Thread: Need help - posting log file
View Single Post
Old 01-19-2008, 11:29 AM   #1 (permalink)
tovasyl
Registered User
 
Join Date: Jan 2008
Posts: 11
OS: xp, service pack 2


Need help - posting log file
Hi, I followed instructions on this forum and hav created log file using dss.exe. Please help as my computer is hardly working at this time.

I tried to download winzip32 program with registration code and that's when I received a Norton Antivirus warning that it's a virus. After restarting my computer I received the following message:
"Windows cannot find 'C:\WINDOWS\system32\ddayy.exe'"
When I clicked ok, and wanted to use the computer I started getting Norton virus alerts that virus has been detected and removed, but it keeps coming back when I click ok.
The Virus names that are displayed are:
W32.Trats
Downloader
Trojan. Vundo
Trojan.Metajuan

I would really appreciate some help with this.

Thanks,
Daniel.

--------------------------------------------
System Info (not sure what else to post?)

Microsoft Windows XP
Home Edition
Version 2002
Service Pack 2

Dell Dimension DV051
Intel(R) Pentium(R) 4 CPU 3.00GHz
2.99 GHz, 504 MB of RAM


-----------------------------------------------------

Deckard's System Scanner v20071014.68
Run by Mirek on 2008-01-18 20:01:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
114: 2008-01-19 01:01:50 UTC - RP373 - Deckard's System Scanner Restore Point
113: 2008-01-19 00:49:03 UTC - RP372 - Software Distribution Service 3.0
112: 2008-01-18 03:22:25 UTC - RP371 - Removed MyWay Search Assistant
111: 2008-01-18 03:01:28 UTC - RP370 - Last known good configuration
110: 2008-01-18 03:01:05 UTC - RP369 - System Checkpoint


-- First Restore Point --
1: 2008-01-18 02:58:39 UTC - RP260 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 503 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-01-18 20:04:52
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
C:\WINDOWS\system32\FreezeScreenSaver.exe
C:\Program Files\Yahoo!\NAV\NAVAPSVC.EXE
C:\Program Files\Yahoo!\NAV\IWP\NPFMNTOR.EXE
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\browser\ycommon.exe
C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\Documents and Settings\Mirek\Desktop\dss.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.ca/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ca.red.clientapps.yahoo.com/c.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ca.red.clientapps.yahoo.com/c.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ca.red.clientapps.yahoo.com/c...search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
F0 - win.ini: load=C:\WINDOWS\system32\ddayy.exe
F3 - REG:win.ini: Load=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {8CD034DD-E9AD-47D3-8689-51886345799C} - C:\WINDOWS\system32\rqrrsst.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Yahoo!\NAV\NAVSHEXT.DLL
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: (no name) - {FF6B6E04-A5BD-47CC-A1E2-3E995D8E63A6} - C:\WINDOWS\system32\ddayy.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [649d6fa1] rundll32.exe "C:\WINDOWS\system32\oxmslypi.dll",b
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background
O4 - HKCU\..\Run: [Update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
O4 - HKCU\..\Run: [RogersAgent] c:\Program Files\Rogers\SelfHealing\rogersagent.exe
O4 - HKCU\..\Run: [Ultimate Defender.install] "C:\Documents and Settings\Mirek\Local Settings\Temporary Internet Files\Content.IE5\4O0CNQKE\udefender_45aTq2V13X[1].exe" continue
O4 - HKCU\..\Run: [Ultimate Cleaner.install] "C:\Documents and Settings\Mirek\Local Settings\Temporary Internet Files\Content.IE5\4O0CNQKE\ucleaner_45aTq2V13X[1].exe" continue
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Policies\Explorer\Run: [svchost.exe] C:\WINDOWS\svchost.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Rogers Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: rqrrsst - C:\WINDOWS\system32\rqrrsst.dll
O20 - Winlogon Notify: winrge32 - C:\WINDOWS\system32\winrge32.dll (file missing)
O20 - Winlogon Notify: winrzc32 - C:\WINDOWS\system32\winrzc32.dll
O22 - SharedTaskScheduler: apathies - {aed6f6a3-183c-488d-9f90-23db99f56e7f} - C:\WINDOWS\system32\geplxss.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O23 - Service: FreezeScreenSaver - Unknown owner - C:\WINDOWS\system32\FreezeScreenSaver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Yahoo!\NAV\NAVAPSVC.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Yahoo!\NAV\IWP\NPFMNTOR.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Yahoo!\NAV\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPcservice.exe


