Thread: infected- Win32:Adware-gen
View Single Post
Old 08-04-2008, 04:33 PM   #1 (permalink)
khealy729
Registered User
 
Join Date: Aug 2008
Posts: 10
OS: xpsp2


infected- Win32:Adware-gen
please help, while attempting to log on error message userinit.exe failed to initialize, pops up. avast detects win32:adware-gen. dss and activescan are attached because after pasting dss it would not let me post due to too many img? anyway i would appreciate it if you could look at it for me thank you.

Deckard's System Scanner v20071014.68
Run by Kevin on 2008-08-04 16:49:11
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
35: 2008-08-04 21:49:32 UTC - RP628 - Deckard's System Scanner Restore Point
34: 2008-08-03 20:45:11 UTC - RP627 - System Checkpoint
33: 2008-08-01 21:37:05 UTC - RP626 - Installed VeohTV BETA
32: 2008-07-22 20:16:41 UTC - RP625 - System Checkpoint
31: 2008-07-13 15:09:01 UTC - RP624 - System Checkpoint


-- First Restore Point --
1: 2008-05-12 14:48:02 UTC - RP594 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Kevin.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:53:56 PM, on 08/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\WINDOWS\system32\Smtray.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQInet.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CoolMon\CoolMon.exe
C:\Documents and Settings\Kevin\Desktop\dss.exe
C:\DOCUME~1\Kevin\Desktop\Kevin\hjt\Kevin.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;<local>
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\KEVIN\Application Data\Mozilla\Profiles\default\y9d1k2hu.slt\prefs.js)
O2 - BHO: (no name) - {1D0B1B2F-4D44-48DC-AE5A-F4BBBAE2A83F} - (no file)
O2 - BHO: (no name) - {30ED533D-7E10-48D6-8314-E07DFE852B87} - C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\393ORJKQ\3077ahntdksr[1].dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\common\YIeTagBm.dll
O2 - BHO: (no name) - {780DEB95-C4BC-4969-B4E7-79597C6C476f} - C:\WINDOWS\system32\qhlimldk.dll
O2 - BHO: (no name) - {898A8FB6-FB50-48D3-928C-2D36A93920AE} - (no file)
O2 - BHO: (no name) - {A14683DA-36F5-4EAA-A770-ED6DAE5514C3} - C:\WINDOWS\system32\hgGXNdDt.dll
O2 - BHO: {9275743a-c176-426a-8cf4-780f4643bd4a} - {a4db3464-f087-4fc8-a624-671ca3475729} - C:\WINDOWS\system32\riollo.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {ACED1C9F-2718-4512-9F69-F4E28C1F484F} - C:\WINDOWS\system32\tuvWPgfG.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Smapp] Smtray.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [BMe78a7185] Rundll32.exe "C:\WINDOWS\system32\pkayvcal.dll",s
O4 - HKLM\..\Run: [e4b94219] rundll32.exe "C:\WINDOWS\system32\vmpvsljc.dll",b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [Veoh] "C:\Documents and Settings\Kevin\My Documents\New Folder\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [MoneyStartUp] c:\Program Files\Microsoft Money\System\Money Startup.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Documents and Settings\Kevin\My Documents\New Folder\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Documents and Settings\Kevin\My Documents\New Folder\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: CoolMon.lnk = C:\Program Files\CoolMon\CoolMon.exe
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download with Go!Zilla - file://C:\PROGRA~1\Go!Zilla\download-with-gozilla.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Support - {F894F149-AE5E-4CD4-8A90-062EF4901C9B} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {1A26F07F-0D60-4835-91CF-1E1766A0EC56} - http://scanner2.malware-scan.com/setup/webinst.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175...at-no-eula.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freewar...eanerstart.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper2007261.dll
O16 - DPF: {56C9629A-C33F-11D3-BBFB-00105A1FAD68} - http://eyetide.com/download//223/Eye...0Installer.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {E596DF5F-4239-4D40-8367-EBADF0165917} - http://privacyprotector.com/.freewar...yprotector.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O20 - AppInit_DLLs: riollo.dll
O20 - Winlogon Notify: cbXpQiIB - cbXpQiIB.dll (file missing)
O20 - Winlogon Notify: tuvWPgfG - C:\WINDOWS\SYSTEM32\tuvWPgfG.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - c:\winself.exe (file missing)
O23 - Service: NT login service (ntlogin32) - Unknown owner - C:\WINDOWS\System32\libsysmgr.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 14154 bytes

