Point(s) --
3: 2008-07-19 10:33:25 UTC - RP77 - Deckard's System Scanner Restore Point
2: 2008-07-19 09:06:32 UTC - RP76 -
1: 2008-07-19 09:06:10 UTC - RP75 - Removed Paint Shop Pro 7 Evaluation


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Keith.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:34:48 AM, on 7/19/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\PROGRA~1\xFXMixer\xfxmixer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AnyTime Deluxe\Atw.exe
C:\Program Files\typeit\TypeItIn\TypeItIn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\AnyTime Deluxe\Atw.dat
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\NCH Swift Sound\ExpressNotes\exnotes.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Documents and Settings\Keith\Desktop\dss.exe
C:\HJT\Keith.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\program files\creative\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [xFXMixer] D:\PROGRA~1\xFXMixer\xfxmixer.exe /min
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WorldTime2006] C:\Program Files\AnyTime Deluxe\WorldTime.exe /reg
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] D:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: AnyTime.lnk = C:\Program Files\AnyTime Deluxe\Atw.exe
O4 - Startup: TypeItIn.lnk = C:\Program Files\typeit\TypeItIn\TypeItIn.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Search - ?p=ZN
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {1B9B97D0-C0F4-4045-9B42-50A4535C9041} (WCLoaderCtl Class) - http://download.paltalk.com/wcloader_test/wcloader.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/27.49/uploader2.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://cai.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: W2k PCtel speaker phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: ThreatFire - Unknown owner - C:\Program Files\ThreatFire\TFService.exe (file missing)

--
End of file - 11035 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 Vmodem (W2k Vmodem) - c:\windows\system32\drivers\vmodem.sys <Not Verified; PCTEL, INC.; HSP Modem Modem Device>
R0 Vpctcom (W2k Vpctcom) - c:\windows\system32\drivers\vpctcom.sys <Not Verified; PCtel, Inc.; HSP Modem Virtual Control Device>
R0 Vvoice (W2k Vvoice) - c:\windows\system32\drivers\vvoice.sys <Not Verified; PCtel, Inc.; PCTEL HSP Modem Voice Device>
R3 ptserial (W2K Pctel Serial Device Driver) - c:\windows\system32\drivers\ptserial.sys <Not Verified; PCTEL, INC.; HSP Modem Serial Device>

S2 XLKRFSVB - c:\windows\system32\xlkrfsvb.sps (file missing)
S3 SABProcEnum - c:\program files\internet explorer\sabprocenum.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Pctspk (W2k PCtel speaker phone) - c:\windows\system32\pctspk.exe <Not Verified; PCtel, Inc.; PCTSPK.EXE>

S2 ThreatFire - c:\program files\threatfire\tfservice.exe service (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Description: SIS Processor to AGP Controller
Device ID: PCI\VEN_1039&DEV_0001&SUBSYS_00000000&REV_00\3&61AAA01&0&08
Manufacturer: Silicon Integrated Systems
Name: SIS Processor to AGP Controller
PNP Device ID: PCI\VEN_1039&DEV_0001&SUBSYS_00000000&REV_00\3&61AAA01&0&08
Service: pci

Class GUID:
Description:
Device ID: ACPI\WEC0515\4&398EACD8&0
Manufacturer:
Name:
PNP Device ID: ACPI\WEC0515\4&398EACD8&0
Service:

Class GUID:
Description: Multimedia Audio Controller
Device ID: PCI\VEN_1039&DEV_7012&SUBSYS_8127104D&REV_A0\3&61AAA01&0&17
Manufacturer:
Name: Multimedia Audio Controller
PNP Device ID: PCI\VEN_1039&DEV_7012&SUBSYS_8127104D&REV_A0\3&61AAA01&0&17
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-07-19 02:18:24 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-07-19 00:30:34 422 --ah----- C:\WINDOWS\Tasks\User_Feed_Synchronization-{BCDDFD8F-D77A-43C2-84F1-446C6B3E2D06}.job
2008-07-12 06:31:00 270 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
2008-02-23 07:31:08 392 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job


-- Files created between 2008-06-19 and 2008-07-19 -----------------------------

2008-07-19 03:57:50 0 d-------- C:\WINDOWS\LastGood
2008-07-12 21:51:43 0 d-------- C:\Documents and Settings\Keith\Application Data\Jasc
2008-07-12 21:04:53 0 d-------- C:\Program Files\MSPress
2008-07-12 15:15:38 0 d-------- C:\Program Files\GraFX
2008-07-12 01:19:11 0 dr-h----- C:\Documents and Settings\Keith\Recent
2008-07-04 01:59:34 0 d-------- C:\Program Files\Web Album Generator
2008-07-01 20:48:38 0 d-------- C:\Documents and Settings\Keith\Application Data\Media Player Classic
2008-07-01 18:54:36 0 d-------- C:\Documents and Settings\Keith\Application Data\vlc
2008-07-01 18:52:44 0 d-------- C:\Documents and Settings\Keith\Application Data\Xenorate
2008-07-01 18:45:48 0 d-------- C:\Program Files\VideoLAN
2008-06-23 13:24:37 0 d-------- C:\Documents and Settings\Keith\Application Data\NCH Software


-- Find3M Report ---------------------------------------------------------------

2008-07-19 00:11:22 80 -r-hs---- C:\WINDOWS\system32\03168F54A2.dll
2008-07-12 21:07:37 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-12 02:28:42 0 d-------- C:\Documents and Settings\Keith\Application Data\LimeWire
2008-07-12 02:21:56 0 d-------- C:\Program Files\AtomixMP3
2008-07-06 11:35:06 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-06-23 14:02:56 0 d-------- C:\Program Files\NCH Swift Sound
2008-06-23 13:24:09 0 d-------- C:\Program Files\NCH Software
2008-06-09 10:59:17 0 d-------- C:\Program Files\ThreatFire
2008-05-25 02:00:48 0 d-------- C:\Documents and Settings\Keith\Application Data\AVGTOOLBAR
2008-05-24 12:10:20 0 d-------- C:\Program Files\AVG
2008-05-20 01:22:41 0 d-------- C:\Program Files\Utherverse Digital Inc
2008-05-10 00:51:16 2560 --a------ C:\WINDOWS\system32\BitCometRes.dll <Not Verified; BitComet; BitComet BCTP Helper>
2008-05-06 05:57:52 1 --a------ C:\WINDOWS\system32\kr_done1de
2008-05-03 20:48:22 704920488 --a------ C:\Documents and Settings\Keith\Application Data\speech.wav


