Thread: Please help, IE popups at random
View Single Post
Old 11-29-2007, 07:10 PM   #2 (permalink)
gezuz
Registered User
 
Join Date: Sep 2006
Posts: 10
OS: win2k


Re: Please help, IE popups at random
I got dss.exe to work, I'm running Windows XP. here are the results I got.

Deckard's System Scanner v20071014.68
Run by ak on 2007-11-29 18:04:02
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
46: 2007-11-30 02:04:11 UTC - RP46 - Deckard's System Scanner Restore Point
45: 2007-11-29 07:31:24 UTC - RP45 - Software Distribution Service 3.0
44: 2007-11-29 07:22:33 UTC - RP44 - Deckard's System Scanner Restore Point
43: 2007-11-29 05:57:47 UTC - RP43 - Removed Java 2 Runtime Environment, SE v1.4.2_03
42: 2007-11-28 22:40:36 UTC - RP42 - Removed Google SketchUp LayOut 6


-- First Restore Point --
1: 2007-11-28 10:39:45 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as ak.exe) --------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:05:29 PM, on 11/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Documents and Settings\ak\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\ak.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {07DF5A2D-5ADF-4733-A04B-FBBEBECE644F} - C:\Program Files\Internet Explorer\hokesocul83122.dll (file missing)
O2 - BHO: (no name) - {4CB8F4B4-5F66-4D9E-BC3B-184596A58824} - C:\WINDOWS\system32\cbxyvuu.dll
O2 - BHO: 0 - {4D48E27F-7788-4CA9-CD87-54DD00C172C7} - C:\Program Files\Windows Media Player\lavum443.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {90BC83F4-06EE-4ED0-84E2-19B423EC3A95} - C:\WINDOWS\system32\pmnnk.dll
O2 - BHO: (no name) - {AD1C57AC-7F14-4FB4-9F48-09807E9F12B7} - C:\Program Files\Internet Explorer\hokesocul4444.dll (file missing)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O20 - Winlogon Notify: cbxyvuu - C:\WINDOWS\SYSTEM32\cbxyvuu.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Windows Media Player\profsyb.html

--
End of file - 3601 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20071128-100452-165 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
backup-20071128-100452-283 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
backup-20071128-100452-363 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
backup-20071128-100452-365 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
backup-20071128-100452-689 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?linkid=55424
backup-20071128-100452-700 O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
backup-20071128-100452-761 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
backup-20071128-100452-820 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
backup-20071128-100452-827 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
backup-20071128-100452-829 O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
backup-20071128-100452-973 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
backup-20071128-100453-510 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
backup-20071128-100453-516 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
backup-20071128-100453-998 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
backup-20071128-100454-364 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20071128-100455-345 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1195710395548
backup-20071128-100455-592 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20071128-100456-248 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
backup-20071128-100456-488 O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
backup-20071128-100456-600 O24 - Desktop Component 0: (no name) - C:\Program Files\Windows Media Player\profsyb.html
backup-20071128-100456-812 O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
backup-20071128-100456-842 O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
backup-20071128-100456-864 O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