-- HijackThis Fixed Entries (C:\DOCUME~1\Kevin\Desktop\Kevin\hjt\backups\) -----

backup-20080523-153639-240 O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{59b44969-e831-1932-41d2-4426d9202f8a}.dll" DllInit
backup-20080523-153640-174 O4 - HKLM\..\Run: [BMe78a7185] Rundll32.exe "C:\WINDOWS\system32\srhkvvie.dll",s
backup-20080523-153640-704 O4 - HKLM\..\Run: [AntiSpywareMaster] C:\Program Files\AntiSpywareMaster\asm.exe
backup-20080523-154245-678 O2 - BHO: Search Assistant MySidesearch - {6156A32A-C512-4e23-AA9A-2315F4265681} - (no file)
backup-20080523-154245-898 O2 - BHO: (no name) - {C613CE22-151C-4331-94FF-F113A153F66D} - error (file missing)
backup-20080523-161920-530 O4 - HKLM\..\Run: [Configuration Manager] C:\WINDOWS\cfg32.exe

-- File Associations -----------------------------------------------------------

.bat - batfile - shell\edit\command - unable to read value
.cmd - unable to read key
.cmd - unable to read key
.cmd - unable to read key
.inf - inffile - shell\open\command - unable to read value
.ini - inifile - shell\open\command - notepad.exe %1
.reg - regfile - shell\edit\command - unable to read value
.txt - txtfile - shell\open\command - notepad.exe %1
.vbs - VBSFile - shell\edit\command - unable to read value


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 MusCDriverV32 - c:\windows\system32\drivers\muscdriverv32.sys <Not Verified; Windows (R) 2000/XP; Windows (R) 2000/XP Driver>

S1 EACMOS - c:\windows\system32\drivers\eacmos.sys (file missing)
S1 EAWDMFD - c:\windows\system32\drivers\eawdmfd.sys (file missing)
S3 SNDP202 (Bushnell ImageView) - c:\windows\system32\drivers\sndp202.sys <Not Verified; ; DualMode Camera Driver>
S3 TICalc - c:\windows\system32\drivers\ticalc.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 StarWindServiceAE (StarWind AE Service) - c:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe <Not Verified; Rocket Division Software; StarWind Alcohol Edition>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S2 MsSecurity1.209.4 (MsSecurity Updated) - c:\winself.exe service (file missing)
S2 ntlogin32 (NT login service) - c:\windows\system32\libsysmgr.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: PS/2 Compatible Mouse
Device ID: ACPI\PNP0F13\4&268D196D&0
Manufacturer: Microsoft
Name: PS/2 Compatible Mouse
PNP Device ID: ACPI\PNP0F13\4&268D196D&0
Service: i8042prt

Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&268D196D&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&268D196D&0
Service: i8042prt


-- Scheduled Tasks -------------------------------------------------------------

2008-08-04 16:00:00 392 --ah----- C:\WINDOWS\Tasks\{C185ABC2-822F-4D34-9CF9-6FDDC99D90CE}_DESKTOP_Kevin.job
2001-10-17 06:20:35 258 --a------ C:\WINDOWS\Tasks\Registration reminder 3.job
2001-10-17 06:20:35 258 --a------ C:\WINDOWS\Tasks\Registration reminder 2.job
2001-10-17 06:20:34 258 --a------ C:\WINDOWS\Tasks\Registration reminder 1.job


