Tech Support Forum - View Single Post

Danielle_2008 · 01-14-2008, 08:17 PM

Here are theresults of DSS

Deckard's System Scanner v20071014.68
Run by David Porter on 2008-01-14 20:59:08
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
47: 2008-01-15 02:59:19 UTC - RP47 - Deckard's System Scanner Restore Point
46: 2008-01-14 02:46:24 UTC - RP46 - System Checkpoint
45: 2008-01-13 02:00:47 UTC - RP45 - Installed Windows XP KB935448.
44: 2008-01-12 22:58:53 UTC - RP44 - Spybot-S&D Spyware removal
43: 2008-01-12 18:25:12 UTC - RP43 - Installed AVG 7.5

-- First Restore Point --
1: 2008-01-11 04:05:13 UTC - RP1 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as David Porter.exe) ----------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 9:05:29 PM, on 1/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
c:\Program Files\Cox\Applications\App\syssvcnt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Cox\Applications\app\Console.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Documents and Settings\David Porter\Desktop\dss.exe
C:\WINDOWS\system32\taskmgr.exe
C:\DOCUME~1\DAVIDP~1\Desktop\Yuckware\HIJACK~1\David Porter.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AuthPopupBHO01.cBHO - {3C7195F6-D788-4D50-BA72-2EE212EDAC78} - c:\Program Files\Cox\Applications\App\popupbho01.dll
O2 - BHO: (no name) - {467D7A87-876D-46B3-A008-5FC734531DCE} - C:\WINDOWS\system32\jkhhh.dll (file missing)
O2 - BHO: On The Net Search Helper - {4E8F5D76-EF5B-46C8-B35B-C86F8BD6621A} - C:\WINDOWS\system32\memomfmg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {8FB6F088-AACB-466D-ADF9-CA5A3C544FED} - C:\WINDOWS\system32\geebc.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {C188FF47-43F8-4806-DE2B-4AE604820EC5} - C:\WINDOWS\system32\qvzeelz.dll (file missing)
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O2 - BHO: (no name) - {FC1B64D9-3499-4791-82D5-AABAC3FAEA45} - C:\WINDOWS\system32\iifghfe.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Cox Popup Blocker - {2C0A5F28-48D8-408B-9172-9C6121025BCE} - c:\Program Files\Cox\Applications\App\popupbho01.dll
O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ESP] c:\Program Files\Cox\Applications\app\start.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~4\wcescomm.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe
O4 - Global Startup: Exif Launcher 2.lnk = ?
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - ?p=ZSYYYYYYYYUS
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL
O9 - Extra button: Active Whois - {BAB9A4F4-C201-4fcf-A5D3-BA77BC9FBEB2} - C:\Program Files\Active Whois\ieshow.exe
O9 - Extra 'Tools' menuitem: Active Whois - {BAB9A4F4-C201-4fcf-A5D3-BA77BC9FBEB2} - C:\Program Files\Active Whois\ieshow.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} (CNavigationManager Object) - http://www3.authentium.com/cssrelease/bin/wizard.exe
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.0.5.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-36.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1145321512640
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/download...2/axofupld.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://24.249.81.101/AxisCamControl.ocx
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15023/CTPID.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - AppInit_DLLs: sfklg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Cox High Speed Internet Security Suite System Service (AuthSysSvc) - Authentium, Inc. - c:\Program Files\Cox\Applications\App\syssvcnt.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Security Service (HBJK) - Unknown owner - C:\WINDOWS\system32\svcd\svchost.exe (file missing)
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Lexar SG20 (LxrSG20s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSG20s.exe
O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing)
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing)
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

-- HijackThis Fixed Entries (C:\DOCUME~1\DAVIDP~1\Desktop\Yuckware\HIJACK~1\backups\) --------------------------------------------------------------------------------