backup-20071128-100456-895 O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
backup-20071128-100456-928 O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
backup-20071128-100456-949 O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
backup-20071128-100456-987 O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
backup-20071128-102343-323 O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
backup-20071128-102343-372 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
backup-20071128-102343-459 O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
backup-20071128-102343-495 O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
backup-20071128-102343-786 O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
backup-20071128-102343-882 O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 core - c:\windows\system32\drivers\core.sys
R1 NaiAvTdi1 - c:\windows\system32\drivers\mvstdi5x.sys <Not Verified; Network Associates, Inc.; VirusScan>
R3 EntDrv51 - c:\windows\system32\drivers\entdrv51.sys <Not Verified; Network Associates, Inc; Virus Scan Enterprise, Entercept>
R3 NaiAvFilter1 - c:\windows\system32\drivers\naiavf5x.sys <Not Verified; Network Associates, Inc.; VirusScan (Enterprise, ASaP & Retail.)>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 McAfeeFramework (McAfee Framework Service) - c:\program files\network associates\common framework\frameworkservice.exe /servicestart <Not Verified; Network Associates, Inc.; McAfee Common Framework>
R2 McTaskManager (Network Associates Task Manager) - "c:\program files\network associates\virusscan\vstskmgr.exe" <Not Verified; Network Associates, Inc.; VirusScan Enterprise>

S4 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
S4 Network Monitor - c:\program files\network monitor\netmon.exe service (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-11-26 00:13:03 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-10-29 and 2007-11-29 -----------------------------

2007-11-29 16:57:54 0 d-------- C:\Program Files\Panicware
2007-11-29 16:43:24 0 d-------- C:\Documents and Settings\ak\Application Data\U3
2007-11-29 13:02:33 0 d-------- C:\Documents and Settings\ak\Application Data\Grisoft
2007-11-29 13:02:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-29 12:57:16 0 d-------- C:\WINDOWS\pss
2007-11-29 01:20:41 0 d-------- C:\Documents and Settings\ak\Application Data\InterVideo
2007-11-29 00:18:54 0 d-------- C:\Program Files\InterActual
2007-11-28 22:00:46 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-11-28 14:40:47 6958 ---hs---- C:\WINDOWS\system32\knnmp.bak2
2007-11-28 10:03:34 0 d-------- C:\Program Files\Trend Micro
2007-11-28 02:40:40 6496 ---hs---- C:\WINDOWS\system32\knnmp.bak1
2007-11-28 02:39:25 323168 --a------ C:\WINDOWS\system32\pmnnk.dll
2007-11-28 02:20:02 0 d-------- C:\Program Files\Temporary
2007-11-28 02:19:14 46592 --a------ C:\WINDOWS\system32\drivers\FMTR.sys <Not Verified; LocusSoftware, Inc.; FMTR>
2007-11-28 02:19:10 0 d-------- C:\Program Files\SpyGuardPro
2007-11-28 02:19:10 0 d-------- C:\Program Files\Common Files\SpyGuardPro
2007-11-28 02:18:30 169147 --a------ C:\WINDOWS\TTC-4444.exe
2007-11-28 02:17:22 0 d-------- C:\WINDOWS\system32\?ymantec
2007-11-28 02:16:55 7713 --a------ C:\WINDOWS\system32\ldcore.dll
2007-11-28 02:16:49 35840 --a------ C:\WINDOWS\mrofinu77.exe
2007-11-28 02:16:20 36352 --a------ C:\WINDOWS\system32\cbxyvuu.dll
2007-11-28 02:16:16 0 d-------- C:\Documents and Settings\LocalService\Application Data\NetMon
2007-11-28 02:16:14 0 d-------- C:\Program Files\Network Monitor
2007-11-28 02:16:11 80640 --a------ C:\WINDOWS\system32\drivers\core.sys
2007-11-28 02:16:10 0 d-------- C:\WINDOWS\system32\m8
2007-11-28 02:16:10 0 d-------- C:\WINDOWS\system32\j2
2007-11-28 02:16:10 0 d-------- C:\WINDOWS\system32\c1
2007-11-28 02:16:07 0 d-------- C:\WINDOWS\system32\rMa02yy
2007-11-28 02:16:07 0 d-------- C:\Temp
