Tech Support Forum - View Single Post

jim54m · 12-07-2007, 10:59 AM

Deckard's System Scanner v20071014.68
Run by James on 2007-12-07 17:56:23
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
100: 2007-12-07 17:56:34 UTC - RP279 - Deckard's System Scanner Restore Point
99: 2007-12-07 07:25:25 UTC - RP278 - Software Distribution Service 3.0
98: 2007-12-06 07:16:39 UTC - RP277 - Software Distribution Service 3.0
97: 2007-12-04 21:49:58 UTC - RP276 - System Checkpoint
96: 2007-12-02 15:22:32 UTC - RP275 - Installed BitDefender Free Edition v10

-- First Restore Point --
1: 2007-09-08 16:26:18 UTC - RP180 - Installed Sony Ericsson PC Suite

Performed disk cleanup.

-- HijackThis (run as James.exe) -----------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-12-07 17:57:29
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\mysql\bin\mysqld-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\James\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/downlo...eckControl.cab
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/pub...irector/sw.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/.../GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} () - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab Class) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1188945964765
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get.../ultrashim.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.broadbandassist.com/preq...ivePreQual.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O18 - Protocol: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O20 - AppInit_DLLs: sockspy.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\system32\WRLogonNTF.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: lxcr_device - Unknown owner - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: MySQL - Unknown owner - C:\mysql\bin\mysqld-nt.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\system32\PAStiSvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 11126 bytes

-- File Associations -----------------------------------------------------------

.js - JSFile - shell\open\command - %SystemRoot%\System32\CScript.exe "%1" %*
.reg - unable to read key
.reg - unable to read key
.reg - unable to read key
.vbs - VBSFile - shell\open\command - %SystemRoot%\System32\CScript.exe "%1" %*

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
R3 SFilter (PCTools Driver) - c:\windows\system32\drivers\pctfw.sys <Not Verified; PC Tools; PC Tools NDIS Driver>

S3 Ad-Watch Connect Filter (Ad-Watch Connect Kernel Filter) - c:\windows\system32\drivers\nsdriver.sys (file missing)
S3 BDFsDrv - c:\program files\softwin\bitdefender10\bdfsdrv.sys (file missing)
S3 BDRsDrv - c:\program files\softwin\bitdefender10\bdrsdrv.sys (file missing)
S3 BOCDRIVE (BOClean Kernel Monitor.) - c:\program files\comodo\cboclean\bocdrive.sys (file missing)
S3 catchme - c:\docume~1\james\locals~1\temp\catchme.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 MySQL - c:\mysql\bin\mysqld-nt.exe mysql

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) 82915G/GV/910GL Express Chipset Family
Device ID: PCI\VEN_8086&DEV_2582&SUBSYS_01C41028&REV_04\3&172E68DD&0&10
Manufacturer: Intel Corporation
Name: Intel(R) 82915G/GV/910GL Express Chipset Family
PNP Device ID: PCI\VEN_8086&DEV_2582&SUBSYS_01C41028&REV_04\3&172E68DD&0&10
Service: ialm

-- Scheduled Tasks -------------------------------------------------------------

2007-12-07 17:22:08 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2007-12-07 15:00:00 408 --a------ C:\WINDOWS\Tasks\Norton Security Scan.job

