Thread: Need help with Virus.
View Single Post
Old 10-10-2007, 03:02 PM   #3 (permalink)
MikeMW
Registered User
 
Join Date: Oct 2007
Posts: 33
OS: XP Pro with SP2


Re: Need help with Virus.
Also wanted to incluse the DSS reports as well.

Deckard's System Scanner v20070905.67
Run by Mike Whitby on 2007-10-10 15:49:38
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 3 Restore Point(s) --
3: 2007-10-10 20:49:44 UTC - RP1242 - Deckard's System Scanner Restore Point
2: 2007-10-10 16:34:02 UTC - RP1241 - ComboFix created restore point
1: 2007-10-10 16:33:48 UTC - RP1240 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Mike Whitby.exe) -----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:51:06 PM, on 10/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\WINDOWS\web\aolspy.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPCtlPriv.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0BIC1.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\qttask.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\twc\medicsp2\bin\sprtcmd.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\CAPPActiveProtection.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Documents and Settings\Mike Whitby\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Mike Whitby.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0BIC1.EXE /P23 "EPSON Stylus C62 Series" /O6 "USB001" /M "Stylus C62"
O4 - HKLM\..\Run: [RCScheduleCheck] C:\Program Files\VCOM\Recovery Commander\RCSCHED.EXE -CHECK
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB002" /M "Stylus CX4800"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [mtthmar] C:\WINDOWS\system32\mtthmar.exe
O4 - HKLM\..\Run: [vhwbvgeoi] C:\WINDOWS\system32\vhwbvgeoi.exe
O4 - HKLM\..\Run: [as] C:\WINDOWS\system32\as.exe
O4 - HKLM\..\Run: [medicsp2] C:\Program Files\twc\medicsp2\bin\sprtcmd.exe /P medicsp2
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [daoumzbdda] C:\WINDOWS\system32\daoumzbdda.exe
O4 - HKLM\..\Run: [uoowcp] C:\WINDOWS\system32\uoowcp.exe
O4 - HKLM\..\Run: [sxrozsy] C:\WINDOWS\system32\sxrozsy.exe
O4 - HKLM\..\Run: [bndhxvofiku] C:\WINDOWS\system32\bndhxvofiku.exe
O4 - HKLM\..\Run: [bbaocrweww] C:\WINDOWS\system32\bbaocrweww.exe
O4 - HKLM\..\Run: [oytslgp] C:\WINDOWS\system32\oytslgp.exe
O4 - HKLM\..\Run: [qpfaylntz] C:\WINDOWS\system32\qpfaylntz.exe
O4 - HKLM\..\Run: [ggfhrp] C:\WINDOWS\system32\ggfhrp.exe
O4 - HKLM\..\Run: [qzi] C:\WINDOWS\system32\qzi.exe
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-5.1.18.0\QOELoader.exe"
O4 - HKLM\..\Run: [CaPPcl] C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\CAAntiSpyware.exe /scan /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} (iPIX Media Send Class) - http://216.249.24.62/code/iPIX-ImageWell-ipix.cab
O23 - Service: AOL Anti-Spyware Service (AOL_SpywareServ) - Unknown owner - C:\WINDOWS\web\aolspy.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: McAfee Network Agent (McNASvc) - Unknown owner - c:\program files\common files\mcafee\mna\mcnasvc.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPCtlPriv.exe
O23 - Service: SupportSoft Sprocket Service (medicsp2) (sprtsvc_medicsp2) - SupportSoft, Inc. - C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: Print Spooler Service (ut6kum8u6u2rdh) - Unknown owner - C:\WINDOWS\system32\qzi.exe (file missing)
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10555 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20071010-140044-836 O4 - HKLM\..\Run: [ipkgn] C:\WINDOWS\system32\ipkgn.exe

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 prodrv04 (Star Force copy protection driver v4) - c:\windows\system32\drivers\prodrv04.sys <Not Verified; Protection Technology Co.; Star Force copy protection>
R2 DPPSUSB (DPPSUSB.Sys Sony DPP-SV55/77/88 USB Digital Photo Printer Driver) - c:\windows\system32\drivers\dppsusb.sys <Not Verified; HMSA; DPP - SV55/77/88 USB Driver for Windows 95/98/2000>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

