Thread: Blue Desktop with spyware detected - appears to be Smitfraud?
View Single Post
Old 08-10-2008, 11:08 PM   #1 (permalink)
-Shirt
Registered User
 
Join Date: Aug 2008
Posts: 6
OS: Win XP


Blue Desktop with spyware detected - appears to be Smitfraud?
Hi,

I turned on my computer on Friday having left it so my housemates could use it (mistake...) and the desktop has changed to a blue background with yellow text that reads "Warning, Spyware detected on your computer, install an antivirus or spyware remover to clean your computer" and a bunch of icons had appeared.

I left them well alone, and ran a selection of antivirus packages - Spybot Search and Destroy, Lavasoft Ad-Aware, and McAfee Virusscan. That picked up a fistful of things, which I deleted/cleaned etc. Mostly they were just suspicious cookies, but there was one at the bottom called Zlob?

Anyway, if I right-click the desktop and select properties, I am still missing the tab to change the desktop background and possibly a few others - this implies to me I still have a problem.

Any help would be much appreciated, I have run Deckard's and the main.txt is below, the extra.txt is attached. I have also run Pandascan and can attach the output from that if it would help?

Many thanks

-Shirt



Deckard's System Scanner v20071014.68
Run by Tom on 2008-08-10 21:19:51
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 3 Restore Point(s) --
3: 2008-08-10 20:20:04 UTC - RP1369 - Deckard's System Scanner Restore Point
2: 2008-08-08 16:26:22 UTC - RP1368 - Installed Ad-Aware
1: 2008-08-07 19:35:58 UTC - RP1367 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive H: has 3.35 GiB (less than 15%) free.


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-08-10 21:22:08
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.5730.11)
Boot mode: Normal

Running processes:
H:\WINDOWS\system32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\explorer.exe
H:\Program Files\MSI\Live Update 3\LMonitor.exe
H:\Program Files\D-Tools\daemon.exe
H:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
H:\Program Files\Network Associates\VirusScan\shstat.exe
H:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
H:\Program Files\iTunes\iTunesHelper.exe
H:\WINDOWS\system32\rundll32.exe
H:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
H:\Program Files\QuickTime\qttask.exe
H:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
H:\WINDOWS\system32\rundll32.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
H:\Program Files\MSI\3D!Turbo Experience\3D!Turbo.exe
H:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
H:\Program Files\Common Files\Teleca Shared\Generic.exe
H:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
H:\Program Files\Network Associates\Common Framework\FrameworkService.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Network Associates\VirusScan\Mcshield.exe
H:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\iPod\bin\iPodService.exe
H:\Documents and Settings\Tom\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.vqtujiodkrrcwb.net/TfLrbs...g8k_ckKi8.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - H:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7DECFBB5-90B2-41AB-9955-6B773FC06C49} - H:\WINDOWS\system32\odbccp42.dll
O2 - BHO: (no name) - {C5FA80B2-6916-C4C1-1F63-760991C73CA3} - H:\DOCUME~1\Tom\APPLIC~1\FASTSE~1\First Htm.exe (file missing)
O4 - HKLM\..\Run: [NVCLOCK] Rundll32 nvclock.dll,fnNvclock
O4 - HKLM\..\Run: [LiveMonitor] H:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "H:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Each Less Mode Mp3] H:\Documents and Settings\All Users\Application Data\CashAtomEachLess\Jugstwo.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "H:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "H:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Bonemetaviewplan] H:\Documents and Settings\All Users\Application Data\GridPartBoneMeta\ForkWarn.exe
O4 - HKLM\..\Run: [iTunesHelper] "H:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "H:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "H:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [EPSON Stylus D78 Series] H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBGE.EXE /FU "H:\WINDOWS\TEMP\E_S8B.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [lphc9mpj0ej4a] H:\WINDOWS\system32\lphc9mpj0ej4a.exe
O4 - HKLM\..\Run: [H:\WINDOWS\system32\kdxsm.exe] H:\WINDOWS\system32\kdxsm.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [mags up] H:\DOCUME~1\Tom\APPLIC~1\BINPUR~1\plan cool.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: 3D!Turbo Experience.lnk = H:\Program Files\MSI\3D!Turbo Experience\3D!Turbo.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = H:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = H:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Copy to Semagic - H:\Program Files\Semagic\copy.htm
O8 - Extra context menu item: Semagic - H:\Program Files\Semagic\link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: H:\WINDOWS\system32\nwprovau.dll
O16 - DPF: {00000045-9980-0010-8000-00AA00389B71} () - http://codecs.microsoft.com/codecs/i386/sg726acm.cab
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} () - http://codecs.microsoft.com/codecs/i386/fhg.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get.../ultrashim.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} () - http://v4.windowsupdate.microsoft.co...194.2193402778
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - H:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - H:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - H:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\Program Files\Common Files\Skype\Skype4COM.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - H:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - H:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - H:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - H:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - H:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - H:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - H:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


