Thread: Viewpoint/Grokster keep reappearing
View Single Post
Old 04-22-2007, 08:06 PM   #1 (permalink)
Keradon
Registered User
 
Join Date: Apr 2007
Posts: 27
OS: Windows XP


Pin Viewpoint/Grokster keep reappearing
So after Viewpoint started reappearing rather irregularly, and Grokster keeps showing up in Pest Patrol, I figured I should post the HiJackthis log and see what happens. All five steps have been completed, and all Windows updates also completed.

Per instructions, the extra file will be attached.

Deckard's System Scanner v20070411.38
Run by Owner on 2007-04-22 at 21:54:01
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
12: 2007-04-23 01:54:11 UTC - RP593 - Deckard's System Scanner Restore Point
11: 2007-04-22 01:25:59 UTC - RP592 - System Checkpoint
10: 2007-04-21 01:09:10 UTC - RP591 - System Checkpoint
9: 2007-04-19 20:44:41 UTC - RP590 - System Checkpoint
8: 2007-04-18 13:41:02 UTC - RP589 - Installed Veoh Player


-- First Restore Point --
1: 2007-04-11 11:32:07 UTC - RP582 - Installed HP Update


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 9:58:14 PM, on 4/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\LTMSG.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPActiveDetection.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\DOCUME~1\Owner\Desktop\MAINTE~1\HIJACK~1\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qus10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\companion\Installs\cpn2\yt.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com/support/plugins/ebraryRdr.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/download/tgctlcm.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} (Brickout Control) - http://www.worldwinner.com/games/v47...t/brickout.cab
O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://forms.real.com/real/player/do...e_Inst_Win.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {5EE92643-21CE-4949-903F-39439DCC3944} (Shapetris Control) - http://www.worldwinner.com/games/v42/shape/shape.cab
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://www.worldwinner.com/games/v47.../blockwerx.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1128476816781
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1146194990968
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/ca...ail/DASAct.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - https://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} (Paint Control) - http://www.worldwinner.com/games/v42/paint/paint.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Unknown owner - C:\Program Files\WinClamAVShield\sp_clamsrv.exe (file missing)
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 fasttx2k - c:\windows\system32\drivers\fasttx2k.sys
R1 AFS2K - c:\windows\system32\drivers\afs2k.sys
R1 SiSkp - c:\windows\system32\drivers\srvkp.sys
R1 VETEFILE (VET File Scan Engine) - c:\windows\system32\drivers\vetefile.sys
R1 VETFDDNT (VET Floppy Boot Sector Monitor) - c:\windows\system32\drivers\vetfddnt.sys
R1 VET-FILT (VET File System Filter) - c:\windows\system32\drivers\vet-filt.sys
R1 VETMONNT (VET File Monitor) - c:\windows\system32\drivers\vetmonnt.sys
R1 VET-REC (VET File System Recognizer) - c:\windows\system32\drivers\vet-rec.sys
R2 npkcrypt - c:\program files\wizet\maplestory\npkcrypt.sys
R2 X4HSX32 - c:\program files\gametap\bin\release\x4hsx32.sys
R3 ltmodem5 (Agere Modem Driver) - c:\windows\system32\drivers\ltmdmnt.sys
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys
R3 Ps2 - c:\windows\system32\drivers\ps2.sys
R3 SAMFILT - c:\windows\system32\drivers\samfilt.sys
R3 VETEBOOT (VET Boot Scan Engine) - c:\windows\system32\drivers\veteboot.sys

S0 viaagp1 (VIA AGP Filter) - c:\windows\system32\drivers\viaagp1.sys (file missing)
S2 nvcap (nVidia WDM Video Capture (universal)) - c:\windows\system32\drivers\nvcap.sys
S2 NVXBAR (nVidia WDM A/V Crossbar) - c:\windows\system32\drivers\nvxbar.sys
S3 ATWPKT2 - c:\windows\system32\drivers\atwpkt2.sys (file missing)
S3 ialm - c:\windows\system32\drivers\ialmnt5.sys
S3 S3Psddr - c:\windows\system32\drivers\s3gnbm.sys
S3 SiS315 - c:\windows\system32\drivers\sisgrp.sys
S3 viagfx - c:\windows\system32\drivers\vtmini.sys
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys
S3 WpdUsb - c:\windows\system32\drivers\wpdusb.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CAISafe - c:\program files\ca\etrust ez armor\etrust ez antivirus\isafe.exe
R2 MSSQL$MICROSOFTBCM - c:\program files\microsoft sql server\mssql$microsoftbcm\binn\sqlservr.exe -smicrosoftbcm
R2 VETMSGNT (VET Message Service) - c:\program files\ca\etrust ez armor\etrust ez antivirus\vetmsg.exe

