|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
Thread Tools |
04-29-2008, 12:03 AM
|
#1 (permalink) |
|
Registered User
Join Date: Apr 2008
Posts: 17
OS: vista
|
MSN-'is this you virus' screwed my comp
Please help me, I have various problems having been infected from the msn 'is this you virus', a contact in msn sends a message saying "is this you" with a link containing your email address. however the message is automated and clicking the link infects you with a virus. My computer was almost nonfunctional until i uninstalled my anti virus software following some online advice, this did seem to improve things however i still have various problems:
Error notifications on initial login, 'WLLoginProxy exe has stopped working' Sidebar won't display Certain webpages won't load (i've checked that they are operational on other computers) cannot install VGA virus removal software popups on Internet explorer e.g love sites, and 'spyware scanners' (though no pops on mozilla firefox) Deckard's System Scanner v20071014.68 Run by Steve on 2008-04-29 18:44:27 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- Last 2 Restore Point(s) -- 2: 2008-04-29 06:25:58 UTC - RP288 - Windows Update 1: 2008-04-29 06:01:14 UTC - RP287 - Scheduled Checkpoint Backed up registry hives. Performed disk cleanup. Total Physical Memory: 1014 MiB (1024 MiB recommended). System Drive C: has 0.79 GiB (less than 15%) free. -- HijackThis (run as Steve.exe) ----------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:48:34 p.m., on 29/04/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16643) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre1.6.0\bin\jusched.exe C:\Windows\System32\ico.exe C:\Windows\sttray.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Dell\MediaDirect\PCMService.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Windows\System32\Pmxmiced.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\System32\rundll32.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe C:\Program Files\Dell Support Center\gs_agent\dsc.exe C:\Windows\System32\mobsync.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Windows\system32\rundll32.exe C:\Users\Steve\Desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Steve.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {BBC2696F-1C1E-4612-8A6A-7AB1D3ABFC1C} - C:\Windows\system32\cbXNFwWp.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe" O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\ljJCrRhe.dll,#1 O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [BM11e4513d] Rundll32.exe "C:\Windows\system32\iljgbfuf.dll",s O4 - HKLM\..\Run: [12d762a1] rundll32.exe "C:\Windows\system32\tithoylr.dll",b O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O4 - Global Startup: QuickSet.lnk = ? O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing) O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: cyyffhou - C:\Windows\SYSTEM32\cyyffhou.dll O20 - Winlogon Notify: diagecvm - C:\Windows\SYSTEM32\diagecvm.dll O20 - Winlogon Notify: djjpggcb - C:\Windows\SYSTEM32\djjpggcb.dll O20 - Winlogon Notify: dtqfabhx - C:\Windows\SYSTEM32\dtqfabhx.dll O20 - Winlogon Notify: edhmnlqd - C:\Windows\SYSTEM32\edhmnlqd.dll O20 - Winlogon Notify: exlvfakw - C:\Windows\SYSTEM32\exlvfakw.dll O20 - Winlogon Notify: fgymspgt - C:\Windows\SYSTEM32\fgymspgt.dll O20 - Winlogon Notify: hdmlmwqa - C:\Windows\SYSTEM32\hdmlmwqa.dll O20 - Winlogon Notify: jpxqtjyu - C:\Windows\SYSTEM32\jpxqtjyu.dll O20 - Winlogon Notify: kldpdrks - C:\Windows\SYSTEM32\kldpdrks.dll O20 - Winlogon Notify: ldhobujw - C:\Windows\SYSTEM32\ldhobujw.dll O20 - Winlogon