Thread: popups etc. from Trojan & CWS + more
View Single Post
Old 06-09-2008, 01:18 PM   #1 (permalink)
valdezorbust
Registered User
 
Join Date: Jun 2008
Posts: 16
OS: xp


popups etc. from Trojan & CWS + more
When I tried to use Panda Active Scan 2.0 it would never run. Finally on my last try it ran. When I checked it today there was no option to disinfect. When I try to attach the report it fails.

After I ran Zoned out it had failures.

I could not update windows. Automatic updates is disabled but B.I.T.S., and Event log remain "automatic".

When I fix Auto update and refresh the windows update page Automatic updates is disabled again.

I have service pack 2 for XP.



I have a pic on my desktop that says a spyware threat has beeen detected on my pc. Been is spelled beeen.


Spysweeper is still finding things when I am offline.

When I check the quarantine it has trojan and CWS as the highest ranked infections.

The PC is slow and I get lots of popups telling me I have problems with spyware.

I have a popup advertising anti spyware software that uses Internet Explorer when I am offline


















Deckard's System Scanner v20071014.68
Run by Jason on 2008-06-09 13:47:38
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 503 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-09 13:47:39
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\iftuyszv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\DLA\DLACTRLW.EXE
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\Program Files\Lexmark 5400 Series\ezprint.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\ehome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Iomega\System32\AppServices.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Webroot\Spy Sweeper\ssu.exe
C:\Documents and Settings\Jason\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/advanced_search?hl=en
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\iftuyszv.exe,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: gooochi browser optimizer - {100e949f-811d-1f61-32d1-ee4d1e4cec42} - C:\WINDOWS\system32\{45f32f12-49f1-d857-367f-6465a8586131}.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll
O2 - BHO: mysidesearch browser optimizer - {49ab2649-3d07-131d-b912-fe863ead1d5a} - C:\WINDOWS\system32\{b228c613-f9dd-294f-e366-f7443b79c023}.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {63A15705-4E5E-45F3-837C-88777FA1C5AC} - C:\DOCUME~1\Jason\LOCALS~1\Temp\iiffCTNd.dll (file missing)
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: (no name) - {7861DC4C-9DED-4A28-9328-AB9DA6DE292F} - C:\WINDOWS\system32\urqNGwTK.dll (file missing)
O2 - BHO: (no name) - {A1E716C4-D172-4FCB-9C66-21BEF1DD2D44} - C:\WINDOWS\system32\xxyvsRKc.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar3.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [DIGServices] "C:\Program Files\ESPNRunTime\DIGServices.exe" /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [MSKDetectorExe] "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" /uninstall
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [{5215c6cd-7eb1-c7b8-c973-9dd56cbc867e}] "C:\WINDOWS\System32\Rundll32.exe" "C:\WINDOWS\system32\{45f32f12-49f1-d857-367f-6465a8586131}.dll" DllStart
O4 - HKLM\..\Run: [74d12944] "rundll32.exe" "C:\WINDOWS\system32\ewrnfpuj.dll",b
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cmds] "rundll32.exe" C:\DOCUME~1\Jason\LOCALS~1\Temp\iiffCTNd.dll,c
O4 - HKCU\..\Run: [SpyEmergency] "C:\Program Files\Spy Emergency 2008\SpyEmergency.exe"
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\mcntnkdm.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...tml?p=ZUfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://online.musicmatch.com (HKLM)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Chessmaster%20Challenge/Images/stg_drm.ocx
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/down.../OTOYAX29b.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Chessmaster%20Challenge/Images/armhelper.ocx
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: xxyvsRKc - C:\WINDOWS\system32\xxyvsRKc.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iomega Activity Disk2 - Unknown owner - C:\WINDOWS\system32
O23 - Service: Iomega App Services - Iomega Corporation - C:\Program Files\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxct_device - Unknown owner - C:\WINDOWS\system32\lxctcoms.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe


--
End of file - 13585 bytes

-- Files created between 2008-05-09 and 2008-06-09 -----------------------------

2008-06-08 21:15:24 0 d-------- C:\Program Files\SpywareBlaster
2008-06-08 17:07:19 0 d-------- C:\Program Files\Panda Security
2008-06-08 17:03:46 113664 --a------ C:\WINDOWS\system32\fnoffibg.dll
2008-06-08 17:00:42 101376 --a------ C:\WINDOWS\system32\ewrnfpuj.dll
2008-06-08 01:47:21 0 d-------- C:\ie-spyad_zo
2008-06-07 15:58:37 111616 --a------ C:\WINDOWS\system32\lvgddmfn.dll
2008-06-07 00:27:09 200774 --a------ C:\WINDOWS\system32\mcntnkdn.exe
2008-06-07 00:25:21 0 d-------- C:\Documents and Settings\Robert Dixon\Application Data\Webroot
2008-06-07 00:22:06 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-06-07 00:21:41 0 d-------- C:\Program Files\Webroot
2008-06-07 00:21:41 0 d-------- C:\Documents and Settings\Jason\Application Data\Webroot
2008-06-07 00:21:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-06-07 00:20:05 164 --a------ C:\install.dat
2008-06-06 23:50:12 88961 --a------ C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
2008-06-06 23:49:58 298311 --a------ C:\WINDOWS\system32\gside.exe
2008-06-06 23:37:25 0 d-------- C:\Documents and Settings\Jason\Application Data\com.zipeg
2008-06-06 23:19:36 40 --a------ C:\WINDOWS\sremcon.dat
2008-06-06 23:17:45 0 d-------- C:\Documents and Settings\Jason\Application Data\Se Analyzer Tool SA
2008-06-06 20:05:09 0 d-------- C:\Documents and Settings\Jason\Application Data\Spy Emergency
2008-06-06 19:57:17 24064 --a------ C:\WINDOWS\x.exe
2008-06-06 19:57:17 17664 --a------ C:\WINDOWS\waol.exe
2008-06-06 19:57:16 11264 --a------ C:\WINDOWS\svcinit.exe
2008-06-06 19:57:16 12544 --a------ C:\WINDOWS\sistem.exe
2008-06-06 19:57:16 8960 --a------ C:\WINDOWS\rundll16.exe
2008-06-06 19:57:16 30976 --a------ C:\WINDOWS\quicken.exe
2008-06-06 19:57:15 29440 --a------ C:\WINDOWS\qttasks.exe
2008-06-06 19:57:14 31744 --a------ C:\WINDOWS\olehelp.exe
2008-06-06 19:57:14 20992 --a------ C:\WINDOWS\notepad32.exe
2008-06-06 19:57:13 30720 --a------ C:\WINDOWS\mssys.exe
2008-06-06 19:57:13 11264 --a------ C:\WINDOWS\msconfd.dll
2008-06-06 19:57:12 10496 --a------ C:\WINDOWS\internet.exe
2008-06-06 19:57:12 18176 --a------ C:\WINDOWS\iexplorer.exe
2008-06-06 19:57:12 24832 --a------ C:\WINDOWS\iedll.exe
2008-06-06 19:57:12 26880 --a------ C:\WINDOWS\explore.exe
2008-06-06 19:57:11 20224 --a------ C:\WINDOWS\editpad.exe
2008-06-06 19:57:10 30208 --a------ C:\WINDOWS\avpcc.dll
2008-06-06 18:59:19 0 d-------- C:\Documents and Settings\Robert Dixon\Application Data\Spy Emergency
2008-06-06 18:59:00 0 d-------- C:\Documents and Settings\All Users\Application Data\NETGATE
2008-06-06 18:48:43 0 d-------- C:\Documents and Settings\Robert Dixon\Application Data\com.zipeg
2008-06-06 1802 0 d-------- C:\Spy Emergency 2008 5.0.205 (NEW-with serial keys)
2008-06-06 17:58:21 0 d-------- C:\WINDOWS\system32\1449
2008-06-06 17:58:15 55808 --a------ C:\WINDOWS\portsv.exe
2008-06-06 17:28:08 49176 --a------ C:\WINDOWS\system32\jmwnw64s.exe <Not Verified; ; Browser Driver>
2008-06-06 1710 0 d-------- C:\Documents and Settings\LocalService\Application Data\ESPN
2008-06-06 16:44:37 23808 --a------ C:\WINDOWS\y.exe
2008-06-06 16:44:37 24832 --a------ C:\WINDOWS\xplugin.dll
2008-06-06 16:44:36 31232 --a------ C:\WINDOWS\winmgnt.exe
2008-06-06 16:44:35 15104 --a------ C:\WINDOWS\window.exe
2008-06-06 16:44:35 23552 --a------ C:\WINDOWS\winajbm.dll
