Thread: Vundo Trojan x 2, Slow start-up et. al.
View Single Post
Old 04-10-2007, 09:49 PM   #1 (permalink)
jtpriddy
Registered User
 
Join Date: Apr 2007
Posts: 9
OS: XP


Vundo Trojan x 2, Slow start-up et. al.
I have been infected for about a month now. Picked up these infections in Europe. I think I have multiple infections, or one infection that is allowing other infections to feed.

I know that I have 2 versions of Vundo Trojan Horse, and something else I can't put my finger on.

I am running Avast! for anti-virus, and/or have tried Windows Defender, AVG, Spyware Doctor, XoftSpySE, RegCure, now the three other programs recommended by this site, and am still getting buffer overruns. Virtual memory is VERY slowwww. It takes about 10-15 minutes for my computer to boot. Browser is hijacked regularly, but not constantly.

I hope I do this post correctly, and thank you for your service in this very frustrating matter!! THANK YOU.

1.

Deckard's System Scanner v20070328.36
Run by Tim Priddy on 2007-04-10 at 23:17:02
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
12: 2007-04-11 03:17:21 UTC - RP12 - Deckard's System Scanner Restore Point
11: 2007-04-10 15:58:34 UTC - RP11 - Installed Ad-Aware SE Personal
10: 2007-04-10 15:30:42 UTC - RP10 - Spyware Doctor: Cleaning Threats
9: 2007-04-10 01:29:21 UTC - RP9 - Installed HP Wireless Mouse
8: 2007-04-09 23:23:30 UTC - RP8 - System Restore


-- First Restore Point --
1: 2007-04-05 17:55:47 UTC - RP1 - System Checkpoint


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Tim Priddy.exe) ------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 11:19:44 PM, on 4/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Venturi2\Client\ventc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\Tim Priddy\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1.1\Tim Priddy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.cnn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {182B90A3-F372-438A-800C-6814B4DE417B} - C:\WINDOWS\system32\ssqqomk.dll
O2 - BHO: (no name) - {1A9E5BDB-7129-4F41-97FD-2115F9C42DEC} - C:\WINDOWS\system32\byxuu.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [VF0070 STISvc] RunDLL32.exe V0070Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\qamemyed.dll",setvm
O4 - HKLM\..\Run: [mMouse] MouPter.exe
O4 - HKLM\..\Run: [SetMou] SetMou.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h20278.www2.hp.com/HPISWeb/Cu...ataManager.CAB
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/126p/html/gtdownlr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1170275904732
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} (VaPgCtrl Class) - http://192.168.0.102:81/plugin/h263ctrl.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: byxuu - C:\WINDOWS\system32\byxuu.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: ssqqomk - C:\WINDOWS\SYSTEM32\ssqqomk.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Venturi2 Client (Venturi2) - Venturi Wireless - C:\Program Files\Venturi2\Client\ventc.exe


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 BTHidMgr (Bluetooth HID Manager Service) - c:\windows\system32\drivers\bthidmgr.sys
R1 AFS2K - c:\windows\system32\drivers\afs2k.sys
R1 Cdr4_xp - c:\windows\system32\drivers\cdr4_xp.sys
R1 Cdralw2k - c:\windows\system32\drivers\cdralw2k.sys
R1 cdudf_xp - c:\windows\system32\drivers\cdudf_xp.sys
R1 DVDVRRdr_xp - c:\windows\system32\drivers\dvdvrrdr_xp.sys
R1 eabfiltr - c:\windows\system32\drivers\eabfiltr.sys
R1 pwd_2k - c:\windows\system32\drivers\pwd_2k.sys
R1 UDFReadr - c:\windows\system32\drivers\udfreadr.sys
R2 mdmxsdk - c:\windows\system32\drivers\mdmxsdk.sys
R2 NwlnkIpx (NWLink IPX/SPX/NetBIOS Compatible Transport Protocol) - c:\windows\system32\drivers\nwlnkipx.sys
R2 NwlnkNb (NWLink NetBIOS) - c:\windows\system32\drivers\nwlnknb.sys
R2 NwlnkSpx (NWLink SPX/SPXII Protocol) - c:\windows\system32\drivers\nwlnkspx.sys
R3 BCM43XX (Broadcom 802.11 Network Adapter Driver) - c:\windows\system32\drivers\bcmwl5.sys
R3 CAMCAUD (Conexant AMC 3D Environmental Audio) - c:\windows\system32\drivers\camcaud.sys
R3 CAMCHALA - c:\windows\system32\drivers\camchal.sys
R3 HSF_DP - c:\windows\system32\drivers\hsf_dp.sys
R3 HSFHWICH - c:\windows\system32\drivers\hsfhwich.sys
R3 ialm - c:\windows\system32\drivers\ialmnt5.sys
R3 IKFileFlt (File Filter Driver) - c:\windows\system32\drivers\ikfileflt.sys
R3 IKFileSec (File Security Driver) - c:\windows\system32\drivers\ikfilesec.sys
R3 IkSysFlt (System Filter Driver) - c:\windows\system32\drivers\iksysflt.sys
R3 IKSysSec (System Security Driver) - c:\windows\system32\drivers\iksyssec.sys
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys
R3 mmc_2K - c:\windows\system32\drivers\mmc_2k.sys
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys
R3 ROOTMODEM (Microsoft Legacy Modem Driver) - c:\windows\system32\drivers\rootmdm.sys
R3 winachsf - c:\windows\system32\drivers\hsf_cnxt.sys