-- Files created between 2008-07-04 and 2008-08-04 -----------------------------

2008-08-04 16:47:21 0 d-------- C:\Program Files\SpywareBlaster
2008-08-03 19:43:30 0 d-------- C:\WINDOWS\LastGood
2008-08-03 19:04:29 0 d-------- C:\Program Files\Panda Security
2008-08-03 18:02:35 100864 --a------ C:\WINDOWS\system32\uwidsebv.dll
2008-08-03 18:02:35 100864 --a------ C:\WINDOWS\system32\bkmdlf.dll
2008-08-02 12:48:03 80896 --a------ C:\WINDOWS\system32\vmpvsljc.dll
2008-08-02 12:45:04 100864 --a------ C:\WINDOWS\system32\riollo.dll
2008-08-02 12:45:03 100864 --a------ C:\WINDOWS\system32\ekpscqes.dll
2008-08-02 12:36:49 90624 --a------ C:\WINDOWS\system32\pkayvcal.dll
2008-07-29 13:15:01 95744 --a------ C:\WINDOWS\system32\xjhfnu.dll
2008-07-29 13:14:59 95744 --a------ C:\WINDOWS\system32\tmqkrmvq.dll
2008-07-29 13:12:59 90624 --a------ C:\WINDOWS\system32\ypmhmnqw.dll
2008-07-26 19:27:00 89600 --a------ C:\WINDOWS\system32\njesaded.dll
2008-07-19 20:36:44 91136 --a------ C:\WINDOWS\system32\cmhovhxr.dll
2008-07-15 20:48:19 103936 --a------ C:\WINDOWS\system32\xdoxds.dll
2008-07-15 20:48:16 103936 --a------ C:\WINDOWS\system32\amnqgdct.dll
2008-07-15 20:41:04 92160 --a------ C:\WINDOWS\system32\ompuisig.dll
2008-07-13 10:38:30 49664 --a------ C:\WINDOWS\system32\qhlimldk.dll
2008-07-13 10:36:35 103424 --a------ C:\WINDOWS\system32\vzorqz.dll
2008-07-13 10:36:33 103424 --a------ C:\WINDOWS\system32\yhapmwbi.dll
2008-07-13 10:36:23 91648 --a------ C:\WINDOWS\system32\qbpdtmwc.dll
2008-07-11 14:21:20 49664 --a------ C:\WINDOWS\system32\nrxephoa.dll
2008-07-11 14:21:11 90624 --a------ C:\WINDOWS\system32\frcehsap.dll
2008-07-09 22:21:59 49664 --a------ C:\WINDOWS\system32\xwrqdpmh.dll
2008-07-09 22:17:00 102912 --a------ C:\WINDOWS\system32\qjycyd.dll
2008-07-09 22:16:56 102912 --a------ C:\WINDOWS\system32\ukjyhfcy.dll
2008-07-09 22:16:47 91136 --a------ C:\WINDOWS\system32\quyhvrfj.dll
2008-07-08 14:56:37 49664 --a------ C:\WINDOWS\system32\jxwhqbkh.dll
2008-07-08 14:54:37 91136 --a------ C:\WINDOWS\system32\ckbdrgux.dll


