Thread: Winpcap,Syjpkt,& others!
View Single Post
Old 10-29-2007, 09:13 PM   #1 (permalink)
Saber0981
Registered User
 
Saber0981's Avatar
 
Join Date: Mar 2007
Posts: 17
OS: Windows XP Pro SP2


EEK! Winpcap,Syjpkt,& others!
Hello,

I think I have a few problems! lol

I currently run:
Ad-aware
Spybot S&D
CWShredder
SpyGuard
Spyware Blaster
CA Pest Patrol
CA EZ Antivirus
Xoftspy Antispy

ATF Cleaner
Zone Alarm
Winpatrol

Everything seemed OK until I loaded Spyware Terminator. I have since uninstalled it. I am seeing the following problems.

Spyware Terminator
PHOTO 1 (HuPigeonSpywareTerm) (Sigh ... spelling!)
SpywareTerminator found Hupigon.ucj - for a Magnifying Glass program I've used for years and the other spy checkers never found a problem with it. Think this was a false positive?

Xoftspy finds:
PHOTO 2 (WinpcapErrorXoftspyOct2007)
1. winpcap - this is all it found before I removed Spyware Terminator and cleaned up the registry with Registry Medic. Removed entries for invalid files/paths. Was in the middle of researching winpcap when the other problems appeared.

PHOTO 3 (WinpcapRegistryEntries) I looked in the registry to the path indicated in the previous photo. Can't find anything but a default entry.

PHOTO 4 (XoftspyAfterCleanRegistryErrors)
2. Win32DelfAK. Think this might be bogus!?


Windows XP Pro Services
PHOTO 5 (ServicesWhatIsthis2) & PHOTO 6 (ServicesWhatIsthisBonjour)
Services show ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##
I have disabled it and rebooted. This stopped the mDNSResponder process from appearing in the Task Manager Window. Don't know where this came from. Research keeps pointing to Bonjour..don't have Itunes installed.


CA Pest Patrol
PHOTO 7 (PestPatrolProcKill)
ProcKill - I have quarantined this.


Device Manager
PHOTO 8 (DeviceMgr2)
SjyPkt - I have disabled this in the device manager for now.

PHOTO 9 (sjypktRegistryEntries)
This shows what is in the registry. Spyware Terminator kept giving me an error on a driver file extension change for this entry. Stated it was a problem. Don't know what this is.


ComboFix
Tried running the scan and log part of this. Ran for a while and then gave me an error
PHOTO 10 (ComboFixRunError).
It did create the txt log. I can append this post if you want to see it.

SO...........I came to see you guys!

I ran through your five steps.

Here’s the Panda On-line Scan and the HiJackThis log:

Thanks for your time and help,
Saber

I will send the rest of the photos in the next post.


Deckard's System Scanner v20071014.68
Run by Dana on 2007-10-29 22:43:04
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
6: 2007-10-30 02:43:10 UTC - RP173 - Deckard's System Scanner Restore Point
5: 2007-10-30 02:17:18 UTC - RP172 - Software Distribution Service 3.0
4: 2007-10-29 14:32:55 UTC - RP171 - ComboFix created restore point
3: 2007-10-28 14:45:44 UTC - RP170 - System Checkpoint
2: 2007-10-25 12:17:06 UTC - RP169 - System Checkpoint


-- First Restore Point --
1: 2007-10-24 11:05:26 UTC - RP168 - System Checkpoint


Performed disk cleanup.