--
End of file - 13028 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 FileDisk - c:\windows\system32\drivers\filedisk.sys <Not Verified; Bo Brantén; filedisk>
R2 Scap (SecureClient Application Policy Module) - c:\windows\system32\drivers\scap.sys <Not Verified; Check Point Software Technologies; desktop>
R2 VPN-1 (VPN-1 Module) - c:\windows\system32\drivers\vpn.sys <Not Verified; Check Point Software Technologies; vpn1>

S3 CH341SER - c:\windows\system32\drivers\ch341ser.sys <Not Verified; www.winchiphead.com; CH341SER.SYS>
S3 SDTHOOK - c:\windows\system32\drivers\sdthook.sys <Not Verified; Panda Software; Panda® Antivirus>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >
R2 FreezeScreenSaver - c:\windows\system32\freezescreensaver.exe <Not Verified; ; trioService Module>
R2 SR_Service (Check Point SecuRemote Service) - "c:\program files\checkpoint\securemote\bin\sr_service.exe" <Not Verified; Check Point Software Technologies; VPN-1 SecuRemote/SecureClient>
R2 SR_WatchDog (Check Point SecuRemote WatchDog) - "c:\program files\checkpoint\securemote\bin\sr_watchdog.exe" <Not Verified; Check Point Software Technologies; desktop>

S3 YPCService - c:\windows\system32\ypcser~1.exe <Not Verified; Yahoo! Inc.; YPCService Module>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-01-18 18:29:42 534 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Mirek.job
2008-01-12 11:05:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-12-18 and 2008-01-18 -----------------------------

2008-01-18 19:49:22 0 d-------- C:\WINDOWS\LastGood
2008-01-18 18:59:56 0 d-------- C:\ie-spyad_zo
2008-01-18 18:36:27 0 d-------- C:\Program Files\SpywareBlaster
2008-01-18 10:13:48 88128 --a------ C:\WINDOWS\system32\oxmslypi.dll
2008-01-17 22:58:34 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus>
2008-01-17 22:57:21 8576 --a------ C:\WINDOWS\system32\drivers\scnkyxjhkvuf.sys <Not Verified; Panda Software International; RKPavProc Driver>
2008-01-17 22:33:14 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-01-17 21:58:20 114543 --ahs---- C:\WINDOWS\system32\yyadd.ini2
2008-01-17 21:58:10 334848 --a------ C:\WINDOWS\system32\ddayy.dll
2008-01-17 21:52:53 37888 --a------ C:\WINDOWS\system32\rqrrsst.dll
2008-01-17 21:52:37 24064 --a------ C:\WINDOWS\system32\winrzc32.dll
2008-01-11 20:51:13 0 d-------- C:\Program Files\Common Files\ODBC
2007-12-23 18:10:48 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-12-23 11:31:13 0 d-------- C:\Program Files\Sierra
2007-12-22 23:56:30 0 d-------- C:\divx
2007-12-22 23:07:14 0 d-------- C:\Program Files\SmartDVDCreator
2007-12-22 20:45:59 0 d-------- C:\Program Files\Xilisoft
2007-12-21 19:41:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
2007-12-21 19:19:28 0 d-------- C:\Program Files\Microsoft Games