backup-20050106-211742-267 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
backup-20050106-211742-442 O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...p1.0.0.8-2.cab
backup-20050106-211742-819 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
backup-20050208-190934-851 O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
backup-20050210-225841-224 O4 - HKLM\..\Run: [AutoLoaderAproposClient] "C:\temp\CXTPLS~1.EXE" /PC=CP.CDT3 /ShowLegalNote=nonbranded /ForSupportedBrowsers
backup-20050210-225841-313 O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Do.../bridge-c2.cab
backup-20050210-225841-483 O4 - HKLM\..\Run: [Windows AdStatus] C:\Program Files\Windows AdStatus\WinStat.exe
backup-20050210-225841-703 R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
backup-20050210-225841-786 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimtoday.com/search/aimtoolbar.jsp
backup-20050210-225842-459 O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
backup-20050210-225852-563 O4 - HKLM\..\Run: [Windows AdStatus] C:\Program Files\Windows AdStatus\WinStat.exe
backup-20050721-200453-198 O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
backup-20050721-200453-419 O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
backup-20050721-200453-501 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp
backup-20060408-174934-972 O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
backup-20071221-190230-663 O2 - BHO: Dcads Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\dcads_sidebar.dll
backup-20080112-105457-305 O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
backup-20080112-105457-463 O4 - HKCU\..\Run: [comup] C:\WINDOWS\system32\mobjchku.exe
backup-20080112-105457-672 O4 - HKCU\..\Run: [Fdxggzxf] "C:\Documents and Settings\David Porter\My Documents\T?sks\??plorer.exe"
backup-20080112-105457-683 O2 - BHO: (no name) - {FB20CD61-C2A8-4B12-8B31-D726D8598524} - C:\WINDOWS\system32\jkhhh.dll
backup-20080112-105457-766 F3 - REG:win.ini: load=C:\WINDOWS\system32\jkhhh.exe
backup-20080112-105457-858 O4 - HKCU\..\Run: [Etss] "C:\PROGRA~1\COMMON~1\SKS~1\dvdplay.exe" -vt yazb
backup-20080112-105458-717 O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - http://a248.e.akamai.net/f/248/5462/...l/SymDlBrg.cab
backup-20080112-105458-766 O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} - http://static.zangocash.com/cab/Zang...43751c242b8487
backup-20080112-105459-777 O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveca04.rightnowtech.com/702.../java/RntX.cab
backup-20080112-105635-969 O2 - BHO: (no name) - {FB20CD61-C2A8-4B12-8B31-D726D8598524} - C:\WINDOWS\system32\jkhhh.dll

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 GRFILTER (Authentium NDIS Driver) - c:\windows\system32\drivers\grfilter.sys <Not Verified; Global RISC; NSX>
R1 Cdr4_2K - c:\windows\system32\drivers\cdr4_2k.sys <Not Verified; Roxio; Roxio's CD-R Helper Drivers>
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R1 usbintell - c:\windows\system32\drivers\usbintell.sys
R1 VIAPFD - c:\windows\system32\drivers\viapfd.sys <Not Verified; VIA Technologies. Inc.; VIA PFD driver>
R2 aslm75 - c:\windows\system32\drivers\aslm75.sys
R2 CINEMSUP (Software Cinemaster NT4.0 Driver) - c:\windows\system32\drivers\cinemsup.sys <Not Verified; Ravisent Technologies, Inc.; Software CineMaster NT 4/Win2K>
R2 GRTdiMon (Authentium TDI Mon) - c:\windows\system32\drivers\grtdimon.sys <Not Verified; Authentium Inc; NSX>
R2 LxrJD31d - c:\windows\system32\drivers\lxrjd31d.sys
R2 MASPINT - c:\windows\system32\drivers\maspint.sys <Not Verified; MicroStaff Co.,Ltd.; Aspi32 Driver for WinNT>
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
R2 ousbehci (%OWC_USBEHCD.DeviceDesc%) - c:\windows\system32\drivers\ousbehci.sys <Not Verified; OrangeWare Corporation; USB 2.0 Enhanced Host Controller Driver>
R2 WBHWDOCT - c:\windows\system32\drivers\wbhwdoct.sys <Not Verified; Winbond Electronics Corp.; Winbond Hardware Doctor>
R3 ASAPIW2k - c:\windows\system32\drivers\asapiw2k.sys <Not Verified; Pinnacle Systems GmbH; asapi>
R3 cmpci (Turtle Beach Riviera) - c:\windows\system32\drivers\cmaudio.sys <Not Verified; C-Media Inc; C-Media Audio Driver (WDM)>
R3 MarvinBus (Pinnacle Marvin Bus) - c:\windows\system32\drivers\marvinbus.sys <Not Verified; Pinnacle Systems GmbH; Pinnacle Marvin Discrete>
R3 ousb2hub (OrangeWare USB 2.0 Root Hub Support) - c:\windows\system32\drivers\ousb2hub.sys <Not Verified; OrangeWare Corporation; USB 2.0 Hub Driver>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
R3 st3bus28 - c:\windows\system32\drivers\st3bus28.sys <Not Verified; Generic; >
R3 st3mp28 - c:\windows\system32\drivers\st3mp28.sys <Not Verified; Generic; >