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
05/24/2008 12:10 PM 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [05/24/2008 12:10 PM 2050816]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"xFXMixer"="D:\PROGRA~1\xFXMixer\xfxmixer.exe" [05/27/2004 02:30 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [05/15/2008 06:19 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"atr.exe"="" []
"CountrySelection"="pctptt.exe" [02/24/2007 06:48 PM C:\WINDOWS\system32\pctptt.exe]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [05/24/2008 12:10 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 07:12 PM]
"WorldTime2006"="C:\Program Files\AnyTime Deluxe\WorldTime.exe" [09/23/2006 02:14 AM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 12:43 PM]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [08/30/2007 06:43 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [05/31/2008 04:00 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
"Picasa Media Detector"=D:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Documents and Settings\Keith\Start Menu\Programs\Startup\
AnyTime.lnk - C:\Program Files\AnyTime Deluxe\Atw.exe [2/17/2008 7:47:32 AM]
TypeItIn.lnk - C:\Program Files\typeit\TypeItIn\TypeItIn.exe [3/17/2007 7:50:39 AM]
Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe [12/11/2007 5:34:48 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 2:01:04 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"DisableTaskMgr"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{744a6720-a78e-11dc-a84e-00e018b93c3c}]




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

7966 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-07-19 05:35:48 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.66GHz
Percentage of Memory in Use: 59%
Physical Memory (total/avail): 1023.53 MiB / 413.98 MiB
Pagefile Memory (total/avail): 1285.86 MiB / 818.23 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1933.32 MiB

A: is Removable (Unformatted)
C: is Fixed (NTFS) - 127.99 GiB total, 115.41 GiB free.
D: is Fixed (NTFS) - 170.1 GiB total, 168.57 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD3200JB-00KFA0 - 298.09 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 127.99 GiB - C:
\PARTITION1 - Installable File System - 170.1 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Keith\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=KEGROEN
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Keith
LOGONSERVER=\\KEGROEN
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0207
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Keith\LOCALS~1\Temp
TMP=C:\DOCUME~1\Keith\LOCALS~1\Temp
USERDOMAIN=KEGROEN
USERNAME=Keith
USERPROFILE=C:\Documents and Settings\Keith
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Keith (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\PROGRA~1\Yahoo!\Common\unyt.exe
--> C:\WINDOWS\WEBDELC.EXE -[PC-CAM Center
--> C:\WINDOWS\WEBDELC.EXE -[WebCam Monitor
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ACDSee Classic --> D:\PROGRA~1\ACDSee32\UNWISE.EXE D:\PROGRA~1\ACDSee32\INSTALL.LOG
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Ahead InCD EasyWrite Reader --> C:\WINDOWS\unmrw.exe /UNINSTALL
Any Video Converter 2.1.1 --> "C:\Program Files\Any Video Converter\unins000.exe"
AnyTime Organizer --> C:\PROGRA~1\ANYTIM~1\UNWISE.EXE C:\PROGRA~1\ANYTIM~1\INSTALL.LOG
AtomixMP3 v2.3 Trial --> C:\PROGRA~1\ATOMIX~1\UNWISE.EXE C:\PROGRA~1\ATOMIX~1\INSTALL.LOG
AudibleManager --> D:\Program Files\Creative\Bin\Upgrade.exe /Uninstall
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Avery LabelPro 3.0 --> C:\WINDOWS\uninst.exe -f"D:\Program Files\Avery LabelPro\DeIsL1.isu"
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
AZZ Cardfile --> C:\Program Files\AZZ Cardfile\UNINSTALL.EXE
BitComet 0.80 --> C:\Program Files\BitComet\uninst.exe
Blurty (remove only) --> "D:\Program Files\Blurty\blurty-uninstall.exe"
CA Yahoo! Anti-Spy (remove only) --> "C:\Program Files\CA Yahoo! Anti-Spy\uninstall.exe"
CameraWare --> C:\CameraWare\Uninstall.exe
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Creative PC-CAM Center --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\PC-CAM Center\DeIsL1.isu"
Creative WebCam Monitor --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\WebCam Monitor\DeIsL1.isu"
Creative WebCam Pro Driver --> C:\WINDOWS\ctdrvins.exe -uninstall usb\vid_05a9&pid_a511 -plugin p1030pin.dll -pluginres p1030pin.crl
Creative WebCam Pro Manual (English) --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\Creative WebCam Pro Manual\English\CTManual.isu"
Express Burn --> C:\Program Files\NCH Swift Sound\ExpressBurn\uninst.exe
Express Invoice --> C:\Program Files\NCH Software\ExpressInvoice\uninst.exe
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
GraFX 2.4 --> "C:\Program Files\GraFX\unins000.exe"
HijackThis 2.0.2 --> "C:\HJT\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HSP56 MR Drivers --> ptuninst.exe
HTML Executable IERuntime --> C:\Program Files\Common Files\HTML Executable Viewer\{AF358AB7-0CEF-40B5-A569-D27F8F38232D}\heieunin.exe
It'sMe --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D88F4419-686D-476D-B9EF-ACF9F01309B7}\setup.exe" /uninstall
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
MediaJoin --> "C:\Documents and Settings\All Users\Application Data\{4588FC3C-C040-44E3-BB19-D9D014557FE1}\setup_mj.exe" REMOVE=TRUE MODIFY=FALSE
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Computer Dictionary, 5th Ed eBook --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3CF8B699-66D4-4D4F-AB9E-5311F5E98A63}\setup.exe"
Microsoft Office XP Media Content --> MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Professional --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0050048383C9}
Microsoft Publisher 2002 --> MsiExec.exe /I{91190409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Windows XP Inside Out Deluxe Edition eBook --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B5417C5-D846-40B4-A29E-7F7EE2DFD050}\setup.exe"
MixPad --> C:\Program Files\NCH Swift Sound\MixPad\uninst.exe
Mozilla Firefox (2.0.0.6) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
NCH Toolbox --> C:\Program Files\NCH Swift Sound\ToolBox\uninst.exe
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NeroMediaPlayer --> C:\WINDOWS\UNNMP.exe /UNINSTALL
NeroVision Express --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
Netscape (7.1) --> C:\WINDOWS\NSUninst.exe /ua "7.1b1 (en)"
Novel Writer Standard --> "D:\Program Files\Novel Writer Standard\UninstallerData\Uninstall Novel Writer Standard.exe"
Picasa 2 --> "D:\Program Files\Picasa2\Uninstall.exe"
Prism Video Converter --> C:\Program Files\NCH Software\Prism\uninst.exe
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
The Journal 4 --> "C:\Program Files\DavidRM Software\The Journal 4\unins000.exe"
TypeItIn Professional V2.7.5 --> "C:\Program Files\typeit\TypeItIn\unins000.exe"
VideoLAN VLC media player 0.8.6h --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Web Album Generator 1.8.2 --> "C:\Program Files\Web Album Generator\unins000.exe"
WebCamPlanet 5.00 --> "C:\Program Files\WebCamPlanet\unins000.exe"
Wiagra Video Joiner 3 --> "C:\Program Files\Bucek\WVJ1\unins000.exe"
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
xFXMixer --> C:\WINDOWS\iun6002.exe "D:\Program Files\xFXMixer\irunin.ini"
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
Yahoo! Widgets --> C:\PROGRA~1\Yahoo!\Widgets\uninstall.exe
yBook --> "D:\Program Files\yBook\unins000.exe"
yWriter2 --> "D:\Program Files\yWriter2\unins000.exe"
Zulu DJ Software --> C:\Program Files\NCH Software\Zulu\uninst.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type3835 / Error
Event Submitted/Written: 07/19/2008 05:35:08 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Event Record #/Type3834 / Error
Event Submitted/Written: 07/19/2008 05:35:08 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Event Record #/Type3833 / Error
Event Submitted/Written: 07/19/2008 05:35:08 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Event Record #/Type3832 / Error
Event Submitted/Written: 07/19/2008 05:35:08 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Event Record #/Type3831 / Error
Event Submitted/Written: 07/19/2008 05:35:08 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type25931 / Warning
Event Submitted/Written: 07/19/2008 05:35:15 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%KEGROEN27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %KEGROEN27 can't undo changes that you allow.

