Thread: search-daily hijack
View Single Post
Old 01-11-2008, 11:48 PM   #3 (permalink)
mmartin784
Registered User
 
Join Date: Jan 2008
Posts: 23
OS: XP Home Edition 2002 service pack 1


Re: search-daily hijack
As I originally posted, I'm having the same issues as other posters regarding the search-daily.com hijack (IE gets redirected). I am thankful for any help you can provide!



Step One:
No obvious malware programs installed.

Step Two:
Panda Activescan site not responding.

Step Three:
Spyware Blaster installed.

Step Four:
Service Pack 1 installed.

Step Five:
Deckard's System Scanner v20071014.68
Run by Martin on 2008-01-12 00:17:49
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Failed to create restore point; System Restore is disabled (service is not running).


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 254 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-01-12 00:20:34
Platform: Windows XP Service Pack 1 (5.01.2600)
MSIE: Internet Explorer (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM32\smss.exe
C:\WINDOWS\SYSTEM32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\SYSTEM32\services.exe
C:\WINDOWS\SYSTEM32\lsass.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\spoolsv.exe
C:\WINDOWS\SYSTEM32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\SYSTEM32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\SYSTEM32\alg.exe
C:\WINDOWS\SYSTEM32\CTsvcCDA.EXE
C:\Program Files\Norton AntiVirus\NAVAPSVC.EXE
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\wdfmgr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\SYSTEM32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\Martin\Desktop\dss.exe
C:\Program Files\Webroot\Spy Sweeper\ssu.exe
C:\WINDOWS\SYSTEM32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft.com/search/lobby/search.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
O1 - Hosts: 192.168.200.3 ad.doubleclick.net
O1 - Hosts: 192.168.200.3 ad.fastclick.net
O1 - Hosts: 192.168.200.3 ads.fastclick.net
O1 - Hosts: 192.168.200.3 ar.atwola.com
O1 - Hosts: 192.168.200.3 atdmt.com
O1 - Hosts: 192.168.200.3 avp.ch
O1 - Hosts: 192.168.200.3 avp.com
O1 - Hosts: 192.168.200.3 avp.ru
O1 - Hosts: 192.168.200.3 awaps.net
O1 - Hosts: 192.168.200.3 banner.fastclick.net
O1 - Hosts: 192.168.200.3 banners.fastclick.net
O1 - Hosts: 192.168.200.3 ca.com
O1 - Hosts: 192.168.200.3 click.atdmt.com
O1 - Hosts: 192.168.200.3 clicks.atdmt.com
O1 - Hosts: 192.168.200.3 customer.symantec.com
O1 - Hosts: 192.168.200.3 dispatch.mcafee.com
O1 - Hosts: 192.168.200.3 download.mcafee.com
O1 - Hosts: 192.168.200.3 download.microsoft.com
O1 - Hosts: 192.168.200.3 downloads-us1.kaspersky-labs.com
O1 - Hosts: 192.168.200.3 downloads-us2.kaspersky-labs.com
O1 - Hosts: 192.168.200.3 downloads-us3.kaspersky-labs.com
O1 - Hosts: 192.168.200.3 downloads.microsoft.com
O1 - Hosts: 192.168.200.3 downloads1.kaspersky-labs.com
O1 - Hosts: 192.168.200.3 downloads2.kaspersky-labs.com
O1 - Hosts: 192.168.200.3 downloads3.kaspersky-labs.com
O1 - Hosts: 192.168.200.3 downloads4.kaspersky-labs.com
O1 - Hosts: 192.168.200.3 engine.awaps.net
O1 - Hosts: 192.168.200.3 f-secure.com
O1 - Hosts: 192.168.200.3 fastclick.net
O1 - Hosts: 192.168.200.3 ftp.avp.ch
O1 - Hosts: 192.168.200.3 ftp.downloads1.kaspersky-labs.com
O1 - Hosts: 192.168.200.3 ftp.downloads2.kaspersky-labs.com
O1 - Hosts: 192.168.200.3 ftp.downloads3.kaspersky-labs.com
O1 - Hosts: 192.168.200.3 ftp.f-secure.com
O1 - Hosts: 192.168.200.3 ftp.kasperskylab.ru
O1 - Hosts: 192.168.200.3 ftp.sophos.com
O1 - Hosts: 192.168.200.3 go.microsoft.com
O1 - Hosts: 192.168.200.3 ids.kaspersky-labs.com
O1 - Hosts: 192.168.200.3 kaspersky-labs.com
O1 - Hosts: 192.168.200.3 kaspersky.com
O1 - Hosts: 192.168.200.3 liveupdate.symantec.com
O1 - Hosts: 192.168.200.3 liveupdate.symantecliveupdate.com
O1 - Hosts: 192.168.200.3 mast.mcafee.com
O1 - Hosts: 192.168.200.3 mcafee.com
O1 - Hosts: 192.168.200.3 media.fastclick.net
O1 - Hosts: 192.168.200.3 microsoft.com
O1 - Hosts: 192.168.200.3 msdn.microsoft.com
O1 - Hosts: 192.168.200.3 my-etrust.com
O1 - Hosts: 192.168.200.3 nai.com