S2 Nsynas32 - c:\windows\system32\drivers\nsynas32.sys
S2 vsdatant - c:\windows\system32\vsdatant.sys (file missing)
S3 {E2B953A6-195A-44F9-9BA3-3D5F4E32BB55} (AIM 3.0 Part 01 Codec Driver CH-7009-A/CH-7011) - c:\windows\system32\drivers\wa301a.sys
S3 BlueletAudio (Bluetooth Audio Service) - c:\windows\system32\drivers\blueletaudio.sys
S3 BT (Bluetooth PAN Network Adapter) - c:\windows\system32\drivers\btnetdrv.sys
S3 Btcsrusb (Bluetooth USB For Bluetooth Service) - c:\windows\system32\drivers\btcusb.sys
S3 BthEnum (Bluetooth Request Block Driver) - c:\windows\system32\drivers\bthenum.sys
S3 BTHidEnum (Bluetooth HID Enumerator) - c:\windows\system32\drivers\vbtenum.sys
S3 BthPan (Bluetooth Device (Personal Area Network)) - c:\windows\system32\drivers\bthpan.sys
S3 BTHPORT (Bluetooth Port Driver) - c:\windows\system32\drivers\bthport.sys
S3 BTHUSB (Bluetooth Radio USB Driver) - c:\windows\system32\drivers\bthusb.sys
S3 dvd_2K - c:\windows\system32\drivers\dvd_2k.sys
S3 eabusb - c:\windows\system32\drivers\eabusb.sys
S3 LHidUsbK (Logitech SetPoint USB Receiver device driver) - c:\windows\system32\drivers\lhidusbk.sys (file missing)
S3 LMouKE (Logitech SetPoint Mouse Filter Driver) - c:\windows\system32\drivers\lmouke.sys (file missing)
S3 QV2KUX (Casio Digital Camera) - c:\windows\system32\drivers\qv2kux.sys
S3 Rasirda (WAN Miniport (IrDA)) - c:\windows\system32\drivers\rasirda.sys
S3 Ser2pl (Prolific Serial port driver) - c:\windows\system32\drivers\ser2pl.sys
S3 SMCIRDA (SMC IrCC Miniport Device Driver) - c:\windows\system32\drivers\smcirda.sys
S3 SMNDIS5 (SMNDIS5 NDIS Protocol Driver) - c:\program files\verizon wireless\vzaccess manager\smndis5.sys
S3 usbsermpt (Motorola USB Modem Driver for MPT) - c:\windows\system32\drivers\usbsermpt.sys
S3 V0070VID (Creative WebCam Notebook Ultra) - c:\windows\system32\drivers\v0070vid.sys
S3 VComm (Virtual Serial port driver) - c:\windows\system32\drivers\vcomm.sys
S3 VcommMgr (Bluetooth VComm Manager Service) - c:\windows\system32\drivers\vcommmgr.sys
S3 WpdUsb - c:\windows\system32\drivers\wpdusb.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 BthServ (Bluetooth Support Service) - c:\windows\system32\svchost.exe -k bthsvcs
R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe"
R2 Venturi2 (Venturi2 Client) - c:\program files\venturi2\client\ventc.exe

S3 hpqwmi (HP WMI Interface) - c:\program files\hpq\shared\hpqwmi.exe
S3 sdAuxService (Spyware Doctor Auxiliary Service) - c:\program files\spyware doctor\svcntaux.exe
S3 sdCoreService (Spyware Doctor Service) - c:\program files\spyware doctor\swdsvc.exe