For more information please see the following:
%KEGROEN275

Scan ID: {BA8ADA18-5572-4C9A-85A7-CDAA3F118328}

User: KEGROEN\Keith

Name: %KEGROEN271

ID: %KEGROEN272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %KEGROEN276

Alert Type: %KEGROEN278

Detection Type: 1.1.1593.02

Event Record #/Type25930 / Warning
Event Submitted/Written: 07/19/2008 05:35:15 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%KEGROEN27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %KEGROEN27 can't undo changes that you allow.

For more information please see the following:
%KEGROEN275

Scan ID: {30DFDCDA-58B9-4A70-9ADE-27FF7A97880F}

User: KEGROEN\Keith

Name: %KEGROEN271

ID: %KEGROEN272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %KEGROEN276

Alert Type: %KEGROEN278

Detection Type: 1.1.1593.02

Event Record #/Type25929 / Warning
Event Submitted/Written: 07/19/2008 05:35:15 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%KEGROEN27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %KEGROEN27 can't undo changes that you allow.

For more information please see the following:
%KEGROEN275

Scan ID: {7F19975E-5F62-45C5-B611-19F7AE81D069}

User: KEGROEN\Keith

Name: %KEGROEN271

ID: %KEGROEN272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %KEGROEN276

Alert Type: %KEGROEN278

Detection Type: 1.1.1593.02

Event Record #/Type25928 / Warning
Event Submitted/Written: 07/19/2008 05:35:13 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%KEGROEN27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %KEGROEN27 can't undo changes that you allow.

For more information please see the following:
%KEGROEN275

Scan ID: {ED7703F8-7961-4D37-892B-08C4BB55D7F5}

User: KEGROEN\Keith

Name: %KEGROEN271

ID: %KEGROEN272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %KEGROEN276

Alert Type: %KEGROEN278

Detection Type: 1.1.1593.02

Event Record #/Type25927 / Warning
Event Submitted/Written: 07/19/2008 05:35:13 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%KEGROEN27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %KEGROEN27 can't undo changes that you allow.

For more information please see the following:
%KEGROEN275

Scan ID: {D60B72E7-45F0-4BC7-81AF-911B8D349BB7}

User: KEGROEN\Keith

Name: %KEGROEN271

ID: %KEGROEN272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %KEGROEN276

Alert Type: %KEGROEN278

Detection Type: 1.1.1593.02



-- End of Deckard's System Scanner: finished at 2008-07-19 05:35:48 ------------

BC AdBot (Login to Remove)

 


m

#2 kegroening

kegroening
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 26 July 2008 - 01:59 PM