--
End of file - 9617 bytes

-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - H:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe,2
.js - JSFile - shell\open\command - "H:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 d346bus - h:\windows\system32\drivers\d346bus.sys
R0 d346prt - h:\windows\system32\drivers\d346prt.sys
R0 Lor02 - h:\windows\system32\drivers\lor02.sys
R1 NaiAvTdi1 - h:\windows\system32\drivers\mvstdi5x.sys <Not Verified; Network Associates, Inc.; VirusScan (Enterprise, ASaP & Retail.)>
R3 EntDrv51 - h:\windows\system32\drivers\entdrv51.sys <Not Verified; Network Associates, Inc; Virus Scan Enterprise, Entercept>
R3 NaiAvFilter1 - h:\windows\system32\drivers\naiavf5x.sys <Not Verified; Network Associates, Inc.; VirusScan (Enterprise, ASaP & Retail.)>
R3 tcpsr - h:\windows\system32\drivers\tcpsr.sys (file missing)

S1 InCDPass - h:\windows\system32\drivers\incdpass.sys (file missing)
S1 InCDRm (InCD Reader) - h:\windows\system32\drivers\incdrm.sys (file missing)
S3 CoachUsb (Dual Mode Digital Camera on USB) - h:\windows\system32\drivers\coachusb.sys <Not Verified; Accapella Ltd.; USB Driver for Digital Camera>
S3 Dual Mode (Dual Mode Video Capture) - h:\windows\system32\drivers\coachvc.sys <Not Verified; Accapella Ltd.; Video Capture Minidriver for Digital Camera>
S3 ENTECH - h:\windows\system32\drivers\entech.sys <Not Verified; EnTech Taiwan; PowerStrip>
S3 GMSIPCI - g:\install\gmsipci.sys (file missing)
S3 w800mdfl (Sony Ericsson W800 USB WMC Modem Filter) - h:\windows\system32\drivers\w800mdfl.sys <Not Verified; MCCI; Sony Ericsson W800 USB WMC Modem Filter Driver>
S3 w800mdm (Sony Ericsson W800 USB WMC Modem Drivers) - h:\windows\system32\drivers\w800mdm.sys <Not Verified; MCCI; Sony Ericsson W800 USB WMC Modem>
S3 w800mgmt (Sony Ericsson W800 USB WMC Device Management Drivers) - h:\windows\system32\drivers\w800mgmt.sys <Not Verified; MCCI; Sony Ericsson W800 USB WMC Device Management>
S3 w800obex (Sony Ericsson W800 USB WMC OBEX Interface Drivers) - h:\windows\system32\drivers\w800obex.sys <Not Verified; MCCI; Sony Ericsson W800 USB WMC OBEX Interface>
S4 InCDFs (InCD File System) - h:\windows\system32\drivers\incdfs.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 McAfeeFramework (McAfee Framework Service) - h:\program files\network associates\common framework\frameworkservice.exe /servicestart <Not Verified; Network Associates, Inc.; McAfee Common Framework>
R2 McTaskManager (Network Associates Task Manager) - "h:\program files\network associates\virusscan\vstskmgr.exe" <Not Verified; Network Associates, Inc.; VirusScan Enterprise>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {71A27CDD-812A-11D0-BEC7-08002BE2092F}
Description: Generic volume
Device ID: STORAGE\REMOVABLEMEDIA\7&23533C57&0&RM
Manufacturer: Microsoft
Name: Generic volume
PNP Device ID: STORAGE\REMOVABLEMEDIA\7&23533C57&0&RM
Service:

Class GUID: {71A27CDD-812A-11D0-BEC7-08002BE2092F}
Description: Generic volume
Device ID: STORAGE\REMOVABLEMEDIA\7&4628B9&0&RM
Manufacturer: Microsoft
Name: Generic volume
PNP Device ID: STORAGE\REMOVABLEMEDIA\7&4628B9&0&RM
Service:

Class GUID: {71A27CDD-812A-11D0-BEC7-08002BE2092F}
Description: Generic volume
Device ID: STORAGE\REMOVABLEMEDIA\7&22C50E9A&0&RM
Manufacturer: Microsoft
Name: Generic volume
PNP Device ID: STORAGE\REMOVABLEMEDIA\7&22C50E9A&0&RM
Service:

Class GUID: {71A27CDD-812A-11D0-BEC7-08002BE2092F}
Description: Generic volume
Device ID: STORAGE\REMOVABLEMEDIA\7&E1800B&0&RM
Manufacturer: Microsoft
Name: Generic volume
PNP Device ID: STORAGE\REMOVABLEMEDIA\7&E1800B&0&RM
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-08-08 18:00:00 226 --ah----- H:\WINDOWS\Tasks\972366CBA28CE567.job
2008-08-08 18:00:00 252 --ah----- H:\WINDOWS\Tasks\889BB40D85202CE1.job