S0 c2scsi - c:\windows\system32\drivers\c2scsi.sys (file missing)
S0 ElbyVCD - c:\windows\system32\drivers\elbyvcd.sys (file missing)
S0 IFPUSB (iRiver Internet Audio Player IFP-100) - c:\windows\system32\drivers\ifpusb.sys (file missing)
S3 BrPar - c:\windows\system32\drivers\brpar.sys (file missing)
S3 BVRPMPR5 (BVRPMPR5 NDIS Protocol Driver) - d:\instal~e\core\bvrpmpr5.sys (file missing)
S3 catchme - c:\docume~1\davidp~1\locals~1\temp\catchme.sys (file missing)
S3 ctsfm2k (Creative SoundFont Management Device Driver) - c:\windows\system32\drivers\ctsfm2k.sys (file missing)
S3 LxrSG20d - c:\windows\system32\drivers\lxrsg20d.sys
S3 MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - c:\program files\common files\motive\mrendis5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
S3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >
S3 ossrv (Creative OS Services Driver) - c:\windows\system32\drivers\ctoss2k.sys (file missing)
S3 P17 (Sound Blaster Audigy) - c:\windows\system32\drivers\p17.sys (file missing)
S3 p17filt - c:\windows\system32\drivers\p17filt.sys (file missing)
S3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys (file missing)
S3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
S3 VICHW00 - c:\windows\system32\drivers\vichw00.sys (file missing)
S3 wceusbsh (Windows CE USB Serial Host Driver) - c:\windows\system32\drivers\wceusbsh.sys <Not Verified; Microsoft Corporation; Windows CE USB Serial Host Driver>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 LxrJD31s (Lexar JD31) - lxrjd31s.exe
R2 PinnacleSys.MediaServer (Pinnacle Systems Media Service) - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe <Not Verified; Pinnacle Systems; Media Server>

S2 HBJK (Security Service) - c:\windows\system32\svcd\svchost.exe (file missing)
S3 LxrSG20s (Lexar SG20) - lxrsg20s.exe
S3 x10nets (X10 Device Network Service) - c:\progra~1\atimul~1\remctrl\x10nets.exe (file missing)
S4 AresChatServer (Ares Chatroom server) - c:\program files\ares\chatserver.exe <Not Verified; Ares Development Group; Ares Chat Server>
S4 bgsvcgen (B's Recorder GOLD Library General Service) - c:\windows\system32\bgsvcgen.exe <Not Verified; B.H.A Corporation; B's Recorder GOLD8>
S4 service - c:\windows\service.exe (file missing)
S4 UStorage Server Service - c:\windows\system32\ustorsrv.exe /service <Not Verified; OTi; OTi Content Service>

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: CMI8738/C3DX PCI Audio Device
Device ID: PCI\VEN_13F6&DEV_0111&SUBSYS_80E21043&REV_10\3&61AAA01&0&28
Manufacturer: C-Media
Name: CMI8738/C3DX PCI Audio Device
PNP Device ID: PCI\VEN_13F6&DEV_0111&SUBSYS_80E21043&REV_10\3&61AAA01&0&28
Service: cmpci

-- Files created between 2007-12-14 and 2008-01-14 -----------------------------

2008-01-13 19:40:40 0 d-------- C:\Documents and Settings\Rodney\Application Data\Grisoft
2008-01-13 19:40:00 0 d-------- C:\Documents and Settings\Rodney\Application Data\AVG7
2008-01-13 18:52:04 0 d-------- C:\Program Files\Common Files\RuleSpace
2008-01-13 18:51:58 0 d-------- C:\Program Files\Common Files\Aluria
2008-01-13 11:07:31 2230 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-12 21:46:42 0 d-------- C:\VundoFix Backups
2008-01-12 12:41:55 0 d-------- C:\Documents and Settings\David Porter\Application Data\Grisoft
2008-01-12 12:34:40 0 dr-h----- C:\$VAULT$.AVG
2008-01-12 12:31:04 0 d-------- C:\Documents and Settings\David Porter\Application Data\AVG7
2008-01-12 12:25:41 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-12 12:25:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-12 12:25:23 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-01-11 22:21:49 0 d--hs---- C:\WINDOWS\RGF2aWQgUG9ydGVy
2008-01-11 22:17:08 0 d-------- C:\Program Files\Outerinfo
2008-01-11 22:16:46 0 d-------- C:\Program Files\Common Files\??sks
2008-01-11 22