-- Find3M Report ---------------------------------------------------------------

2008-08-04 16:53:17 877066 --ahs---- C:\WINDOWS\system32\tDdNXGgh.ini2
2008-07-14 15:46:03 0 d-------- C:\Documents and Settings\Kevin\Application Data\Move Networks
2008-06-28 17:15:40 103424 --a------ C:\WINDOWS\system32\dycmquwc.dll
2008-06-28 17:15:40 103424 --a------ C:\WINDOWS\system32\csatxj.dll
2008-06-28 17:10:08 0 d-------- C:\Program Files\AIM6
2008-06-28 17:07:24 0 d-------- C:\Program Files\Common Files\AOL
2008-06-28 17:06:48 0 d-------- C:\Documents and Settings\Kevin\Application Data\Viewpoint
2008-06-28 16:55:52 90624 --a------ C:\WINDOWS\system32\pjnvtsbe.dll
2008-06-27 17:22:45 0 d-------- C:\Documents and Settings\Kevin\Application Data\uTorrent
2008-06-27 17:14:20 0 d-------- C:\Program Files\MSBuild
2008-06-27 17:04:40 0 d-------- C:\Program Files\Reference Assemblies
2008-06-27 16:47:49 49664 --a------ C:\WINDOWS\system32\piqeebtq.dll
2008-06-27 16:45:37 102912 --a------ C:\WINDOWS\system32\cvnbak.dll
2008-06-27 16:45:37 102912 --a------ C:\WINDOWS\system32\adbmfgol.dll
2008-06-27 16:45:24 90112 --a------ C:\WINDOWS\system32\ilmkoise.dll
2008-06-27 16:44:40 319488 --a------ C:\WINDOWS\system32\hgGXNdDt.dll
2008-06-27 16:40:34 0 d-------- C:\Documents and Settings\Kevin\Application Data\Sony Setup
2008-06-27 16:39:48 0 d-------- C:\Program Files\Sony Setup
2008-06-27 16:39:23 24576 --a------ C:\WINDOWS\system32\tuvWPgfG.dll
2008-06-27 16:39:23 24576 --a------ C:\WINDOWS\system32\mlJBSLfD.dll
2008-06-27 13:13:39 0 d-------- C:\Program Files\uTorrent
2008-06-27 13:12:03 0 d-------- C:\Program Files\Sony
2008-06-26 09:04:30 0 d-------- C:\Documents and Settings\Kevin\Application Data\Audacity
2008-06-25 21:31:03 0 d-------- C:\Program Files\LimeWire
2008-06-21 10:38:02 0 d-------- C:\Documents and Settings\Kevin\Application Data\Apple Computer
2008-06-10 10:06:34 106 --a------ C:\WINDOWS\wuasirvy.dll
2008-06-10 09:26:32 8 --a------ C:\WINDOWS\sdfinacs.dll
2008-06-10 09:06:31 36 --a------ C:\WINDOWS\rasqervy.dll
2008-06-10 09:06:24 5 --a------ C:\WINDOWS\sdfixwcs.dll
2008-05-09 09:06:10 4096 --a------ C:\WINDOWS\userconfig9x.dll
2008-05-09 09:06:10 4096 --a------ C:\WINDOWS\system32\winlogonpc.exe
2008-05-09 09:06:10 4096 --a------ C:\WINDOWS\system32\taack.exe
2008-05-09 09:06:10 4096 --a------ C:\WINDOWS\system32\taack.dat
2008-05-09 09:06:10 4096 --a------ C:\WINDOWS\system32\sncntr.exe
2008-05-09 09:06:10 4096 --a------ C:\WINDOWS\system32\mwin32.exe
2008-05-09 09:06:10 4096 --a------ C:\WINDOWS\system32\hxiwlgpm.exe
2008-05-09 09:06:10 4096 --a------ C:\WINDOWS\system32\hxiwlgpm.dat
2008-05-09 09:06:10 4096 --a------ C:\WINDOWS\system32\hoproxy.dll
2008-05-09 09:06:10 4096 --a------ C:\WINDOWS\FVProtect.exe
2008-05-09 09:06:10 4096 --a------ C:\WINDOWS\a.bat
2008-05-09 09:06:09 4096 --a------ C:\WINDOWS\system32\temp#01.exe