Topic title was: I Have A Trojan, lmok d has infected my computer ~ OB

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:52:54 PM, on 7/26/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\svcprs32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
D:\PROGRA~1\xFXMixer\xfxmixer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\WINDOWS\cfgmng32.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\WINDOWS\system32\mdmcls32.exe
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Light\CAGlobalLight.exe
C:\Program Files\typeit\TypeItIn\TypeItIn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\CAGlobal.exe
C:\HJT\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://mail.yahoo.com/?.intl=us&.redir....cldefstat=Def1
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\program files\creative\Reader\ActiveX\AcroIEHelper.ocx (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: CA Toolbar Helper - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\CallingIDIE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: CA Toolbar - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\CallingIDIE.dll
O4 - HKLM\..\Run: [xFXMixer] D:\PROGRA~1\xFXMixer\xfxmixer.exe /min
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [dvHighMem] C:\WINDOWS\cfgmng32.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe"
O4 - HKLM\..\Run: [cafw] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] D:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {1B9B97D0-C0F4-4045-9B42-50A4535C9041} - http://download.paltalk.com/wcloader_test/wcloader.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - http://picasaweb.google.com/s/v/27.49/uploader2.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5036.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - http://cai.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: W2k PCtel speaker phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: WinSock Svchost Manager (WinSvchostManager) - Unknown owner - C:\WINDOWS\system32\svcprs32.exe

--
End of file - 12407 bytes

Edited by Orange Blossom, 26 July 2008 - 04:50 PM.
Merged topics. ~ OB


#3 kegroening

kegroening
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 29 July 2008 - 08:35 PM

Topic title was: It Started With A Trojan Lmok D, computer is slow and not loading pages ~ OB

a few days ago i ran ca-yahoo antispy. it found a trojan called Lmok d.
i removed it thru yahoo antispy and then ran avg,spybot and adaware,they found nothing but computer is VERY slow and most times will not even load a page on the net.
I had a very difficult time getting in here to post this hijack scan.
please help