-- Scheduled Tasks -------------------------------------------------------------

2007-04-10 23:20:00 432 --ah----- C:\WINDOWS\Tasks\User_Feed_Synchronization-{7A2BD778-407B-48B9-905C-F3A45FF5B90A}.job<USER_F~1.JOB>
2007-04-10 17:57:19 448 --a------ C:\WINDOWS\Tasks\RegCure Program Check.job<REGCUR~1.JOB>
2007-04-10 17:57:18 442 --a------ C:\WINDOWS\Tasks\XoftSpySE 2.job<XOFTSP~2.JOB>
2007-04-10 17:53:23 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job<MPSCHE~1.JOB>
2007-04-10 07:51:52 372 --a------ C:\WINDOWS\Tasks\XoftSpySE.job<XOFTSP~1.JOB>
2007-04-10 06:29:07 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job<APPLES~1.JOB>
2007-04-05 03:37:55 382 --a------ C:\WINDOWS\Tasks\RegCure.job
2007-03-20 17:46:17 330 --a------ C:\WINDOWS\Tasks\RoxioUpdator.job<ROXIOU~1.JOB>


-- Files created between 2007-03-10 and 2007-04-10 -----------------------------

2007-04-10 22:26:58 0 d-------- C:\Program Files\SpywareGuard<SPYWAR~3>
2007-04-10 22:14:24 0 d-------- C:\Program Files\SpywareBlaster<SPYWAR~2>
2007-04-10 16:47:40 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1>
2007-04-10 12:00:19 0 d-------- C:\Documents and Settings\Tim Priddy\Application Data\Lavasoft
2007-04-10 11:58:55 0 d-------- C:\Program Files\Lavasoft
2007-04-10 10:57:37 26064 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-04-10 10:57:37 83536 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-04-10 10:57:37 52304 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys<IKFILE~2.SYS>
2007-04-10 10:57:37 39248 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys<IKFILE~1.SYS>
2007-04-10 10:57:36 59984 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-04-10 10:56:43 0 d-------- C:\Program Files\Spyware Doctor<SPYWAR~1>
2007-04-10 10:53:56 626688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-04-09 21:29:38 147456 --a------ C:\WINDOWS\Uninstit.exe
2007-04-09 21:29:38 49152 --a------ C:\WINDOWS\HIDUSB.dll
2007-04-09 21:29:37 244736 --a------ C:\WINDOWS\SetMou.exe
2007-04-09 21:29:33 5720064 --a------ C:\WINDOWS\MouPter.exe
2007-04-09 21:29:32 24576 --a------ C:\WINDOWS\HKNTDLL.dll
2007-04-09 21:29:32 49152 --a------ C:\WINDOWS\CPQUSB.dll
2007-04-09 19:24:08 0 d-------- C:\Program Files\SP31140
2007-04-05 13:34:39 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-04-05 06:02:03 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-04-05 06:02:03 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2007-04-05 06:02:03 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2007-04-05 06:02:03 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2007-04-05 06:02:03 0 d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer<APPLEC~1>
2007-04-05 03:37:38 0 d-------- C:\Program Files\RegCure
2007-04-04 14:29:47 617960 ---hs---- C:\WINDOWS\system32\uuxyb.ini2<UUXYB~1.INI>
2007-04-04 14:20:53 88340 --a------ C:\WINDOWS\system32\kceyhfil.exe
2007-04-04 14:20:41 123412 --a------ C:\WINDOWS\system32\fmfpgktr.dll
2007-04-03 12:56:18 0 d-------- C:\WINDOWS\Internet Logs<INTERN~1>
2007-04-03 12:50:21 29752 -----n--- C:\WINDOWS\system32\InstHelper.dll<INSTHE~1.DLL>
2007-04-03 12:48:58 8 --a------ C:\WINDOWS\system32\success
2007-04-03 12:42:13 110080 --a------ C:\WINDOWS\system32\drivers\dne2000.sys
2007-04-03 12:42:13 94720 --a------ C:\WINDOWS\system32\dneinobj.dll
2007-04-03 12:41:43 5315 --a------ C:\WINDOWS\system32\drivers\CVirtA.sys
2007-04-03 12:41:27 193584 --a------ C:\WINDOWS\system32\CSGina.dll
2007-03-30 02:08:36 280676 ---hs---- C:\WINDOWS\system32\jkhih.dll
2007-03-28 05:09:33 26730 --a------ C:\WINDOWS\system32\ssqqomk.dll
2007-03-28 05:09:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-03-21 0337 88340 --a------ C:\WINDOWS\system32\qextwqnk.exe
2007-03-19 12:15:21 0 d-------- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Spyware<PARETO~1>
2007-03-19 04:58:39 0 d-------- C:\Program Files\XoftSpySE<XOFTSP~1>
2007-03-16 14:07:08 0 d-------- C:\Program Files\QuickTime<QUICKT~3>
2007-03-16 14:00:30 0 d-------- C:\Program Files\Apple Software Update<APPLES~2>
2007-03-12 05:31:55 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys


-- Find3M Report ---------------------------------------------------------------

2007-04-10 23:19:28 0 d-------- C:\Program Files\HijackThis 1.99.1<HIJACK~1.1>
2007-04-10 19:00:37 0 d-------- C:\Program Files\Windows Defender<WIFD1F~1>
2007-04-10 18:48:36 0 d-------- C:\Program Files\iTunes
2007-04-10 18:41:27 0 d-------- C:\Program Files\Google
2007-04-10 18:41:24 0 d-------- C:\Program Files\Free Download Manager<FREEDO~1>
2007-04-10 18:40:28 0 d-------- C:\Program Files\DVD Region-Free<DVDREG~1>
2007-04-10 12:12:46 12 --a------ C:\WINDOWS\bthservsdp.dat<BTHSER~1.DAT>
2007-04-10 12:10:57 0 d-------- C:\Documents and Settings\Tim Priddy\Application Data\Skype
2007-04-10 11:56:06 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard<WISEIN~1>
2007-04-10 09:11:51 0 d-------- C:\Program Files\Quicken
2007-04-09 21:29:21 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-04-05 03:36:09 0 d-------- C:\Program Files\Install Provider<INSTAL~2>
2007-04-02 09:38:38 0 d-------- C:\Program Files\LimeWire
2007-03-28 05:01:57 0 d-------- C:\Documents and Settings\Tim Priddy\Application Data\AdobeUM
2007-03-23 15:35:47 0 d-------- C:\Program Files\DivX
2007-03-22 06:52:52 0 d-------- C:\Program Files\Finale 2006<FINALE~1>
2007-03-20 02:49:40 469766 ---hs---- C:\WINDOWS\system32\uuxyb.bak2<UUXYB~2.BAK>
2007-03-17 03:16:37 0 d-------- C:\Documents and Settings\Tim Priddy\Application Data\Free Download Manager<FREEDO~1>
2007-03-16 14:17:17 0 d-------- C:\Program Files\iPod
2007-03-16 04:02:18 0 d-------- C:\Program Files\InterVideo<INTERV~1>
2007-03-16 03:19:58 0 d-------- C:\Program Files\Hewlett-Packard<HEWLET~1>
2007-03-16 02:02:48 0 d-------- C:\Program Files\HP
2007-03-13 07:16:33 0 d-------- C:\Documents and Settings\Tim Priddy\Application Data\DivX
2007-03-08 11:36:28 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 11:36:28 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 11:36:28 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 09:47:48 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-03-07 06:31:57 0 d-------- C:\Program Files\Pure Sudoku<PURESU~1>
2007-03-07 06:27:20 482966 ---hs---- C:\WINDOWS\system32\uuxyb.bak1<UUXYB~1.BAK>
2007-03-05 10:05:28 0 d-------- C:\Documents and Settings\Tim Priddy\Application Data\Talkback
2007-03-02 19:05:38 282164 -----n--- C:\WINDOWS\system32\byxuu.dll
2007-03-02 18:59:06 26637 ---hs---- C:\WINDOWS\system32\wvuvvwu.dll
2007-02-28 03:23:07 0 d-------- C:\Documents and Settings\Tim Priddy\Application Data\CNN
2007-02-27 11:14:10 0 d-------- C:\Program Files\Microsoft WSE<MI6E20~1>
2007-02-27 08:00:22 0 d-------- C:\Program Files\Sports Illustrated 2007<SPORTS~1>
2007-02-27 07:58:54 0 d-------- C:\Program Files\The Awakened<THEAWA~1>
2007-02-25 09:05:46 63696 --a------ C:\Documents and Settings\Tim Priddy\Application Data\GDIPFONTCACHEV1.DAT<GDIPFO~1.DAT>
2007-02-23 00:29:58 524288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-02-23 00:29:56 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-02-23 00:29:49 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-02-23 00:29:49 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-02-23 00:25:24 196608 --a----c- C:\WINDOWS\system32\dtu100.dll
2007-02-23 00:25:24 73728 --a----c- C:\WINDOWS\system32\dpl100.dll
2007-02-23 00:25:23 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-02-23 00:25:22 57344 --a----c- C:\WINDOWS\system32\dpv11.dll
2007-02-23 00:25:22 344064 --a----c- C:\WINDOWS\system32\dpus11.dll
2007-02-23 00:25:22 593920 --a----c- C:\WINDOWS\system32\dpuGUI11.dll
2007-02-23 00:25:22 294912 --a----c- C:\WINDOWS\system32\dpu11.dll