2008-05-09 09:06:09 4096 --a------ C:\WINDOWS\system32\ssurf022.dll
2008-05-09 09:06:09 4096 --a------ C:\WINDOWS\system32\psoft1.exe
2008-05-09 09:06:09 4096 --a------ C:\WINDOWS\system32\psof1.exe
2008-05-09 09:06:09 4096 --a------ C:\WINDOWS\system32\ps1.exe
2008-05-09 09:06:09 4096 --a------ C:\WINDOWS\system32\netode.exe
2008-05-09 09:06:09 4096 --a------ C:\WINDOWS\system32\mtr2.exe
2008-05-09 09:06:09 4096 --a------ C:\WINDOWS\system32\msnbho.dll
2008-05-09 09:06:09 4096 --a------ C:\WINDOWS\system32\msgp.exe
2008-05-09 09:06:09 4096 --a------ C:\WINDOWS\system32\medup020.dll
2008-05-09 09:06:09 4096 --a------ C:\WINDOWS\system32\medup012.dll
2008-05-09 09:06:09 4096 --a------ C:\WINDOWS\system32\h@tkeysh@@k.dll
2008-05-09 09:06:09 4096 --a------ C:\WINDOWS\system32\bsva-egihsg52.exe
2008-05-09 09:06:09 4096 --a------ C:\WINDOWS\iTunesMusic.exe
2008-05-09 09:06:08 4096 --a------ C:\WINDOWS\system32\thun32.dll
2008-05-09 09:06:08 4096 --a------ C:\WINDOWS\system32\thun.dll
2008-05-09 09:06:08 4096 --a------ C:\WINDOWS\system32\ssvchost.exe
2008-05-09 09:06:08 4096 --a------ C:\WINDOWS\system32\ssvchost.com
2008-05-09 09:06:08 4096 --a------ C:\WINDOWS\system32\Rundl1.exe
2008-05-09 09:06:08 4096 --a------ C:\WINDOWS\system32\regm64.dll
2008-05-09 09:06:08 4096 --a------ C:\WINDOWS\system32\regc64.dll
2008-05-09 09:06:08 4096 --a------ C:\WINDOWS\system32\newsd32.exe
2008-05-09 09:06:08 4096 --a------ C:\WINDOWS\system32\msvchost.exe
2008-05-09 09:06:08 4096 --a------ C:\WINDOWS\system32\emesx.dll
2008-05-09 09:06:08 4096 --a------ C:\WINDOWS\system32\dpcproxy.exe
2008-05-09 09:06:08 4096 --a------ C:\WINDOWS\system32\akttzn.exe
2008-05-09 09:06:07 4096 --a------ C:\WINDOWS\winsystem.exe
2008-05-09 09:06:07 4096 --a------ C:\WINDOWS\system32\WINWGPX.EXE
2008-05-09 09:06:07 4096 --a------ C:\WINDOWS\system32\winsystem.exe
2008-05-09 09:06:07 4096 --a------ C:\WINDOWS\system32\vcatchpi.dll
2008-05-09 09:06:07 4096 --a------ C:\WINDOWS\system32\sysreq.exe
2008-05-09 09:06:07 4096 --a------ C:\WINDOWS\system32\mssecu.exe
2008-05-09 09:06:07 4096 --a------ C:\WINDOWS\system32\bdn.com
2008-05-09 09:06:07 4096 --a------ C:\WINDOWS\system32\awtoolb.dll
2008-05-09 09:06:07 4096 --a------ C:\WINDOWS\system32\anticipator.dll
2008-05-09 09:06:07 4096 --a------ C:\WINDOWS\mssecu.exe
2008-05-09 09:06:07 4096 --a------ C:\WINDOWS\bdn.com
2008-05-09 09:06:06 4096 --a------ C:\WINDOWS\system32\vbsys2.dll


-- Registry Dump ---------------------------------------------------------------



-- End of Deckard's System Scanner: finished at 2008-08-04 16:54:55 ------------
Attached Files
File Type: txt main.txt (26.3 KB, 2 views)
File Type: txt extra.txt (10.2 KB, 2 views)
File Type: txt ActiveScan.txt (38.5 KB, 1 views)
Last edited by Ried; 08-11-2008 at 06:46 PM.
khealy729 is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here