Thread: Motherload virus(es)
View Single Post
Old 10-07-2007, 04:16 PM   #1 (permalink)
vaccinate
Registered User
 
Join Date: Oct 2007
Posts: 9
OS: winXP Pro Service Pack2


Motherload virus(es)
Hello Tech Support Forum,

I'm a first time caller to any support forum. Hopefully I'm doing this right. I'll be as brief as I can (could write pages). Hoping you can help.

This week I got the motherload, the all-you-can-eat buffet of viruses; spyware, adware, home-page hijacker, wallpaper hijacker, disabled task manager, fatal shutdown errors, and keyloggers (which I discovered manually). Everything was fronted by a virus trying to get me to buy an anti-virus program.

I was running pc-cillin and spybot which kept crashing when I tried to remove infected files.

With persistence I continued to run these programs in addition to ad-aware, spyware blaster, microsoft antimaleware, AVG and since logging on here - Panda. Also have done several remove programs and deleted hundreds of files through manual searches.

Anyway.......The system is up and running, but I'm sure I haven't captured everything and it's time for a Deep Cleaning. So.......I need your help and advice.

Have posted and attached the scans requested.

Thanks,
Vaccinate (me)

"Deckard's System Scanner v20070905.67
Run by David Osburn on 2007-10-07 17:33:04
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
85: 2007-10-07 21:33:07 UTC - RP295 - Deckard's System Scanner Restore Point
84: 2007-10-07 06:08:03 UTC - RP294 - System Checkpoint
83: 2007-10-06 05:09:29 UTC - RP293 - System Checkpoint
82: 2007-10-05 04:45:55 UTC - RP292 - Installed AVG 7.5
81: 2007-10-05 02:24:13 UTC - RP291 - Software Distribution Service 3.0


-- First Restore Point --
1: 2007-07-10 03:54:44 UTC - RP211 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-10-07 17:37:21
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\DOCUME~1\DAVIDO~1\LOCALS~1\Temp\clclean.0001
C:\WINDOWS\system32\DLA\DLACTRLW.EXE
C:\Program Files\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\ehome\ehrecvr.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\StorageSync\StrgSync.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Trend Micro\Internet Security 12\PcCtlCom.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\Internet Security 12\Tmntsrv.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\Internet Security 12\tmproxy.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\ELService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Trend Micro\Internet Security 12\TmPfw.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\David Osburn\Desktop\Security\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=4061030
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freep.com/apps/pbcs.dll/frontpage
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R0 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=4061030
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O2 - BHO: Flash Module - {EDA4EECA-6938-40ec-A076-3DEAEC1448D7} - btasv.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar4.dll
O4 - HKEY_LOCAL_MACHINE\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKEY_LOCAL_MACHINE\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKEY_LOCAL_MACHINE\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKEY_LOCAL_MACHINE\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKEY_LOCAL_MACHINE\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
O4 - HKEY_LOCAL_MACHINE\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKEY_LOCAL_MACHINE\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKEY_LOCAL_MACHINE\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKEY_LOCAL_MACHINE\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKEY_LOCAL_MACHINE\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKEY_LOCAL_MACHINE\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [StrgSync.exe] C:\Program Files\StorageSync\StrgSync.exe -w
O4 - HKEY_LOCAL_MACHINE\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKEY_LOCAL_MACHINE\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://turbotax.com (HKCU)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get...nt/swflash.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - "C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe"
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\ELService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security 12\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security 12\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security 12\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security 12\tmproxy.exe


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 ELhid (EL hid Service) - c:\windows\system32\drivers\elhid.sys <Not Verified; Intel Corporation; Intel(R) Quick Resume Technology>
R1 ELkbd (EL KB Service) - c:\windows\system32\drivers\elkbd.sys <Not Verified; Intel Corporation; Intel(R) Quick Resume Technology>
R1 ELmon (EL Monitor Service) - c:\windows\system32\drivers\elmon.sys <Not Verified; Intel Corporation; Intel(R) Quick Resume Technology>
R1 ELmou (EL Mouse Service) - c:\windows\system32\drivers\elmou.sys <Not Verified; Intel Corporation; Intel(R) Quick Resume Technology>
R1 tmtdi (Trend Micro TDI Driver) - c:\windows\system32\drivers\tmtdi.sys <Not Verified; Trend Micro Inc.; Trend Micro Network Security Component 1.0>
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R2 tm_cfw (Common Firewall Driver) - c:\windows\system32\drivers\tm_cfw.sys <Not Verified; Trend Micro Inc.; Trend Network Security Component 1.0>