31 0 d-------- C:\Program Files\Router
2008-01-11 18:47:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-11 18:46:56 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-11 17:18:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-11 17:09:05 91520 --a------ C:\WINDOWS\system32\winsrc.dll
2008-01-11 17:04:04 111 --a------ C:\WINDOWS\system32\url3
2008-01-11 17:04:04 99 --a------ C:\WINDOWS\system32\url2
2008-01-11 17:04:04 102 --a------ C:\WINDOWS\system32\url1
2008-01-11 17:04:04 8 --a------ C:\WINDOWS\system32\CID
2008-01-11 17:04:02 4 --a------ C:\WINDOWS\system32\SvcNm
2008-01-11 17:04:02 0 d-------- C:\WINDOWS\system32\svcd
2008-01-10 22:05:01 12390 --ahs---- C:\WINDOWS\system32\hhhkj.ini2
2008-01-10 22:03:09 0 d-------- C:\Program Files\Temporary
2008-01-10 22:03:09 0 d-------- C:\Program Files\Dot1XCfg
2008-01-10 22:00:36 54033 --a------ C:\WINDOWS\system32\memouint.exe
2008-01-10 22:00:27 151552 --a------ C:\WINDOWS\system32\rushpugr.exe <Not Verified; OnThenet; OnTheNet Aider>
2008-01-10 22:00:27 151552 --a------ C:\WINDOWS\system32\bkmoopob.exe <Not Verified; OnThenet; OnTheNet Aider>
2008-01-10 22:00:17 425984 --a------ C:\WINDOWS\system32\memomfmg.dll <Not Verified; On The Net Consolidated Services, S.A.; On The Net Search Helper>
2008-01-10 22:00:07 86016 --a------ C:\WINDOWS\system32\drivers\usbintell.sys
2008-01-10 22:00:04 0 d-------- C:\WINDOWS\system32\vt8
2008-01-10 22:00:04 0 d-------- C:\WINDOWS\system32\nz0
2008-01-10 22:00:04 0 d-------- C:\WINDOWS\system32\mp2
2008-01-10 22:00:04 0 d-------- C:\WINDOWS\system32\che9
2008-01-10 21:59:49 0 d-------- C:\WINDOWS\system32\edcA18
2008-01-09 22:15:14 147456 --a------ C:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>
2008-01-09 22:10:10 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-05 15:01:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Authentium
2008-01-05 15:00:23 0 d-------- C:\Program Files\Cox
2008-01-05 14:40:54 0 d-------- C:\Program Files\Common Files\Authentium Shared
2007-12-29 14:51:25 0 d-------- C:\Documents and Settings\Guest\Application Data\Sun
2007-12-26 19

24 0 d-------- C:\Documents and Settings\Guest\Application Data\MySpace
2007-12-26 12:35:20 0 d-------- C:\Documents and Settings\Alex.UF-C96DFVV58QFI\Application Data\Real
2007-12-20 22:33:46 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-20 22:33:30 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-12-20 22:33:30 0 d-------- C:\Documents and Settings\David Porter\Application Data\SUPERAntiSpyware.com
2007-12-20 22:32:44 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-18 21:51:44 0 d-------- C:\Documents and Settings\David Porter\Application Data\HouseCall 6.6
2007-12-18 21:29:41 0 d-------- C:\Program Files\Trend Micro
2007-12-18 08:54:24 319488 --a------ C:\WINDOWS\system32\dcads_sidebar.dll
2007-12-16 19:58:48 0 d-------- C:\Program Files\Alienrazor Interactive
2007-12-16 19:43:14 77360 --a------ C:\WINDOWS\system32\dcads_sidebar_uninstall.exe