-- Files created between 2007-11-07 and 2007-12-07 -----------------------------

2007-12-02 15:51:20 0 d-------- C:\Documents and Settings\James\Application Data\Bitdefender
2007-12-02 15:28:21 81984 --a------ C:\WINDOWS\system32\bdod.bin
2007-12-02 15:22:38 0 d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2007-12-02 13:47:49 0 d-------- C:\WINDOWS\BDOSCAN8
2007-12-02 12:13:54 0 d-------- C:\WINDOWS\system32\vmm32
2007-11-30 17:37:09 0 dr-h----- C:\Documents and Settings\James\Recent
2007-11-26 20:54:59 0 d-------- C:\Documents and Settings\James\.housecall6.6
2007-11-26 20:39:59 0 d-------- C:\Program Files\HiWired
2007-11-26 20:38:37 0 d-------- C:\Documents and Settings\All Users\Application Data\HiWired
2007-11-25 17:10:00 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-11-24 10:47:22 0 d-------- C:\Program Files\Windows Defender
2007-11-21 21:15:42 235008 --a------ C:\WINDOWS\UNBOC.EXE <Not Verified; COMODO; COMODO BOClean - Anti-Malware>
2007-11-21 21:15:41 208896 --a------ C:\WINDOWS\CMDLIC.DLL <Not Verified; COMODO; COMODO BOClean - AntiMalware>
2007-11-20 16:50:33 0 d-------- C:\Program Files\ContextTool
2007-11-14 22:48:33 0 d-------- C:\Intel
2007-11-14 21:56:19 120832 --a------ C:\WINDOWS\system32\drivers\pctfw.sys <Not Verified; PC Tools; PC Tools NDIS Driver>
2007-11-14 21:56:16 0 d-------- C:\Program Files\Common Files\PC Tools
2007-11-14 21:56:14 0 d-------- C:\Program Files\PC Tools Firewall Plus
2007-11-14 11:17:31 0 d-------- C:\Program Files\TweakNow RegCleaner Std
2007-11-14 11:04:20 0 d-------- C:\Documents and Settings\James\Application Data\UpdateStar
2007-11-13 17:19:08 164352 --a------ C:\WINDOWS\system32\unrar.dll
2007-11-13 17:19:03 217088 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2007-11-13 17:19:02 282624 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-11-13 17:19:02 1559040 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-11-13 17:19:01 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-11-13 17:19:01 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-11-13 17:19:00 739840 --a------ C:\WINDOWS\system32\divx.dll <Not Verified; DivX, Inc.; DivX®>
2007-11-13 17:18:59 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-11-13 17:18:55 0 d-------- C:\Program Files\K-Lite Codec Pack
2007-11-13 17:18:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Real
2007-11-07 20:33:22 0 d-------- C:\Documents and Settings\James\Application Data\StarOffice8
2007-11-07 20:18:48 0 d-------- C:\Program Files\Sun
2007-11-07 19:45:04 0 d-------- C:\Program Files\Norton Security Scan

-- Find3M Report ---------------------------------------------------------------

2007-12-06 07:28:06 0 d-------- C:\Program Files\Spyware Doctor
2007-12-05 16:46:43 0 d-------- C:\Program Files\RegScrubXP
2007-12-02 17:24:37 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-12-02 16:11:19 0 d-------- C:\Program Files\PersonalWebKit3
2007-12-02 16:02:50 0 d-------- C:\Program Files\Google
2007-12-02 15:21:47 0 d-------- C:\Program Files\Common Files
2007-12-02 12:13:53 0 d-------- C:\Program Files\Dell
2007-11-20 12:16:30 0 d-------- C:\Program Files\LimeWire
2007-11-14 22:37:35 0 d-------- C:\Program Files\Common Files\Adobe
2007-11-14 21:26:29 0 d-------- C:\Program Files\Winamp
2007-11-13 17:18:18 0 d-------- C:\Program Files\Common Files\Real
2007-11-13 17:17:53 0 d-------- C:\Documents and Settings\James\Application Data\Real
2007-11-08 09:43:44 0 d-------- C:\Program Files\lx_cats
2007-11-02 18:25:41 0 d-------- C:\Program Files\Driver-Soft
2007-11-02 15:40:00 0 d-------- C:\Program Files\Philips
2007-11-02 15:39:15 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-02 15:39:02 0 d-------- C:\Documents and Settings\James\Application Data\InstallShield
2007-11-02 13:52:01 0 d-------- C:\Program Files\Windows NT
2007-10-31 12:44:12 0 d-------- C:\Program Files\Navman
2007-10-27 11:05:30 0 d-------- C:\Program Files\EA Games
2007-10-27 09:00:21 0 d-------- C:\Program Files\Audacity
2007-10-27 08:59:47 0 d-------- C:\Documents and Settings\James\Application Data\GetRightToGo
2007-10-26 15:17:11 0 d-------- C:\Program Files\Atari
2007-10-25 10:26:48 53248 --a------ C:\WINDOWS\bdoscandel.exe
2007-10-24 17