-- HijackThis (run as Dana.exe) ------------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-10-29 22:44:18
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
G:\Program FilesDM\CA\eTrust EZ Armor\eTrust EZ Antivirus\iSafe.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\Runservice.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Dantz\Retrospect\wdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\WZCBDL Service\WZCBDLS.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
G:\Program FilesDM\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe
G:\Program FilesDM\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
G:\Program FilesDM\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRid.exe
G:\Program FilesDM\BillP Studios\WinPatrol\WinPatrol.exe
G:\Program FilesDM\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
G:\Program FilesDM\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
G:\Program FilesDM\SpywareGuard\sgmain.exe
G:\Program FilesDM\SpywareGuard\sgbhp.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
G:\Program FilesDM\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
H:\MY FILES\Downloads\SOFTWAREDownlds\SpywareSW\HiJackThisVer1991\DeckardSystemScannerIncHiJackOct2007\dss.exe
H:\MY FILES\Downloads\SOFTWAREDownlds\SpywareSW\HiJackThisVer1991\Dana.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = G:\Program FilesDM\NIERSOFT\3D Virtual Cube\blank.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.rr.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - G:\Program FilesDM\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - G:\Program FilesDM\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [QOELOADER] "G:\Program FilesDM\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe"
O4 - HKLM\..\Run: [CaAvTray] "G:\Program FilesDM\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "G:\Program FilesDM\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [WinPatrol] G:\Program FilesDM\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtWLan] g:\Program FilesDM\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe /H
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: SpywareGuard.lnk = G:\Program FilesDM\SpywareGuard\sgmain.exe
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = G:\Program FilesDM\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommo...ad/tgctlcm.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1190829390484
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} () - http://www.trendmicro.com/spyware-scan/as4web.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get...nt/swflash.cab
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - G:\Program FilesDM\CA\eTrust EZ Armor\eTrust EZ Antivirus\iSafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Unknown owner - D:\FIXPGMSDOWNLOADED\ewido anti-spyware 4.0\guard.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\Runservice.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\wdsvc.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - G:\Program FilesDM\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Program Files\WZCBDL Service\WZCBDLS.exe


--
End of file - 9697 bytes

-- HijackThis Fixed Entries (H:\MYFILE~1\DOWNLO~1\SOFTWA~1\SPYWAR~1\HIJACK~1\backups\) --------------------------------------------------------------------------------

backup-20070406-210506-187 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = G:\Program FilesDM\NIERSOFT\3D Virtual Cube\blank.htm

-- File Associations -----------------------------------------------------------

.scr - PhEdit.scr - shell\open\command - C:\Program Files\VCW VicMan's Photo Editor\vcwphoto.exe %1


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 ATMhelpr - c:\windows\system32\drivers\atmhelpr.sys <Not Verified; Adobe Systems Incorporated; Adobe Type Manager Deluxe>
R1 magicpvt - c:\windows\system32\drivers\magicpvt.sys <Not Verified; Samsung Electronics, Inc.; MagicRotation Driver>
R1 MagicTune - c:\windows\system32\drivers\mtictwl.sys
R1 VETFDDNT (VET Floppy Boot Sector Monitor) - c:\windows\system32\drivers\vetfddnt.sys <Not Verified; Computer Associates International, Inc.; Computer Associates Antivirus>
R1 VET-FILT (VET File System Filter) - c:\windows\system32\drivers\vet-filt.sys <Not Verified; Computer Associates International, Inc.; Computer Associates Antivirus>
R1 VETMONNT (VET File Monitor) - c:\windows\system32\drivers\vetmonnt.sys <Not Verified; Computer Associates International, Inc.; Computer Associates Antivirus>
R1 VET-REC (VET File System Recognizer) - c:\windows\system32\drivers\vet-rec.sys <Not Verified; Computer Associates International, Inc.; Computer Associates Antivirus>
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R2 NIOC (NIOC Service) - c:\windows\system32\nioc.sys <Not Verified; D-Link Corporation; NIOC (NT5) Driver>
R2 SVKP - c:\windows\system32\svkp.sys <Not Verified; AntiCracking; SVKP driver for NT>

