Thread: Message being sent in MSN without consent and others
View Single Post
Old 04-25-2008, 02:52 PM   #1 (permalink)
Coaster
Registered User
 
Join Date: Aug 2005
Posts: 30
OS: win XP


Message being sent in MSN without consent and others
Hi,

I'm reporting several abnormalities in my pc:

1 - I'm allegedly sending messages to my contacts in MSN which i didn't send. Messages with links, they tell me. I haven't figured out which message specifically i'm sending but if it's important i can find that out.

2 - I often lose my internet connection, but only IE and Firefox, meaning I can still chat over MSN and P2P is also working, only i can't see web pages. I believe it can be a virus because on my laptop I have no such issue. Alternatively, it may be caused by uTorrent, as it has been known to cause such problems, the thing is, i searched for some info on this but didn't come up with any conclusion.

3 - My PC randomly freezes for a second or two, then everything goes back to normal (this happened twice while writing this thread). One explanation for this may be the recently added hard disk, which is somewhat old, and i noticed this going on since i installed it. I haven't yet uninstalled it since, i can try that to determine if it's really the harddrive.

Other info:

I'm running AVG, the most recent version, and i did a total scan which only resulted in some tracking cookies being found..

Anyway, i'd like to know if i'm infected or not. The worst trouble is losing internet connection randomly, as i mentioned. To solve this, I disconnect from the Internet, wait 5 minutes and reconnect and i have web browsing capabilities again.

Here's my logs:

Deckard's System Scanner v20071014.68
Run by Home on 2008-04-25 21:16:20
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 2 Restore Point(s) --
2: 2008-04-25 00:35:13 UTC - RP287 - Windows Update
1: 2008-04-25 00:10:05 UTC - RP286 - Windows Update


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 6.79 GiB (less than 15%) free.


-- HijackThis (run as Home.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:25:05, on 25-04-2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\Explorer.exe
C:\Users\Home\Desktop\dss.exe
C:\Windows\system32\conime.exe
C:\Users\Home\Desktop\Home.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Norton Ghost 12.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [Real Desktop] "C:\Program Files\Real Desktop\Real Desktop.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Serviço de rede')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Transferir com FDM - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Transferir todos com FDM - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Transferir vídeo com FDM - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Transferência seleccionada pelo FDM - file://C:\Program Files\Free Download Manager\dlselected.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{E1569190-E1D5-4BD4-A3DF-5037241C7D19}: NameServer = 195.23.129.126
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\deskscapes.dll
O22 - SharedTaskScheduler: Stardock Vista ControlPanel Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DesktopControlPanel.dll
O22 - SharedTaskScheduler: StardockDreamController - {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DreamControl.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:\Windows\system32\hasplms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 11121 bytes

-- File Associations -----------------------------------------------------------

.scr - AutoCADScriptFile - shell\open\command - "C:\Windows\system32\notepad.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 cdrbsdrv - c:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 17102 - \??\c:\windows\system32\17102.sys
R3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-03-25 and 2008-04-25 -----------------------------