2007-11-28 02:15:54 35840 --a------ C:\WINDOWS\winshow.exe <Not Verified; ; winshow>
2007-11-28 02:13:40 0 d-------- C:\WINDOWS\Sun
2007-11-28 02:03:10 0 d-------- C:\Program Files\Google
2007-11-26 00:14:35 0 d-------- C:\Program Files\iPod
2007-11-26 00:14:28 0 d-------- C:\Program Files\iTunes
2007-11-26 00:13:20 0 d-------- C:\Program Files\QuickTime
2007-11-26 00:13:00 0 d-------- C:\Program Files\Apple Software Update
2007-11-26 00:12:51 0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-11-26 00:12:11 0 d-------- C:\Program Files\Common Files\Apple
2007-11-26 00:12:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-11-25 21:02:00 0 d-------- C:\Program Files\mIRC
2007-11-25 21:02:00 0 d-------- C:\Documents and Settings\ak\Application Data\mIRC
2007-11-23 12:46:19 0 d-------- C:\Program Files\DivX
2007-11-23 11:43:19 0 d-------- C:\Documents and Settings\ak\Application Data\AdobeUM
2007-11-23 11:43:11 0 d-------- C:\Documents and Settings\ak\Application Data\Adobe
2007-11-23 11:43:02 0 d-------- C:\Program Files\Common Files\Adobe
2007-11-23 10:55:38 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2007-11-23 10:55:32 0 d-------- C:\Program Files\Codec Pack - All In 1
2007-11-23 08:53:07 0 d-------- C:\WINDOWS\RegisteredPackages
2007-11-23 08:51:45 0 d-------- C:\Program Files\Winamp
2007-11-23 08:51:45 0 d-------- C:\Documents and Settings\ak\Application Data\Winamp
2007-11-23 08:02:46 0 d-------- C:\Program Files\Overland
2007-11-23 07:49:35 0 d-------- C:\Program Files\Microsoft Works
2007-11-23 07:49:21 0 d-------- C:\Program Files\MSBuild
2007-11-23 07:47:32 0 d-------- C:\Program Files\Microsoft.NET
2007-11-23 07:39:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-11-22 19:54:35 0 d-------- C:\Documents and Settings\ak\Application Data\Macromedia
2007-11-22 19:54:28 1429 --a------ C:\WINDOWS\mozver.dat
2007-11-22 18:27:36 0 --a------ C:\WINDOWS\nsreg.dat
2007-11-22 18:27:27 0 d-------- C:\Documents and Settings\ak\Application Data\Mozilla
2007-11-21 23:47:15 0 d-------- C:\Old Akira files
2007-11-21 23:03:35 0 d-------- C:\ZSNES
2007-11-21 22:46:42 0 d-------- C:\Documents and Settings\ak\Application Data\OfficeUpdate12
2007-11-21 22:46:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2007-11-21 22:43:20 0 d-------- C:\WINDOWS\SHELLNEW
2007-11-21 22:39:19 0 dr-h----- C:\MSOCache
2007-11-21 22:24:03 0 d-------- C:\WINDOWS\network diagnostic
2007-11-21 22:19:51 0 d-------- C:\Program Files\MSXML 4.0
2007-11-21 21:55:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2007-11-21 21:49:02 0 d-------- C:\WINDOWS\system32\PreInstall
2007-11-21 21:49:00 0 d--h----- C:\WINDOWS\$hf_mig$
2007-11-21 21:46:17 0 d--hs---- C:\Documents and Settings\ak\UserData
2007-11-21 21:41:36 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-11-21 21:38:52 58048 --a------ C:\WINDOWS\system32\drivers\mvstdi5x.sys <Not Verified; Network Associates, Inc.; VirusScan>
2007-11-21 21:38:51 108256 --a------ C:\WINDOWS\system32\drivers\naiavf5x.sys <Not Verified; Network Associates, Inc.; VirusScan (Enterprise, ASaP & Retail.)>
2007-11-21 21:38:33 0 d-------- C:\Program Files\Common Files\Network Associates
2007-11-21 21:28:55 0 d-------- C:\Program Files\Common Files\Cisco Systems
2007-11-21 21:28:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Network Associates
2007-11-21 21:28:02 0 d-------- C:\Program Files\Network Associates
2007-11-21 21:22:36 0 d-------- C:\CD files
2007-11-21 21:21:53 0 d-------- C:\Applications
2007-11-21 21:17:37 0 d-------- C:\Documents and Settings\ak\Application Data\Apple Computer
2007-11-21 21:17:24 0 d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
2007-11-21 21:17:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-11-21 21:17:05 0 d-------- C:\WINDOWS\Downloaded Installations
2007-11-21 21:14:55 483328 --a------ C:\WINDOWS\system32\hphmon05.exe <Not Verified; Hewlett-Packard; HP Photosmart>