S2 sp_clamsrv (Spyware Terminator Clam Service) - c:\program files\winclamavshield\sp_clamsrv.exe (file missing)
S3 SQLAgent$MICROSOFTBCM - c:\program files\microsoft sql server\mssql$microsoftbcm\binn\sqlagent.exe -i microsoftbcm
S3 usprserv (User Privilege Service) - c:\windows\system32\svchost.exe -k netsvcs


-- Scheduled Tasks -------------------------------------------------------------

2007-04-21 10:04:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job<APPLES~1.JOB>


-- Files created between 2007-03-22 and 2007-04-22 -----------------------------

2007-04-22 21:38:44 21312 --a------ C:\WINDOWS\choice.exe
2007-04-22 21:38:03 0 d-------- C:\ie-spyad
2007-04-22 21:33:10 0 d-------- C:\Program Files\SpywareGuard<SPYWAR~2>
2007-04-22 21:27:48 0 d-------- C:\Program Files\SpywareBlaster<SPYWAR~1>
2007-04-22 16:14:37 0 d-------- C:\WINDOWS\LastGood
2007-04-21 06:36:56 34688 --a------ C:\WINDOWS\system32\drivers\samfilt.sys
2007-04-21 06:12:34 798773 --a------ C:\WINDOWS\system32\MFCO42D.DLL
2007-04-21 06:12:32 24576 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-04-21 06:12:32 401484 --a------ C:\WINDOWS\system32\MSVCRTD.DLL
2007-04-21 06:12:32 929844 --a------ C:\WINDOWS\system32\MFC42D.DLL
2007-04-21 05:45:19 0 d-------- C:\Program Files\Course Technology<COURSE~1>
2007-04-20 20:43:51 0 d-------- C:\Documents and Settings\Tina\Application Data\Avant Profiles<AVANTP~1>
2007-04-19 15:37:39 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1>
2007-04-19 10:47:19 0 d-------- C:\WINDOWS\NV17803100.TMP<NV1780~1.TMP>
2007-04-19 10:46:35 208896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-04-19 10:45:27 0 d-------- C:\NVIDIA
2007-04-19 09:00:58 0 d-------- C:\Documents and Settings\Owner\Application Data\U3
2007-04-18 00:14:02 0 d-------- C:\Program Files\Veoh Networks<VEOHNE~1>
2007-04-17 21:15:40 0 d-------- C:\Documents and Settings\Tina\Application Data\DivX
2007-04-17 00:54:40 0 d-------- C:\Documents and Settings\Owner\Application Data\DivX
2007-04-15 19:11:44 129784 -----n--- C:\WINDOWS\system32\pxafs.dll
2007-04-10 19:32:13 0 d-------- C:\WINDOWS\vbSkinner<VBSKIN~1>
2007-04-10 19:31:44 286720 -----n--- C:\WINDOWS\Setup1.exe
2007-04-10 19:31:34 73216 --a------ C:\WINDOWS\ST6UNST.EXE
2007-04-10 06:24:27 0 d-------- C:\Program Files\Common Files\Viewpoint<VIEWPO~1>
2007-04-02 23:08:37 0 d-------- C:\Documents and Settings\Owner\Application Data\Avant Profiles<AVANTP~1>
2007-04-02 07:18:53 0 d-------- C:\Documents and Settings\Tina\Application Data\Spyware Terminator<SPYWAR~1>
2007-04-02 07:18:51 0 d-------- C:\Documents and Settings\Tina\Application Data\SiteAdvisor<SITEAD~1>
2007-04-02 00:38:29 0 d-------- C:\Documents and Settings\LocalService\Application Data\Spyware Terminator<SPYWAR~1>
2007-04-01 21:56:09 0 d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor<SITEAD~1>
2007-04-01 21:55:24 0 d-------- C:\Program Files\SiteAdvisor<SITEAD~1>
2007-04-01 21:53:28 0 d-------- C:\Documents and Settings\Owner\Application Data\SiteAdvisor<SITEAD~1>
2007-04-01 21:53:28 0 d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor<SITEAD~1>
2007-04-01 21:53:28 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-04-01 17:43:49 0 d-------- C:\Program Files\Avant Browser<AVANTB~1>
2007-03-27 19:05:12 0 d-------- C:\Documents and Settings\Tina\Application Data\U3
2007-03-27 03:55:57 524288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-03-27 03:55:48 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-03-27 03:55:23 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-03-27 03:55:23 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-03-27 03:49:07 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-03-27 03:49:07 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-03-27 03:49:05 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-03-27 03:49:03 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-03-27 03:49:02 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-03-27 03:49:02 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-03-27 03:49:02 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-03-27 03:49:02 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-03-27 03:48:59 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll<DIVX_X~2.DLL>
2007-03-27 03:48:58 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll<DIVX_X~3.DLL>
2007-03-27 03:48:58 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll<DIVX_X~1.DLL>
2007-03-27 03:48:58 639066 --a------ C:\WINDOWS\system32\DivX.dll
2007-03-25 22:23:10 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment<BLIZZA~1>
2007-03-25 22:23:05 0 d-------- C:\Program Files\World of Warcraft<WORLDO~1>