2008-04-25 20:38:16 0 d-------- C:\ie-spyad_zo
2008-04-25 20:23:48 0 d-------- C:\Program Files\SpywareBlaster
2008-04-25 12:51:45 0 d-------- C:\Program Files\Panda Security
2008-04-25 01:37:26 0 d-------- C:\Program Files\Bridge Builder
2008-04-25 01:10:35 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-04-24 19:15:58 0 d-------- C:\Program Files\Pontifex
2008-04-23 00:05:35 0 d-------- C:\Users\All Users\Lavasoft
2008-04-23 00:05:35 0 d-------- C:\Program Files\Lavasoft
2008-04-22 20:29:09 0 d-------- C:\Program Files\Pontifex II
2008-04-21 20:14:46 0 d-------- C:\Temp
2008-04-21 11:38:35 1966080 --a------ C:\Windows\system32\cdintf251.dll <Not Verified; Amyuni Technologies
http://www.amyuni.com; Amyuni Common Driver Interface>
2008-04-21 11:36:33 0 d-------- C:\Windows\DIALux
2008-04-21 11:36:33 0 d-------- C:\Program Files\DIALux
2008-04-19 13:46:56 0 d-------- C:\Program Files\Freight Tycoon
2008-04-17 22:18:40 0 d--hs---- C:\Diskeeper
2008-04-17 17:54:16 0 d-------- C:\Users\All Users\Diskeeper Corporation
2008-04-17 17:54:14 0 d-------- C:\Program Files\Diskeeper Corporation
2008-04-13 17:37:01 1970176 --a------ C:\Windows\system32\xRaidSetup.exe <Not Verified; JMicron Technology Corp.; JMicron JMB36X RAID Configurer>
2008-04-13 17:37:01 151552 --a------ C:\Windows\system32\xRaidAPI.dll <Not Verified; JMicron Technology Corp.; JMB36X RAID API Dynamic Link Library>
2008-04-13 17:36:10 0 d-------- C:\Windows\RaidTool
2008-04-13 17:25:12 53248 --a------ C:\Windows\system32\CSVer.dll <Not Verified; Windows XP Bundled build C-Centric Single User; Windows XP Bundled build C-Centric Single User CSVer>
2008-04-13 17:25:12 0 d-------- C:\Program Files\Intel
2008-04-13 17:24:54 0 d-------- C:\Intel
2008-04-13 16:01:50 0 d-------- C:\Program Files\Driver-Soft
2008-04-13 14:57:09 691545 --a------ C:\Windows\unins000.exe
2008-04-13 14:57:09 2538 --a------ C:\Windows\unins000.dat
2008-04-11 17:23:54 38400 --a------ C:\Windows\system32\SoundSchemes.exe <Not Verified; Microsoft Corporation; Sistema operativo Microsoft® Windows®>
2008-04-06 23:12:15 0 d-------- C:\Program Files\MovieTrack
2008-04-06 22:45:16 0 d-------- C:\Program Files\AllMyMovies
2008-04-06 18:37:46 0 d-------- C:\Users\All Users\MAGIX
2008-04-06 18:14:59 0 d-------- C:\Program Files\WMV9_VCM
2008-04-06 18:14:38 0 d-------- C:\Program Files\Common Files\xara
2008-04-06 18:14:36 44544 --a------ C:\Windows\system32\msxml4a.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 4.0 SP1>
2008-04-06 18:13:43 120200 --a------ C:\Windows\system32\DLLDEV32i.dll <Not Verified; ; DLLDEV32i>
2008-04-06 18:13:43 0 d-------- C:\Users\All Users\Xara
2008-04-06 18:13:43 0 d-------- C:\Program Files\Xara
2008-04-06 18:13:34 700416 --a------ C:\Windows\system32\mgxoschk.dll <Not Verified; MAGIX AG; mgxoschk>
2008-04-06 18:13:34 0 d-------- C:\Windows\system32\MAGIX
2008-04-05 22:42:23 0 d-------- C:\Program Files\Collectorz.com
2008-04-05 21:00:53 0 d-------- C:\Program Files\VisualDivX
2008-04-05 16:33:28 0 d-------- C:\Program Files\eXtreme Movie Manager
2008-04-05 16:29:52 0 d-------- C:\Program Files\Movie Label 2009
2008-04-05 16:28:42 81920 --a------ C:\Windows\system32\viscomwave.dll <Not Verified; Viscom Software; >
2008-04-05 16:28:42 323584 --a------ C:\Windows\system32\FoxImager.dll
2008-04-05 15:39:53 0 d-------- C:\Program Files\uTorrent
2008-04-02 17:42:58 0 d-------- C:\Program Files\AutoCAD 2009
2008-03-30 01:31:14 1867776 --a------ C:\Windows\system32\python24.dll <Not Verified; Python Software Foundation; Python>
2008-03-30 01:30:27 0 d-------- C:\Program Files\ESRI
2008-03-30 01:19:04 0 d-------- C:\Program Files\Common Files\ESRI
2008-03-30 01:15:28 0 d-------- C:\Python24
2008-03-29 16:43:51 0 d-------- C:\Program Files\Common Files\Real
2008-03-29 16:43:50 0 d-------- C:\Windows\system32\Adobe
2008-03-29 13:39:41 0 d--h----- C:\$AVG8.VAULT$
2008-03-28 23:34:35 0 d-------- C:\Windows\system32\drivers\Avg
2008-03-28 22:41:14 0 d-------- C:\Users\All Users\avg8
2008-03-28 22:41:14 0 d-------- C:\Program Files\AVG
2008-03-26 19:37:42 5702 --ah----- C:\Windows\nod32restoretemdono.reg
2008-03-26 19:36:32 0 d-------- C:\Users\All Users\ESET
2008-03-26 01:47:37 32 --a------ C:\Users\All Users\ezsid.dat
2008-03-26 01:45:19 0 d-------- C:\Users\All Users\Skype
2008-03-26 01:27:32 0 d-------- C:\Windows\PixArt
2008-03-26 01:26:37 0 d-------- C:\Windows\PAC207
2008-03-26 01:26:37 0 d-------- C:\Program Files\Common Files\RemoveC
2008-03-26 01:26:00 0 d-------- C:\Windows\Downloaded Installations