2008-06-06 16:44:35 30976 --a------ C:\WINDOWS\win64.exe
2008-06-06 16:44:35 24832 --a------ C:\WINDOWS\win32e.exe
2008-06-06 16:44:34 11520 --a------ C:\WINDOWS\users32.exe
2008-06-06 16:44:34 12544 --a------ C:\WINDOWS\time.exe
2008-06-06 16:44:34 18944 --a------ C:\WINDOWS\systemcritical.exe
2008-06-06 16:44:34 20480 --a------ C:\WINDOWS\systeem.exe
2008-06-06 16:44:33 26624 --a------ C:\WINDOWS\svchost32.exe
2008-06-06 16:44:33 9216 --a------ C:\WINDOWS\searchword.dll
2008-06-06 16:44:32 12800 --a------ C:\WINDOWS\mswsc20.dll
2008-06-06 16:44:32 17152 --a------ C:\WINDOWS\mswsc10.dll
2008-06-06 16:44:31 24576 --a------ C:\WINDOWS\msupdate.exe
2008-06-06 16:44:31 19968 --a------ C:\WINDOWS\msspi.dll
2008-06-06 16:44:31 22272 --a------ C:\WINDOWS\loader.exe
2008-06-06 16:44:30 8704 --a------ C:\WINDOWS\inetinf.exe
2008-06-06 16:44:30 13824 --a------ C:\WINDOWS\helpcvs.exe
2008-06-06 16:44:30 29696 --a------ C:\WINDOWS\gfmnaaa.dll
2008-06-06 16:44:30 22272 --a------ C:\WINDOWS\funny.exe
2008-06-06 16:44:29 13056 --a------ C:\WINDOWS\funniest.exe
2008-06-06 16:44:29 19456 --a------ C:\WINDOWS\explorer32.exe
2008-06-06 16:44:29 13568 --a------ C:\WINDOWS\dnsrelay.dll
2008-06-06 16:44:29 25344 --a------ C:\WINDOWS\directx32.exe
2008-06-06 16:44:28 17920 --a------ C:\WINDOWS\ctfmon32.exe
2008-06-06 16:44:28 21504 --a------ C:\WINDOWS\cpan.dll
2008-06-06 16:44:28 28416 --a------ C:\WINDOWS\clrssn.exe
2008-06-06 16:44:27 12288 --a------ C:\WINDOWS\accesss.exe
2008-06-06 16:33:45 15214 --ahs---- C:\WINDOWS\system32\KTwGNqru.ini2
2008-06-06 16:32:04 147456 --a------ C:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>
2008-06-06 16:30:10 135168 --a------ C:\WINDOWS\TEK76.exe
2008-06-06 16:30:02 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-06-06 16:30:01 862 --a------ C:\WINDOWS\system32\winpfz33.sys
2008-06-06 16:29:36 0 d-------- C:\Documents and Settings\LocalService\Application Data\Yahoo!
2008-06-06 16:29:34 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google
2008-06-06 16:29:04 4 --a------ C:\WINDOWS\system32\hljwugsf.bin
2008-06-06 16:29:04 401972 --a------ C:\WINDOWS\system32\g41.exe
2008-06-06 16:29:02 0 d--hs---- C:\WINDOWS\Um9iZXJ0IERpeG9u
2008-06-06 16:29:00 87513 --a------ C:\WINDOWS\system32\iftuyszv.exe <Not Verified; Microsoft; XML Media>
2008-06-06 16:28:49 0 d-------- C:\WINDOWS\system32\xrem
2008-06-06 16:28:49 0 d-------- C:\WINDOWS\system32\NMP
2008-06-06 16:28:49 0 d-------- C:\WINDOWS\system32\inet2
2008-06-06 16:28:49 0 d-------- C:\WINDOWS\system32\expo
2008-06-06 16:28:49 0 d-------- C:\WINDOWS\system32\btz
2008-06-06 16:28:49 0 d-------- C:\WINDOWS\system32\105772
2008-06-06 16:28:41 0 d-------- C:\WINDOWS\system32\vntiho18
2008-06-06 16:28:41 0 d-------- C:\Temp
2008-06-04 16:39:24 0 d-------- C:\Documents and Settings\Jason\Application Data\Sonic
2008-06-02 18:38:29 0 d-------- C:\Documents and Settings\Jason\Incomplete
2008-06-02 18:37:32 0 d-------- C:\Documents and Settings\Jason\Application Data\LimeWire
2008-05-27 08:39:38 371200 --a------ C:\WINDOWS\system32\{45f32f12-49f1-d857-367f-6465a8586131}.dll
2008-05-21 09:53:31 0 d-------- C:\Program Files\Audacity
2008-05-21 00:42:41 0 d-------- C:\Program Files\iPod
2008-05-20 21:58:07 0 d-------- C:\Documents and Settings\Robert Dixon\Application Data\LimeWire
2008-05-19 08:55:20 439808 --a------ C:\WINDOWS\system32\{b228c613-f9dd-294f-e366-f7443b79c023}.dll