-- Find3M Report ---------------------------------------------------------------

2007-04-22 20:19:11 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-04-22 20:04:17 0 d-------- C:\Program Files\iTunes
2007-04-22 19:33:05 0 d-------- C:\Program Files\Common Files\Scanner
2007-04-21 05:45:19 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-04-19 10:38:00 0 d-------- C:\Program Files\Viewpoint<VIEWPO~1>
2007-04-17 05:01:26 0 d-------- C:\Documents and Settings\Owner\Application Data\Azureus
2007-04-15 19:12:56 0 d-------- C:\Program Files\DivX
2007-04-11 07:32:09 0 d-------- C:\Program Files\HP
2007-04-09 21:28:29 0 d-------- C:\Program Files\Java
2007-03-27 03:55:31 118520 -----n--- C:\WINDOWS\system32\pxinsi64.exe
2007-03-27 03:55:31 116472 -----n--- C:\WINDOWS\system32\pxcpyi64.exe
2007-03-18 11:40:35 0 d-------- C:\Program Files\Azureus
2007-03-17 10:09:40 0 d-------- C:\Program Files\iPod
2007-03-17 09:43:01 292864 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-16 21:59:41 0 d-------- C:\Program Files\Warcraft III<WARCRA~1>
2007-03-09 21:28:53 0 d-------- C:\Program Files\MSBuild
2007-03-09 21:22:43 0 d-------- C:\Program Files\Reference Assemblies<REFERE~1>
2007-03-09 14:46:00 1734 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-03-08 11:36:28 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 11:36:28 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 11:36:28 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 09:47:48 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-03-07 17:30:49 0 d-------- C:\Program Files\Enterbrain<ENTERB~1>
2007-03-07 17:28:36 0 d-------- C:\Program Files\Common Files\Enterbrain<ENTERB~1>
2007-03-05 19:25:19 0 d-------- C:\Program Files\WON
2007-03-04 12:44:12 0 d-------- C:\Documents and Settings\Owner\Application Data\Avant Browser<AVANTB~1>
2007-03-04 12:39:27 0 d-------- C:\Program Files\Three Rings Design<THREER~1>
2007-03-04 12:38:00 0 d-------- C:\Program Files\PartyGaming.Net<PARTYG~1.NET>
2007-03-04 12:27:45 0 d-------- C:\Program Files\Common Files\AOL
2007-03-04 12:25:48 0 d-------- C:\Documents and Settings\Owner\Application Data\AOL
2007-03-04 12:05:31 0 d-------- C:\Documents and Settings\Owner\Application Data\Aim
2007-03-04 11:07:45 0 d-------- C:\Program Files\PCPitstop<PCPITS~1>
2007-03-03 12:55:49 0 d-------- C:\Program Files\GameTap
2007-03-03 00:44:16 1100 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-02-28 07:14:35 0 d-------- C:\Documents and Settings\Owner\Application Data\Viewpoint<VIEWPO~1>
2007-02-15 21:40:35 124472 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe<DIVXCO~1.EXE>
2007-02-05 16:17:02 185344 --a------ C:\WINDOWS\system32\upnphost.dll
2007-01-22 21:00:17 55567 --a------ C:\WINDOWS\War3Unin.dat
2007-01-22 20:39:13 2829 --a------ C:\WINDOWS\War3Unin.pif
2007-01-22 20:39:13 139264 --a------ C:\WINDOWS\War3Unin.exe


