Thread: DSS Logs
View Single Post
Old 11-28-2007, 02:02 AM   #1 (permalink)
scunow
Registered User
 
Join Date: Nov 2007
Posts: 5
OS: XP


DSS Logs
Below is my main.txt log. I have also attached my extra.txt file and my activescan log from Panda.

This problem started last night. Symptoms that I have seen are: incessant popups, my spywareguard browser alert protection alerting me about Browser Help Objects being added, and a Spyguard Pro Installer downloading something that I stopped. My Symantec anti-virus software also reacted to a couple of things last night but I was too stupid to write them down.

Thank you VERY much for your help.



Deckard's System Scanner v20071014.68
Run by Mr. Cunow on 2007-11-28 00:39:53
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
54: 2007-11-28 08:40:03 UTC - RP811 - Deckard's System Scanner Restore Point
53: 2007-11-28 07:14:59 UTC - RP810 - Last known good configuration
52: 2007-11-28 07:13:57 UTC - RP809 - Software Distribution Service 3.0
51: 2007-11-28 07:13:57 UTC - RP808 - Software Distribution Service 3.0
50: 2007-11-28 07:13:56 UTC - RP807 - Software Distribution Service 3.0


-- First Restore Point --
1: 2007-11-28 07:12:59 UTC - RP758 - Software Distribution Service 3.0


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Mr. Cunow.exe) -------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-11-28 00:45:33
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec Antivirus\DefWatch.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\alg.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HP\Digital Imaging\Unload\HpqCmon.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe
C:\Program Files\Apoint2K\ApntEx.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Symantec Antivirus\VPTray.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
C:\WINDOWS\system\cmflywav.exe
C:\Program Files\Linksys Wireless-G Music Bridge\WMB54G.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\winshow.exe
C:\WINDOWS\mrofinu77.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Pando Networks\Pando\pando.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\TXIuIEN1bm93\command.exe
C:\Program Files\Common Files\??crosoft.NET\notepad.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Mr. Cunow\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/radio/aod/mainf...d/radio1.shtml
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.nyu.edu:8000
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=minisearch
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Popup-Blocker Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {D018B7EB-ABF9-4A12-A90F-C9A2A09BF641} - C:\WINDOWS\system32\mljjj.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [CmFlywaveName] C:\WINDOWS\System\CmFlywav.exe
O4 - HKLM\..\Run: [Linksys WMB54G Utility] C:\Program Files\Linksys Wireless-G Music Bridge\WMB54G.exe -R
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [winshow] "C:\WINDOWS\winshow.exe"
O4 - HKLM\..\Run: [NI.UGA6P_0001_N122M2210] "C:\DOCUME~1\MRFA92~1.CUN\LOCALS~1\Temp\winvsnet.exe"
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKCU\..\Run: [Aaou] "C:\PROGRA~1\COMMON~1\CROSOF~1.NET\notepad.exe" -vt yazb
O4 - HKLM\..\Policies\Explorer\Run: [ilakgxz] C:\WINDOWS\System32\ilakgxz.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1093672044250
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{451478F6-D9D9-40CF-8E57-EE621B7344BD}: NameServer = 128.122.253.92,128.122.253.37
O17 - HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: SearchList = nyu.edu
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: SearchList = nyu.edu
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: rqrrqnl - C:\WINDOWS\system32\rqrrqnl.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TXIuIEN1bm93\command.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Antivirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: SavRoam - symantec - C:\Program Files\Symantec Antivirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Antivirus\Rtvscan.exe