{\rtf1\ansi\ansicpg1252\deff0\deflang1033{\fonttbl{\f0\fswiss\fcharset0 Arial;}}
{\*\generator Msftedit 5.41.15.1515;}\viewkind4\uc1\pard\f0\fs20 Deckard's System Scanner v20071014.68\par
Run by Keith on 2008-07-29 19:54:41\par
Computer is in Normal Mode.\par
--------------------------------------------------------------------------------\par
\par
\par
\par
-- HijackThis (run as Keith.exe) -----------------------------------------------\par
\par
Logfile of Trend Micro HijackThis v2.0.2\par
Scan saved at 7:54:47 PM, on 7/29/2008\par
Platform: Windows XP SP3 (WinNT 5.01.2600)\par
MSIE: Internet Explorer v7.00 (7.00.6000.16674)\par
Boot mode: Normal\par
\par
Running processes:\par
C:\\WINDOWS\\System32\\smss.exe\par
C:\\WINDOWS\\system32\\winlogon.exe\par
C:\\WINDOWS\\system32\\services.exe\par
C:\\WINDOWS\\system32\\lsass.exe\par
C:\\WINDOWS\\system32\\svchost.exe\par
C:\\Program Files\\Windows Defender\\MsMpEng.exe\par
C:\\WINDOWS\\System32\\svchost.exe\par
C:\\Program Files\\Lavasoft\\Ad-Aware 2007\\aawservice.exe\par
C:\\WINDOWS\\system32\\spoolsv.exe\par
C:\\PROGRA~1\\AVG\\AVG8\\avgwdsvc.exe\par
C:\\WINDOWS\\system32\\CTsvcCDA.EXE\par
C:\\WINDOWS\\system32\\pctspk.exe\par
C:\\WINDOWS\\system32\\svchost.exe\par
C:\\PROGRA~1\\AVG\\AVG8\\avgrsx.exe\par
C:\\PROGRA~1\\AVG\\AVG8\\avgemc.exe\par
C:\\PROGRA~1\\AVG\\AVG8\\avgupd.exe\par
C:\\WINDOWS\\system32\\winlogon.exe\par
C:\\WINDOWS\\Explorer.EXE\par
D:\\PROGRA~1\\xFXMixer\\xfxmixer.exe\par
C:\\Program Files\\Windows Defender\\MSASCui.exe\par
C:\\Program Files\\Java\\jre1.6.0_05\\bin\\jusched.exe\par
C:\\PROGRA~1\\AVG\\AVG8\\avgtray.exe\par
C:\\WINDOWS\\system32\\ctfmon.exe\par
C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe\par
C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\par
C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\ymsgr_tray.exe\par
C:\\Program Files\\typeit\\TypeItIn\\TypeItIn.exe\par
C:\\Program Files\\Yahoo!\\Widgets\\YahooWidgets.exe\par
C:\\Program Files\\Yahoo!\\Widgets\\YahooWidgets.exe\par
C:\\Program Files\\Yahoo!\\Widgets\\YahooWidgets.exe\par
C:\\WINDOWS\\system32\\wuauclt.exe\par
C:\\Documents and Settings\\Keith\\Desktop\\dss.exe\par
C:\\HJT\\Keith.exe\par
\par
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://www.yahoo.com/\par
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157\par
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...oo.com\par
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...h.html\par
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...oo.com\par
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157\par
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,SearchAssistant = \par
R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...oo.com\par
R3 - URLSearchHook: Yahoo! Toolbar - \{EF99BD32-C1FB-11D2-892F-0090271D4F88\} - C:\\PROGRA~1\\Yahoo!\\Companion\\Installs\\cpn2\\yt.dll\par
O2 - BHO: &Yahoo! Toolbar Helper - \{02478D38-C3F9-4EFB-9B51-7695ECA05670\} - C:\\PROGRA~1\\Yahoo!\\Companion\\Installs\\cpn2\\yt.dll\par
O2 - BHO: AcroIEHlprObj Class - \{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3\} - d:\\program files\\creative\\Reader\\ActiveX\\AcroIEHelper.ocx\par
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - \{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0\} - C:\\Program Files\\AVG\\AVG8\\avgssie.dll\par
O2 - BHO: Spybot-S&D IE Protection - \{53707962-6F74-2D53-2644-206D7942484F\} - C:\\PROGRA~1\\SPYBOT~1\\SDHelper.dll\par
O2 - BHO: Yahoo! IE Services Button - \{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897\} - C:\\Program Files\\Yahoo!\\Common\\yiesrvc.dll\par
O2 - BHO: SSVHelper Class - \{761497BB-D6F0-462C-B6EB-D4DAF1D92D43\} - C:\\Program Files\\Java\\jre1.6.0_05\\bin\\ssv.dll\par
O2 - BHO: AVG Security Toolbar - \{A057A204-BACC-4D26-9990-79A187E2698E\} - C:\\PROGRA~1\\AVG\\AVG8\\AVGTOO~1.DLL\par
O2 - BHO: Google Toolbar Helper - \{AA58ED58-01DD-4d91-8333-CF10577473F7\} - c:\\program files\\google\\googletoolbar2.dll\par
O2 - BHO: Google Toolbar Notifier BHO - \{AF69DE43-7D58-4638-B6FA-CE66B5AD205D\} - C:\\Program Files\\Google\\GoogleToolbarNotifier\\3.0.1225.9868\\swg.dll\par
O3 - Toolbar: Yahoo! Toolbar - \{EF99BD32-C1FB-11D2-892F-0090271D4F88\} - C:\\PROGRA~1\\Yahoo!\\Companion\\Installs\\cpn2\\yt.dll\par
O3 - Toolbar: &Google - \{2318C2B1-4965-11d4-9B18-009027A5CD4F\} - c:\\program files\\google\\googletoolbar2.dll\par
O3 - Toolbar: AVG Security Toolbar - \{A057A204-BACC-4D26-9990-79A187E2698E\} - C:\\PROGRA~1\\AVG\\AVG8\\AVGTOO~1.DLL\par
O4 - HKLM\\..\\Run: [xFXMixer] D:\\PROGRA~1\\xFXMixer\\xfxmixer.exe /min\par
O4 - HKLM\\..\\Run: [Windows Defender] "C:\\Program Files\\Windows Defender\\MSASCui.exe" -hide\par
O4 - HKLM\\..\\Run: [SunJavaUpdateSched] "C:\\Program Files\\Java\\jre1.6.0_05\\bin\\jusched.exe"\par
O4 - HKLM\\..\\Run: [CountrySelection] pctptt.exe\par
O4 - HKLM\\..\\Run: [AVG8_TRAY] C:\\PROGRA~1\\AVG\\AVG8\\avgtray.exe\par
O4 - HKCU\\..\\Run: [ctfmon.exe] C:\\WINDOWS\\system32\\ctfmon.exe\par
O4 - HKCU\\..\\Run: [SpybotSD TeaTimer] C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe\par
O4 - HKCU\\..\\Run: [Yahoo! Pager] "C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE" -quiet\par
O4 - HKCU\\..\\Run: [swg] C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\par
O4 - HKUS\\S-1-5-21-448539723-1454471165-1417001333-1005\\..\\Run: [ctfmon.exe] C:\\WINDOWS\\system32\\ctfmon.exe (User 'docroc')\par
O4 - HKUS\\S-1-5-21-448539723-1454471165-1417001333-1005\\..\\Run: [Yahoo! Pager] "C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE" -quiet (User 'docroc')\par
O4 - HKUS\\S-1-5-21-448539723-1454471165-1417001333-1005\\..\\Run: [swg] C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe (User 'docroc')\par
O4 - HKUS\\S-1-5-18\\..\\Run: [DWQueuedReporting] "C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe" -t (User 'SYSTEM')\par
O4 - HKUS\\.DEFAULT\\..\\Run: [DWQueuedReporting] "C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe" -t (User 'Default user')\par
O4 - Startup: AnyTime.lnk = C:\\Program Files\\AnyTime Deluxe\\Atw.exe\par
O4 - Startup: TypeItIn.lnk = C:\\Program Files\\typeit\\TypeItIn\\TypeItIn.exe\par
O4 - Startup: Yahoo! Widgets.lnk = C:\\Program Files\\Yahoo!\\Widgets\\YahooWidgets.exe\par
O4 - Global Startup: Microsoft Office.lnk = C:\\Program Files\\Microsoft Office\\Office10\\OSA.EXE\par
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\\Program Files\\BitComet\\BitComet.exe/AddLink.htm\par
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\\Program Files\\BitComet\\BitComet.exe/AddVideo.htm\par
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\\Program Files\\BitComet\\BitComet.exe/AddAllLink.htm\par
O8 - Extra context menu item: &Search - ?p=ZN\par
O8 - Extra context menu item: &Yahoo! Search - file:///C:\\Program Files\\Yahoo!\\Common/ycsrch.htm\par
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\\PROGRA~1\\MICROS~2\\Office10\\EXCEL.EXE/3000\par
