Deckard's System Scanner v20071014.68
Run by Jason on 2008-06-13 19:26:12
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
System Restore is disabled; attempting to re-enable...success.
-- Last 1 Restore Point(s) --
1: 2008-06-14 00:26:17 UTC - RP1 - System Checkpoint
Performed disk cleanup.
Total Physical Memory: 503 MiB (512 MiB recommended).
-- HijackThis (run as Jason.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:27:33 PM, on 6/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\Program Files\Lexmark 5400 Series\ezprint.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jason\desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Jason.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page =
http://www.dell.com
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: gooochi browser optimizer - {100e949f-811d-1f61-32d1-ee4d1e4cec42} - C:\WINDOWS\system32\{45f32f12-49f1-d857-367f-6465a8586131}.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {63A15705-4E5E-45F3-837C-88777FA1C5AC} - C:\DOCUME~1\Jason\LOCALS~1\Temp\iiffCTNd.dll (file missing)
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: (no name) - {7861DC4C-9DED-4A28-9328-AB9DA6DE292F} - C:\WINDOWS\system32\urqNGwTK.dll (file missing)
O2 - BHO: (no name) - {A1E716C4-D172-4FCB-9C66-21BEF1DD2D44} - C:\WINDOWS\system32\xxyvsRKc.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [DIGServices] "C:\Program Files\ESPNRunTime\DIGServices.exe" /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [MSKDetectorExe] "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" /uninstall
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [74d12944] "rundll32.exe" "C:\WINDOWS\system32\ewrnfpuj.dll",b
O4 - HKLM\..\Run: [{5215c6cd-7eb1-c7b8-c973-9dd56cbc867e}] "C:\WINDOWS\System32\Rundll32.exe" "C:\WINDOWS\system32\{45f32f12-49f1-d857-367f-6465a8586131}.dll" DllStart
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cmds] "rundll32.exe" C:\DOCUME~1\Jason\LOCALS~1\Temp\iiffCTNd.dll,c
O4 - HKCU\..\Run: [SpyEmergency] "C:\Program Files\Spy Emergency 2008\SpyEmergency.exe"
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\mcntnkdm.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Search -
http://edits.mywebsearch.com/toolbar...tml?p=ZUfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Chessmaster%20Challenge/Images/stg_drm.ocx
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) -
http://atv.disney.go.com/global/down.../OTOYAX29b.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Chessmaster%20Challenge/Images/armhelper.ocx
O20 - Winlogon Notify: xxyvsRKc - xxyvsRKc.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 12212 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 iomdisk (Iomega Devices Disk Filter Services) - c:\windows\system32\drivers\iomdisk.sys <Not Verified; Iomega Corporation; Iomega Disk Filter Driver>
S1 fipss - c:\windows\system32\drivers\fipss.sys (file missing)
S3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Iomega App Services - "c:\progra~1\iomega\system32\appservices.exe" <Not Verified; Iomega Corporation; Iomega App Services>
S4 Iomega Activity Disk2 - ""
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Process Modules -------------------------------------------------------------
C:\WINDOWS\explorer.exe (pid 1556)
2008-06-08 17:00:44 101376 --a------ C:\WINDOWS\system32\ewrnfpuj.dll
C:\WINDOWS\system32\rundll32.exe (pid 200)
2008-06-08 17:00:44 101376 --a------ C:\WINDOWS\system32\ewrnfpuj.dll
C:\WINDOWS\system32\rundll32.exe (pid 212)
2008-05-27 08:39:38 371200 --a------ C:\WINDOWS\system32\{45f32f12-49f1-d857-367f-6465a8586131}.dll
2008-06-08 17:00:44 101376 --a------ C:\WINDOWS\system32\ewrnfpuj.dll