-- Find3M Report ---------------------------------------------------------------

2008-06-09 13:29:32 0 d-------- C:\Program Files\Lx_cats
2008-06-08 20:54:07 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-08 01:35:22 0 d-------- C:\Program Files\WildTangent
2008-06-02 18:23:10 0 d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint
2008-05-21 00:49:21 0 d-------- C:\Program Files\Apple Software Update
2008-05-21 00:43:33 0 d-------- C:\Program Files\iTunes
2008-05-21 00:40:20 0 d-------- C:\Program Files\QuickTime
2008-04-21 18:46:20 0 d-------- C:\Program Files\Norton 360
2008-04-14 13:08:45 0 d-------- C:\Program Files\DeductionPro 2007
2008-04-14 10:37:07 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-14 10:28:42 249856 --a------ C:\WINDOWS\system32\pdfmona.dll <Not Verified; TODO: <Company name>; TODO: <Product name>>
2008-04-14 10:28:42 51716 --a------ C:\WINDOWS\system32\pdf995mon.dll
2008-04-14 10:28:40 0 d-------- C:\Program Files\PDF995
2008-04-14 10:28:07 0 d-------- C:\Program Files\TaxCut06
2008-04-14 10:27:48 0 d-------- C:\Program Files\TaxCut07


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{100e949f-811d-1f61-32d1-ee4d1e4cec42}]
05/27/2008 08:39 AM 371200 --a------ C:\WINDOWS\system32\{45f32f12-49f1-d857-367f-6465a8586131}.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{49ab2649-3d07-131d-b912-fe863ead1d5a}]
05/19/2008 08:55 AM 439808 --a------ C:\WINDOWS\system32\{b228c613-f9dd-294f-e366-f7443b79c023}.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{63A15705-4E5E-45F3-837C-88777FA1C5AC}]
C:\DOCUME~1\Jason\LOCALS~1\Temp\iiffCTNd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7861DC4C-9DED-4A28-9328-AB9DA6DE292F}]
C:\WINDOWS\system32\urqNGwTK.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A1E716C4-D172-4FCB-9C66-21BEF1DD2D44}]
C:\WINDOWS\system32\xxyvsRKc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [09/29/2005 02:01 PM]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [10/14/2005 08:49 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [10/14/2005 08:46 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [10/14/2005 08:50 PM]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [10/05/2005 03:12 AM]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [06/10/2005 10:44 AM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [06/10/2005 10:44 AM]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [09/08/2005 05:20 AM]
"DIGServices"="C:\Program Files\ESPNRunTime\DIGServices.exe" [07/14/2006 10:47 AM]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [10/04/2006 04:32 PM]
"lxctmon.exe"="C:\Program Files\Lexmark 5400 Series\lxctmon.exe" [11/22/2006 04:11 AM]
"Lexmark 5400 Series Fax Server"="C:\Program Files\Lexmark 5400 Series\fm3032.exe" [11/22/2006 04:12 AM]
"EzPrint"="C:\Program Files\Lexmark 5400 Series\ezprint.exe" [11/22/2006 04:11 AM]
"LXCTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [11/21/2006 07:27 AM]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [08/12/2005 04:16 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/10/2007 12:59 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"My Web Search Bar Search Scope Monitor"="C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" []
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [11/15/2007 10:24 AM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [01/29/2008 06:38 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"{5215c6cd-7eb1-c7b8-c973-9dd56cbc867e}"="C:\WINDOWS\System32\Rundll32.exe" [08/10/2004 05:00 AM]
"74d12944"="rundll32.exe" [08/10/2004 05:00 AM C:\WINDOWS\system32\rundll32.exe]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [01/04/2008 08:56 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 11:09 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [10/10/2007 10:35 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 08:05 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 06:43 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 05:00 AM]
"cmds"="rundll32.exe" [08/10/2004 05:00 AM C:\WINDOWS\system32\rundll32.exe]
"SpyEmergency"="C:\Program Files\Spy Emergency 2008\SpyEmergency.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{A1E716C4-D172-4FCB-9C66-21BEF1DD2D44}"= C:\WINDOWS\system32\xxyvsRKc.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\iftuyszv.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyvsRKc]
xxyvsRKc.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\DOCUME~1\Jason\LOCALS~1\Temp\iiffCTNd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe




-- End of Deckard's System Scanner: finished at 2008-06-09 13:48:34 ------------
valdezorbust is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here