Thread: Popunders and can't update Windows XP
View Single Post
Old 06-09-2008, 09:23 AM   #1 (permalink)
ianjones2003
Registered User
 
Join Date: Jun 2008
Posts: 36
OS: xp


Popunders and can't update Windows XP
Hi

I hope I’ve added and attached the logs you want. The problem I have is continual adverts which appear as full screen underneath the open window. Additionally I cannot install Windows updates. I’m running Computer Associates anti virus/spam/firewall suite which doesn’t report a problem. I thought at first I had a problem with Windows itself so re-installed it – maybe this was the wrong thing to do! It hasn’t really made any difference, the adverts keep appearing and I still can’t install Windows updates.

Thanks for looking at this

Ian



;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-06-08 23:23:38
PROTECTIONS: 1
MALWARE: 4
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
CA Anti-Virus 8.4.0.28 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00039204 adware/cws Adware No 0 Yes No c:\documents and settings\ian and joelle.ian-7530fc48f2f\favorites\insurance
00039204 adware/cws Adware No 0 Yes No c:\documents and settings\ian and joelle.ian-7530fc48f2f\favorites\health
00145881 Cookie/NewMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Ian and Joelle.IAN-7530FC48F2F\Cookies\ian_and_joelle@anm.co[2].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Ian and Joelle.IAN-7530FC48F2F\Cookies\ian_and_joelle@adtech[1].txt
02094010 Generic Malware Virus/Trojan No 0 Yes Yes C:\System Volume Information\_restore{AF248356-1CAA-4B9B-8FD4-0D3FE5106A0E}\RP33\A0001788.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location WZ
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description WZ
;===================================================================================================================================================================================
184380 MEDIUM MS08-002 WZ
184379 MEDIUM MS08-001 WZ
182048 HIGH MS07-069 WZ
182046 HIGH MS07-067 WZ
182043 HIGH MS07-064 WZ
179553 HIGH MS07-061 WZ
176382 HIGH MS07-057 WZ
176383 HIGH MS07-058 WZ
170911 HIGH MS07-050 WZ
170907 HIGH MS07-046 WZ
170906 HIGH MS07-045 WZ
170904 HIGH MS07-043 WZ
164915 HIGH MS07-035 WZ
164913 HIGH MS07-033 WZ
164911 HIGH MS07-031 WZ
160623 HIGH MS07-027 WZ
157262 HIGH MS07-022 WZ
157261 HIGH MS07-021 WZ
157260 HIGH MS07-020 WZ
157259 HIGH MS07-019 WZ
156477 HIGH MS07-017 WZ
150253 HIGH MS07-016 WZ
150249 HIGH MS07-013 WZ
150248 HIGH MS07-012 WZ
150247 HIGH MS07-011 WZ
150243 HIGH MS07-008 WZ
150242 HIGH MS07-007 WZ
150241 MEDIUM MS07-006 WZ
145501 HIGH MS07-004 WZ
141034 HIGH MS06-076 WZ
141033 MEDIUM MS06-075 WZ
137571 HIGH MS06-070 WZ
133387 MEDIUM MS06-065 WZ
133386 MEDIUM MS06-064 WZ
133385 MEDIUM MS06-063 WZ
133379 HIGH MS06-057 WZ
129977 MEDIUM MS06-053 WZ
129976 MEDIUM MS06-052 WZ
126093 HIGH MS06-051 WZ
126092 MEDIUM MS06-050 WZ
126087 HIGH MS06-046 WZ
126086 MEDIUM MS06-045 WZ
126082 HIGH MS06-041 WZ
126081 HIGH MS06-040 WZ
123421 HIGH MS06-036 WZ
123420 HIGH MS06-035 WZ
120825 MEDIUM MS06-032 WZ
120823 MEDIUM MS06-030 WZ
120818 HIGH MS06-025 WZ
120815 HIGH MS06-022 WZ
117384 MEDIUM MS06-018 WZ
114666 HIGH MS06-015 WZ
108744 MEDIUM MS06-008 WZ
108743 MEDIUM MS06-007 WZ
108742 MEDIUM MS06-006 WZ
104567 HIGH MS06-002 WZ
104237 HIGH MS06-001 WZ
96574 HIGH MS05-053 WZ
93395 HIGH MS05-051 WZ
93394 HIGH MS05-050 WZ
93454 MEDIUM MS05-049 WZ
;===================================================================================================================================================================================