2007-11-21 21:14:43 6848 --a------ C:\WINDOWS\system32\hphmon05.dat
2007-11-21 21:14:41 0 d-------- C:\Program Files\Hewlett-Packard
2007-11-21 21:14:38 4308 -----n--- C:\WINDOWS\hphmdl01.dat
2007-11-21 21:14:38 18403 --a------ C:\WINDOWS\HPHins01.dat
2007-11-21 21:12:02 44544 -ra------ C:\WINDOWS\system32\MSXML4a.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 4.0 SP1>
2007-11-21 21:12:02 626960 -ra------ C:\WINDOWS\system32\hpvaut32.dll <Not Verified; Microsoft Corporation; >
2007-11-21 21:11:42 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2007-11-21 21:08:34 0 d-------- C:\Program Files\Common Files\HP
2007-11-21 21:05:53 0 d-------- C:\Program Files\HP
2007-11-21 21:05:26 38867 -----n--- C:\WINDOWS\hpomdl03.dat
2007-11-21 21:05:26 29072 --a------ C:\WINDOWS\hpoins03.dat
2007-11-21 21:04:06 0 d-------- C:\WINDOWS\system32\URTTemp
2007-11-21 21:02:56 0 d-------- C:\Documents and Settings\ak\Application Data\Sun
2007-11-21 21:02:44 0 d-------- C:\Program Files\Java
2007-11-21 21:02:32 0 d-------- C:\Documents and Settings\ak\Application Data\Sonic
2007-11-21 21:02:19 0 d-------- C:\Program Files\Common Files\SureThing Shared
2007-11-21 21:02:18 0 d-------- C:\Program Files\Sonic
2007-11-21 21:02:18 0 d-------- C:\Program Files\RecordNow!
2007-11-21 21:01:00 0 d-------- C:\Program Files\Common Files\Intuit
2007-11-21 21:00:50 0 d-------- C:\Program Files\Quicken
2007-11-21 20:59:08 0 d-------- C:\Documents and Settings\ak\Application Data\Symantec
2007-11-21 20:58:57 0 d-------- C:\Program Files\Symantec
2007-11-21 20:58:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-11-21 20:58:13 0 d-------- C:\Documents and Settings\All Users\Application Data\muvee Technologies
2007-11-21 20:37:27 0 d-------- C:\Program Files\InterVideo
2007-11-21 20:36:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-11-21 20:36:13 991232 -ra------ C:\WINDOWS\system32\W22MLRES.DLL <Not Verified; Intel Corporation; Intel(R) PRO/Wireless 7100 Adapter>
2007-11-21 20:36:13 0 d-------- C:\Program Files\Intel
2007-11-21 20:35:08 0 d-------- C:\Program Files\ATI Technologies
2007-11-21 20:34:43 0 d-------- C:\Program Files\Synaptics
2007-11-21 20:21:21 32356 -----n--- C:\WINDOWS\system32\pusbfd1.sys <Not Verified; Phoenix Technologies K.K.; USB FDD DRIVER>
2007-11-21 20:21:21 0 d-------- C:\swsetup
2007-11-21 20:21:18 0 d-------- C:\Program Files\HPQ
2007-11-21 20:20:49 0 d-------- C:\WINDOWS\Options
2007-11-21 20:20:44 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2007-11-21 20:19:59 30208 --a------ C:\WINDOWS\system32\wdmioctl.dll <Not Verified; Analog Devices Inc.; Analog Devices Inc. wdmioctl>
2007-11-21 20:19:59 1285632 --a------ C:\WINDOWS\system32\SMMedia.dll <Not Verified; Analog Devices; SoundMAX Integrated Digital Audio>
2007-11-21 20:19:58 978944 --a------ C:\WINDOWS\SynthCoreA.Dll <Not Verified; Analog Devices, Inc.; SoundMAX Wavetable>
2007-11-21 20:19:57 45056 --a------ C:\WINDOWS\system32\SynthCore11Resources.dll <Not Verified; Analog Devices, Inc.; Analog Devices, Inc. SynthCore11Resources>
2007-11-21 20:19:57 40820 --a------ C:\WINDOWS\system32\Syncor11.dll <Not Verified; SoundMAX; Staccato Systems SynthCore R2.0 Synthesizer>
2007-11-21 20:19:57 49152 --a------ C:\WINDOWS\system32\S11thk32.dll <Not Verified; SoundMAX; Staccato Systems SynthCore R2.0 Synthesizer>
2007-11-21 20:19:57 380928 --a------ C:\WINDOWS\SynCor.exe <Not Verified; Analog Devices, Inc.; SynthCore>
2007-11-21 20:19:56 765952 --a------ C:\WINDOWS\system\crlds3d.dll <Not Verified; Sensaura Ltd; Sensaura 3DPA>
2007-11-21 20:19:55 0 d-------- C:\WINDOWS\VirtualEar
2007-11-21 20:19:53 44 --a------ C:\WINDOWS\system32\msssc.dll
2007-11-21 20:19:53 49152 --a------ C:\WINDOWS\system32\DSndUp.exe <Not Verified; Analog Devices Inc.; adi DSndUp>
2007-11-21 20:19:53 45056 --a------ C:\WINDOWS\system32\CleanUp.exe <Not Verified; adi; adi CleanUp>