S1 DMICall (Sony DMI Call service) - c:\windows\system32\drivers\dmicall.sys (file missing)
S2 MZTFUXIY - c:\windows\system32\mztfuxiy.gew (file missing)
S3 catchme - c:\docume~1\lauren~1\locals~1\temp\catchme.sys (file missing)
S3 ENTECH - c:\windows\system32\drivers\entech.sys (file missing)
S3 w810bus (Sony Ericsson W810 Driver driver (WDM)) - c:\windows\system32\drivers\w810bus.sys <Not Verified; MCCI; Sony Ericsson W810 Driver>
S3 w810mdfl (Sony Ericsson W810 USB WMC Modem Filter) - c:\windows\system32\drivers\w810mdfl.sys <Not Verified; MCCI; Sony Ericsson W810 USB WMC Modem Filter Driver>
S3 w810mdm (Sony Ericsson W810 USB WMC Modem Driver) - c:\windows\system32\drivers\w810mdm.sys <Not Verified; MCCI; Sony Ericsson W810 USB WMC Data Modem>
S3 w810mgmt (Sony Ericsson W810 USB WMC Device Management Drivers (WDM)) - c:\windows\system32\drivers\w810mgmt.sys <Not Verified; MCCI; Sony Ericsson W810 USB WMC Device Management>
S3 w810obex (Sony Ericsson W810 USB WMC OBEX Interface) - c:\windows\system32\drivers\w810obex.sys <Not Verified; MCCI; Sony Ericsson W810 USB WMC OBEX Interface>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AOL_SpywareServ (AOL Anti-Spyware Service) - "c:\windows\web\aolspy.exe"
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S2 McNASvc (McAfee Network Agent) - "c:\program files\common files\mcafee\mna\mcnasvc.exe" (file missing)
S2 ut6kum8u6u2rdh (Print Spooler Service) - c:\windows\system32\qzi.exe /service (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Modem
Device ID: PCI\VEN_1039&DEV_7013&SUBSYS_8128104D&REV_A0\3&61AAA01&0&16
Manufacturer:
Name: PCI Modem
PNP Device ID: PCI\VEN_1039&DEV_7013&SUBSYS_8128104D&REV_A0\3&61AAA01&0&16
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Video Controller
Device ID: PCI\VEN_104D&DEV_8087&SUBSYS_80ED104D&REV_01\3&61AAA01&0&78
Manufacturer:
Name: Multimedia Video Controller
PNP Device ID: PCI\VEN_104D&DEV_8087&SUBSYS_80ED104D&REV_01\3&61AAA01&0&78
Service:


-- Scheduled Tasks -------------------------------------------------------------

2007-10-09 14:26:44 436 --a------ C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as Lauren Whitby at 2 25 PM.job
2007-10-08 22:29:25 328 --a------ C:\WINDOWS\Tasks\Scheduled Checkpoint.job


-- Files created between 2007-09-10 and 2007-10-10 -----------------------------

2007-10-10 12:01:56 0 d-------- C:\Program Files\SpywareBlaster
2007-10-10 12:01:03 0 d-------- C:\Documents and Settings\Mike Whitby\Application Data\Adobe
2007-10-09 16:56:24 0 d-------- C:\Program Files\Trend Micro
2007-10-09 14:26:19 0 --a------ C:\Documents and Settings\Mike Whitby\core
2007-10-09 14:26:18 0 --a------ C:\Documents and Settings\Lauren Whitby\core
2007-10-09 10:43:01 0 d-------- C:\WINDOWS\ShellNew
2007-10-09 10:42:52 0 d-------- C:\Program Files\Common Files\L&H
2007-10-09 10:42:51 0 d-------- C:\Program Files\Microsoft ActiveSync
2007-10-04 12:23:35 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-10-04 12:23:35 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-10-04 12:23:35 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-10-04 12:23:35 0 d--h----- C:\Documents and Settings\Administrator\Recent
2007-10-04 12:23:35 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-10-04 12:23:35 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-10-04 12:23:35 0 d-------- C:\Documents and Settings\Administrator\My Documents
2007-10-04 12:23:35 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-10-04 12:23:35 0 d-------- C:\Documents and Settings\Administrator\Favorites
2007-10-04 12:23:35 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-10-04 12:23:35 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2007-10-04 12:23:35 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-10-04 12:23:35 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-10-04 12:23:34 786432 --ah----- C:\Documents and Settings\Administrator\ntuser.dat
2007-09-19 21:36:16 4057 --a------ C:\WINDOWS\prx.exe
2007-09-16 19:21:54 49411 --a------ C:\prx.exe


