Thread: Infected Computer
View Single Post
Old 04-22-2007, 08:22 PM   #1 (permalink)
dark_shard
Registered User
 
Join Date: Jan 2007
Posts: 39
OS: WIN XP PRO


Infected Computer
Recently this computer has started acting like it has been pretty infected by viruses or spyware. The first symptom was Iexplorer opening multiple windows rapidly non-stop. Now the computer gets a LOT of pop-ups through iternet exlorer even when the program isn't open. I've followed the five steps posted prior to posting this log and I haven't been alble to remedy the problems. I've deleted a lot of spyware/adware but whatever has infected the computer keeps re-downloading more. Log is as follows:

Deckard's System Scanner v20070411.38
Run by Mom and Dad on 2007-04-22 at 22:09:24
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
20: 2007-04-23 02:09:56 UTC - RP1318 - Deckard's System Scanner Restore Point
19: 2007-04-22 23:02:40 UTC - RP1317 - System Checkpoint
18: 2007-04-21 22:08:11 UTC - RP1316 - System Checkpoint
17: 2007-04-20 21:23:33 UTC - RP1315 - System Checkpoint
16: 2007-04-19 21:19:24 UTC - RP1314 - Software Distribution Service 2.0


-- First Restore Point --
1: 2007-04-14 21:48:27 UTC - RP1299 - Spybot-S&D Spyware removal


Performed disk cleanup.


-- HijackThis (run as Mom and Dad.exe) -----------------------------------------

HijackThis failed to provide a log after three minutes; running clone instead.
-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-04-22 22:13:32
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.0.5730.11)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Free\avgamsvr.exe
C:\Program Files\Grisoft\AVG Free\avgupsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Documents and Settings\Mom and Dad\Desktop\dss.exe
C:\Program Files\HijackThis\Mom and Dad.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\tmpCD.tmp.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {983d75b1-b947-4c4b-a49f-24438a422052} - C:\WINDOWS\system32\jav253.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: VAIO Action Setup (Server).lnk = C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\common files\real\gtoolbar\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...rch.jhtml?p=ZS
O8 - Extra context menu item: Backward &Links - res://c:\program files\common files\real\gtoolbar\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\common files\real\gtoolbar\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\common files\real\gtoolbar\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\common files\real\gtoolbar\googletoolbar.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra 'Tools' menuitem: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/Pog...rInstaller.CAB
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeup...ntent/opuc.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1105162440937
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1125198812084
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/W...gPublisher.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab55579.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab Class) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/download...ameManager.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553572000} () - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/game...nematycoon.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bej...loader_v10.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: jav253 - C:\WINDOWS\system32\jav253.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\system32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG Free\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG Free\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Microsoft Corp., Veritas Software - C:\WINDOWS\System32\dmadmin.exe /com
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - "C:\Program Files\Norton\isPwdSvc.exe"
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Symantec Corporation - "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll"
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDEngine - Raxco Software, Inc. - "C:\Program Files\Raxco\PerfectDisk\PDEngine.exe"
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - "C:\Program Files\Raxco\PerfectDisk\PDSched.exe"
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - "C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe"


-- File Associations -----------------------------------------------------------

.js - JSFile - shell\open\command - unable to read value
.vbs - VBSFile - shell\open\command - unable to read value


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 Defrag32b (Defrag32Boot) - c:\windows\system32\drivers\defrag32b.sys
R1 AFS2K - c:\windows\system32\drivers\afs2k.sys
R1 DcCam (Kodak Camera Proxy) - c:\windows\system32\drivers\dccam.sys
R1 DMICall (Sony DMI Call service) - c:\windows\system32\drivers\dmicall.sys
R1 SonyFanC (FAN Control Device Service) - c:\windows\system32\drivers\sonyfanc.sys
R1 SRTSP - c:\windows\system32\drivers\srtsp.sys
R1 SRTSPX - c:\windows\system32\drivers\srtspx.sys
R2 DCFS2K (Kodak DCFS2K Driver) - c:\windows\system32\drivers\dcfs2k.sys
R2 Defrag32 - c:\windows\system32\drivers\defrag32.sys
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys
R3 ROOTMODEM (Microsoft Legacy Modem Driver) - c:\windows\system32\drivers\rootmdm.sys
R3 smwdm - c:\windows\system32\drivers\smwdm.sys

