Deckard's System Scanner v20071014.68
Run by POUCHI on 2008-01-19 13:51:57
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
System Restore is disabled; attempting to re-enable...success.
-- Last 1 Restore Point(s) --
1: 2008-01-19 18:52:12 UTC - RP1 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
Total Physical Memory: 511 MiB (512 MiB recommended).
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-01-19 13:56:05
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\Program Files\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\Program Files\McAfee\VirusScan\mcods.exe
C:\Program Files\McAfee\MSC\mcpromgr.exe
C:\Program Files\Common Files\McAfee\RedirSvc\RedirSvc.exe
C:\Program Files\McAfee\VirusScan\Mcshield.exe
C:\Program Files\McAfee\VirusScan\mcsysmon.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Documents and Settings\POUCHI\Desktop\dss.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Windows Defender\MSASCui .exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2 .exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.google.com/ie
F0 - win.ini: load=C:\WINDOWS\system32\vtutu.exe
F3 - REG:win.ini: Load=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: (no name) - {22E53967-D04B-4109-B305-C48FBBAED0C8} - C:\WINDOWS\system32\vtutu.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptcl.dll
O2 - BHO: {23239637-2ee3-c89b-ef04-9dcff5a2c46d} - {d64c2a5f-fcd9-40fe-b98c-3ee273693232} - C:\WINDOWS\system32\jvdxtssw.dll (file missing)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [CapFax] C:\Program Files\Classic PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\SMax4.exe" /tray
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EA Downloader\Core.exe" -silent
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Motorola Phone Tools.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} -
http://www.pandasoftware.com/activescan (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -
http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.0.0812.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.0.0812.00.dll
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O20 - Winlogon Notify: khfgebx - C:\WINDOWS\system32\khfgebx.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\RedirSvc\RedirSvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\Mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MpfSrv.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 8752 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R2 EIO - c:\windows\system32\drivers\eio.sys <Not Verified; ASUSTeK Computer Inc.; ASUS Kernel Mode Driver for NT>
R3 SAA7146n (TT DVB-PCI driver (SAA7146n)) - c:\windows\system32\drivers\saa7146n.sys <Not Verified; TechnoTrend AG; TT-DVBsat PCI>
R3 TTLOOPHE (Virtual DVB-S/-C/-T Network Adapter Driver) - c:\windows\system32\drivers\ttloophe.sys <Not Verified; TechnoTrend AG; TT-DVB PCI cards>
R3 usbsermpt (Motorola USB Modem Driver for MPT) - c:\windows\system32\drivers\usbsermpt.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
S3 giveio - c:\windows\system32\giveio.sys
S3 mohfilt - c:\windows\system32\drivers\mohfilt.sys <Not Verified; Intel Corporation; Creatix V.9X data fax modem>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
All services whitelisted.
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2008-01-19 13:48:22 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-01-15 02:40:50 352 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2007-12-01 01:00:06 354 --a------ C:\WINDOWS\Tasks\McQcTask.job
-- Files created between 2007-12-19 and 2008-01-19 -----------------------------
2008-01-19 13:52:02 391 --ahs---- C:\WINDOWS\system32\ututv.ini2
2008-01-19 13:51:55 344576 --a------ C:\WINDOWS\system32\vtutu.dll
2008-01-17 20:59:39 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-01-12 16:09:54 0 d-------- C:\VundoFix Backups
2008-01-12 16:09:39 132608 --a------ C:\Program Files\VundoFix.exe <Not Verified; Atribune.org; VundoFix>
2008-01-07 19:28:39 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-01-07 19:00:57 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-01-07 19:00:55 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-01-07 19:00:55 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-01-07 19:00:11 0 d-------- C:\Documents and Settings\Administrator\Application Data
2008-01-07 19:00:11 0 d-------- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-01-07 19:00:05 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-01-07 19:00:04 0 d-------- C:\Documents and Settings\Administrator\Start Menu
2008-01-07 19:00:01 524288 --ah----- C:\Documents and Settings\Administrator\ntuser.dat
2008-01-07 19:00:01 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-01-07 19:00:01 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-01-04 21:33:36 0 d-------- C:\Program Files\ProcessExplorer
2007-12-30 10:13:55 0 dr-h----- C:\Documents and Settings\POUCHI\Application Data\SecuROM
2007-12-27 20:23:50 0 d-------- C:\Program Files\RitzDVB
-- Find3M Report ---------------------------------------------------------------
2008-01-19 13:52:11 0 d-------- C:\Program Files\Windows Defender
2008-01-19 13:42:05 0 d-------- C:\Documents and Settings\POUCHI\Application Data\SiteAdvisor
2008-01-19 12:51:10 0 d-------- C:\Program Files\Java
2008-01-18 01:37:10 0 d-------- C:\Program Files\McAfee
2008-01-12 13:49:26 276 --a------ C:\Program Files\FixVundo.log
2008-01-12 01:19:27 0 d-------- C:\Program Files\SiteAdvisor
2008-01-09 06:26:55 0 d-------- C:\Program Files\Classic PhoneTools
2008-01-04 21:31:21 1613990 --a------ C:\Program Files\ProcessExplorer.zip
2007-12-30 11:17:57 0 d-------- C:\Program Files\EA SPORTS
2007-12-28 09:31:21 0 d-------- C:\Program Files\RitzDVB (2)
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{22E53967-D04B-4109-B305-C48FBBAED0C8}]
19/01/2008 01:51 PM 344576 --a------ C:\WINDOWS\system32\vtutu.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d64c2a5f-fcd9-40fe-b98c-3ee273693232}]
C:\WINDOWS\system32\jvdxtssw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" []
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" []
"CapFax"="C:\Program Files\Classic PhoneTools\CapFax.EXE" []
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" []
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [19/01/2008 11:21 AM]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" []
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"SoundMax"="C:\Program Files\Analog Devices\SoundMAX\SMax4.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EA Core"="C:\Program Files\Electronic Arts\EA Downloader\Core.exe" []
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [19/01/2008 11:21 AM]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
C:\Documents and Settings\POUCHI\Start Menu\Programs\Startup\
Motorola Phone Tools.lnk - C:\Program Files\Motorola Phone Tools\mPhonetools.exe [18/08/2007 12:04:34 PM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [29/12/2005 12:51:39 AM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfgebx]
khfgebx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\vtutu
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ffcb1cbe-77e9-11da-b4fe-806d6172696f}]
AutoRun\command- F:\Autorun.exe
-- End of Deckard's System Scanner: finished at 2008-01-19 13:57:09 ------------