Deckard's System Scanner v20071014.68
Run by Ian and Joelle on 2008-06-09 16:00:20
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
46: 2008-06-09 15:00:28 UTC - RP46 - Deckard's System Scanner Restore Point
45: 2008-06-08 16:51:29 UTC - RP45 - Unsigned driver install
44: 2008-06-08 08:39:51 UTC - RP44 - Software Distribution Service 3.0
43: 2008-06-08 08:29:35 UTC - RP43 - Software Distribution Service 3.0
42: 2008-06-08 08:29:14 UTC - RP42 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-06-05 15:40:50 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-09 16:02:07
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.5730.13)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Logishrd\LVCOMSER\LVComSer.exe
C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
C:\Program Files\Retrospect\Retrospect Express HD 1.1\retrorun.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\WINDOWS\system32\Khooker.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\cavrid.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S4I2J1.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Logishrd\LComMgr\Communications_Helper.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Documents and Settings\Ian and Joelle.IAN-7530FC48F2F\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.ebay.co.uk/ws/eBayISAPI.dl...grateVisitor=3
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: (no name) - {E1BACF55-35E1-4E47-9247-2D48660E5545} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -on
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\system32\khooker.exe
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R800] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2J1.EXE /P23 "EPSON Stylus Photo R800" /O6 "USB001" /M "Stylus Photo R800"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BBC Alerts] "C:\Program Files\BBC Alerts\BBC_Alerts.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [cemqkoq] c:\documents and settings\ian and joelle.ian-7530fc48f2f\local settings\application data\cemqkoq.exe cemqkoq
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: EPSON SMART PANEL for Scanner.lnk = C:\Program Files\EPSON\EPSON SMART PANEL for Scanner\espmain.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - (no file)
O9 - Extra button: (no name) - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} (Keynote Connector Launcher 2) - http://webeffective.keynote.com/appl...orLauncher.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1194202916155
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.co.uk/downlo...2/axofupld.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/.../en/crlocx.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\Logishrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logishrd\SrvLnch\SrvLnch.exe
O23 - Service: MaxSyncService (NTService1) - Unknown owner - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: Retrospect Express HD Helper (RetroExp Helper) - EMC Dantz - C:\Program Files\Retrospect\Retrospect Express HD 1.1\rthlpsvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Dantz - C:\Program Files\Retrospect\Retrospect Express HD 1.1\retrorun.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe


--
End of file - 13825 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 cdrbsdrv - c:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD7>
R1 SiSEsc (SISLIB_ESC) - c:\windows\system32\sisesc.sys
R1 SiSkp - c:\windows\system32\drivers\srvkp.sys <Not Verified; Silicon Integrated Systems Corporation; SiS (R) WindowsXP Display Manager>
R3 ASAPIW2k - c:\windows\system32\drivers\asapiw2k.sys <Not Verified; Pinnacle Systems GmbH; asapi>
R3 EL2000 (3Com 3C2000x EtherLink XL Adapter) - c:\windows\system32\drivers\el2k_xp.sys <Not Verified; 3Com Corporation; 3Com Gigabit NIC (3C2000 Family)>

S2 tcaicchg - c:\windows\system32\tcaicchg.sys (file missing)
S2 TCAITDI (TCAITDI Protocol) - c:\windows\system32\drivers\tcaitdi.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 NTService1 (MaxSyncService) - "c:\program files\maxtor\onetouch\utils\syncservices.exe" <Not Verified; ; SyncServices>
R2 RetroExpLauncher (Retrospect Express HD Launcher) - c:\progra~1\retros~1\retros~1.1\retrorun.exe <Not Verified; EMC Dantz; Retrospect Express HD>

S2 RetroExp Helper (Retrospect Express HD Helper) - "c:\program files\retrospect\retrospect express hd 1.1\rthlpsvc.exe" <Not Verified; EMC Dantz; Retrospect Express HD>
S3 WLSetupSvc (Windows Live Setup Service) - "c:\program files\windows live\installer\wlsetupsvc.exe" <Not Verified; Microsoft Corporation; Windows Live installer>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_1813&DEV_4000&SUBSYS_00000000&REV_02\4&1F7DBC9F&0&48F0
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_1813&DEV_4000&SUBSYS_00000000&REV_02\4&1F7DBC9F&0&48F0
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-06-09 15:33:39 440 --ah----- C:\WINDOWS\Tasks\User_Feed_Synchronization-{7EEAB4C9-F007-42E5-81E9-E64DBFE80633}.job
2008-06-09 15:32:30 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-06-04 17:39:56 474 --a------ C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as Ian and Joelle at 17 39.job
2008-06-02 14:30:06 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-05-09 and 2008-06-09 -----------------------------