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\\Program Files\\Yahoo!\\Common/ycdict.htm\par
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\\Program Files\\Yahoo!\\Common/ycmap.htm\par
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\\Program Files\\Yahoo!\\Common/ycsms.htm\par
O9 - Extra button: (no name) - \{08B0E5C0-4FCB-11CF-AAA5-00401C608501\} - C:\\Program Files\\Java\\jre1.6.0_05\\bin\\ssv.dll\par
O9 - Extra 'Tools' menuitem: Sun Java Console - \{08B0E5C0-4FCB-11CF-AAA5-00401C608501\} - C:\\Program Files\\Java\\jre1.6.0_05\\bin\\ssv.dll\par
O9 - Extra button: PalTalk - \{4EAFEF58-EEFA-4116-983D-03B49BCBFFFE\} - C:\\WINDOWS\\system32\\shdocvw.dll\par
O9 - Extra button: Yahoo! Services - \{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897\} - C:\\Program Files\\Yahoo!\\Common\\yiesrvc.dll\par
O9 - Extra button: (no name) - \{DFB852A3-47F8-48C4-A200-58CAB36FD2A2\} - C:\\PROGRA~1\\SPYBOT~1\\SDHelper.dll\par
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - \{DFB852A3-47F8-48C4-A200-58CAB36FD2A2\} - C:\\PROGRA~1\\SPYBOT~1\\SDHelper.dll\par
O9 - Extra button: (no name) - \{e2e2dd38-d088-4134-82b7-f2ba38496583\} - C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe\par
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - \{e2e2dd38-d088-4134-82b7-f2ba38496583\} - C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe\par
O9 - Extra button: Messenger - \{FB5F1910-F110-11d2-BB9E-00C04F795683\} - C:\\Program Files\\Messenger\\msmsgs.exe\par
O9 - Extra 'Tools' menuitem: Windows Messenger - \{FB5F1910-F110-11d2-BB9E-00C04F795683\} - C:\\Program Files\\Messenger\\msmsgs.exe\par
O12 - Plugin for .spop: C:\\Program Files\\Internet Explorer\\Plugins\\NPDocBox.dll\par
O16 - DPF: \{0E5F0222-96B9-11D3-8997-00104BD12D94\} (PCPitstop Utility) - http://pcpitstop.com/betapit/PCPitStop.CAB\par
O16 - DPF: \{1B9B97D0-C0F4-4045-9B42-50A4535C9041\} - http://download.paltalk.com/wcloader_test/...er.cab\par
O16 - DPF: \{30528230-99f7-4bb4-88d8-fa1d4f56a2ab\} (Installation Support) - C:\\Program Files\\Yahoo!\\Common\\Yinsthelper.dll\par
O16 - DPF: \{39B0684F-D7BF-4743-B050-FDC3F48F7E3B\} - http://www.fileplanet.com/fpdlmgr/cabs/FPD...08.cab\par
O16 - DPF: \{474F00F5-3853-492C-AC3A-476512BBC336\} - http://picasaweb.google.com/s/v/27.49/uploader2.cab\par
O16 - DPF: \{48DD0448-9209-4F81-9F6D-D83562940134\} - http://lads.myspace.com/upload/MySpaceUplo...06.cab\par
O16 - DPF: \{5ED80217-570B-4DA9-BF44-BE107C0EC166\} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...36.cab\par
O16 - DPF: \{7B297BFD-85E4-4092-B2AF-16A91B2EA103\} - http://cai.com/us/securityadvisor/virusinf...an.cab\par
O16 - DPF: \{8714912E-380D-11D5-B8AA-00D0B78F3D48\} - http://chat.yahoo.com/cab/yuplapp.cab\par
O16 - DPF: \{8A94C905-FF9D-43B6-8708-F0F22D22B1CB\} - http://www.worldwinner.com/games/shared/ww...ch.cab\par
O16 - DPF: \{B1E2B96C-12FE-45E2-BEF1-44A219113CDD\} - http://www.superadblocker.com/activex/sabspx.cab\par
O16 - DPF: \{FFB3A759-98B1-446F-BDA9-909C6EB18CC7\} - http://utilities.pcpitstop.com/optimize2/p...p2.dll\par
O18 - Protocol: linkscanner - \{F274614C-63F8-47D5-A4D1-FBDDE494F8D1\} - C:\\Program Files\\AVG\\AVG8\\avgpp.dll\par
O20 - AppInit_DLLs: avgrsstx.dll\par
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\\Program Files\\Lavasoft\\Ad-Aware 2007\\aawservice.exe\par
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\\PROGRA~1\\AVG\\AVG8\\avgemc.exe\par
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\\PROGRA~1\\AVG\\AVG8\\avgwdsvc.exe\par
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\\WINDOWS\\system32\\CTsvcCDA.EXE\par
O23 - Service: Google Updater Service (gusvc) - Google - C:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe\par
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\\Program Files\\Common Files\\InstallShield\\Driver\\1050\\Intel 32\\IDriverT.exe\par
O23 - Service: W2k PCtel speaker phone (Pctspk) - PCtel, Inc. - C:\\WINDOWS\\system32\\pctspk.exe\par
\par
--\par
End of file - 10384 bytes\par
\par
-- Files created between 2008-06-29 and 2008-07-29 -----------------------------\par
\par
2008-07-29 19:49:20 0 d-------- C:\\Program Files\\Common Files\\Scanner\par
2008-07-29 17:01:01 0 dr-h----- C:\\Documents and Settings\\Keith\\Recent\par
2008-07-26 14:01:16 0 d-------- C:\\Documents and Settings\\docroc\\Application Data\\Sun\par
2008-07-26 12:37:58 0 d-------- C:\\WINDOWS\\CAVTemp\par
2008-07-26 05:44:50 6 --a------ C:\\WINDOWS\\system32\\mkghj.dll\par
2008-07-26 05:44:32 0 d-------- C:\\Documents and Settings\\docroc\\Application Data\\CallingID\par
2008-07-26 05:43:01 0 d-------- C:\\WINDOWS\\Downloaded Installations\par
2008-07-26 05:41:56 0 d-------- C:\\WINDOWS\\rnapxs\par
2008-07-26 05:03:33 0 d-------- C:\\Documents and Settings\\docroc\\Application Data\\Macromedia\par
2008-07-26 05:03:32 0 d-------- C:\\Documents and Settings\\docroc\\Application Data\\Adobe\par
2008-07-26 05:03:23 0 d-------- C:\\Documents and Settings\\docroc\\Application Data\\Yahoo!\par
2008-07-26 05:03:21 0 d-------- C:\\Documents and Settings\\docroc\\Application Data\\Google\par
2008-07-26 05:03:21 0 d-------- C:\\Documents and Settings\\docroc\\Application Data\\AVGTOOLBAR\par
2008-07-26 05:01:58 0 d-------- C:\\Documents and Settings\\docroc\\Application Data\\Identities\par
2008-07-26 05:01:06 0 d--h----- C:\\Documents and Settings\\docroc\\Templates\par
2008-07-26 05:01:06 0 dr------- C:\\Documents and Settings\\docroc\\Start Menu\par
2008-07-26 05:01:06 0 dr-h----- C:\\Documents and Settings\\docroc\\SendTo\par
2008-07-26 05:01:06 0 dr-h----- C:\\Documents and Settings\\docroc\\Recent\par
2008-07-26 05:01:06 0 d--h----- C:\\Documents and Settings\\docroc\\PrintHood\par
2008-07-26 05:01:06 1572864 --ah----- C:\\Documents and Settings\\docroc\\NTUSER.DAT\par
2008-07-26 05:01:06 0 d--h----- C:\\Documents and Settings\\docroc\\NetHood\par
2008-07-26 05:01:06 0 dr------- C:\\Documents and Settings\\docroc\\My Documents\par
2008-07-26 05:01:06 0 d--h----- C:\\Documents and Settings\\docroc\\Local Settings\par
2008-07-26 05:01:06 0 dr------- C:\\Documents and Settings\\docroc\\Favorites\par
2008-07-26 05:01:06 0 d-------- C:\\Documents and Settings\\docroc\\Desktop\par
2008-07-26 05:01:06 0 d--hs---- C:\\Documents and Settings\\docroc\\Cookies\par
2008-07-26 05:01:06 0 dr-h----- C:\\Documents and Settings\\docroc\\Application Data\par
2008-07-26 05:01:06 0 d---s---- C:\\Documents and Settings\\docroc\\Application Data\\Microsoft\par
2008-07-26 04:23:49 0 d-------- C:\\Program Files\\Microsoft Windows OneCare Live\par
2008-07-26 04:02:23 0 d--h----- C:\\Documents and Settings\\Administrator\\Templates\par
2008-07-26 04:02:23 0 dr------- C:\\Documents and Settings\\Administrator\\Start Menu\par
2008-07-26 04:02:23 0 dr-h----- C:\\Documents and Settings\\Administrator\\SendTo\par
2008-07-26 04:02:23 0 d--h----- C:\\Documents and Settings\\Administrator\\Recent\par
