Thread: Need help with spyware/adware/virus, etc.
View Single Post
Old 08-13-2008, 11:18 AM   #3 (permalink)
hammad1337
Registered User
 
Join Date: Aug 2008
Posts: 14
OS: xp


Re: Need help with spyware/adware/virus, etc.
Hope this works.

Deckard's System Scanner v20071014.68
Run by Owner on 2008-08-13 12:58:28
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
54: 2008-08-13 16:58:42 UTC - RP54 - Deckard's System Scanner Restore Point
53: 2008-08-10 13:17:35 UTC - RP53 - Made by Registry Mechanic O
52: 2008-08-08 23:50:35 UTC - RP52 - Removed OpenOffice.org Installer 1.0
51: 2008-08-08 22:07:02 UTC - RP51 - Made by Registry Mechanic O
50: 2008-08-08 19:21:43 UTC - RP50 - Made by Registry Mechanic O


-- First Restore Point --
1: 2008-08-06 21:36:04 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 78% (more than 75%).
Total Physical Memory: 247 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:59:54 PM, on 8/13/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP3 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\wscntfy.exe
E:\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

O2 - BHO: (no name) - {66DC1AE0-5410-47D3-9931-F4C798FF2526} - C:\WINDOWS\system32\byXQJbaW.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: {b81519c6-ae79-a7a9-cf14-cdb271b7cf2a} - {a2fc7b17-2bdc-41fc-9a7a-97ea6c91518b} - C:\WINDOWS\system32\chajmy.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {BB81FE02-F70B-46C2-82C3-DE5C6652E677} - C:\WINDOWS\system32\ddcyyywt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [dceac1a0] rundll32.exe "C:\WINDOWS\system32\qjrvjawc.dll",b
O4 - HKLM\..\Run: [BMdfd9f23c] Rundll32.exe "C:\WINDOWS\system32\vmiadmwn.dll",s
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: ddcyyywt - C:\WINDOWS\SYSTEM32\ddcyyywt.dll
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

--
End of file - 4097 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S3 RTL8187B (Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter) - c:\windows\system32\drivers\rtl8187b.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S3 nmraapache (Pure Networks Net2Go Service) - "c:\program files\pure networks\network magic\webserver\bin\nmraapache.exe" -k runservice <Not Verified; Pure Networks, Inc.; Pure Networks Net2Go Service>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_14F1&DEV_2702&SUBSYS_8D881028&REV_01\4&3B1CAF2B&0&28F0
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_14F1&DEV_2702&SUBSYS_8D881028&REV_01\4&3B1CAF2B&0&28F0
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Ethernet Controller
Device ID: PCI\VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01\4&3B1CAF2B&0&48F0
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01\4&3B1CAF2B&0&48F0
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-08-06 09:02:01 456 --a------ C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as Owner at 1 00 AM.job