27 0 d-------- C:\Program Files\Ashampoo
2007-10-12 12:23:12 0 d-------- C:\Program Files\ShortKeys2
2007-10-12 12:22:16 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2007-10-09 15:03:58 0 d-------- C:\Program Files\Common Files\EasyInfo
2007-09-24 18:23:27 230432 --a------ C:\StiImg.dat
2007-09-21 16:28:11 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 00:11]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [10/06/2005 09:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [10/06/2005 09:44]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/04/2006 13:35]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [12/07/2005 18:05]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [25/10/2007 16:20]
"00PCTFW"="C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" [05/11/2007 15:07]
"lxcrmon.exe"="C:\Program Files\Lexmark 2400 Series\lxcrmon.exe" [22/01/2006 17:45]
"EzPrint"="C:\Program Files\Lexmark 2400 Series\ezprint.exe" [07/02/2006 05:10]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [02/02/2006 08:11]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [02/10/2007 16:27]
"nwiz"="nwiz.exe" [24/07/2006 14:59 C:\WINDOWS\system32\nwiz.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 19:51]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03/11/2006 19:20]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [24/07/2006 14:59]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [14/10/2005 15:49]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [14/10/2005 15:46]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [14/10/2005 15:50]
"BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [02/04/2007 16:48]
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [26/03/2007 15:49]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [19/07/2004 06:51]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 04:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [15/06/2007 12:22]

-- Hosts -----------------------------------------------------------------------

127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com

7517 more entries in hosts file.