S1 ewido anti-spyware 4.0 driver - d:\fixpgmsdownloaded\ewido anti-spyware 4.0\guard.sys (file missing)
S3 catchme - c:\docume~1\dana\locals~1\temp\catchme.sys (file missing)
S4 SjyPkt - c:\windows\system32\drivers\sjypkt.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 LicCtrlService (LicCtrl Service) - c:\windows\runservice.exe
R2 RetroWDSvc (Retrospect WD Service) - c:\progra~1\dantz\retros~1\wdsvc.exe <Not Verified; Dantz Development Corporation; Retrospect>
R2 WZCBDLService (WZCBDL Service) - "c:\program files\wzcbdl service\wzcbdls.exe" <Not Verified; D-Link; WZCBDLService Launcher (NT)>

S3 AOLService (AOL Spyware Protection Service) - c:\progra~1\common~1\aol\aolspy~1\\aolserv.exe
S3 ewido anti-spyware 4.0 guard - d:\fixpgmsdownloaded\ewido anti-spyware 4.0\guard.exe (file missing)
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S4 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139/810x Family Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_0C4A8086&REV_10\4&2E98101C&0&18F0
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8139/810x Family Fast Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_0C4A8086&REV_10\4&2E98101C&0&18F0
Service: RTL8023xp

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: SjyPkt
Device ID: ROOT\LEGACY_SJYPKT\0000
Manufacturer:
Name: SjyPkt
PNP Device ID: ROOT\LEGACY_SJYPKT\0000
Service: SjyPkt


-- Files created between 2007-09-29 and 2007-10-29 -----------------------------

2007-10-29 09:30:52 2368 --a------ C:\WINDOWS\system32\SVKP.sys <Not Verified; AntiCracking; SVKP driver for NT>
2007-10-21 19:22:25 0 d-------- C:\VundoFix Backups
2007-10-19 02:30:19 0 d-------- C:\Documents and Settings\Dana\Application Data\XnView
2007-10-19 02:08:49 0 d-------- C:\Program Files\Picasa2
2007-10-10 00:54:41 0 dr-h----- C:\Documents and Settings\Dana\Recent
2007-10-01 18:44:44 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-10-01 12:47:05 0 d-------- C:\Program Files\Bonjour
2007-10-01 12:37:52 0 d-------- C:\Program Files\Common Files\Macrovision Shared


-- Find3M Report ---------------------------------------------------------------

2007-10-29 22:23:53 1425 --ahs---- C:\WINDOWS\system32\mmf.sys
2007-10-29 22:23:04 32 --a------ C:\WINDOWS\system32\driver.dat
2007-10-29 11:35:42 0 d-------- C:\Program Files\WZCBDL Service
2007-10-29 11:35:25 0 d-------- C:\Program Files\PrintKey2000
2007-10-29 11:29:14 0 d-------- C:\Program Files\Common Files\aolshare
2007-10-29 09:54:15 0 d-------- C:\Program Files\XoftSpySE
2007-10-29 05:51:59 0 d-------- C:\Documents and Settings\Dana\Application Data\EasyJob Resume Builder
2007-10-19 02:08:59 0 d-------- C:\Program Files\Google
2007-10-01 19:12:59 0 d-------- C:\Documents and Settings\Dana\Application Data\Adobe
2007-10-01 18:20:25 0 d-------- C:\Program Files\Common Files\Adobe
2007-10-01 12:37:52 0 d-------- C:\Program Files\Common Files
2007-10-01 03:33:44 0 d-------- C:\Program Files\Adobe Type Manager
2007-10-01 03:32:03 0 d-------- C:\Program Files\PhotoDeluxe BE 1.1
2007-09-28 05:24:55 0 d-------- C:\Documents and Settings\Dana\Application Data\WinWay
2007-09-27 15:27:45 0 d-------- C:\Program Files\WinWay Resume
2007-09-27 00:12:40 0 d-------- C:\Program Files\VCW VicMan's Photo Editor
2007-09-27 00:08:29 0 d-------- C:\Documents and Settings\Dana\Application Data\Image Zone Express
2007-09-25 22:37:16 68 --a------ C:\WINDOWS\E
2007-09-24 06:39:02 0 d-------- C:\Program Files\SupportSoft