-- Scheduled Tasks -------------------------------------------------------------
2008-06-13 06:00:06 1650 --a------ C:\WINDOWS\Tasks\wrSpySweeper_L38E9B5FB0FE04D43A21B5B4CD28F2388.job
2008-06-13 06:00:05 1660 --a------ C:\WINDOWS\Tasks\wrSpySweeper_LDE18B0D720A147F6AA8A9CF1FF09988C.job
2008-06-13 06:00:00 1648 --a------ C:\WINDOWS\Tasks\wrSpySweeper_L8941024205E247B198CE21A4D473D968.job
2008-06-12 12:03:04 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
-- Files created between 2008-05-13 and 2008-06-13 -----------------------------
2008-06-13 00:37:58 0 d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2008-06-10 00:36:25 0 d-------- C:\Documents and Settings\Haley Dixon\Application Data\Webroot
2008-06-08 21:15:24 0 d-------- C:\Program Files\SpywareBlaster
2008-06-08 17:07:19 0 d-------- C:\Program Files\Panda Security
2008-06-08 17:03:46 113664 --a------ C:\WINDOWS\system32\fnoffibg.dll
2008-06-08 17:00:42 101376 --a------ C:\WINDOWS\system32\ewrnfpuj.dll
2008-06-08 01:47:21 0 d-------- C:\ie-spyad_zo
2008-06-07 15:58:37 111616 --a------ C:\WINDOWS\system32\lvgddmfn.dll
2008-06-07 00:27:09 200774 --a------ C:\WINDOWS\system32\mcntnkdn.exe
2008-06-07 00:25:21 0 d-------- C:\Documents and Settings\Robert Dixon\Application Data\Webroot
2008-06-07 00:22:06 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-06-07 00:21:41 0 d-------- C:\Program Files\Webroot
2008-06-07 00:21:41 0 d-------- C:\Documents and Settings\Jason\Application Data\Webroot
2008-06-07 00:21:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-06-07 00:20:05 164 --a------ C:\install.dat
2008-06-06 23:49:58 298311 --a------ C:\WINDOWS\system32\gside.exe
2008-06-06 23:37:25 0 d-------- C:\Documents and Settings\Jason\Application Data\com.zipeg
2008-06-06 23:19:36 40 --a------ C:\WINDOWS\sremcon.dat
2008-06-06 23:17:45 0 d-------- C:\Documents and Settings\Jason\Application Data\Se Analyzer Tool SA
2008-06-06 20:05:09 0 d-------- C:\Documents and Settings\Jason\Application Data\Spy Emergency
2008-06-06 19:57:17 24064 --a------ C:\WINDOWS\x.exe
2008-06-06 19:57:17 17664 --a------ C:\WINDOWS\waol.exe
2008-06-06 19:57:16 11264 --a------ C:\WINDOWS\svcinit.exe
2008-06-06 19:57:16 12544 --a------ C:\WINDOWS\sistem.exe
2008-06-06 19:57:16 8960 --a------ C:\WINDOWS\rundll16.exe
2008-06-06 19:57:16 30976 --a------ C:\WINDOWS\quicken.exe
2008-06-06 19:57:15 29440 --a------ C:\WINDOWS\qttasks.exe
2008-06-06 19:57:14 31744 --a------ C:\WINDOWS\olehelp.exe
2008-06-06 19:57:14 20992 --a------ C:\WINDOWS\notepad32.exe
2008-06-06 19:57:13 30720 --a------ C:\WINDOWS\mssys.exe
2008-06-06 19:57:13 11264 --a------ C:\WINDOWS\msconfd.dll
2008-06-06 19:57:12 10496 --a------ C:\WINDOWS\internet.exe
2008-06-06 19:57:12 18176 --a------ C:\WINDOWS\iexplorer.exe
2008-06-06 19:57:12 24832 --a------ C:\WINDOWS\iedll.exe
2008-06-06 19:57:12 26880 --a------ C:\WINDOWS\explore.exe
2008-06-06 19:57:11 20224 --a------ C:\WINDOWS\editpad.exe
2008-06-06 19:57:10 30208 --a------ C:\WINDOWS\avpcc.dll
2008-06-06 18:59:19 0 d-------- C:\Documents and Settings\Robert Dixon\Application Data\Spy Emergency
2008-06-06 18:59:00 0 d-------- C:\Documents and Settings\All Users\Application Data\NETGATE
2008-06-06 18:48:43 0 d-------- C:\Documents and Settings\Robert Dixon\Application Data\com.zipeg
2008-06-06 18
02 0 d-------- C:\Spy Emergency 2008 5.0.205 (NEW-with serial keys)
2008-06-06 17:58:21 0 d-------- C:\WINDOWS\system32\1449
2008-06-06 17:58:15 55808 --a------ C:\WINDOWS\portsv.exe
2008-06-06 17:28:08 49176 --a------ C:\WINDOWS\system32\jmwnw64s.exe <Not Verified; ; Browser Driver>
2008-06-06 17
10 0 d-------- C:\Documents and Settings\LocalService\Application Data\ESPN