S1 Exportit - c:\windows\system32\drivers\exportit.sys
S2 windev-1e41-5c5b - c:\windows\system32\windev-1e41-5c5b.sys (file missing)
S3 BCM42XX (Broadcom iLine10(tm) Network Adapter Driver) - c:\windows\system32\drivers\bcm42xx5.sys
S3 BCMModem (BCM V.90 56K Modem) - c:\windows\system32\drivers\bcmdm.sys
S3 DcFpoint - c:\windows\system32\drivers\dcfpoint.sys
S3 DcLps (Legacy Polling Service) - c:\windows\system32\drivers\dclps.sys
S3 DcPTP - c:\windows\system32\drivers\dcptp.sys
S3 EraserUtilDrv10720 - c:\program files\common files\symantec shared\eengine\eraserutildrv10720.sys (file missing)
S3 ltmodem5 (Lucent Modem Driver) - c:\windows\system32\drivers\ltmdmnt.sys
S3 MODEMCSA (Unimodem Streaming Filter Device) - c:\windows\system32\drivers\modemcsa.sys
S3 SRTSPL - c:\windows\system32\drivers\srtspl.sys
S3 WpdUsb - c:\windows\system32\drivers\wpdusb.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 LiveUpdate Notice Ex (LiveUpdate Notice Service Ex) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon
R2 MSSQL$SQLEXPRESS (SQL Server (SQLEXPRESS)) - "c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe" -ssqlexpress
R2 PDSched (PDScheduler) - "c:\program files\raxco\perfectdisk\pdsched.exe"
R2 SQLBrowser (SQL Server Browser) - "c:\program files\microsoft sql server\90\shared\sqlbrowser.exe"
R2 SQLWriter (SQL Server VSS Writer) - "c:\program files\microsoft sql server\90\shared\sqlwriter.exe"

S2 LiveUpdate Notice Service - "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifeng.dll"
S3 SPTISRV (Sony SPTI Service) - c:\program files\common files\sony shared\avlib\sptisrv.exe
S4 msvsmon80 (Visual Studio 2005 Remote Debugger) - "d:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe" /service msvsmon80


-- Scheduled Tasks -------------------------------------------------------------

2007-04-22 17:39:02 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job<MPSCHE~1.JOB>
2007-04-22 16:54:18 434 --ah----- C:\WINDOWS\Tasks\User_Feed_Synchronization-{699F02C7-3898-42D3-8232-C75F5FE94137}.job<USER_F~1.JOB>
2007-04-17 16:25:26 548 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Mom and Dad.job<NORTON~1.JOB>


-- Files created between 2007-03-22 and 2007-04-22 -----------------------------

2007-04-22 21:39:12 21312 --a------ C:\WINDOWS\choice.exe
2007-04-22 21:34:23 0 d-------- C:\Program Files\SpywareGuard<SPYWAR~2>
2007-04-22 21:29:30 0 d-------- C:\Program Files\SpywareBlaster<SPYWAR~1>
2007-04-21 11:02:00 0 d--hs---- C:\FOUND.001
2007-04-20 12:54:57 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1>
2007-04-20 11:33:22 0 d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2007-04-20 11:32:33 0 d-------- C:\Documents and Settings\Administrator\Application Data\Share-to-Web Upload Folder<SHARE-~1>
2007-04-17 16:13:09 48776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-04-17 16:13:09 115000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-04-17 16:11:53 0 d-------- C:\Program Files\Symantec
2007-04-17 16:11:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-04-17 16:10:39 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-04-17 16:10:31 0 d-------- C:\Program Files\Norton
2007-04-16 16:15:27 0 d-------- C:\Program Files\Windows Defender<WIFD1F~1>
2007-04-14 18:34:34 0 d--hs---- C:\FOUND.000
2007-04-14 11:59:57 0 d-------- C:\Documents and Settings\Mom and Dad\Application Data\Azureus
2007-04-13 18:27:51 0 d-------- C:\Documents and Settings\John\Application Data\Lavasoft
2007-04-11 15:44:02 18943 --a------ C:\WINDOWS\system32\jav253.dll
2007-04-07 19:52:12 0 d-------- C:\Program Files\Hide And Secret<HIDEAN~1>
2007-04-06 14:54:38 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll<CMDLIN~1.DLL>
2007-04-06 14:44:46 35430 --a------ C:\WINDOWS\DIIUnin.dat
2007-04-06 14:44:40 2829 --a------ C:\WINDOWS\DIIUnin.pif
2007-04-06 14:44:40 94208 --a------ C:\WINDOWS\DIIUnin.exe
2007-03-30 16:25:55 0 d-------- C:\Program Files\iWin.com
2007-03-29 22:07:11 0 d-------- C:\Program Files\MSXML 6.0<MSXML6~1.0>
2007-03-29 18:29:31 0 d-------- C:\Documents and Settings\Leigh\Application Data\Magic Academy<MAGICA~1>
2007-03-27 19:04:54 0 d--h----- C:\Documents and Settings\Leigh\Application Data\Move Networks<MOVENE~1>
2007-03-26 18:11:55 66560 --a------ C:\WINDOWS\MOTA113.exe
2007-03-26 18:11:55 217073 --a------ C:\WINDOWS\meta4.exe
2007-03-26 18:11:54 70656 --a------ C:\WINDOWS\system32\yv12vfw.dll
2007-03-26 18:11:54 70656 --a------ C:\WINDOWS\system32\i420vfw.dll
2007-03-26 18:11:54 27648 --a------ C:\WINDOWS\system32\AVSredirect.dll<AVSRED~1.DLL>
2007-03-26 18:11:53 471552 --a------ C:\WINDOWS\system32\Smab.dll
2007-03-26 18:11:53 719872 --a------ C:\WINDOWS\system32\devil.dll
2007-03-26 18:11:53 306688 --a------ C:\WINDOWS\system32\avisynth.dll
2007-03-26 18:11:51 0 d-------- C:\Program Files\AviSynth 2.5<AVISYN~1.5>
2007-03-26 18:11:33 31232 -r-hs---- C:\WINDOWS\system32\msfDX.dll
2007-03-26 18:11:33 163328 -r-hs---- C:\WINDOWS\system32\flvDX.dll
2007-03-24 20:51:03 0 d-------- C:\Documents and Settings\John\Application Data\Apple Computer<APPLEC~1>
2007-03-23 17:54:51 0 d-------- C:\Program Files\Microsoft SQL Server<MI6841~1>
2007-03-23 17:53:43 0 d-------- C:\Program Files\Microsoft Device Emulator<MI9C2B~1>
2007-03-23 17:53:26 0 d-------- C:\Program Files\Microsoft SQL Server 2005 Mobile Edition<MI40D9~1>
2007-03-23 17:42:22 0 d-------- C:\Program Files\MSBuild
2007-03-23 17:30:23 0 d-------- C:\WINDOWS\Symbols
2007-03-23 17:30:23 0 d-------- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions<PREEMP~1>
2007-03-23 17:30:22 0 d-------- C:\Program Files\HTML Help Workshop<HTMLHE~1>
2007-03-23 17:30:22 0 d-------- C:\Program Files\Common Files\Merge Modules<MERGEM~1>
2007-03-23 17:30:22 0 d-------- C:\Program Files\Common Files\Business Objects<BUSINE~1>
2007-03-23 17:30:22 0 d-------- C:\Program Files\CE Remote Tools<CEREMO~1>
2007-03-23 17:25:26 0 d-------- C:\Program Files\Microsoft Visual Studio 8<MID05A~1>
2007-03-23 17:25:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help<MICROS~2>
2007-03-22 16:47:35 46344 --a------ C:\WINDOWS\NSSetDefaultBrowser.EXE<NSSETD~1.EXE>