-- Files created between 2008-07-13 and 2008-08-13 -----------------------------

2008-08-10 16:21:56 0 d-------- C:\Program Files\Trend Micro
2008-08-08 18:53:32 0 d-------- C:\Documents and Settings\Shama\Application Data\Identities
2008-08-08 18:53:06 0 d--h----- C:\Documents and Settings\Shama\Templates
2008-08-08 18:53:06 0 dr------- C:\Documents and Settings\Shama\Start Menu
2008-08-08 18:53:06 0 dr-h----- C:\Documents and Settings\Shama\SendTo
2008-08-08 18:53:06 0 dr-h----- C:\Documents and Settings\Shama\Recent
2008-08-08 18:53:06 0 d--h----- C:\Documents and Settings\Shama\PrintHood
2008-08-08 18:53:06 0 d--h----- C:\Documents and Settings\Shama\NetHood
2008-08-08 18:53:06 0 dr------- C:\Documents and Settings\Shama\My Documents
2008-08-08 18:53:06 0 d--h----- C:\Documents and Settings\Shama\Local Settings
2008-08-08 18:53:06 0 dr------- C:\Documents and Settings\Shama\Favorites
2008-08-08 18:53:06 0 d-------- C:\Documents and Settings\Shama\Desktop
2008-08-08 18:53:06 0 d--hs---- C:\Documents and Settings\Shama\Cookies
2008-08-08 18:53:06 0 dr-h----- C:\Documents and Settings\Shama\Application Data
2008-08-08 18:53:06 0 d---s---- C:\Documents and Settings\Shama\Application Data\Microsoft
2008-08-08 18:53:05 524288 --ah----- C:\Documents and Settings\Shama\NTUSER.DAT
2008-08-08 16:16:05 2048 --a------ C:\WINDOWS\system32\bljadvck.exe
2008-08-08 16:15:46 96256 --a------ C:\WINDOWS\system32\chajmy.dll
2008-08-08 16:15:44 96256 --a------ C:\WINDOWS\system32\aesxtifa.dll
2008-08-08 16:01:30 80896 --a------ C:\WINDOWS\system32\qjrvjawc.dll
2008-08-08 16:00:08 90624 --a------ C:\WINDOWS\system32\vmiadmwn.dll
2008-08-07 16:04:51 2048 --a------ C:\WINDOWS\system32\wksreyes.exe
2008-08-07 16:03:46 94720 --a------ C:\WINDOWS\system32\eijxrj.dll
2008-08-07 16:03:27 94720 --a------ C:\WINDOWS\system32\cgvybrdu.dll
2008-08-07 15:58:17 91136 --a------ C:\WINDOWS\system32\ubmvgock.dll
2008-08-07 15:51:09 2048 --a------ C:\WINDOWS\system32\cddxccds.exe
2008-08-07 15:48:08 94720 --a------ C:\WINDOWS\system32\qrpnju.dll
2008-08-07 15:48:05 94720 --a------ C:\WINDOWS\system32\nmchbtvk.dll
2008-08-07 15:43:47 91136 --a------ C:\WINDOWS\system32\sopdfgoo.dll
2008-08-07 12:15:15 0 d-------- C:\Documents and Settings\Owner\Application Data\Nero
2008-08-07 12:10:47 0 d-------- C:\Program Files\AV9
2008-08-07 11:57:47 0 d-------- C:\Program Files\Nero
2008-08-07 11:57:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-08-07 11:57:44 0 d-------- C:\Program Files\Common Files\Nero
2008-08-07 11:24:24 36864 --a------ C:\WINDOWS\system32\mlJYpMDu.dll
2008-08-07 11:24:24 36864 --a------ C:\WINDOWS\system32\mlJDSlkk.dll
2008-08-07 09:54:36 0 d-------- C:\WINDOWS\RegisteredPackages
2008-08-07 09:23:28 94720 --a------ C:\WINDOWS\system32\lcxxqt.dll
2008-08-07 09:23:26 94720 --a------ C:\WINDOWS\system32\yekjxrjc.dll
2008-08-07 09:21:42 2048 --a------ C:\WINDOWS\system32\gtmxsqgh.exe
2008-08-07 09:21:27 91136 --a------ C:\WINDOWS\system32\ufmemokh.dll
2008-08-07 09:14:22 2048 --a------ C:\WINDOWS\system32\whfwvsod.exe
2008-08-07 09:12:38 91136 --a------ C:\WINDOWS\system32\avxuavkm.dll
2008-08-06 20:49:25 36864 --a------ C:\WINDOWS\system32\iifffGyV.dll
2008-08-06 20:49:24 36864 --a------ C:\WINDOWS\system32\iifcCTNH.dll
2008-08-06 18:07:53 95744 --a------ C:\WINDOWS\system32\dzjkmk.dll
2008-08-06 18:07:29 95744 --a------ C:\WINDOWS\system32\frgbfkhv.dll
2008-08-06 17:35:32 871842 --ahs---- C:\WINDOWS\system32\WabJQXyb.ini2
2008-08-06 17:30:35 246272 --a------ C:\WINDOWS\system32\byXQJbaW.dll
2008-08-06 17:14:19 36864 --a------ C:\WINDOWS\system32\ssqroOHb.dll