-- Find3M Report ---------------------------------------------------------------

2008-04-25 21:25:26 0 d-------- C:\Users\Home\AppData\Roaming\uTorrent
2008-04-25 19:53:09 520986 --a------ C:\Windows\system32\prfh0816.dat
2008-04-25 19:53:09 86310 --a------ C:\Windows\system32\prfc0816.dat
2008-04-25 12:51:46 2552 --a------ C:\Windows\mozver.dat
2008-04-23 00:04:03 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-21 11:53:30 0 d-------- C:\Program Files\Common Files
2008-04-19 15:38:11 0 d-------- C:\Users\Home\AppData\Roaming\Vso
2008-04-19 15:38:11 0 d-------- C:\Users\Home\AppData\Roaming\CopyToDvd
2008-04-15 00:26:24 0 d-------- C:\Users\Home\AppData\Roaming\TweakNow RegCleaner Professional
2008-04-13 17:37:02 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-13 17:36:08 100 --a------ C:\Windows\system32\prsgrc.dll
2008-04-13 17:36:08 204 --a------ C:\Windows\system32\cfvn1dy.dll
2008-04-11 10:40:32 0 d-------- C:\Program Files\Messenger Plus! Live
2008-04-09 19:10:05 0 d-------- C:\Program Files\Windows Mail
2008-04-06 23:23:45 0 d-------- C:\Program Files\MagicISO
2008-04-06 18:37:46 0 d-------- C:\Users\Home\AppData\Roaming\MAGIX
2008-04-05 19:49:23 0 d-------- C:\Program Files\Guitar Speed Trainer
2008-04-05 19:42:34 0 d-------- C:\Program Files\Common Files\InstallShield
2008-04-05 16:30:13 0 d-------- C:\Users\Home\AppData\Roaming\Movie Label
2008-04-05 15:31:07 0 d-------- C:\Program Files\TVU Player
2008-04-04 00:18:29 0 d-------- C:\Users\Home\AppData\Roaming\Real Desktop
2008-04-02 17:47:41 0 d-------- C:\Program Files\Common Files\Autodesk Shared
2008-04-02 17:42:58 0 d-------- C:\Users\Home\AppData\Roaming\Autodesk
2008-03-30 14:24:07 0 d-------- C:\Users\Home\AppData\Roaming\ESRI
2008-03-29 16:43:50 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-26 19:50:37 0 d-------- C:\Users\Home\AppData\Roaming\Adobe
2008-03-26 01:47:37 0 d-------- C:\Users\Home\AppData\Roaming\skypePM
2008-03-23 19:48:13 0 d-------- C:\Program Files\DAEMON Tools Pro
2008-03-13 20:51:56 0 d-------- C:\Program Files\Java
2008-03-13 20:50:12 0 d-------- C:\Program Files\Common Files\Java
2008-03-02 23:59:41 0 d-------- C:\Users\Home\AppData\Roaming\LEAPS
2008-03-02 23:58:01 0 d-------- C:\Users\Home\AppData\Roaming\Pegasys Inc
2008-03-02 23:43:27 0 d-------- C:\Program Files\Pegasys Inc
2008-03-02 23:42:40 56976 --a------ C:\Windows\system32\GenSvcInst.exe <Not Verified; B.H.A Corporation; B's Recorder GOLD9>
2008-03-02 23:42:40 122512 --a------ C:\Windows\system32\bgsvcgen.exe <Not Verified; B.H.A Corporation; B's Recorder GOLD9>
2008-03-02 22:02:15 0 d-------- C:\Program Files\Common Files\PX Storage Engine
2008-02-29 00:00:19 0 d-------- C:\Users\Home\AppData\Roaming\Chief Architect Full Version 11
2008-02-26 20:41:38 0 d-------- C:\Program Files\PowerISO
2008-02-25 22:04:36 0 d-------- C:\Program Files\3D Home Architect
2008-02-25 21:41:08 0 d-------- C:\Program Files\ART Inc
2008-02-25 02:41:08 0 d-------- C:\Program Files\Common Files\Crystal Decisions
2008-02-25 02:41:06 0 d-------- C:\Program Files\Common Files\ADO
2008-02-25 02:40:49 0 d-------- C:\Program Files\Computers and Structures
2008-02-25 02:40:31 1024 --a------ C:\Windows\system32\nucwjhh.dll
2008-02-25 02:40:31 1024 --a------ C:\Windows\system32\grcauth2.dll
2008-02-25 02:40:31 1024 --a------ C:\Windows\system32\grcauth1.dll
2008-02-25 02:40:27 72 --a------ C:\Windows\system32\ssprs.dll
2008-02-25 02:40:27 1024 --a------ C:\Windows\system32\clauth2.dll
2008-02-25 02:40:27 1024 --a------ C:\Windows\system32\clauth1.dll
2008-02-25 02:25:56 0 d-------- C:\Program Files\Chief Architect Inc
2008-02-21 22:35:10 8192 --ahs---- C:\Windows\o2cLicStore.bin
2008-02-06 01:20:04 0 -rahs---- C:\MSDOS.SYS
2008-02-06 01:20:04 0 -rahs---- C:\IO.SYS