2008-06-08 17:43:57 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-06-07 23:36:24 0 d-------- C:\ie-spyad_zo
2008-06-07 23:26:32 0 d-------- C:\Program Files\SpywareBlaster
2008-06-07 22:03:31 0 d-------- C:\Program Files\Panda Security
2008-06-06 15:12:11 0 d-------- C:\Program Files\Lavasoft
2008-06-06 15:11:35 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-05 1602 0 d-------- C:\WINDOWS\Prefetch
2008-06-03 12:04:28 0 d-------- C:\Program Files\Windows Defender
2008-06-02 17:39:07 172032 --a------ C:\WINDOWS\system32\binkw32.dll
2008-06-01 17:28:13 80896 --a------ C:\WINDOWS\system32\Winstr.dll <Not Verified; EIDOS Technologies; ESCAPE VideoStudio 2.0>
2008-06-01 17:28:13 89600 --a------ C:\WINDOWS\system32\Winsdec.dll <Not Verified; EIDOS Technologies; ESCAPE VideoStudio 2.0>
2008-06-01 17:28:13 60416 --a------ C:\WINDOWS\system32\Winplay.dll <Not Verified; EIDOS Technologies; ESCAPE VideoStudio 2.0>
2008-06-01 17:28:13 117248 --a------ C:\WINDOWS\system32\Edec.dll <Not Verified; EIDOS Technologies; ESCAPE VideoStudio 2.0>
2008-06-01 17:28:13 98816 --a------ C:\WINDOWS\system32\Dec130.dll <Not Verified; Eidos plc; ESCAPE VideoStudio 2.0>
2008-06-01 17:28:13 0 d-------- C:\Program Files\Core Design
2008-06-01 17:02:09 0 d-------- C:\TOMBRAID
2008-05-29 16:52:52 0 d-------- C:\Program Files\PestPatrol
2008-05-28 17:55:26 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-05-27 14:42:19 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2008-05-26 00:02:56 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sandlot Games
2008-05-25 12:24:36 0 d-------- C:\Documents and Settings\Ian and Joelle.IAN-7530FC48F2F\Application Data\MysteryStudio
2008-05-23 18:52:20 0 d-------- C:\Documents and Settings\Ian and Joelle.IAN-7530FC48F2F\Application Data\SultansLabyrinth
2008-05-22 22:41:33 0 d-------- C:\Program Files\InternetGameBox
2008-05-14 20:34:59 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\WildTangent


-- Find3M Report ---------------------------------------------------------------

2008-06-09 15:56:37 0 d-------- C:\Documents and Settings\Ian and Joelle.IAN-7530FC48F2F\Application Data\Skype
2008-06-09 15:31:17 0 d-------- C:\Documents and Settings\Ian and Joelle.IAN-7530FC48F2F\Application Data\skypePM
2008-06-06 15:11:35 0 d-------- C:\Program Files\Common Files
2008-06-05 15:54:21 23312 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-05-21 17:43:05 0 d-------- C:\Program Files\Bonusprint PhotoBook Editor
2008-05-21 17:39:11 0 d-------- C:\Program Files\Yahoo!
2008-04-30 23:50:23 0 d-------- C:\Program Files\PopCap Games
2008-04-30 23:44:02 0 d-------- C:\Documents and Settings\Ian and Joelle.IAN-7530FC48F2F\Application Data\Yahoo!
2008-04-30 23:43:40 0 d-------- C:\Program Files\Yahoo! Games
2008-04-19 11:27:40 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-13 1825 0 d-------- C:\Program Files\Java
2008-04-12 01:18:23 0 d-------- C:\Program Files\bfgclient


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TCASUTIEXE"="TCAUDIAG -on" []
"SiS KHooker"="C:\WINDOWS\system32\khooker.exe" [09/04/2003 08:44]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [16/08/2007 22:25]
"QOELOADER"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" [11/10/2007 16:03]
"CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [20/08/2007 13:42]
"cafwc"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [22/05/2008 15:55]
"capfasem"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [22/05/2008 15:55]
"@"="" []
"capfupgrade"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [22/05/2008 15:55]
"EPSON Stylus Photo R800"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2J1.exe" [07/08/2003 03:00]
"RegistryMechanic"="" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 11:50]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [10/03/2004 16:26]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [25/10/2007 17:33]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [25/10/2007 17:37]
"SMSTray"="C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe" [20/09/2007 09:23]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/02/2008 00:13]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [19/02/2008 14:10]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 23:16]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03/11/2006 19:20]
"SoundMan"="SOUNDMAN.EXE" [27/02/2003 07:29 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [28/02/2006 13:00]
"BBC Alerts"="C:\Program Files\BBC Alerts\BBC_Alerts.exe" [11/01/2008 13:35]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [01/02/2008 18:22]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [14/07/2007 00:26]
"cemqkoq"="c:\documents and settings\ian and joelle.ian-7530fc48f2f\local settings\application data\cemqkoq.exe" [05/06/2008 22:46]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
EPSON SMART PANEL for Scanner.lnk - C:\Program Files\EPSON\EPSON SMART PANEL for Scanner\espmain.exe [13/12/2004 18:42:25]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [23/11/2004 17:51 192512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
UmxWnp.Dll 18/05/2007 14:30 79368 C:\WINDOWS\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxtorOneTouch]
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RetroExpress]
C:\PROGRA~1\RETROS~1\RETROS~1.1\RetroExpress.exe /h




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8554 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-06-09 16:04:43 ------------
Attached Files
File Type: txt extra.txt (20.5 KB, 1 views)
ianjones2003 is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here