2008-08-06 17:14:19 36864 --a------ C:\WINDOWS\system32\opnMDUMd.dll
2008-08-06 17:14:14 36864 --a------ C:\WINDOWS\system32\ddcyyywt.dll
2008-08-06 17:14:14 36864 --a------ C:\WINDOWS\system32\ddcDttsT.dll
2008-08-06 09:26:33 0 d-------- C:\Documents and Settings\Owner\Application Data\HouseCall 6.6
2008-08-06 09:25:35 0 d-------- C:\WINDOWS\Sun
2008-08-06 09:25:34 0 d-------- C:\Documents and Settings\Owner\Application Data\Sun
2008-08-05 14:13:09 0 d-------- C:\Documents and Settings\Muhammad huda\Application Data\Mozilla
2008-08-05 14:09:06 0 d-------- C:\WINDOWS\pss
2008-08-05 13:59:41 0 d-------- C:\WINDOWS\system32\Adobe
2008-08-05 10:50:09 0 d-------- C:\Documents and Settings\Muhammad huda\Application Data\Identities
2008-08-05 10:49:42 0 d--h----- C:\Documents and Settings\Muhammad huda\Templates
2008-08-05 10:49:42 0 dr------- C:\Documents and Settings\Muhammad huda\Start Menu
2008-08-05 10:49:42 0 dr-h----- C:\Documents and Settings\Muhammad huda\SendTo
2008-08-05 10:49:42 0 dr-h----- C:\Documents and Settings\Muhammad huda\Recent
2008-08-05 10:49:42 0 d--h----- C:\Documents and Settings\Muhammad huda\PrintHood
2008-08-05 10:49:42 479232 --a------ C:\Documents and Settings\Muhammad huda\NTUSER.DAT
2008-08-05 10:49:42 0 d--h----- C:\Documents and Settings\Muhammad huda\NetHood
2008-08-05 10:49:42 0 dr------- C:\Documents and Settings\Muhammad huda\My Documents
2008-08-05 10:49:42 0 d--h----- C:\Documents and Settings\Muhammad huda\Local Settings
2008-08-05 10:49:42 0 dr------- C:\Documents and Settings\Muhammad huda\Favorites
2008-08-05 10:49:42 0 d-------- C:\Documents and Settings\Muhammad huda\Desktop
2008-08-05 10:49:42 0 d--hs---- C:\Documents and Settings\Muhammad huda\Cookies
2008-08-05 10:49:42 0 dr-h----- C:\Documents and Settings\Muhammad huda\Application Data
2008-08-05 10:49:42 0 d---s---- C:\Documents and Settings\Muhammad huda\Application Data\Microsoft
2008-08-04 10:51:02 0 d-------- C:\Documents and Settings\Owner\Application Data\LimeWire
2008-08-04 10:46:39 0 d-------- C:\Program Files\Java
2008-08-04 10:44:09 0 d-------- C:\Program Files\Common Files\Java
2008-08-04 10:37:33 0 d-------- C:\Program Files\LimeWire
2008-08-04 10:19:41 0 d-------- C:\Program Files\Pure Networks
2008-08-04 10:17:47 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-08-04 10:17:38 0 d-------- C:\WINDOWS\CAVTemp
2008-08-04 10:17:33 0 d-------- C:\Program Files\Common Files\Pure Networks Shared
2008-08-04 09:26:52 0 d-------- C:\Documents and Settings\Owner\Application Data\uTorrent
2008-08-03 18:21:53 0 d-------- C:\Documents and Settings\Taha Huda\Application Data\Macromedia
2008-08-03 18:21:53 0 d-------- C:\Documents and Settings\Taha Huda\Application Data\Adobe
2008-08-03 16:54:47 0 d-------- C:\Program Files\Common Files\Adobe AIR
2008-08-03 16:54:16 0 d-------- C:\Documents and Settings\Owner\Application Data\Macromedia
2008-08-03 16:54:15 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2008-08-03 16:52:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-08-03 16:52:10 0 d-------- C:\Program Files\Common Files\Adobe
2008-08-03 16:26:59 0 d-------- C:\Documents and Settings\Taha Huda\Application Data\Mozilla
2008-08-03 16:18:30 0 d-------- C:\Documents and Settings\Taha Huda\Application Data\Google
2008-08-03 16:12:33 0 --a------ C:\WINDOWS\nsreg.dat
2008-08-03 16:12:23 0 d-------- C:\Documents and Settings\Owner\Application Data\Mozilla
2008-08-03 13:04:35 0 d-------- C:\Documents and Settings\Owner\Application Data\Google
2008-08-03 13:04:29 0 d-------- C:\Program Files\Google