2008-07-26 04:02:23 0 d--h----- C:\\Documents and Settings\\Administrator\\PrintHood\par
2008-07-26 04:02:23 0 d--h----- C:\\Documents and Settings\\Administrator\\NetHood\par
2008-07-26 04:02:23 0 d-------- C:\\Documents and Settings\\Administrator\\My Documents\par
2008-07-26 04:02:23 0 d--h----- C:\\Documents and Settings\\Administrator\\Local Settings\par
2008-07-26 04:02:23 0 d-------- C:\\Documents and Settings\\Administrator\\Favorites\par
2008-07-26 04:02:23 0 d-------- C:\\Documents and Settings\\Administrator\\Desktop\par
2008-07-26 04:02:23 0 d--hs---- C:\\Documents and Settings\\Administrator\\Cookies\par
2008-07-26 04:02:23 0 dr-h----- C:\\Documents and Settings\\Administrator\\Application Data\par
2008-07-26 04:02:23 0 d---s---- C:\\Documents and Settings\\Administrator\\Application Data\\Microsoft\par
2008-07-26 04:02:22 786432 --ah----- C:\\Documents and Settings\\Administrator\\NTUSER.DAT\par
2008-07-24 03:21:17 1572864 --a------ C:\\Documents and Settings\\LocalService\\ntuser.dat\par
2008-07-24 03:21:17 7872512 --a------ C:\\Documents and Settings\\Keith\\ntuser.dat\par
2008-07-12 21:51:43 0 d-------- C:\\Documents and Settings\\Keith\\Application Data\\Jasc\par
2008-07-12 21:04:53 0 d-------- C:\\Program Files\\MSPress\par
2008-07-12 15:15:38 0 d-------- C:\\Program Files\\GraFX\par
2008-07-04 01:59:34 0 d-------- C:\\Program Files\\Web Album Generator\par
2008-07-01 20:48:38 0 d-------- C:\\Documents and Settings\\Keith\\Application Data\\Media Player Classic\par
2008-07-01 18:54:36 0 d-------- C:\\Documents and Settings\\Keith\\Application Data\\vlc\par
2008-07-01 18:52:44 0 d-------- C:\\Documents and Settings\\Keith\\Application Data\\Xenorate\par
2008-07-01 18:45:48 0 d-------- C:\\Program Files\\VideoLAN\par
\par
\par
-- Find3M Report ---------------------------------------------------------------\par
\par
2008-07-29 19:49:20 0 d-------- C:\\Program Files\\Common Files\par
2008-07-29 18:03:17 0 d--h----- C:\\Program Files\\InstallShield Installation Information\par
2008-07-29 18:03:11 0 d-------- C:\\Program Files\\Common Files\\InstallShield\par
2008-07-29 18:02:31 0 d-------- C:\\Program Files\\Common Files\\Wise Installation Wizard\par
2008-07-26 20:36:37 664 --a------ C:\\WINDOWS\\system32\\d3d9caps.dat\par
2008-07-26 13:28:03 0 d-------- C:\\Program Files\\BitComet\par
2008-07-21 07:17:42 80 -r-hs---- C:\\WINDOWS\\system32\\03168F54A2.dll\par
2008-07-20 00:19:20 0 d-------- C:\\Program Files\\Windows Live Safety Center\par
2008-07-12 02:28:42 0 d-------- C:\\Documents and Settings\\Keith\\Application Data\\LimeWire\par
2008-07-12 02:21:56 0 d-------- C:\\Program Files\\AtomixMP3\par
2008-06-23 14:02:56 0 d-------- C:\\Program Files\\NCH Swift Sound\par
2008-06-23 13:24:37 0 d-------- C:\\Documents and Settings\\Keith\\Application Data\\NCH Software\par
2008-06-23 13:24:09 0 d-------- C:\\Program Files\\NCH Software\par
2008-05-06 05:57:52 1 --a------ C:\\WINDOWS\\system32\\kr_done1de\par
2008-05-03 20:48:22 704920488 --a------ C:\\Documents and Settings\\Keith\\Application Data\\speech.wav\par
\par
\par
-- Registry Dump ---------------------------------------------------------------\par
\par
*Note* empty entries & legit default entries are not shown\par
\par
\par
[HKEY_LOCAL_MACHINE\\~\\Browser Helper Objects\\\{A057A204-BACC-4D26-9990-79A187E2698E\}]\par
07/27/2008 09:07 AM\tab 2055960\tab --a------\tab C:\\PROGRA~1\\AVG\\AVG8\\AVGTOO~1.DLL\par
\par
[HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Toolbar\\WebBrowser]\par
"\{A057A204-BACC-4D26-9990-79A187E2698E\}"= C:\\PROGRA~1\\AVG\\AVG8\\AVGTOO~1.DLL [07/27/2008 09:07 AM 2055960]\par
\par
[-HKEY_CLASSES_ROOT\\CLSID\\\{A057A204-BACC-4D26-9990-79A187E2698E\}]\par
[HKEY_CLASSES_ROOT\\avgtoolbar.AVGTOOLBAR]\par
\par
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]\par
"xFXMixer"="D:\\PROGRA~1\\xFXMixer\\xfxmixer.exe" [05/27/2004 02:30 PM]\par
"Windows Defender"="C:\\Program Files\\Windows Defender\\MSASCui.exe" [11/03/2006 07:20 PM]\par
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.6.0_05\\bin\\jusched.exe" [02/22/2008 04:25 AM]\par
"CountrySelection"="pctptt.exe" [02/24/2007 06:48 PM C:\\WINDOWS\\system32\\pctptt.exe]\par
"AVG8_TRAY"="C:\\PROGRA~1\\AVG\\AVG8\\avgtray.exe" [07/27/2008 09:07 AM]\par
\par
[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]\par
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" [04/13/2008 07:12 PM]\par
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe" [01/28/2008 12:43 PM]\par
"Yahoo! Pager"="C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.exe" [08/30/2007 06:43 PM]\par
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe" [05/31/2008 04:00 PM]\par
\par
[HKEY_USERS\\.default\\software\\microsoft\\windows\\currentversion\\run]\par
"DWQueuedReporting"="C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe" -t\par
"Picasa Media Detector"=D:\\Program Files\\Picasa2\\PicasaMediaDetector.exe\par
\par
C:\\Documents and Settings\\Keith\\Start Menu\\Programs\\Startup\\\par
AnyTime.lnk - C:\\Program Files\\AnyTime Deluxe\\Atw.exe [2/17/2008 7:47:32 AM]\par
TypeItIn.lnk - C:\\Program Files\\typeit\\TypeItIn\\TypeItIn.exe [3/17/2007 7:50:39 AM]\par
Yahoo! Widgets.lnk - C:\\Program Files\\Yahoo!\\Widgets\\YahooWidgets.exe [12/11/2007 5:34:48 PM]\par
\par
C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\\par
Microsoft Office.lnk - C:\\Program Files\\Microsoft Office\\Office10\\OSA.EXE [2/13/2001 2:01:04 AM]\par
\par
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\policies\\system]\par
"DisableRegistryTools"=0 (0x0)\par
"DisableTaskMgr"=0 (0x0)\par
\par
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\winlogon\\notify\\dimsntfy] \par
C:\\WINDOWS\\System32\\dimsntfy.dll \par
\par
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\windows]\par
"appinit_dlls"=avgrsstx.dll\par
\par
[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SafeBoot\\Minimal\\aawservice]\par
@="Service"\par
\par
[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SafeBoot\\Minimal\\AVG Anti-Spyware Driver"\par
\par
[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SafeBoot\\Minimal\\AVG Anti-Spyware Guard"\par
\par
[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SafeBoot\\Minimal\\vds]\par
@="Service"\par
\par
[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SafeBoot\\Minimal\\\{533C5B84-EC70-11D2-9505-00C04F79DEAF\}]\par
@="Volume shadow copy"\par
\par
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\svchost]\par
eapsvcs\tab eaphost\par
dot3svc\tab dot3svc\par
\par
HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Svchost - NetSvcs\par
napagent\par
hkmsvc\par
\par
\par
[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\\{744a6720-a78e-11dc-a84e-00e018b93c3c\}]\par
\par
\par
\par
\par
-- End of Deckard's System Scanner: finished at 2008-07-29 19:55:12 ------------\par
\par
}