-- Find3M Report ---------------------------------------------------------------

2007-04-22 20:48:12 19368 --a------ C:\WINDOWS\mozver.dat
2007-04-06 14:52:48 21840 --a------ C:\WINDOWS\system32\SIntfNT.dll
2007-04-06 14:52:48 17212 --a------ C:\WINDOWS\system32\SIntf32.dll
2007-04-06 14:52:46 12067 --a------ C:\WINDOWS\system32\SIntf16.dll
2007-03-31 17:09:46 33296 --a------ C:\Documents and Settings\Mom and Dad\Application Data\GDIPFONTCACHEV1.DAT<GDIPFO~1.DAT>
2007-03-17 09:43:02 292864 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-08 11:36:28 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 11:36:28 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 11:36:28 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 09:47:48 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-03-06 22:37:18 0 d-------- C:\Program Files\MSN Games<MSNGAM~2>
2007-03-05 14:57:48 4 --a------ C:\WINDOWS\system32\6A54FE
2007-02-23 19:10:20 335 --a------ C:\WINDOWS\mozregistry.dat<MOZREG~1.DAT>
2007-02-10 05:29:52 2234224 --a------ C:\WINDOWS\system32\sqlncli.dll
2007-02-10 05:29:52 67952 --a------ C:\WINDOWS\system32\sqlctr90.dll
2007-02-05 16:17:02 185344 --a------ C:\WINDOWS\system32\upnphost.dll


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Weather"="C:\\Program Files\\AWS\\WeatherBug\\Weather.exe 1"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_8 -reboot 1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"osCheck"="\"C:\\Program Files\\Norton\\osCheck.exe\""
"Symantec PIF AlertEng"="\"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\PIFSvc.exe\" /a /m \"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\AlertEng.dll\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
"backup"="C:\\WINDOWS\\pss\\Kodak EasyShare software.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Kodak\\KODAKE~1\\bin\\EASYSH~1.EXE -hx"
"item"="Kodak EasyShare software"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkVwMon.exe.lnk]
"backup"="C:\\WINDOWS\\pss\\NkVwMon.exe.lnkCommon Startup"
"location"="Common Startup"
"item"="NkVwMon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Verizon Online Support Center.lnk]
"backup"="C:\\WINDOWS\\pss\\Verizon Online Support Center.lnkCommon Startup"
"location"="Common Startup"
"command"="c:\\program files\\hewlett-packard\\hpis\\bin\\matcli.exe -boot"
"item"="Verizon Online Support Center"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"D:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewpointPhotosDeviceConnect]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="FotomatDeviceConnect"
"hkey"="HKLM"
"command"="c:\\program files\\common files\\viewpoint\\toolbar runtime\\3.7.0\\fotomatdeviceconnect.exe"
"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"="Eudora's Shell Extension"
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
"DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jav253

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c1c3449f-613a-11d9-a932-806d6172696f}]
Shell\AutoRun\command F:\Aly_Aj.exe


-- Hosts -----------------------------------------------------------------------

127.0.0.1 ns8-stats.netscape.com


-- End of Deckard's System Scanner: finished at 2007-04-22 at 22:16:14 ---------
dark_shard is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here