2007-02-23 00:25:22 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-02-23 00:25:19 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll<DIVX_X~3.DLL>
2007-02-23 00:25:19 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll<DIVX_X~1.DLL>
2007-02-23 00:25:19 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll<DIVX_X~2.DLL>
2007-02-23 00:25:19 639066 --a------ C:\WINDOWS\system32\DivX.dll
2007-02-15 21:40:35 124472 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe<DIVXCO~1.EXE>
2007-02-13 14:43:33 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-02-12 06:43:14 0 d-------- C:\Program Files\MSBuild
2007-02-12 06:36:14 0 d-------- C:\Program Files\Reference Assemblies<REFERE~1>
2007-02-10 07:01:25 0 d-------- C:\Program Files\Java
2007-02-03 13:16:55 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-01-30 01:03:34 118520 -----n--- C:\WINDOWS\system32\pxinsi64.exe
2007-01-30 01:03:34 116472 -----n--- C:\WINDOWS\system32\pxcpyi64.exe
2007-01-30 01:03:34 129784 -----n--- C:\WINDOWS\system32\pxafs.dll
2007-01-19 09:23:54 1721976 --a------ C:\WINDOWS\system32\inetclnt.dll
2007-01-15 13:32:07 689280 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-01-15 13:23:20 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"RecordNow!"=""
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Power2GoExpress"=""
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"SynTPLpr"="\"C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe\""
"SynTPEnh"="\"C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe\""
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"HPHmon05"="C:\\WINDOWS\\system32\\hphmon05.exe"
"Cpqset"="C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe"
"eabconfg.cpl"="C:\\Program Files\\HPQ\\Quick Launch Buttons\\EabServr.exe /Start"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"RoxioDragToDisc"="\"C:\\Program Files\\Roxio\\Easy Media Creator 7\\Drag to Disc\\DrgToDsc.exe\""
"WatchDog"="C:\\Program Files\\InterVideo\\DVD Check\\DVDCheck.exe"
"BluetoothAuthenticationAgent"="\"rundll32.exe\" bthprops.cpl,,BluetoothAuthenticationAgent"
"VF0070 STISvc"="RunDLL32.exe V0070Pin.dll,RunDLL32EP 513"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"LanguageShortcut"="\"C:\\Program Files\\CyberLink\\PowerDVD\\Language\\Language.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"SoundService"="rundll32.exe \"C:\\WINDOWS\\system32\\qamemyed.dll\",setvm"
"mMouse"="MouPter.exe"
"SetMou"="SetMou.exe"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ParetoLogic Anti-Spyware]
"item"="ParetoLogic Anti-Spyware"
"hkey"="HKEY"
"key"="Run"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
"{182B90A3-F372-438A-800C-6814B4DE417B}"=""
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ClearRecentDocsOnExit"=dword:00000001
"NoRecentDocsMenu"=dword:00000001

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxuu
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqqomk

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
bthsvcs REG_MULTI_SZ BthServ\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{09d50a72-8fc9-11da-87da-00c09f5b716a}]
Shell\AutoRun\command F:\JDSecure\Windows\JDSecure20.exe


-- Hosts -----------------------------------------------------------------------

127.0.0.1 new
127.0.0.1 new
127.0.0.1 new
127.0.0.1 new
127.0.0.1 new
127.0.0.1 new
127.0.0.1 new
127.0.0.1 new
127.0.0.1 new
127.0.0.1 new

9 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2007-04-10 at 23:20:55 ---------
Attached Files
File Type: txt extra.txt (17.7 KB, 0 views)
jtpriddy is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here