-- Files created between 2008-07-10 and 2008-08-10 -----------------------------

2008-08-08 17:28:02 0 d-------- H:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-08 17:26:24 0 d-------- H:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-08 17:25:41 0 d-------- H:\Program Files\Common Files\Wise Installation Wizard
2008-08-08 1729 150 --a------ H:\WINDOWS\iexplorer.exe
2008-08-08 1724 173056 --a------ H:\WINDOWS\msauc.exe
2008-08-08 1720 30848 --a------ H:\WINDOWS\system32\drivers\Lor02.sys


-- Find3M Report ---------------------------------------------------------------

2008-08-08 17:26:26 0 d-------- H:\Program Files\Lavasoft
2008-08-08 17:25:41 0 d-------- H:\Program Files\Common Files
2008-07-11 20:13:16 0 d-------- H:\Program Files\Java
2008-07-05 00:01:22 0 d-------- H:\Documents and Settings\Tom\Application Data\Skype
2008-06-25 20:55:50 0 d-------- H:\Program Files\eMule
2008-05-17 15:21:40 133120 --a------ H:\WINDOWS\system32\zip32.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7DECFBB5-90B2-41AB-9955-6B773FC06C49}]
20/01/2006 23:09 23833 --a------ H:\WINDOWS\system32\odbccp42.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C5FA80B2-6916-C4C1-1F63-760991C73CA3}]
H:\DOCUME~1\Tom\APPLIC~1\FASTSE~1\First Htm.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVCLOCK"="nvclock.dll" [14/04/2003 02:59 H:\WINDOWS\system32\nvclock.dll]
"LiveMonitor"="H:\Program Files\MSI\Live Update 3\LMonitor.exe" [27/10/2003 15:16]
"DAEMON Tools-1033"="H:\Program Files\D-Tools\daemon.exe" [12/03/2004 22:43]
"Each Less Mode Mp3"="H:\Documents and Settings\All Users\Application Data\CashAtomEachLess\Jugstwo.exe" []
"McAfeeUpdaterUI"="H:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [18/09/2003 02:01]
"ShStatEXE"="H:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [18/08/2004 08:00]
"NvCplDaemon"="H:\WINDOWS\System32\NvCpl.dll" [24/09/2003 12:32]
"nwiz"="nwiz.exe" [24/09/2003 12:32 H:\WINDOWS\system32\nwiz.exe]
"SunJavaUpdateSched"="H:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [10/06/2008 04:27]
"Bonemetaviewplan"="H:\Documents and Settings\All Users\Application Data\GridPartBoneMeta\ForkWarn.exe" []
"iTunesHelper"="H:\Program Files\iTunes\iTunesHelper.exe" [23/02/2006 16:45]
"P17Helper"="P17.dll" [03/05/2005 20:38 H:\WINDOWS\system32\P17.dll]
"WMC_AutoUpdate"="" []
"NeroFilterCheck"="H:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 10:50]
"Adobe Photo Downloader"="H:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [07/06/2005 00:46]
"QuickTime Task"="H:\Program Files\QuickTime\qttask.exe" [01/09/2006 15:57]
"Sony Ericsson PC Suite"="H:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [13/06/2007 09:16]
"EPSON Stylus D78 Series"="H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBGE.exe" [23/02/2006 05:00]
"lphc9mpj0ej4a"="H:\WINDOWS\system32\lphc9mpj0ej4a.exe" []
"H:\WINDOWS\system32\kdxsm.exe"="H:\WINDOWS\system32\kdxsm.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="H:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit" []
"ctfmon.exe"="H:\WINDOWS\system32\ctfmon.exe" [04/08/2004 01:56]
"mags up"="H:\DOCUME~1\Tom\APPLIC~1\BINPUR~1\plan cool.exe" []
"SpybotSD TeaTimer"="H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [07/07/2008 09:42]

H:\Documents and Settings\All Users\Start Menu\Programs\Startup\
3D!Turbo Experience.lnk - H:\Program Files\MSI\3D!Turbo Experience\3D!Turbo.exe [26/07/2004 13:07:35]
Adobe Gamma Loader.lnk - H:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [03/08/2004 17:45:56]
Adobe Reader Speed Launch.lnk - H:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 22:05:26]
InterVideo WinCinema Manager.lnk - H:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [27/07/2004 13:33:35]
Microsoft Office.lnk - H:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 01:01:04]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=1 (0x1)
"NoDispScrSavPage"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"System"="kdxsm.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lor02.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

*Newly Created Service* - ENTDRV51
*Newly Created Service* - VGAUTI



-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8972 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-08-10 21:25:14 ------------
Attached Files
File Type: txt extra.txt (22.0 KB, 1 views)
-Shirt is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here