-- End of Deckard's System Scanner: finished at 2007-12-07 17:59:13 ------------

12-07-2007, 10:59 AM	#5 (permalink)
jim54m Registered User Join Date: Nov 2007 Location: uk londoner Posts: 6 OS: windows xp	Re: help please curser and internet exp 7 Deckard's System Scanner v20071014.68 Run by James on 2007-12-07 17:56:23 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 100: 2007-12-07 17:56:34 UTC - RP279 - Deckard's System Scanner Restore Point 99: 2007-12-07 07:25:25 UTC - RP278 - Software Distribution Service 3.0 98: 2007-12-06 07:16:39 UTC - RP277 - Software Distribution Service 3.0 97: 2007-12-04 21:49:58 UTC - RP276 - System Checkpoint 96: 2007-12-02 15:22:32 UTC - RP275 - Installed BitDefender Free Edition v10 -- First Restore Point -- 1: 2007-09-08 16:26:18 UTC - RP180 - Installed Sony Ericsson PC Suite Performed disk cleanup. -- HijackThis (run as James.exe) ----------------------------------------------- Unable to find log (file not found); running clone. -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2007-12-07 17:57:29 Platform: Windows XP Service Pack 2 (5.01.2600) MSIE: Internet Explorer (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\system32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\PC Tools Firewall Plus\FWService.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\explorer.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe C:\Program Files\Lexmark 2400 Series\lxcrmon.exe C:\Program Files\Lexmark 2400 Series\ezprint.exe C:\Program Files\Spyware Doctor\SDTrayApp.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Softwin\BitDefender10\bdmcon.exe C:\Program Files\Softwin\BitDefender10\bdagent.exe C:\Program Files\Dell Support\DSAgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\mysql\bin\mysqld-nt.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Spyware Doctor\svcntaux.exe C:\Program Files\Spyware Doctor\swdsvc.exe C:\WINDOWS\system32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\Softwin\BitDefender10\vsserv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\lxcrcoms.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\James\Desktop\dss.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.co.uk/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe" O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe" O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/downlo...eckControl.cab O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/pub...irector/sw.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/.../GAME_UNO1.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} () - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab Class) - http://www.systemrequirementslab.com/sysreqlab2.cab O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1188945964765 O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get.../ultrashim.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.broadbandassist.com/preq...ivePreQual.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab O18 - Protocol: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll O20 - AppInit_DLLs: sockspy.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\system32\WRLogonNTF.dll (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe O23 - Service: lxcr_device - Unknown owner - C:\WINDOWS\system32\lxcrcoms.exe O23 - Service: MySQL - Unknown owner - C:\mysql\bin\mysqld-nt.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\system32\PAStiSvc.exe O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe -- End of file - 11126 bytes -- File Associations ----------------------------------------------------------- .js - JSFile - shell\open\command - %SystemRoot%\System32\CScript.exe "%1" %* .reg - unable to read key .reg - unable to read key .reg - unable to read key .vbs - VBSFile - shell\open\command - %SystemRoot%\System32\CScript.exe "%1" %* -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell> R3 SFilter (PCTools Driver) - c:\windows\system32\drivers\pctfw.sys <Not Verified; PC Tools; PC Tools NDIS Driver> S3 Ad-Watch Connect Filter (Ad-Watch Connect Kernel Filter) - c:\windows\system32\drivers\nsdriver.sys (file missing) S3 BDFsDrv - c:\program files\softwin\bitdefender10\bdfsdrv.sys (file missing) S3 BDRsDrv - c:\program files\softwin\bitdefender10\bdrsdrv.sys (file missing) S3 BOCDRIVE (BOClean Kernel Monitor.) - c:\program files\comodo\cboclean\bocdrive.sys (file missing) S3 catchme - c:\docume~1\james\locals~1\temp\catchme.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 MySQL - c:\mysql\bin\mysqld-nt.exe mysql -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318} Description: Intel(R) 82915G/GV/910GL Express Chipset Family Device ID: PCI\VEN_8086&DEV_2582&SUBSYS_01C41028&REV_04\3&172E68DD&0&10 Manufacturer: Intel Corporation Name: Intel(R) 82915G/GV/910GL Express Chipset Family PNP Device ID: PCI\VEN_8086&DEV_2582&SUBSYS_01C41028&REV_04\3&172E68DD&0&10 Service: ialm -- Scheduled Tasks ------------------------------------------------------------- 2007-12-07 17:22:08 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job 2007-12-07 15:00:00 408 --a------ C:\WINDOWS\Tasks\Norton Security Scan.job -- Files created between 2007-11-07 and 2007-12-07 ----------------------------- 2007-12-02 15:51:20 0 d-------- C:\Documents and Settings\James\Application Data\Bitdefender 2007-12-02 15:28:21 81984 --a------ C:\WINDOWS\system32\bdod.bin 2007-12-02 15:22:38 0 d-------- C:\Documents and Settings\All Users\Application Data\BitDefender 2007-12-02 13:47:49 0 d-------- C:\WINDOWS\BDOSCAN8 2007-12-02 12:13:54 0 d-------- C:\WINDOWS\system32\vmm32 2007-11-30 17:37:09 0 dr-h----- C:\Documents and Settings\James\Recent 2007-11-26 20:54:59 0 d-------- C:\Documents and Settings\James\.housecall6.6 2007-11-26 20:39:59 0 d-------- C:\Program Files\HiWired 2007-11-26 20:38:37 0 d-------- C:\Documents and Settings\All Users\Application Data\HiWired 2007-11-25 17:10:00 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot 2007-11-24 10:47:22 0 d-------- C:\Program Files\Windows Defender 2007-11-21 21:15:42 235008 --a------ C:\WINDOWS\UNBOC.EXE <Not Verified; COMODO; COMODO BOClean - Anti-Malware> 2007-11-21 21:15:41 208896 --a------ C:\WINDOWS\CMDLIC.DLL <Not Verified; COMODO; COMODO BOClean - AntiMalware> 2007-11-20 16:50:33 0 d-------- C:\Program Files\ContextTool 2007-11-14 22:48:33 0 d-------- C:\Intel 2007-11-14 21:56:19 120832 --a------ C:\WINDOWS\system32\drivers\pctfw.sys <Not Verified; PC Tools; PC Tools NDIS Driver> 2007-11-14 21:56:16 0 d-------- C:\Program Files\Common Files\PC Tools 2007-11-14 21:56:14 0 d-------- C:\Program Files\PC Tools Firewall Plus 2007-11-14 11:17:31 0 d-------- C:\Program Files\TweakNow RegCleaner Std 2007-11-14 11:04:20 0 d-------- C:\Documents and Settings\James\Application Data\UpdateStar 2007-11-13 17:19:08 164352 --a------ C:\WINDOWS\system32\unrar.dll 2007-11-13 17:19:03 217088 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec> 2007-11-13 17:19:02 282624 --a------ C:\WINDOWS\system32\xvidvfw.dll 2007-11-13 17:19:02 1559040 --a------ C:\WINDOWS\system32\xvidcore.dll 2007-11-13 17:19:01 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2007-11-13 17:19:01 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100> 2007-11-13 17:19:00 739840 --a------ C:\WINDOWS\system32\divx.dll <Not Verified; DivX, Inc.; DivX®> 2007-11-13 17:18:59 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-11-13 17:18:55 0 d-------- C:\Program Files\K-Lite Codec Pack 2007-11-13 17:18:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Real 2007-11-07 20:33:22 0 d-------- C:\Documents and Settings\James\Application Data\StarOffice8 2007-11-07 20:18:48 0 d-------- C:\Program Files\Sun 2007-11-07 19:45:04 0 d-------- C:\Program Files\Norton Security Scan -- Find3M Report --------------------------------------------------------------- 2007-12-06 07:28:06 0 d-------- C:\Program Files\Spyware Doctor 2007-12-05 16:46:43 0 d-------- C:\Program Files\RegScrubXP 2007-12-02 17:24:37 0 d-------- C:\Program Files\Common Files\Symantec Shared 2007-12-02 16:11:19 0 d-------- C:\Program Files\PersonalWebKit3 2007-12-02 16:02:50 0 d-------- C:\Program Files\Google 2007-12-02 15:21:47 0 d-------- C:\Program Files\Common Files 2007-12-02 12:13:53 0 d-------- C:\Program Files\Dell 2007-11-20 12:16:30 0 d-------- C:\Program Files\LimeWire 2007-11-14 22:37:35 0 d-------- C:\Program Files\Common Files\Adobe 2007-11-14 21:26:29 0 d-------- C:\Program Files\Winamp 2007-11-13 17:18:18 0 d-------- C:\Program Files\Common Files\Real 2007-11-13 17:17:53 0 d-------- C:\Documents and Settings\James\Application Data\Real 2007-11-08 09:43:44 0 d-------- C:\Program Files\lx_cats 2007-11-02 18:25:41 0 d-------- C:\Program Files\Driver-Soft 2007-11-02 15:40:00 0 d-------- C:\Program Files\Philips 2007-11-02 15:39:15 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-11-02 15:39:02 0 d-------- C:\Documents and Settings\James\Application Data\InstallShield 2007-11-02 13:52:01 0 d-------- C:\Program Files\Windows NT 2007-10-31 12:44:12 0 d-------- C:\Program Files\Navman 2007-10-27 11:05:30 0 d-------- C:\Program Files\EA Games 2007-10-27 09:00:21 0 d-------- C:\Program Files\Audacity 2007-10-27 08:59:47 0 d-------- C:\Documents and Settings\James\Application Data\GetRightToGo 2007-10-26 15:17:11 0 d-------- C:\Program Files\Atari 2007-10-25 10:26:48 53248 --a------ C:\WINDOWS\bdoscandel.exe 2007-10-24 1727 0 d-------- C:\Program Files\Ashampoo 2007-10-12 12:23:12 0 d-------- C:\Program Files\ShortKeys2 2007-10-12 12:22:16 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE 2007-10-09 15:03:58 0 d-------- C:\Program Files\Common Files\EasyInfo 2007-09-24 18:23:27 230432 --a------ C:\StiImg.dat 2007-09-21 16:28:11 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; > -- Registry Dump --------------------------------------------------------------- Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 00:11] "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [10/06/2005 09:44] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [10/06/2005 09:44] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/04/2006 13:35] "MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [12/07/2005 18:05] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [25/10/2007 16:20] "00PCTFW"="C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" [05/11/2007 15:07] "lxcrmon.exe"="C:\Program Files\Lexmark 2400 Series\lxcrmon.exe" [22/01/2006 17:45] "EzPrint"="C:\Program Files\Lexmark 2400 Series\ezprint.exe" [07/02/2006 05:10] "FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [02/02/2006 08:11] "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [02/10/2007 16:27] "nwiz"="nwiz.exe" [24/07/2006 14:59 C:\WINDOWS\system32\nwiz.exe] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 19:51] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03/11/2006 19:20] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [24/07/2006 14:59] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [14/10/2005 15:49] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [14/10/2005 15:46] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [14/10/2005 15:50] "BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [02/04/2007 16:48] "BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [26/03/2007 15:49] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [19/07/2004 06:51] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 04:00] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [15/06/2007 12:22] -- Hosts ----------------------------------------------------------------------- 127.0.0.1 007guard.com 127.0.0.1 www.007guard.com 127.0.0.1 008i.com 127.0.0.1 008k.com 127.0.0.1 www.008k.com 127.0.0.1 00hq.com 127.0.0.1 www.00hq.com 127.0.0.1 010402.com 127.0.0.1 032439.com 127.0.0.1 www.032439.com 7517 more entries in hosts file. -- End of Deckard's System Scanner: finished at 2007-12-07 17:59:13 ------------