--
End of file - 11798 bytes

-- HijackThis Fixed Entries (C:\HIJACK~1\backups\) -----------------------------

backup-20050619-170856-607 O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
backup-20050619-170856-703 O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)
backup-20050619-170856-723 R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
backup-20050619-170856-816 O2 - BHO: WinStat - {EE02B99B-1D55-48bc-B8DB-649A42CE45F6} - C:\WINDOWS\System32\WinStat12.dll
backup-20050619-170857-156 O15 - Trusted Zone: http://www.neededware.com
backup-20050619-170857-162 O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
backup-20050619-170857-232 O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
backup-20050619-170857-493 O4 - HKLM\..\Run: [ilakgxz] C:\WINDOWS\System32\ilakgxz.exe
backup-20050619-170857-712 O16 - DPF: {E9348280-2D74-4933-BE25-73D946926795} (DeviceEnum Class) - http://h20270.www2.hp.com/ediags/gmn...detection3.cab
backup-20050619-170857-910 O16 - DPF: NDWCab - http://www.neededware.com/ndw3.cab
backup-20050619-170857-965 O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
backup-20050620-025213-714 F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
backup-20050620-143839-126 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id==
backup-20050620-143839-168 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q==
backup-20050620-143839-211 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id==
backup-20050620-143839-284 O4 - HKLM\..\Run: [ilakgxz] C:\WINDOWS\System32\ilakgxz.exe
backup-20050620-143839-300 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
backup-20050620-143839-346 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id==
backup-20050620-143839-352 O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)
backup-20050620-143839-499 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
backup-20050620-143839-521 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id==
backup-20050620-143839-559 O15 - Trusted Zone: http://www.neededware.com
backup-20050620-143839-598 R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll (file missing)
backup-20050620-143839-612 O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 eabfiltr - c:\windows\system32\drivers\eabfiltr.sys <Not Verified; Hewlett-Packard Company; Quick Launch Buttons>
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
R3 TnIDriver - c:\docume~1\mrfa92~1.cun\locals~1\temp\tnid4.tmp (file missing)

S2 NAVAPEL - c:\program files\navnt\navapel.sys (file missing)
S3 eabusb - c:\windows\system32\drivers\eabusb.sys <Not Verified; Hewlett-Packard Company; Quick Launch Buttons>
S3 NAVAP - c:\program files\navnt\navap.sys (file missing)
S3 PhDebug32 - c:\bios\hr60\debug32.sys (file missing)
S3 wceusbsh (Windows CE USB Serial Host Driver) - c:\windows\system32\drivers\wceusbsh.sys <Not Verified; Microsoft Corporation; Windows CE USB Serial Host Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >
R2 cmdService (Command Service) - c:\windows\txiuien1bm93\command.exe
R2 Network Monitor - c:\program files\network monitor\netmon.exe service


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\E3984058483F0200
Manufacturer: Microsoft
Name: 1394 Net Adapter #2
PNP Device ID: V1394\NIC1394\E3984058483F0200
Service: NIC1394

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA


-- Scheduled Tasks -------------------------------------------------------------

2007-11-18 10:03:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2005-07-01 05:44:20 386 --a------ C:\WINDOWS\Tasks\iRadio 1.2 task 3.job
2005-06-27 13:31:07 308 --a------ C:\WINDOWS\Tasks\Ad-Aware SE Personal.job
2005-04-19 05:47:48 364 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job