2007-11-21 20:19:53 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-21 20:19:53 0 d-------- C:\Program Files\Analog Devices
2007-11-21 20:19:49 0 d-------- C:\Program Files\Common Files\InstallShield
2007-11-21 20:19:37 0 d-a------ C:\hp
2007-11-21 20:19:12 0 d-------- C:\SYSTEM.SAV
2007-11-21 20:18:26 0 d-------- C:\Documents and Settings\ak\Application Data\Identities
2007-11-21 20:18:19 0 dr------- C:\Documents and Settings\ak\Favorites
2007-11-21 20:18:19 0 d-------- C:\Documents and Settings\ak\Desktop
2007-11-21 20:18:19 0 d--hs---- C:\Documents and Settings\ak\Cookies
2007-11-21 20:18:19 0 dr-h----- C:\Documents and Settings\ak\Application Data
2007-11-21 20:18:18 0 d--h----- C:\Documents and Settings\ak\Templates
2007-11-21 20:18:18 0 dr------- C:\Documents and Settings\ak\Start Menu
2007-11-21 20:18:18 0 dr-h----- C:\Documents and Settings\ak\SendTo
2007-11-21 20:18:18 0 dr-h----- C:\Documents and Settings\ak\Recent
2007-11-21 20:18:18 0 d--h----- C:\Documents and Settings\ak\PrintHood
2007-11-21 20:18:18 2621440 --ah----- C:\Documents and Settings\ak\NTUSER.DAT
2007-11-21 20:18:18 0 d--h----- C:\Documents and Settings\ak\NetHood
2007-11-21 20:18:18 0 dr------- C:\Documents and Settings\ak\My Documents
2007-11-21 20:18:18 0 d--h----- C:\Documents and Settings\ak\Local Settings
2007-11-21 20:17:09 0 d-------- C:\WINDOWS\SoftwareDistribution
2007-11-21 20:17:07 0 d---s---- C:\WINDOWS\system32\Microsoft
2007-11-21 20:17:07 0 d-------- C:\WINDOWS\Prefetch
2007-11-21 20:17:05 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2007-11-21 20:17:05 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2007-11-21 20:17:05 0 d-------- C:\Documents and Settings\LocalService\Application Data
2007-11-21 20:17:05 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2007-11-21 20:17:04 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2007-11-21 20:16:33 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2007-11-21 20:16:33 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2007-11-21 20:16:33 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2007-11-21 20:16:33 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2007-11-21 20:16:32 262144 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2007-11-21 20:13:08 0 d-------- C:\WINDOWS\system32\xircom
2007-11-21 20:13:08 0 d-------- C:\Program Files\microsoft frontpage
2007-11-21 20:13:05 225280 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2007-11-21 20:12:57 0 -rahs---- C:\MSDOS.SYS
2007-11-21 20:12:57 0 -rahs---- C:\IO.SYS
2007-11-21 20:12:57 0 --a------ C:\CONFIG.SYS
2007-11-21 20:12:57 0 --a------ C:\AUTOEXEC.BAT
2007-11-21 20:11:57 0 d--hs---- C:\Documents and Settings\All Users\DRM
2007-11-21 20:11:46 0 dr------- C:\WINDOWS\Offline Web Pages
2007-11-21 20:11:46 0 d---s---- C:\WINDOWS\Downloaded Program Files
2007-11-21 20:11:34 0 d--h----- C:\Program Files\WindowsUpdate
2007-11-21 20:11:14 0 d-------- C:\WINDOWS\system32\DirectX
2007-11-21 20:10:50 0 d---s---- C:\WINDOWS\Tasks
2007-11-21 20:10:49 0 d-------- C:\Program Files\Common Files\MSSoap
2007-11-21 20:10:46 0 d-------- C:\WINDOWS\srchasst
2007-11-21 20:10:45 0 d-------- C:\WINDOWS\system32\Macromed
2007-11-21 20:10:39 0 d-------- C:\Program Files\Movie Maker
2007-11-21 20:10:33 0 d-------- C:\WINDOWS\system32\Restore
2007-11-21 20:10:17 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-11-21 20:09:55 0 d-------- C:\WINDOWS\Registration
2007-11-21 20:09:25 0 d-------- C:\Program Files\Online Services
2007-11-21 20:09:20 0 d-------- C:\Program Files\Messenger
2007-11-21 20:09:16 0 d-------- C:\Program Files\MSN Gaming Zone
2007-11-21 20:08:46 0 d-------- C:\Program Files\Windows NT
2007-11-21 20:08:44 0 d-------- C:\WINDOWS\system32\MsDtc
2007-11-21 20:08:42 0 d-------- C:\WINDOWS\system32\Com
2007-11-21 11:44:22 0 d--hs---- C:\WINDOWS\Installer
2007-11-21 11:44:21 0 d-------- C:\Program Files\Common Files\ODBC
