Thread: Hello
View Single Post
Old 01-09-2008, 08:34 AM   #3 (permalink)
Psyko Khaos
Registered User
 
Join Date: Jan 2008
Posts: 5
OS: xp


Re: Hello
Thanks. Here it is.

Deckard's System Scanner v20071014.68
Run by Kody James on 2008-01-09 09:25:59
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
100: 2008-01-09 15:26:06 UTC - RP165 - Deckard's System Scanner Restore Point
99: 2008-01-08 18:41:45 UTC - RP164 - System Checkpoint
98: 2008-01-07 18:20:31 UTC - RP163 - Installed Windows Media Connect WMCSetup.
97: 2008-01-07 16:36:22 UTC - RP162 - Removed SUPERAntiSpyware Free Edition
96: 2008-01-07 06:32:26 UTC - RP161 - Installed SUPERAntiSpyware Free Edition


-- First Restore Point --
1: 2007-10-12 09:11:51 UTC - RP66 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Kody James.exe) ------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:26:58 AM, on 1/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Kody James\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Kody James.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: BDEX System - {93289CD1-5615-4994-9FD4-FD11A9F6A66D} - C:\WINDOWS\dxpvqlmnsr.dll
O3 - Toolbar: The ensfolr - {96AB91E2-7D18-4BF5-9930-2C213B9658A4} - C:\WINDOWS\ensfolr.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O21 - SSODL: ampkfst - {9D739B99-6A50-47B9-A7AA-18BF30D7B5F7} - C:\WINDOWS\ampkfst.dll
O21 - SSODL: bklgvsf - {C544C832-DA70-43A2-9C42-2A4D60F82E23} - C:\WINDOWS\bklgvsf.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 3756 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080103-103900-486 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
backup-20080109-004525-261 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
backup-20080109-005054-203 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
backup-20080109-005054-982 O2 - BHO: BDEX System - {93289CD1-5615-4994-9FD4-FD11A9F6A66D} - C:\WINDOWS\dxpvqlmnsr.dll

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 MASPINT - c:\windows\system32\drivers\maspint.sys <Not Verified; MicroStaff Co.,Ltd.; Aspi32 Driver for WinNT>
R3 Afc (PPdus ASPI Shell) - c:\windows\system32\drivers\afc.sys <Not Verified; Arcsoft, Inc.; Arcsoft(R) ASPI Shell>

S3 PSSdk23 - c:\windows\system32\drivers\pssdk23.drv (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>

S3 AresChatServer (Ares Chatroom server) - c:\program files\ares\chatserver.exe <Not Verified; Ares Development Group; Ares Chat Server>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Wireless-G PCI Adapter
Device ID: PCI\VEN_14E4&DEV_4320&SUBSYS_00141737&REV_03\4&3B1CAF2B&0&60F0
Manufacturer: Linksys, A Division of Cisco Systems, Inc.
Name: Wireless-G PCI Adapter
PNP Device ID: PCI\VEN_14E4&DEV_4320&SUBSYS_00141737&REV_03\4&3B1CAF2B&0&60F0
Service: BCM43XX


-- Scheduled Tasks -------------------------------------------------------------

2008-01-07 22:12:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-12-09 and 2008-01-09 -----------------------------

2008-01-09 00:15:39 0 d-------- C:\Program Files\Remove-it
2008-01-07 21:47:59 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-01-07 21:47:59 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-01-07 21:47:59 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-01-07 21:47:59 81920 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-01-07 21:47:59 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-01-07 21:47:58 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-01-07 10:38:18 0 dr-h----- C:\Documents and Settings\Kody James\Recent
2008-01-07 10:22:53 0 d-------- C:\Program Files\CCleaner
2008-01-07 10:05:30 1152 --a------ C:\WINDOWS\system32\windrv.sys
2008-01-07 00:33:48 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-07 00:28:49 0 d-------- C:\Documents and Settings\Kody James\Application Data\Lavasoft
2008-01-07 00:26:50 0 d-------- C:\Program Files\XoftSpySE
2008-01-04 10:57:48 0 --------- C:\WINDOWS\system32\drivers\t
2008-01-02 23:17:23 1522 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-02 23:09:03 0 d-------- C:\Program Files\Trend Micro
2008-01-02 18:31:08 90112 --a------ C:\WINDOWS\foxflpd.exe
2008-01-02 18:31:08 204800 --a------ C:\WINDOWS\ensfolr.dll <Not Verified; ; ensfolr Module>
2008-01-02 18:31:08 282624 --a------ C:\WINDOWS\dxpvqlmnsr.dll <Not Verified; ; dxpvqlmnsr>
2008-01-02 18:31:08 262144 --a------ C:\WINDOWS\bklgvsf.dll
2008-01-02 18:31:08 278528 --a------ C:\WINDOWS\ampkfst.dll <Not Verified; ; ampkfst>
2007-12-29 04:23:38 0 d-------- C:\Program Files\Speed Up Alarm


-- Find3M Report ---------------------------------------------------------------

2008-01-07 09:56:45 0 d-------- C:\Program Files\Common Files
2008-01-03 10:49:10 0 d-------- C:\Program Files\Google
2007-12-01 15:30:17 0 d-------- C:\Documents and Settings\Kody James\Application Data\AdobeUM
2007-11-26 00:42:55 0 d-------- C:\Documents and Settings\Kody James\Application Data\Google
2007-11-24 07:57:31 0 d-------- C:\Program Files\Java
2007-11-19 12:34:37 0 d-------- C:\Program Files\AviSynth 2.5
2007-11-19 12:34:32 0 d-------- C:\Program Files\Red Kawa
2007-11-13 12:05:52 0 d-------- C:\Program Files\Windows Media Connect 2


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{93289CD1-5615-4994-9FD4-FD11A9F6A66D}]
01/02/2008 09:27 AM 282624 --a------ C:\WINDOWS\dxpvqlmnsr.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [02/24/2005 07:32 AM]
"NvMediaCenter"="NvMCTray.dll" [02/24/2005 07:32 AM C:\WINDOWS\system32\nvmctray.dll]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:56 AM]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [01/19/2007 11:54 AM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"ampkfst"= {9D739B99-6A50-47B9-A7AA-18BF30D7B5F7} - C:\WINDOWS\ampkfst.dll [01/02/2008 09:27 AM 278528]
"bklgvsf"= {C544C832-DA70-43A2-9C42-2A4D60F82E23} - C:\WINDOWS\bklgvsf.dll [01/02/2008 09:27 AM 262144]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2Search]
C:\Program Files\2search\main.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
"C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
"C:\Program Files\Ares\Ares.exe" -h

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX6000 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIA.EXE /FU "C:\WINDOWS\TEMP\E_S89.tmp" /EF "HKLM"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kmw_run.exe]
kmw_run.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSWheel]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe




-- End of Deckard's System Scanner: finished at 2008-01-09 09:30:18 ------------
Attached Files
File Type: doc extratxt.doc (45.0 KB, 1 views)
Psyko Khaos is offline