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [30-11-2007 04:14]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [04-10-2007 18:14]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [04-10-2007 18:14]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [04-10-2007 18:14]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [10-12-2006 22:52]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [11-01-2008 20:54]
"@"="" []
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [24-08-2007 07:00]
"Norton Ghost 12.0"="C:\Program Files\Norton Ghost\Agent\VProTray.exe" [05-10-2007 13:33]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [11-12-2007 11:56]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11-12-2007 13:10]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22-02-2008 05:25]
"Monitor"="C:\Windows\PixArt\PAC207\Monitor.exe" [03-11-2006 12:01]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [29-03-2008 12:57]
"JMB36X IDE Setup"="C:\Windows\RaidTool\xInsIDE.exe" [20-03-2007 14:36]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [10-01-2008 01:52]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18-10-2007 12:34]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [06-09-2007 14:08]
"Real Desktop"="C:\Program Files\Real Desktop\Real Desktop.exe" []
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [22-04-2008 20:03]
"eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [13-05-2007 15:57]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02-11-2006 13:33]

C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [20-02-2008 21:22:05]
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [02-12-2007 14:34:48]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{08d1d374-ef95-11dc-804a-0018f35c1bc3}]
AutoOpen\command- .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b6111e13-f05f-11dc-ac51-0018f35c1bc3}]
AutoRun\command- H:\
explore\Command- WScript.exe .\autorun.vbs
open\Command- WScript.exe .\autorun.vbs


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration



-- Hosts -----------------------------------------------------------------------

127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com

8317 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-04-25 21:28:27 ------------
Attached Files
File Type: txt ActiveScan.txt (14.4 KB, 0 views)
File Type: txt extra.txt (23.1 KB, 0 views)
Coaster is offline