2008-08-03 13:04:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-08-02 22:51:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Pure Networks
2008-08-02 22:36:58 0 d-------- C:\Documents and Settings\Taha Huda\Application Data\Identities
2008-08-02 22:36:31 0 d--h----- C:\Documents and Settings\Taha Huda\Templates
2008-08-02 22:36:31 0 dr------- C:\Documents and Settings\Taha Huda\Start Menu
2008-08-02 22:36:31 0 dr-h----- C:\Documents and Settings\Taha Huda\SendTo
2008-08-02 22:36:31 0 dr-h----- C:\Documents and Settings\Taha Huda\Recent
2008-08-02 22:36:31 0 d--h----- C:\Documents and Settings\Taha Huda\PrintHood
2008-08-02 22:36:31 0 d--h----- C:\Documents and Settings\Taha Huda\NetHood
2008-08-02 22:36:31 0 dr------- C:\Documents and Settings\Taha Huda\My Documents
2008-08-02 22:36:31 0 d--h----- C:\Documents and Settings\Taha Huda\Local Settings
2008-08-02 22:36:31 0 dr------- C:\Documents and Settings\Taha Huda\Favorites
2008-08-02 22:36:31 0 d-------- C:\Documents and Settings\Taha Huda\Desktop
2008-08-02 22:36:31 0 d--hs---- C:\Documents and Settings\Taha Huda\Cookies
2008-08-02 22:36:31 0 dr-h----- C:\Documents and Settings\Taha Huda\Application Data
2008-08-02 22:36:31 0 d---s---- C:\Documents and Settings\Taha Huda\Application Data\Microsoft
2008-08-02 22:36:30 786432 --a------ C:\Documents and Settings\Taha Huda\NTUSER.DAT
2008-08-02 21:36:24 0 d-------- C:\WINDOWS\Prefetch
2008-08-02 21:18:48 0 d-------- C:\WINDOWS\system32\scripting
2008-08-02 21:18:46 0 d-------- C:\WINDOWS\l2schemas
2008-08-02 21:18:45 0 d-------- C:\WINDOWS\system32\en
2008-08-02 21:09:13 0 d-------- C:\WINDOWS\network diagnostic
2008-08-02 20:00:32 0 d-------- C:\WINDOWS\VirtualEar
2008-08-02 20:00:32 65536 --a------ C:\WINDOWS\system32\Audio3d.dll <Not Verified; Sensaura Ltd; Sensaura>
2008-08-02 20:00:31 49152 --a------ C:\WINDOWS\system32\DSndUp.exe <Not Verified; Analog Devices Inc.; adi DSndUp>
2008-08-02 20:00:31 45056 --a------ C:\WINDOWS\system32\CleanUp.exe <Not Verified; adi; adi CleanUp>
2008-08-02 20:00:31 0 d-------- C:\Program Files\Analog Devices
2008-08-01 20:51:24 0 d-------- C:\Documents and Settings\Owner\Application Data\WinRAR
2008-08-01 19:58:06 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-08-01 19:57:37 0 d-------- C:\WINDOWS\OPTIONS
2008-08-01 19:57:22 0 d-------- C:\Program Files\Common Files\InstallShield
2008-08-01 19:53:53 0 d-------- C:\WINDOWS\Downloaded Installations
2008-08-01 19:53:50 0 d-------- C:\Program Files\Common Files\Scanner
2008-08-01 19:53:41 0 d-------- C:\Documents and Settings\All Users\Application Data\CA
2008-08-01 19:53:39 0 d-------- C:\Program Files\CA
2008-08-01 19:50:21 1310720 --a------ C:\Documents and Settings\Owner\ntuser.dat
2008-08-01 19:50:20 229376 --a------ C:\Documents and Settings\LocalService\ntuser.dat
2008-08-01 19:46:34 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-08-01 19:32:16 0 d-------- C:\WINDOWS\peernet
2008-08-01 19:32:12 0 d-------- C:\WINDOWS\provisioning
2008-08-01 19:25:22 0 d-------- C:\WINDOWS\ServicePackFiles
2008-08-01 19:15:42 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-08-01 19:11:24 0 d-------- C:\WINDOWS\EHome
2008-08-01 18:42:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-08-01 18:36:15 0 d-------- C:\WINDOWS\system32\PreInstall
2008-08-01 18:36:12 0 d--h----- C:\WINDOWS\$hf_mig$
2008-08-01 18:35:05 0 d-------- C:\WINDOWS\system32\bits
2008-08-01 18:20:31 0 d-------- C:\Downloads
2008-08-01 18:17:23 0 d--hs---- C:\Documents and Settings\Owner\UserData
2008-08-01 18:13:31 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-08-01 18:10:37 0 d-------- C:\WINDOWS\SoftwareDistribution