2008-06-06 16:44:37 23808 --a------ C:\WINDOWS\y.exe
2008-06-06 16:44:37 24832 --a------ C:\WINDOWS\xplugin.dll
2008-06-06 16:44:36 31232 --a------ C:\WINDOWS\winmgnt.exe
2008-06-06 16:44:35 15104 --a------ C:\WINDOWS\window.exe
2008-06-06 16:44:35 23552 --a------ C:\WINDOWS\winajbm.dll
2008-06-06 16:44:35 30976 --a------ C:\WINDOWS\win64.exe
2008-06-06 16:44:35 24832 --a------ C:\WINDOWS\win32e.exe
2008-06-06 16:44:34 11520 --a------ C:\WINDOWS\users32.exe
2008-06-06 16:44:34 12544 --a------ C:\WINDOWS\time.exe
2008-06-06 16:44:34 18944 --a------ C:\WINDOWS\systemcritical.exe
2008-06-06 16:44:34 20480 --a------ C:\WINDOWS\systeem.exe
2008-06-06 16:44:33 26624 --a------ C:\WINDOWS\svchost32.exe
2008-06-06 16:44:33 9216 --a------ C:\WINDOWS\searchword.dll
2008-06-06 16:44:32 12800 --a------ C:\WINDOWS\mswsc20.dll
2008-06-06 16:44:32 17152 --a------ C:\WINDOWS\mswsc10.dll
2008-06-06 16:44:31 24576 --a------ C:\WINDOWS\msupdate.exe
2008-06-06 16:44:31 19968 --a------ C:\WINDOWS\msspi.dll
2008-06-06 16:44:31 22272 --a------ C:\WINDOWS\loader.exe
2008-06-06 16:44:30 8704 --a------ C:\WINDOWS\inetinf.exe
2008-06-06 16:44:30 13824 --a------ C:\WINDOWS\helpcvs.exe
2008-06-06 16:44:30 29696 --a------ C:\WINDOWS\gfmnaaa.dll
2008-06-06 16:44:30 22272 --a------ C:\WINDOWS\funny.exe
2008-06-06 16:44:29 13056 --a------ C:\WINDOWS\funniest.exe
2008-06-06 16:44:29 19456 --a------ C:\WINDOWS\explorer32.exe
2008-06-06 16:44:29 13568 --a------ C:\WINDOWS\dnsrelay.dll
2008-06-06 16:44:29 25344 --a------ C:\WINDOWS\directx32.exe
2008-06-06 16:44:28 17920 --a------ C:\WINDOWS\ctfmon32.exe
2008-06-06 16:44:28 21504 --a------ C:\WINDOWS\cpan.dll
2008-06-06 16:44:28 28416 --a------ C:\WINDOWS\clrssn.exe
2008-06-06 16:44:27 12288 --a------ C:\WINDOWS\accesss.exe
2008-06-06 16:33:45 15214 --ahs---- C:\WINDOWS\system32\KTwGNqru.ini2
2008-06-06 16:32:04 147456 --a------ C:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>
2008-06-06 16:30:10 135168 --a------ C:\WINDOWS\TEK76.exe
2008-06-06 16:30:02 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-06-06 16:30:01 862 --a------ C:\WINDOWS\system32\winpfz33.sys
2008-06-06 16:29:36 0 d-------- C:\Documents and Settings\LocalService\Application Data\Yahoo!
2008-06-06 16:29:34 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google
2008-06-06 16:29:04 4 --a------ C:\WINDOWS\system32\hljwugsf.bin
2008-06-06 16:29:04 401972 --a------ C:\WINDOWS\system32\g41.exe
2008-06-06 16:29:02 0 d--hs---- C:\WINDOWS\Um9iZXJ0IERpeG9u
2008-06-06 16:28:49 0 d-------- C:\WINDOWS\system32\xrem
2008-06-06 16:28:49 0 d-------- C:\WINDOWS\system32\NMP
2008-06-06 16:28:49 0 d-------- C:\WINDOWS\system32\inet2
2008-06-06 16:28:49 0 d-------- C:\WINDOWS\system32\expo
2008-06-06 16:28:49 0 d-------- C:\WINDOWS\system32\btz
2008-06-06 16:28:49 0 d-------- C:\WINDOWS\system32\105772
2008-06-06 16:28:41 0 d-------- C:\WINDOWS\system32\vntiho18
2008-06-06 16:28:41 0 d-------- C:\Temp
2008-06-04 16:39:24 0 d-------- C:\Documents and Settings\Jason\Application Data\Sonic
2008-06-02 18:38:29 0 d-------- C:\Documents and Settings\Jason\Incomplete
2008-06-02 18:37:32 0 d-------- C:\Documents and Settings\Jason\Application Data\LimeWire
2008-05-27 08:39:38 371200 --a------ C:\WINDOWS\system32\{45f32f12-49f1-d857-367f-6465a8586131}.dll
2008-05-21 09:53:31 0 d-------- C:\Program Files\Audacity
2008-05-21 00:42:41 0 d-------- C:\Program Files\iPod
2008-05-20 21:58:07 0 d-------- C:\Documents and Settings\Robert Dixon\Application Data\LimeWire
-- Find3M Report ---------------------------------------------------------------
2008-06-13 16:23:22 0 d-------- C:\Program Files\Lx_cats
2008-06-11 20:08:15 0 d-------- C:\Program Files\Yahoo!