S3 DSproct - c:\program files\dell support\gtaction\triggers\dsproct.sys <Not Verified; GTek Technologies Ltd.; processt>
S3 NAL (Nal Service ) - c:\windows\system32\drivers\iqvw32.sys <Not Verified; Intel Corporation; Intel(R) iQVW32.SYS>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AdobeActiveFileMonitor5.0 (Adobe Active File Monitor V5) - c:\program files\adobe\photoshop elements 5.0\photoshopelementsfileagent.exe
R2 Creative Labs Licensing Service - "c:\program files\common files\creative labs shared\service\creativelicensing.exe" <Not Verified; Creative Labs; Creative Labs Licensing Service>
R2 ELService (Intel(R) Quick Resume technology) - c:\program files\intel\inteldh\intel(r) quick resume technology drivers\elservice.exe <Not Verified; Intel Corporation; Intel(R) Quick Resume Technology>
R2 PcCtlCom (Trend Micro Central Control Component) - c:\progra~1\trendm~1\intern~1\pcctlcom.exe <Not Verified; Trend Micro Incorporated.; Trend Micro Internet Security>
R2 Tmntsrv (Trend Micro Real-time Service) - c:\progra~1\trendm~1\intern~1\tmntsrv.exe <Not Verified; Trend Micro Incorporated.; Trend Micro Internet Security>
R2 TmPfw (Trend Micro Personal Firewall) - c:\progra~1\trendm~1\intern~1\tmpfw.exe <Not Verified; Trend Micro Inc.; Trend Network Security Component 1.0>
R2 tmproxy (Trend Micro Proxy Service) - c:\progra~1\trendm~1\intern~1\tmproxy.exe <Not Verified; Trend Micro Inc.; Trend Micro Network Security Components 1.0>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-10-06 14:00:00 772 --a------ C:\WINDOWS\Tasks\Scheduled Back up.job
2007-02-09 13:30:00 806 -----n--- C:\WINDOWS\Tasks\backup.job
2007-02-03 16:27:00 736 -----n--- C:\WINDOWS\Tasks\backmeup1.job


-- Files created between 2007-09-07 and 2007-10-07 -----------------------------

2007-10-06 00:53:37 0 d-------- C:\Program Files\SpywareBlaster
2007-10-05 23:34:15 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-10-05 23:34:13 0 d-------- C:\WINDOWS\LastGood
2007-10-05 01:30:43 0 dr-h----- C:\$VAULT$.AVG
2007-10-05 00:46:15 0 d-------- C:\Documents and Settings\David Osburn\Application Data\AVG7
2007-10-05 00:46:08 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-10-05 00:45:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-05 00:45:56 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-10-04 23:22:57 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-04 22:55:59 0 d-------- C:\Program Files\RegistryFix
2007-10-02 21:04:52 0 d-------- C:\WINDOWS\system32\appmgmt
2007-10-01 23:38:31 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2007-10-01 22:38:11 0 d--h----- C:\WINDOWS\PIF
2007-10-01 00:10:32 0 d-------- C:\Program Files\Lavasoft
2007-10-01 00:10:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-01 00:08:44 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-30 12:49:24 4 --a------ C:\WINDOWS\system32\stfv.bin


-- Find3M Report ---------------------------------------------------------------

2007-10-06 00:30:17 0 d-------- C:\Program Files\StorageSync
2007-10-06 00:27:23 0 d-------- C:\Program Files\Messenger
2007-10-06 00:24:37 0 d-------- C:\Program Files\iTunes
2007-10-06 00:23:07 0 d-------- C:\Program Files\Google
2007-10-06 00:22:47 0 d-------- C:\Program Files\Digital Line Detect
2007-10-06 00:22:46 0 d-------- C:\Program Files\Dell Support
2007-10-06 00:21:09 0 d-------- C:\Program Files\BAE
2007-10-02 20:50:32 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-10-02 20:50:32 0 d-------- C:\Program Files\Common Files
2007-10-02 19:40:09 0 d-------- C:\Program Files\RGB
2007-09-18 15:14:32 0 d-------- C:\Program Files\Savings Bond Wizard
2007-09-04 2018 1222 --a------ C:\Documents and Settings\David Osburn\Application Data\wklnhst.dat
2007-08-16 18:25:25 0 d-------- C:\Documents and Settings\David Osburn\Application Data\Adobe
2007-08-05 23:09:10 196 --a------ C:\Documents and Settings\David Osburn\Application Data\G-Force Prefs (WindowsMediaPlayer).txt


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EDA4EECA-6938-40ec-A076-3DEAEC1448D7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [09/29/2005 04:01 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [06/16/2006 10:39 AM]
"SigmatelSysTrayApp"="stsystra.exe" [07/24/2006 12:20 PM C:\WINDOWS\stsystra.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [07/06/2006 09:15 AM]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [10/05/2005 05:12 AM]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [10/31/2005 12:51 PM]
"MBMon"="CTMBHA.DLL" [06/29/2006 01:12 AM C:\WINDOWS\system32\CTMBHA.DLL]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 03:00 AM]
"VoiceCenter"="C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" [02/16/2006 11:20 AM]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" [08/30/2005 11:36 AM]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [09/08/2005 07:20 AM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [07/27/2004 06:50 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [07/27/2004 06:50 PM]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [10/30/2006 03:55 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/25/2006 07:58 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [10/30/2006 10:36 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/12/2005 12:12 AM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [09/14/2006 08:55 AM]
"StrgSync.exe"="C:\Program Files\StorageSync\StrgSync.exe" [07/19/2004 04:12 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 10:50 AM]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [10/30/2006 03:51 PM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [10/05/2007 12:45 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [12/22/2004 06:40 AM C:\WINDOWS\MIDIDEF.EXE]
"OE_OEM"="C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [04/11/2006 08:39 PM]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [07/16/2006 11:29 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/26/2007 11:46 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 07:00 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 11:05:26 PM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [10/30/2006 3:48:20 PM]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [5/12/2005 1:49:24 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 3:01:04 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe




-- End of Deckard's System Scanner: finished at 2007-10-07 17:38:38 ------------

"
Attached Files
File Type: txt extra.txt (23.2 KB, 4 views)
File Type: txt Activescan Panda Report.txt (15.1 KB, 5 views)
vaccinate is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here