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_7"
"WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"MimBoot"="C:\\PROGRA~1\\MUSICM~1\\MUSICM~1\\mimboot.exe"
"LTMSG"="LTMSG.exe 7"
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"HPHmon05"="C:\\WINDOWS\\System32\\hphmon05.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"CamMonitor"="c:\\Program Files\\HP\\Digital Imaging\\Unload\\hpqcmon.exe"
"AlcxMonitor"="ALCXMNTR.EXE"
"QOELOADER"="\"C:\\Program Files\\CA\\eTrust EZ Armor\\eTrust Anti-Spam\\QSP-2.1.215.5\\QOELoader.exe\""
"CaAvTray"="\"C:\\Program Files\\CA\\eTrust EZ Armor\\eTrust EZ Antivirus\\CAVTray.exe\""
"CAVRID"="\"C:\\Program Files\\CA\\eTrust EZ Armor\\eTrust EZ Antivirus\\CAVRID.exe\""
"Zone Labs Client"="\"C:\\Program Files\\CA\\eTrust EZ Armor\\eTrust EZ Firewall\\ca.exe\""
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"eTrustPPAP"="\"C:\\Program Files\\CA\\eTrust EZ Armor\\eTrust PestPatrol\\PPActiveDetection.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"SiteAdvisor"="C:\\Program Files\\SiteAdvisor\\6066\\SiteAdv.exe"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Free WebSite Tools.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Free WebSite Tools.lnk"
"backup"="C:\\WINDOWS\\pss\\Free WebSite Tools.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COFFEE~1\\COFFEE~1\\THIRTY~1.EXE "
"item"="Free WebSite Tools"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Monitor Apache Servers.lnk]
"path"="C:\\Documents and Settings\\Owner\\Start Menu\\Programs\\Startup\\Monitor Apache Servers.lnk"
"backup"="C:\\WINDOWS\\pss\\Monitor Apache Servers.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\APACHE~1\\Apache2\\bin\\APACHE~1.EXE "
"item"="Monitor Apache Servers"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="aim"
"hkey"="HKCU"
"command"="C:\\PROGRA~1\\AIM\\aim.exe -cnetwait.odl"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLLaunch"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Common Files\\AOL\\Launch\\AOLLaunch.exe\" /d locale=en-US ee://aol/imApp"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLDial"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLSoftware"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\1129553603\\ee\\AOLSoftware.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecordNow!]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UPS"=dword:00000003
"SCardSvr"=dword:00000003
"SCardDrv"=dword:00000003
"mnmsrvc"=dword:00000003
"IDriverT"=dword:00000003
"ERSvc"=dword:00000002
"AOL TopSpeedMonitor"=dword:00000002
"AOL ACS"=dword:00000002
"Avg7UpdSvc"=dword:00000002
"Avg7Alrt"=dword:00000002


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{367BDF4B-04E5-46C9-9D83-D68307F659E3}"="NSIS Media Extension"
"{A7B0163F-CC73-4E7C-9614-55D4C553ECE1}"="NSIS Media Extension"
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{59bef116-34e8-11da-940b-806d6172696f}]
Shell\AutoRun\command D:\Info.exe folder.htt 480 480

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8b4ea6b8-dcb7-11db-b34c-000c76880253}]
Shell\AutoRun\command I:\LaunchU3.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dc85f496-f6e4-11da-926e-00038a000015}]
Shell\AutoRun\command G:\setupSNK.exe


-- End of Deckard's System Scanner: finished at 2007-04-22 at 21:59:24 ---------
Attached Files
File Type: txt extra.txt (16.4 KB, 1 views)
Keradon is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here