-- Files created between 2007-10-28 and 2007-11-28 -----------------------------

2007-11-28 00:36:10 0 d-------- C:\Program Files\ZonedOut
2007-11-27 23:12:39 10376 --ahs---- C:\WINDOWS\system32\jjjlm.ini2
2007-11-27 23:12:28 329312 --a------ C:\WINDOWS\system32\mljjj.dll
2007-11-27 22:52:11 57 --a------ C:\WINDOWS\system32\pfdnnt_actions.sys
2007-11-27 22:52:11 8704 --a------ C:\WINDOWS\system32\pfdnnt.exe <Not Verified; Panda Software International; Panda Anti-malware>
2007-11-27 15:56:55 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-11-27 15:46:50 38912 --a------ C:\WINDOWS\system32\urqrpqr.dll
2007-11-27 15:45:32 38912 --a------ C:\WINDOWS\system32\jkkifeb.dll
2007-11-27 15:45:10 41723 ---hs---- C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
2007-11-27 15:44:41 38912 --a------ C:\WINDOWS\system32\xxyaxut.dll
2007-11-27 15:41:21 38912 --a------ C:\WINDOWS\system32\khfdeca.dll
2007-11-27 15:40:53 687592 --a------ C:\WINDOWS\system32\atmtd.dll
2007-11-27 15:40:38 0 d-------- C:\Documents and Settings\LocalService\Application Data\NetMon
2007-11-27 15:40:35 1989 --a------ C:\WINDOWS\uninstall_nmon.vbs
2007-11-27 15:40:35 0 d--hs---- C:\WINDOWS\TXIuIEN1bm93
2007-11-27 15:40:35 0 d-------- C:\Program Files\Network Monitor
2007-11-27 15:40:20 80640 --a------ C:\WINDOWS\system32\drivers\core.sys
2007-11-27 15:40:15 0 d-------- C:\WINDOWS\system32\m8
2007-11-27 15:40:15 0 d-------- C:\WINDOWS\system32\j2
2007-11-27 15:40:14 0 d-------- C:\WINDOWS\system32\c1
2007-11-27 15:40:13 38912 --a------ C:\WINDOWS\system32\rqrrqnl.dll
2007-11-27 15:33:31 0 d-------- C:\WINDOWS\LastGood
2007-11-27 10:41:15 0 d-------- C:\WINDOWS\network diagnostic
2007-11-26 20:12:27 41723 ---hs---- C:\Program Files\Common Files\Yazzle1549OinUninstaller.exe
2007-11-26 20:12:26 0 d-------- C:\Program Files\Common Files\??crosoft.NET
2007-11-26 20:12:03 35840 -----n--- C:\WINDOWS\mrofinu77.exe
2007-11-26 20:11:25 0 d-------- C:\WINDOWS\system32\rMa02yy
2007-11-26 20:11:13 35840 --a------ C:\WINDOWS\winshow.exe <Not Verified; ; winshow>
2007-11-19 13:53:48 145920 ---hs---- C:\Program Files\Common Files\Yazzle1281OinAdmin.exe