2008-06-08 20:54:07 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-08 01:35:22 0 d-------- C:\Program Files\WildTangent
2008-06-02 18:23:10 0 d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint
2008-05-21 00:49:21 0 d-------- C:\Program Files\Apple Software Update
2008-05-21 00:43:33 0 d-------- C:\Program Files\iTunes
2008-05-21 00:40:20 0 d-------- C:\Program Files\QuickTime
2008-04-21 18:46:20 0 d-------- C:\Program Files\Norton 360
2008-04-14 13:08:45 0 d-------- C:\Program Files\DeductionPro 2007
2008-04-14 10:37:07 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-14 10:28:42 249856 --a------ C:\WINDOWS\system32\pdfmona.dll <Not Verified; TODO: <Company name>; TODO: <Product name>>
2008-04-14 10:28:42 51716 --a------ C:\WINDOWS\system32\pdf995mon.dll
2008-04-14 10:28:40 0 d-------- C:\Program Files\PDF995
2008-04-14 10:28:07 0 d-------- C:\Program Files\TaxCut06
2008-04-14 10:27:48 0 d-------- C:\Program Files\TaxCut07
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{100e949f-811d-1f61-32d1-ee4d1e4cec42}]
05/27/2008 08:39 AM 371200 --a------ C:\WINDOWS\system32\{45f32f12-49f1-d857-367f-6465a8586131}.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{63A15705-4E5E-45F3-837C-88777FA1C5AC}]
C:\DOCUME~1\Jason\LOCALS~1\Temp\iiffCTNd.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7861DC4C-9DED-4A28-9328-AB9DA6DE292F}]
C:\WINDOWS\system32\urqNGwTK.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A1E716C4-D172-4FCB-9C66-21BEF1DD2D44}]
C:\WINDOWS\system32\xxyvsRKc.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [09/29/2005 02:01 PM]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [10/14/2005 08:49 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [10/14/2005 08:46 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [10/14/2005 08:50 PM]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [10/05/2005 03:12 AM]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [06/10/2005 10:44 AM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [06/10/2005 10:44 AM]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [09/08/2005 05:20 AM]
"DIGServices"="C:\Program Files\ESPNRunTime\DIGServices.exe" [07/14/2006 10:47 AM]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [10/04/2006 04:32 PM]
"lxctmon.exe"="C:\Program Files\Lexmark 5400 Series\lxctmon.exe" [11/22/2006 04:11 AM]
"Lexmark 5400 Series Fax Server"="C:\Program Files\Lexmark 5400 Series\fm3032.exe" [11/22/2006 04:12 AM]
"EzPrint"="C:\Program Files\Lexmark 5400 Series\ezprint.exe" [11/22/2006 04:11 AM]
"LXCTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [11/21/2006 07:27 AM]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [08/12/2005 04:16 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/10/2007 12:59 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"My Web Search Bar Search Scope Monitor"="C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" []
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [11/15/2007 10:24 AM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [01/29/2008 06:38 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"74d12944"="rundll32.exe" [08/10/2004 05:00 AM C:\WINDOWS\system32\rundll32.exe]
"{5215c6cd-7eb1-c7b8-c973-9dd56cbc867e}"="C:\WINDOWS\System32\Rundll32.exe" [08/10/2004 05:00 AM]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [01/04/2008 08:56 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 11:09 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [10/10/2007 10:35 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 08:05 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 06:43 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 05:00 AM]
"cmds"="rundll32.exe" [08/10/2004 05:00 AM C:\WINDOWS\system32\rundll32.exe]
"SpyEmergency"="C:\Program Files\Spy Emergency 2008\SpyEmergency.exe" []
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"DisableTaskMgr"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{A1E716C4-D172-4FCB-9C66-21BEF1DD2D44}"= C:\WINDOWS\system32\xxyvsRKc.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyvsRKc]
xxyvsRKc.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\DOCUME~1\Jason\LOCALS~1\Temp\iiffCTNd
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe
-- End of Deckard's System Scanner: finished at 2008-06-13 19:29:15 ------------