-- Find3M Report ---------------------------------------------------------------

2008-08-07 11:57:44 0 d-------- C:\Program Files\Common Files
2008-08-02 21:19:57 0 d-------- C:\Program Files\Messenger
2008-08-02 21:18:43 0 d-------- C:\Program Files\Movie Maker
2008-08-02 21:12:47 0 d-------- C:\Program Files\Windows NT
2008-08-01 18:10:37 0 d--h----- C:\Program Files\WindowsUpdate
2008-06-13 12:57:59 0 d-------- C:\Program Files\Common Files\ODBC
2008-06-13 12:57:56 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-06-13 12:57:37 62 --ahs---- C:\Documents and Settings\Owner\Application Data\desktop.ini
2008-06-11 23:19:39 22704 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-06-11 2044 0 -rahs---- C:\MSDOS.SYS
2008-06-11 2044 0 -rahs---- C:\IO.SYS
2008-06-11 2044 0 --a------ C:\CONFIG.SYS
2008-06-11 2044 0 --a------ C:\AUTOEXEC.BAT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66DC1AE0-5410-47D3-9931-F4C798FF2526}]
08/06/2008 05:31 PM 246272 --a------ C:\WINDOWS\system32\byXQJbaW.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a2fc7b17-2bdc-41fc-9a7a-97ea6c91518b}]
08/08/2008 04:15 PM 96256 --a------ C:\WINDOWS\system32\chajmy.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BB81FE02-F70B-46C2-82C3-DE5C6652E677}]
08/06/2008 05:14 PM 36864 --a------ C:\WINDOWS\system32\ddcyyywt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [06/19/2008 09:53 AM]
"dceac1a0"="C:\WINDOWS\system32\qjrvjawc.dll" [08/08/2008 04:01 PM]
"BMdfd9f23c"="C:\WINDOWS\system32\vmiadmwn.dll" [08/08/2008 04:00 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [08/03/2008 01:05 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{BB81FE02-F70B-46C2-82C3-DE5C6652E677}"= C:\WINDOWS\system32\ddcyyywt.dll [08/06/2008 05:14 PM 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcyyywt]
ddcyyywt.dll 08/06/2008 05:14 PM 36864 C:\WINDOWS\system32\ddcyyywt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\byXQJbaW

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAVRID]
"C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cctray]
"C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmapp]
"C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmctxth]
"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- End of Deckard's System Scanner: finished at 2008-08-13 13:03:22 ------------
Attached Files
File Type: txt main.txt (23.3 KB, 1 views)
File Type: txt extra.txt (8.3 KB, 1 views)
Last edited by TheBruce1; 08-13-2008 at 12:05 PM.
hammad1337 is offline