O1 - Hosts: 192.168.200.3 networkassociates.com
O1 - Hosts: 192.168.200.3 norton.com
O1 - Hosts: 192.168.200.3 office.microsoft.com
O1 - Hosts: 192.168.200.3 pandasoftware.com
O1 - Hosts: 192.168.200.3 phx.corporate-ir.net
O1 - Hosts: 192.168.200.3 rads.mcafee.com
O1 - Hosts: 192.168.200.3 secure.nai.com
O1 - Hosts: 192.168.200.3 securityresponse.symantec.com
O1 - Hosts: 192.168.200.3 service1.symantec.com
O1 - Hosts: 192.168.200.3 sophos.com
O1 - Hosts: 192.168.200.3 spd.atdmt.com
O1 - Hosts: 192.168.200.3 support.microsoft.com
O1 - Hosts: 192.168.200.3 symantec.com
O1 - Hosts: 192.168.200.3 trendmicro.com
O1 - Hosts: 192.168.200.3 update.symantec.com
O1 - Hosts: 192.168.200.3 updates.symantec.com
O1 - Hosts: 192.168.200.3 updates1.kaspersky-labs.com
O1 - Hosts: 192.168.200.3 updates2.kaspersky-labs.com
O1 - Hosts: 192.168.200.3 updates3.kaspersky-labs.com
O1 - Hosts: 192.168.200.3 updates4.kaspersky-labs.com
O1 - Hosts: 192.168.200.3 updates5.kaspersky-labs.com
O1 - Hosts: 192.168.200.3 us.mcafee.com
O1 - Hosts: 192.168.200.3 vil.nai.com
O1 - Hosts: 192.168.200.3 viruslist.com
O1 - Hosts: 192.168.200.3 viruslist.ru
O1 - Hosts: 192.168.200.3 virusscan.jotti.org
O1 - Hosts: 192.168.200.3 virustotal.com
O1 - Hosts: 192.168.200.3 windowsupdate.microsoft.com
O1 - Hosts: 192.168.200.3 www.avp.ch
O1 - Hosts: 192.168.200.3 www.avp.com
O1 - Hosts: 192.168.200.3 www.avp.ru
O1 - Hosts: 192.168.200.3 www.awaps.net
O1 - Hosts: 192.168.200.3 www.ca.com
O1 - Hosts: 192.168.200.3 www.f-secure.com
O1 - Hosts: 192.168.200.3 www.fastclick.net
O1 - Hosts: 192.168.200.3 www.grisoft.com
O1 - Hosts: 192.168.200.3 www.kaspersky-labs.com
O1 - Hosts: 192.168.200.3 www.kaspersky.com
O1 - Hosts: 192.168.200.3 www.kaspersky.ru
O1 - Hosts: 192.168.200.3 www.mcafee.com
O1 - Hosts: 192.168.200.3 www.microsoft.com
O1 - Hosts: 192.168.200.3 www.my-etrust.com
O1 - Hosts: 192.168.200.3 www.nai.com
O1 - Hosts: 192.168.200.3 www.networkassociates.com
O1 - Hosts: 192.168.200.3 www.pandasoftware.com
O1 - Hosts: 192.168.200.3 www.sophos.com
O1 - Hosts: 192.168.200.3 www.symantec.com
O1 - Hosts: 192.168.200.3 www.symantec.com
O1 - Hosts: 192.168.200.3 www.trendmicro.com
O1 - Hosts: 192.168.200.3 www.viruslist.com
O1 - Hosts: 192.168.200.3 www.viruslist.ru
O1 - Hosts: 192.168.200.3 www.virustotal.com
O1 - Hosts: 192.168.200.3 www3.ca.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {698C892E-002B-4145-A339-855013F4D471} - C:\WINDOWS\SYSTEM32\d3dx9_33i.dll
O2 - BHO: (no name) - {A3416762-07B0-4E51-A763-36217BAF50F5} - C:\WINDOWS\SYSTEM32\authzd.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NAVSHEXT.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NAVSHEXT.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM32\msdxm.ocx
O3 - Toolbar: (no name) - ID - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DwlClient] "C:\Program Files\Common Files\Dell\EUSW\Support.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] -
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - (file missing)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX) - http://www.isqft.com/Applets/ScriptX/ScriptX.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/downlo...22/wmv9VCM.CAB
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/26f46bca...p/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1113627649515
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2000i\AcDcToday.ocx
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/pro...tor/WebAAS.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploa...loadClient.cab
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred Control) - file://C:\Program Files\AutoCAD 2000i\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2000i\AcPreview.ocx
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O20 - Winlogon Notify: ytchvzmn - C:\WINDOWS\System32\authzd.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - -
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\SYSTEM32\CTsvcCDA.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\NAVAPSVC.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - -
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe


--
End of file - 14063 bytes

-- File Associations -----------------------------------------------------------

.bat - batfile - shell\edit\command - unable to read value
.cmd - cmdfile - shell\edit\command - unable to read value
.inf - inffile - shell\open\command - unable to read value
.ini - inifile - shell\open\command - unable to read value
.reg - regfile - shell\edit\command - unable to read value
.txt - txtfile - shell\open\command - unable to read value
.vbs - VBSFile - shell\edit\command - unable to read value


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 bcifvlli - c:\windows\system32\drivers\ivdvymgf.dat
R1 cdrbsvsd - c:\windows\system32\drivers\cdrbsvsd.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD7>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R2 A4SII300 - c:\windows\system32\drivers\a4sii300.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>

S1 intelppm (Intel Processor Driver) - c:\windows\system32\drivers\intelppm.sys (file missing)
S3 HTTP - c:\windows\system32\drivers\http.sys (file missing)
S3 ip6fw (IPv6 Windows Firewall Driver) - c:\windows\system32\drivers\ip6fw.sys (file missing)
S3 PCAMPR5 (PCAMPR5 NDIS Protocol Driver) - c:\windows\system32\pcampr5.sys (file missing)
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)
S4 SAVRT - - (file missing)
S4 SYMTDI - - (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S4 ccEvtMgr (Symantec Event Manager) - - (file missing)
S4 SNDSrvc (Symantec Network Drivers Service) - - (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-01-11 00:28:54 466 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job
2008-01-11 00:23:25 432 --a------ C:\WINDOWS\Tasks\At1.job
2008-01-10 20:13:49 1500 --a------ C:\WINDOWS\Tasks\wrSpySweeperTrialSweep.job
2005-07-24 11:43:52 414 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job