2007-11-21 11:44:18 0 dr------- C:\Program Files
2007-11-21 11:44:18 0 d-------- C:\Program Files\Common Files
2007-11-21 11:44:18 0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-11-21 11:42:31 0 d--h----- C:\Documents and Settings\Default User\Templates
2007-11-21 11:42:31 0 dr------- C:\Documents and Settings\Default User\Start Menu
2007-11-21 11:42:31 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2007-11-21 11:42:31 0 d--h----- C:\Documents and Settings\Default User\Recent
2007-11-21 11:42:31 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2007-11-21 11:42:31 0 d--h----- C:\Documents and Settings\Default User\NetHood
2007-11-21 11:42:31 0 d-------- C:\Documents and Settings\Default User\My Documents
2007-11-21 11:42:31 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2007-11-21 11:42:31 0 d-------- C:\Documents and Settings\Default User\Favorites
2007-11-21 11:42:31 0 d-------- C:\Documents and Settings\Default User\Desktop
2007-11-21 11:42:31 0 d---s---- C:\Documents and Settings\Default User\Cookies
2007-11-21 11:42:31 0 d--h----- C:\Documents and Settings\All Users\Templates
2007-11-21 11:42:31 0 dr------- C:\Documents and Settings\All Users\Start Menu
2007-11-21 11:42:31 0 d-------- C:\Documents and Settings\All Users\Favorites
2007-11-21 11:42:31 0 dr------- C:\Documents and Settings\All Users\Documents
2007-11-21 11:42:31 0 d-------- C:\Documents and Settings\All Users\Desktop
2007-11-21 11:42:19 0 d-------- C:\WINDOWS\system32\CatRoot2
2007-11-21 11:42:19 0 d-------- C:\WINDOWS\system32\CatRoot
2007-11-21 11:42:13 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2007-11-21 11:42:13 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2007-11-21 11:42:13 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2007-11-21 11:42:13 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2007-11-21 11:41:52 0 d--hs---- C:\System Volume Information
2007-11-21 11:41:52 0 d-------- C:\Documents and Settings
2007-11-21 11:35:25 0 d-------- C:\WINDOWS
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\WinSxS
2007-11-21 11:35:25 0 dr------- C:\WINDOWS\Web
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\twain_32
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\system32
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\system32\wins
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\system32\wbem
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\system32\usmt
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\system32\spool
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\system32\ShellExt
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\system32\Setup
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\system32\ras
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\system32\oobe
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\system32\npp
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\system32\mui
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\system32\inetsrv
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\system32\IME
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\system32\icsxml
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\system32\ias
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\system32\export
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\system32\drivers
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\system32\drivers\etc
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\system32\drivers\disdn
2007-11-21 11:35:25 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\system32\dhcp
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\system32\config
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\system32\3com_dmi
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\system32\3076
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\system32\2052
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\system32\1054