-- Find3M Report ---------------------------------------------------------------

2007-10-10 15:47:42 0 d-------- C:\Program Files\Microsoft AntiSpyware
2007-10-09 10:42:52 0 d-------- C:\Program Files\Common Files
2007-10-06 14:08:48 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-10-06 14:07:56 0 d-------- C:\Program Files\Sony
2007-10-05 17:42:50 0 d-------- C:\Program Files\pspvideo9
2007-10-05 17:41:48 0 d--h----- C:\Program Files\Zero G Registry
2007-08-20 15:37:53 0 d-------- C:\Program Files\AIM Toolbar
2007-08-18 21:55:17 0 d-------- C:\Program Files\Java
2007-08-13 11:42:46 0 d-------- C:\Program Files\MySpace


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77701e16-9bfe-4b63-a5b4-7bd156758a37}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus C62 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0BIC1.exe" [04/10/2002 03:00 AM]
"RCScheduleCheck"="C:\Program Files\VCOM\Recovery Commander\RCSCHED.exe" [10/21/2003 12:20 PM]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [10/29/2004 05:50 PM]
"nwiz"="nwiz.exe" [10/29/2004 05:50 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [10/29/2004 05:50 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 04:00 AM]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [08/20/2002 11:29 AM]
"gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [07/12/2005 03:35 PM]
"EPSON Stylus CX4800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.exe" [02/01/2005 10:00 PM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/07/2005 12:46 AM]
"QuickTime Task"="C:\qttask.exe" [12/23/2006 06:41 PM]
"CAVRID"="C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe" [06/12/2007 12:32 PM]
"mtthmar"="C:\WINDOWS\system32\mtthmar.exe" []
"vhwbvgeoi"="C:\WINDOWS\system32\vhwbvgeoi.exe" []
"as"="C:\WINDOWS\system32\as.exe" []
"medicsp2"="C:\Program Files\twc\medicsp2\bin\sprtcmd.exe" [03/07/2007 11:53 AM]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [09/18/2007 05:25 PM]
"cafwc"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [09/18/2007 05:25 PM]
"capfasem"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [09/18/2007 05:25 PM]
"capfupgrade"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [09/18/2007 05:25 PM]
"daoumzbdda"="C:\WINDOWS\system32\daoumzbdda.exe" []
"uoowcp"="C:\WINDOWS\system32\uoowcp.exe" []
"sxrozsy"="C:\WINDOWS\system32\sxrozsy.exe" []
"bndhxvofiku"="C:\WINDOWS\system32\bndhxvofiku.exe" []
"bbaocrweww"="C:\WINDOWS\system32\bbaocrweww.exe" []
"oytslgp"="C:\WINDOWS\system32\oytslgp.exe" []
"qpfaylntz"="C:\WINDOWS\system32\qpfaylntz.exe" []
"ggfhrp"="C:\WINDOWS\system32\ggfhrp.exe" []
"qzi"="C:\WINDOWS\system32\qzi.exe" []
"QOELOADER"="C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-5.1.18.0\QOELoader.exe" [09/18/2007 05:25 PM]
"CaPPcl"="C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\CAAntiSpyware.exe" [09/18/2007 05:25 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/16/2007 08:28 AM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{a5780613-492e-4a2a-a7fd-549610edf6cc}"= C:\Program Files\VCOM\Recovery Commander\RCHOOK.DLL [07/08/2003 09:53 AM 102400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
UmxWnp.Dll 05/18/2007 02:30 PM 79368 C:\WINDOWS\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2007-10-10 15:52:39 ------------
Attached Files
File Type: txt extra.txt (13.3 KB, 2 views)
MikeMW is offline