-- Find3M Report ---------------------------------------------------------------

2008-01-13 18:52:04 0 d-------- C:\Program Files\Common Files
2008-01-12 16:39:38 0 d-------- C:\Program Files\Common Files\??sks
2008-01-12 08:39:59 1362920 --a------ C:\WINDOWS\system32\sfklg.dat
2008-01-11 18:28:53 0 d-------- C:\Program Files\Messenger
2008-01-11 18:28:52 0 d-------- C:\Program Files\Windows NT
2008-01-11 17:18:25 0 d-------- C:\Program Files\Lavasoft
2008-01-11 17:04:08 0 d-------- C:\Documents and Settings\David Porter\Application Data\FrostWire
2008-01-11 16:50:53 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-10 22:42:14 0 d-------- C:\Program Files\FrostWire
2008-01-09 13:51:17 0 d-------- C:\Program Files\Incomplete
2008-01-06 07:51:32 0 d-------- C:\Program Files\FinePixViewer
2007-12-21 17:15:25 0 d-------- C:\Program Files\Ares
2007-12-19 18:44:51 469600 --a------ C:\Documents and Settings\David Porter\Application Data\GDIPFONTCACHEV1.DAT
2007-12-18 19:22:39 0 d-------- C:\Program Files\Spytech Software
2007-12-18 19:22:39 0 d-------- C:\Program Files\Motive
2007-12-13 14:07:08 3856 --a------ C:\WINDOWS\crmtemp1.dat
2007-12-02 16:16:45 0 d-------- C:\Program Files\AskSBar
2007-12-01 22:43:35 0 d-------- C:\Documents and Settings\David Porter\Application Data\MP3Rocket
2007-12-01 22:35:50 0 d-------- C:\Program Files\PFConfig
2007-12-01 20:25:16 0 d-------- C:\Program Files\Java
2007-11-28 20:29:41 0 d-------- C:\Program Files\Google
2007-11-27 22:55:05 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-27 22:53:47 0 d-------- C:\Program Files\tunebite
2007-11-27 22:53:23 0 d-------- C:\Program Files\Pegasys Inc
2007-11-27 22:44:58 0 d-------- C:\Program Files\Hunting Unlimited
2007-11-27 22:42:29 0 d-------- C:\Program Files\321Studios
2007-11-27 22:40:54 0 d-------- C:\Program Files\AviSynth 2.5
2007-11-27 22:40:16 0 d-------- C:\Program Files\DeductionPro 2006
2007-11-27 22:39:12 0 d-------- C:\Program Files\Zittware
2007-11-27 22:35:47 0 d-------- C:\Program Files\3D Live Pool
2007-11-22 07:31:29 0 d-------- C:\Program Files\Simply Safe Backup 2005
2007-11-22 01:07:39 0 d-------- C:\Program Files\QuickTime
2007-11-18 19:21:41 0 d-------- C:\Documents and Settings\David Porter\Application Data\Adobe
2007-10-17 11:23:24 10752 --a------ C:\WINDOWS\system32\WhoisCL.exe <Not Verified; NirSoft; WhoisCL>

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{467D7A87-876D-46B3-A008-5FC734531DCE}]
C:\WINDOWS\system32\jkhhh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E8F5D76-EF5B-46C8-B35B-C86F8BD6621A}]
12/27/2007 08:37 AM 425984 --a------ C:\WINDOWS\system32\memomfmg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8FB6F088-AACB-466D-ADF9-CA5A3C544FED}]
C:\WINDOWS\system32\geebc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C188FF47-43F8-4806-DE2B-4AE604820EC5}]
C:\WINDOWS\system32\qvzeelz.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
12/02/2007 04:16 PM 267592 --a------ C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FC1B64D9-3499-4791-82D5-AABAC3FAEA45}]
C:\WINDOWS\system32\iifghfe.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [12/02/2007 04:16 PM 267592]

[-HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTXFIREG"="CTxfiReg.exe" []
"SetDefPrt"="C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe" []
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" []
"Auto Run Software for Photo Frame"="" []
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 03:25 AM]
"ESP"="c:\Program Files\Cox\Applications\app\start.exe" [05/09/2007 01:40 PM]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [08/04/2004 01:56 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATI Launchpad"="" []
"H/PC Connection Agent"="C:\PROGRA~1\MICROS~4\wcescomm.exe" []
"Aim6"="" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" []
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" []
"Dot1XCfg"="C:\Program Files\Dot1XCfg\Dot1XCfg.exe" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runservicesonce]
"washindex"=C:\Program Files\Washer\washidx.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Exif Launcher 2.lnk - C:\Program Files\FinePixViewer\QuickDCF2.exe [12/28/2006 5:19:06 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]
Monitor.lnk - C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe [1/17/2007 7:31:46 PM]
Status Monitor.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [3/4/2007 5:42:12 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"DisableTaskMgr"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824]
"{FC1B64D9-3499-4791-82D5-AABAC3FAEA45}"= C:\WINDOWS\system32\iifghfe.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=sfklg.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\geebc
"Notification Packages"= :\WINDOWS\system32\srrstr.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
C:\WINDOWS\system32\geebc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
%systemroot%\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UStorage Server Service"=2 (0x2)
"Symantec Core LC"=2 (0x2)
"service"=2 (0x2)
"bgsvcgen"=2 (0x2)
"AresChatServer"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

-- End of Deckard's System Scanner: finished at 2008-01-14 21

27 ------------