-- Find3M Report ---------------------------------------------------------------

2008-01-18 19:30:05 0 d-------- C:\Program Files\iTunes
2008-01-17 23:57:51 0 d-------- C:\Program Files\Symantec
2008-01-17 23:52:51 0 d-------- C:\Program Files\PrintKey2000
2008-01-17 23:48:41 0 d-------- C:\Program Files\Messenger
2008-01-17 23:35:00 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-17 21:59:18 0 d-------- C:\Program Files\QuickTime
2008-01-17 21:58:35 0 d-------- C:\Program Files\BitComet
2008-01-11 20:51:13 0 d-------- C:\Program Files\Common Files
2008-01-10 21:07:30 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-10 20:58:03 0 d-------- C:\Program Files\TVAnts
2008-01-10 20:56:29 0 d-------- C:\Documents and Settings\Mirek\Application Data\ppstream
2008-01-10 20:54:07 0 d-------- C:\Program Files\Google
2008-01-10 20:53:41 0 d-------- C:\Program Files\Gadu-Gadu
2008-01-10 20:53:19 0 d-------- C:\Program Files\DivX
2008-01-10 20:51:43 0 d-------- C:\Program Files\Azureus
2008-01-10 20:51:22 0 d-------- C:\Program Files\WordPerfect Office 12
2008-01-10 20:51:20 0 d-------- C:\Program Files\Winamp
2008-01-10 20:51:18 0 d-------- C:\Program Files\Rogers
2008-01-10 20:51:00 0 d-------- C:\Program Files\ICOO Loader
2008-01-10 20:51:00 0 d-------- C:\Program Files\eMule
2008-01-10 20:50:59 0 d-------- C:\Program Files\Dell
2008-01-10 20:50:52 0 d-------- C:\Program Files\Common Files\AOL
2007-12-15 20:52:30 2560 --a------ C:\WINDOWS\system32\bitcometres.dll <Not Verified; BitComet; BitComet BCTP Helper>
2007-12-06 20:59:45 0 d-------- C:\Program Files\Java
2007-12-06 15:04:59 0 d-------- C:\Documents and Settings\Mirek\Application Data\Macromedia
2007-12-03 20:33:18 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-12-03 20:33:18 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-12-03 20:33:18 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-12-03 20:33:16 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2007-12-02 17:02:40 0 d-------- C:\Documents and Settings\Mirek\Application Data\Skype
2007-11-29 17:30:28 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-11-29 17:28:24 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-11-29 17:28:24 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-11-28 16:52:32 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-11-27 21:20:09 4184 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-11-27 21:20:03 88 -r-hs---- C:\WINDOWS\system32\6F87C6ECE9.sys
2007-11-27 21:05:44 0 d-------- C:\Documents and Settings\Mirek\Application Data\Adobe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8CD034DD-E9AD-47D3-8689-51886345799C}]
17/01/2008 09:52 PM 37888 --a------ C:\WINDOWS\system32\rqrrsst.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6B6E04-A5BD-47CC-A1E2-3E995D8E63A6}]
17/01/2008 09:58 PM 334848 --a------ C:\WINDOWS\system32\ddayy.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" []
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" []
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" []
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" []
"ISUSPM Startup"="c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" []
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" []
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" []
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" []
"@"="" []
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [22/01/2007 10:19 PM]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" []
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" []
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" []
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" []
"649d6fa1"="C:\WINDOWS\system32\oxmslypi.dll" [18/01/2008 10:13 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 06:00 AM]
"SHS"="C:\Program Files\Rogers\SelfHealing\SHS.exe" []
"Update Manager"="C:\Program Files\Rogers\Update Manager\UpdateManager.exe" []
"RogersAgent"="c:\Program Files\Rogers\SelfHealing\rogersagent.exe" []
"Ultimate Defender.install"="C:\Documents and Settings\Mirek\Local Settings\Temporary Internet Files\Content.IE5\4O0CNQKE\udefender_45aTq2V13X[1].exe" []
"Ultimate Cleaner.install"="C:\Documents and Settings\Mirek\Local Settings\Temporary Internet Files\Content.IE5\4O0CNQKE\ucleaner_45aTq2V13X[1].exe" []
"BitComet"="C:\Program Files\BitComet\BitComet.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"DJSNetCN"=C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [12/12/2006 9:43:43 PM]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [14/12/2004 4:44:06 AM]
Printkey2000.lnk - C:\Program Files\PrintKey2000\Printkey2000.exe [05/02/2006 12:23:06 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"svchost.exe"=C:\WINDOWS\svchost.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{aed6f6a3-183c-488d-9f90-23db99f56e7f}"= C:\WINDOWS\system32\geplxss.dll [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{8CD034DD-E9AD-47D3-8689-51886345799C}"= C:\WINDOWS\system32\rqrrsst.dll [17/01/2008 09:52 PM 37888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
ckpNotify.dll 01/03/2005 07:49 PM 24672 C:\WINDOWS\system32\ckpNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrrsst]
rqrrsst.dll 17/01/2008 09:52 PM 37888 C:\WINDOWS\system32\rqrrsst.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrge32]
winrge32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrzc32]
winrzc32.dll 17/01/2008 09:52 PM 24064 C:\WINDOWS\system32\winrzc32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ddayy


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3152274c-4de2-11dc-a100-001320be943e}]
AutoRun\command- E:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe




-- End of Deckard's System Scanner: finished at 2008-01-18 20:08:38 ------------
Attached Files
File Type: txt extra.txt (23.1 KB, 1 views)
Last edited by tovasyl; 01-19-2008 at 11:59 AM.
tovasyl is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here