Merged topics - again. ~ OB

Edited by Orange Blossom, 29 July 2008 - 11:27 PM.


#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,693 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:05:15 PM

Posted 06 August 2008 - 03:41 PM

Hello kegroening,

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks and again sorry for the delay.

Please download Deckard's System Scanner (DSS) and save to your Desktop.
alternate download site

DSS will do the following:
  • Create a new System Restore point in Windows XP and Vista.
  • Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.
  • Check some important areas of your system and produce a report for an analyst to review.
  • Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.
You must be logged onto an account with administrator privileges when using.
  • Close all applications and windows.
  • Double-click on dss.exe to run it and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not
    malicious.
  • When the scan is complete, two text files will open in Notepad:
    • main.txt <- this one will be maximized
    • extra.txt <- this one will be minimized
  • If not, they both can be found in the C:\Deckard\System Scanner folder.
  • Please copy (Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply.
-- When running DSS, some firewalls may warn that it is trying to access the Internet especially if your asked to download the most current version of HijackThis. Please ensure that you allow it permission to do so.
-- If you get a warning from your anti-virus while DSS is scanning, please allow DSS to continue as the scan is not harmful.


If you already preformed the steps above We still need to see the current state of the machine fresh scan and logs are still necessary

click on Start, click on Run
copy and paste the following in bold in the open window and then click OK
"%userprofile%\desktop\dss.exe" /config
This will open up DSS configuration
click on Check All
click Scan
DSS will now run again when finished
Please post back both logs that open in notepad
Main txt and extra txt



Next
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#5 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,693 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:05:15 PM

Posted 12 September 2008 - 10:15 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users