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\system32\1042
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\system32\1041
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\system32\1037
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\system32\1033
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\system32\1031
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\system32\1028
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\system32\1025
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\system
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\security
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\Resources
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\repair
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\Provisioning
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\PeerNet
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\pchealth
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\mui
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\msapps
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\msagent
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\Media
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\java
2007-11-21 11:35:25 0 d--h----- C:\WINDOWS\inf
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\ime
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\Help
2007-11-21 11:35:25 0 dr--s---- C:\WINDOWS\Fonts
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\Driver Cache
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\Debug
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\Cursors
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\Connection Wizard
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\Config
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\AppPatch
2007-11-21 11:35:25 0 d-------- C:\WINDOWS\addins


-- Find3M Report ---------------------------------------------------------------

2007-11-21 11:42:31 62 --ahs---- C:\Documents and Settings\ak\Application Data\desktop.ini
2007-10-22 10:57:52 524288 --a------ C:\WINDOWS\opuc.dll <Not Verified; Microsoft Corporation; 2007 Microsoft Office system>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07DF5A2D-5ADF-4733-A04B-FBBEBECE644F}]
C:\Program Files\Internet Explorer\hokesocul83122.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4CB8F4B4-5F66-4D9E-BC3B-184596A58824}]
11/28/2007 02:16 AM 36352 --a------ C:\WINDOWS\system32\cbxyvuu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4D48E27F-7788-4CA9-CD87-54DD00C172C7}]
C:\Program Files\Windows Media Player\lavum443.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{90BC83F4-06EE-4ED0-84E2-19B423EC3A95}]
11/28/2007 02:39 AM 323168 --a------ C:\WINDOWS\system32\pmnnk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AD1C57AC-7F14-4FB4-9F48-09807E9F12B7}]
C:\Program Files\Internet Explorer\hokesocul4444.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [11/14/2007 11:43 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 01:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 04:00 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\Windows Media Player\profsyb.html
FriendlyName=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4CB8F4B4-5F66-4D9E-BC3B-184596A58824}"= C:\WINDOWS\system32\cbxyvuu.dll [11/28/2007 02:16 AM 36352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxyvuu]
cbxyvuu.dll 11/28/2007 02:16 AM 36352 C:\WINDOWS\system32\cbxyvuu.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\pmnnk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecordNow!]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Ati HotKey Poller"=2 (0x2)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\LaunchU3.exe -a




-- End of Deckard's System Scanner: finished at 2007-11-29 18:07:17 ------------
Attached Files
File Type: txt extra.txt (16.2 KB, 1 views)
gezuz is offline