-- Files created between 2007-12-12 and 2008-01-12 -----------------------------

2008-01-12 00:09:45 0 d-------- C:\Program Files\SpywareBlaster
2008-01-10 20:13:50 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-01-10 20:13:37 0 d-------- C:\Program Files\Webroot
2008-01-10 20:13:37 0 d-------- C:\Documents and Settings\Martin\Application Data\Webroot
2008-01-10 20:13:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-01-10 20:12:44 164 --a------ C:\install.dat
2008-01-09 21:46:38 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-01-09 21:46:21 11264 --a------ C:\WINDOWS\System32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
2008-01-07 20:53:26 0 d-------- C:\Program Files\XoftSpySE
2008-01-06 19:04:20 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Identities
2008-01-06 14:59:44 246545 --a------ C:\WINDOWS\System32\libssl32.dll <Not Verified; OpenSSL <www.openssl.org>; OpenSSL>
2008-01-06 14:59:44 1188375 --a------ C:\WINDOWS\System32\libeay32.dll <Not Verified; OpenSSL <www.openssl.org>; OpenSSL>
2008-01-06 14:59:28 36608 --a------ C:\WINDOWS\System32\mwtmqymy.dat
2008-01-06 14:59:28 35072 --a------ C:\WINDOWS\System32\lvuqxizx.dat
2008-01-06 14:59:28 42240 --a------ C:\WINDOWS\System32\duaepeqa.dat
2008-01-06 14:59:28 741632 --a------ C:\WINDOWS\System32\dhesaybh.dat
2008-01-06 14:42:56 120576 --a------ C:\WINDOWS\System32\ygszobyi.dat
2008-01-06 14:35:48 19584 --a------ C:\WINDOWS\System32\drivers\ivdvymgf.dat
2008-01-06 14:33:26 0 d-------- C:\WINDOWS\System32\AppCert
2008-01-06 14:33:09 83968 --a------ C:\WINDOWS\System32\authzd.dll
2008-01-06 14:32:53 16384 --a------ C:\WINDOWS\System32\s6i5w1euqxsh.exe
2008-01-06 14:32:19 84992 --a------ C:\WINDOWS\System32\d3dx9_33i.dll


-- Find3M Report ---------------------------------------------------------------

2008-01-11 00:16:51 0 d-------- C:\Program Files\Common Files
2008-01-10 23:59:32 0 d-------- C:\Program Files\Family Trees Quick & Easy 5
2008-01-09 21:48:15 4212 ---h----- C:\WINDOWS\System32\zllictbl.dat
2008-01-06 19:04:20 0 d-------- C:\Documents and Settings\Martin\Application Data\Identities
2007-12-23 23:38:23 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-11-16 22:04:38 0 d-------- C:\Documents and Settings\Martin\Application Data\Adobe
2007-11-14 00:38:29 0 d-------- C:\Program Files\TotalFax 7.0


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{698C892E-002B-4145-A339-855013F4D471}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3416762-07B0-4E51-A763-36217BAF50F5}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [04/07/2003 12:19 AM]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [04/07/2003 12:07 AM]
"BCMSMMSG"="BCMSMMSG.exe" [06/02/2003 05:00 AM C:\WINDOWS\BCMSMMSG.exe]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [08/13/2003 10:27 AM]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [08/26/2003 07:47 PM]
"diagent"="C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" [04/03/2002 01:01 AM]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 01:00 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 05:24 AM]
"DwlClient"="C:\Program Files\Common Files\Dell\EUSW\Support.exe" [10/07/2003 04:21 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [08/25/2004 11:11 PM]
"ccApp"="-" []
"ccRegVfy"="C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [08/19/2002 09:23 PM]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [06/25/2006 02:02 PM]
"SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [11/02/2004 03:59 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [09/07/2007 03:55 PM]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [11/14/2007 04:05 PM]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [10/01/2007 04:40 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"="" []

C:\Documents and Settings\Martin\Start Menu\Programs\Startup\
DESKTOP.INI [9/3/2002 9:00:00 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [9/3/2002 9:00:00 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ytchvzmn]
authzd.dll 03/02/2005 12:20 PM 83968 C:\WINDOWS\SYSTEM32\authzd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= :\WINDOW

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
pspuqclm




-- Hosts -----------------------------------------------------------------------

192.168.200.3 ad.doubleclick.net
192.168.200.3 ad.fastclick.net
192.168.200.3 ads.fastclick.net
192.168.200.3 ar.atwola.com
192.168.200.3 atdmt.com
192.168.200.3 avp.ch
192.168.200.3 avp.com
192.168.200.3 avp.ru
192.168.200.3 awaps.net
192.168.200.3 banner.fastclick.net

92 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-01-12 00:23:26 ------------
Attached Files
File Type: txt extra.txt (14.3 KB, 2 views)
mmartin784 is offline