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [06/18/2005 02:01 AM C:\WINDOWS\CTHELPER.EXE]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [09/19/2005 10:35 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [09/19/2005 10:32 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [09/19/2005 10:36 PM]
"CTSysVol"="C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe" [02/15/2005 05:10 PM]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [06/16/2005 07:25 PM]
"QOELOADER"="G:\Program FilesDM\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe" [03/20/2007 06:49 PM]
"CaAvTray"="G:\Program FilesDM\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe" [03/20/2007 06:49 PM]
"CAVRID"="G:\Program FilesDM\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe" [03/20/2007 06:49 PM]
"WinPatrol"="G:\Program FilesDM\BillP Studios\WinPatrol\winpatrol.exe" [10/05/2005 03:23 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/22/2006 12:22 PM]
"nwiz"="nwiz.exe" [10/22/2006 12:22 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [10/22/2006 12:22 PM]
"RtWLan"="g:\Program FilesDM\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe" [03/25/2005 10:13 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PowerBar"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 AM]

C:\Documents and Settings\Dana\Start Menu\Programs\Startup\
SpywareGuard.lnk - G:\Program FilesDM\SpywareGuard\sgmain.exe [8/29/2003 7:05:35 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Printkey2000.lnk - C:\Program Files\PrintKey2000\Printkey2000.exe [3/19/2007 9:19:22 PM]
WG111v2 Smart Wizard Wireless Setting.lnk - G:\Program FilesDM\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe [5/29/2007 8:37:16 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Creative Detector"=C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
"AOL Fast Start"="G:\America Online 9.0\AOL.EXE" -b
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SoundMan"=SOUNDMAN.EXE
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"InCD"=C:\Program Files\Ahead\InCD\InCD.exe
"HostManager"=C:\Program Files\Common Files\AOL\1174402975\ee\AOLSoftware.exe
"AOLDialer"=C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
"RealTray"=C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"Pure Networks Port Magic"="C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
"EM_EXEC"=G:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
"MagicRotation"=C:\Program Files\MagicRotation\MagicPvt.exe
"HP Software Update"=G:\Program FilesDM\HP\HP Software Update\HPWuSchd2.exe
"Microsoft Works Update Detection"=C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
"WD Button Manager"=WDBtnMgr.exe
"!ewido"="D:\FIXPGMSDOWNLOADED\ewido anti-spyware 4.0\ewido.exe" /minimized
"LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe"
"RCSystem"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
"UpdReg"=C:\WINDOWS\UpdReg.EXE
"D-Link Air USB Utility"=G:\Program FilesDM\D-Link\Air USB Utility\AirCFG.exe
"Zone Labs Client"=g:\Program FilesDM\Zone Labs\ZoneAlarm\zlclient.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4991eea6-eb0a-11db-abbc-000fb5b6fe4b}]
AutoRun\command- L:\JDSecure\Windows\JDSecure20.exe




-- End of Deckard's System Scanner: finished at 2007-10-29 22:46:00 ------------


And here's the Panda Scan


Incident Status Location

Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Dana\Desktop\ComboFix.exe[nircmd.exe]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Dana\Desktop\ComboFix.exe[nircmd.cfexe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Program Files\HaxFix\Process.exe
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\NirCmd.exe
Attached Images
File Type: jpg HuPigeonSpywareTerm.jpg (425.4 KB, 2 views)
File Type: jpg WinpcapErrorXoftspyOct2007.jpg (44.9 KB, 1 views)
File Type: jpg WinpcapRegistryEntries.jpg (230.8 KB, 1 views)
File Type: jpg XoftspyAfterCleanRegistryErrors.jpg (424.4 KB, 1 views)
Attached Files
File Type: txt extra.txt (29.0 KB, 0 views)
Saber0981 is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here