-- Find3M Report ---------------------------------------------------------------

2007-11-27 23:58:31 0 d-------- C:\Program Files\TagRename
2007-11-27 23:58:29 0 d-------- C:\Program Files\Symantec Antivirus
2007-11-27 23:58:15 0 d-------- C:\Program Files\SpywareGuard
2007-11-27 23:55:19 0 d-------- C:\Program Files\NZSearch
2007-11-27 23:51:34 0 d-------- C:\Program Files\Linksys Wireless-G Music Bridge
2007-11-27 23:50:59 0 d-------- C:\Program Files\iTunes
2007-11-27 23:43:34 0 d-------- C:\Program Files\Common Files\??crosoft.NET
2007-11-27 23:43:14 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-11-27 23:40:48 0 d-------- C:\Program Files\Apoint2K
2007-11-27 16:15:44 0 d-------- C:\Documents and Settings\Mr. Cunow\Application Data\Viewpoint
2007-11-27 16:15:42 0 d-------- C:\Program Files\Viewpoint
2007-11-27 15:45:10 0 d-------- C:\Program Files\Common Files
2007-11-27 11:17:27 0 d-------- C:\Documents and Settings\Mr. Cunow\Application Data\Skype
2007-11-27 11:03:49 0 d-------- C:\Program Files\SpywareBlaster
2007-11-01 23:05:47 0 d-------- C:\Documents and Settings\Mr. Cunow\Application Data\ZoomBrowser EX
2007-10-24 09:12:17 0 d-------- C:\Program Files\AIM6
2007-10-23 15:02:23 0 d-------- C:\Documents and Settings\Mr. Cunow\Application Data\Apple Computer
2007-10-14 09:15:38 0 d-------- C:\Program Files\Pando Networks
2007-10-13 10:40:24 0 d-------- C:\Program Files\Coupons
2007-10-13 10:40:23 31 --ah----- C:\WINDOWS\uccspecc.sys
2007-10-11 22:11:06 0 d-------- C:\Program Files\Soulseek
2007-10-11 17:38:22 178 --a------ C:\handle.dat
2007-10-09 09:46:17 116092 --a------ C:\WINDOWS\hpoins12.dat
2007-09-21 11:21:14 146432 ---hs---- C:\Program Files\Common Files\Yazzle1549OinAdmin.exe
2007-09-17 18:01:43 1493 --a------ C:\WINDOWS\ipconfig.dat
2007-09-17 18:00:19 1490 --a------ C:\WINDOWS\checkip.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D018B7EB-ABF9-4A12-A90F-C9A2A09BF641}]
11/27/2007 11:12 PM 329312 --a------ C:\WINDOWS\system32\mljjj.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [10/07/2003 07:40 PM]
"AGRSMMSG"="AGRSMMSG.exe" [10/30/2003 05:40 AM C:\WINDOWS\AGRSMMSG.exe]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [03/01/2004 09:05 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [05/06/2004 10:46 AM]
"CamMonitor"="C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe" [10/06/2002 11:23 PM]
"Share-to-Web Namespace Daemon"="C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe" [04/17/2002 09:42 AM]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [01/13/2004 08:21 AM]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [08/19/2003 12:01 AM]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" []
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [05/22/2003 06:55 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [06/09/2004 04:31 PM]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [08/02/2004 03:36 PM]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [01/12/2005 10:54 AM]
"ATIModeChange"="Ati2mdxx.exe" [04/01/2004 11:16 PM C:\WINDOWS\system32\Ati2mdxx.exe]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [02/16/2005 07:11 PM]
"CmFlywaveName"="C:\WINDOWS\System\CmFlywav.exe" [10/05/2005 10:38 AM]
"Linksys WMB54G Utility"="C:\Program Files\Linksys Wireless-G Music Bridge\WMB54G.exe" [11/22/2005 10:26 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/25/2006 03:58 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [10/30/2006 06:36 AM]
"winshow"="C:\WINDOWS\winshow.exe" [11/26/2007 08:11 PM]
"NI.UGA6P_0001_N122M2210"="C:\DOCUME~1\MRFA92~1.CUN\LOCALS~1\Temp\winvsnet.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RecordNow!"="" []
"spc_w"="C:\Program Files\NZSearch\nzspc.exe" [11/09/2004 12:29 AM]
"Aim6"="" []
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 01:45 PM]
"Pando"="C:\Program Files\Pando Networks\Pando\Pando.exe" [10/05/2007 11:33 AM]
"@"="" []
"Aaou"="C:\PROGRA~1\COMMON~1\CROSOF~1.NET\notepad.exe" [11/27/2007 03:45 PM]

C:\Documents and Settings\Mr. Cunow\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [8/29/2003 3:05:35 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 7:05:26 PM]
Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe [12/4/2004 11:08:28 AM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [11/4/2004 3:28:24 PM]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [11/4/2004 3:50:52 PM]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [7/29/2003 8:49:48 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"ilakgxz"=C:\WINDOWS\System32\ilakgxz.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{2ABAAC42-84DF-4C00-89DA-BC7EB2B0E70B}"= C:\WINDOWS\system32\rqrrqnl.dll [11/27/2007 03:40 PM 38912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrrqnl]
rqrrqnl.dll 11/27/2007 03:40 PM 38912 C:\WINDOWS\system32\rqrrqnl.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\mljjj.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{03804255-705b-11dc-9a6e-000fb009b67c}]
1\Command- .\System\Memory\autorun.exe
2\Command- .\System\Memory\autorun.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\System\Memory\autorun.exe

*Newly Created Service* - CMDSERVICE
*Newly Created Service* - CORE
*Newly Created Service* - MCHINJDRV
*Newly Created Service* - NETWORK_MONITOR
*Newly Created Service* - TNIDRIVER



-- End of Deckard's System Scanner: finished at 2007-11-28 00:47:46 ------------
Attached Files
File Type: txt extra.txt (19.8 KB, 0 views)
File Type: txt Activescan.txt (20.1 KB, 0 views)
Last edited by scunow; 11-28-2007 at 02:22 AM. Reason: forgot panda log
scunow is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here