Notify: mygdsbmq - C:\Windows\SYSTEM32\mygdsbmq.dll O20 - Winlogon Notify: rbmqvyjw - C:\Windows\SYSTEM32\rbmqvyjw.dll O20 - Winlogon Notify: rbtecrao - C:\Windows\SYSTEM32\rbtecrao.dll O20 - Winlogon Notify: ulwsowbl - C:\Windows\SYSTEM32\ulwsowbl.dll O20 - Winlogon Notify: utcrchny - C:\Windows\SYSTEM32\utcrchny.dll O20 - Winlogon Notify: wlmwvvxf - C:\Windows\SYSTEM32\wlmwvvxf.dll O20 - Winlogon Notify: xtjsnblg - C:\Windows\SYSTEM32\xtjsnblg.dll O20 - Winlogon Notify: ymllrtwn - C:\Windows\SYSTEM32\ymllrtwn.dll O20 - Winlogon Notify: ywwltnva - C:\Windows\SYSTEM32\ywwltnva.dll O20 - Winlogon Notify: __c002CE3 - C:\Windows\SYSTEM32\__c002CE3.dat O20 - Winlogon Notify: __c0045660 - C:\Windows\SYSTEM32\__c0045660.dat O20 - Winlogon Notify: __c0058C64 - C:\Windows\SYSTEM32\__c0058C64.dat O20 - Winlogon Notify: __c0063AB5 - C:\Windows\SYSTEM32\__c0063AB5.dat O20 - Winlogon Notify: __c0078B27 - C:\Windows\SYSTEM32\__c0078B27.dat O20 - Winlogon Notify: __c0079006 - C:\Windows\SYSTEM32\__c0079006.dat O20 - Winlogon Notify: __c007A06D - C:\Windows\SYSTEM32\__c007A06D.dat O20 - Winlogon Notify: __c007EEE3 - C:\Windows\SYSTEM32\__c007EEE3.dat O20 - Winlogon Notify: __c0085FE8 - C:\Windows\SYSTEM32\__c0085FE8.dat O20 - Winlogon Notify: __c009C344 - C:\Windows\SYSTEM32\__c009C344.dat O20 - Winlogon Notify: __c00AB200 - C:\Windows\SYSTEM32\__c00AB200.dat O20 - Winlogon Notify: __c00BA2E4 - __c00BA2E4.dat (file missing) O20 - Winlogon Notify: __c00C18B6 - C:\Windows\SYSTEM32\__c00C18B6.dat O20 - Winlogon Notify: __c00CD68 - C:\Windows\SYSTEM32\__c00CD68.dat O20 - Winlogon Notify: __c00CE2A9 - C:\Windows\SYSTEM32\__c00CE2A9.dat O20 - Winlogon Notify: __c00E5E0C - C:\Windows\SYSTEM32\__c00E5E0C.dat O20 - Winlogon Notify: __c00F50A4 - C:\Windows\SYSTEM32\__c00F50A4.dat O20 - Winlogon Notify: __c00FB607 - C:\Windows\SYSTEM32\__c00FB607.dat O20 - Winlogon Notify: __c00FBEFC - C:\Windows\SYSTEM32\__c00FBEFC.dat O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee Network Agent (McNASvc) - Unknown owner - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe (file missing) O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 13442 bytes -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) ----------- backup-20080405-004607-205 O2 - BHO: (no name) - {28EB9A0F-128D-42F7-9475-BF78243372B0} - C:\Windows\system32\cbXNFwWp.dll backup-20080405-004703-747 O2 - BHO: (no name) - {28EB9A0F-128D-42F7-9475-BF78243372B0} - C:\Windows\system32\cbXNFwWp.dll -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R2 dsunidrv - \??\c:\program files\dellsupport\drivers\dsunidrv.sys R3 DSproct - \??\c:\program files\dellsupport\gtaction\triggers\dsproct.sys -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service> R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour> R2 sprtsvc_dellsupportcenter (SupportSoft Sprocket Service (dellsupportcenter)) - c:\program files\dell support center\bin\sprtsvc.exe /service /p dellsupportcenter R2 STacSV (SigmaTel Audio Service) - c:\program files\sigmatel\c-major audio\wdm\stacsv.exe <Not Verified; SigmaTel, Inc.; C-Major Audio> S2 McNASvc (McAfee Network Agent) - "c:\progra~1\common~1\mcafee\mna\mcnasvc.exe" (file missing) S3 DSBrokerService - "c:\program files\dellsupport\brkrsvc.exe" <Not Verified; ; Gteko BrkrSvc Application> S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler> -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2008-04-29 18:18:31 418 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{4D0D7B84-ACD9-433D-AFA8-609000CF7C96}.job -- Files created between 2008-03-29 and 2008-04-29 ----------------------------- 2008-04-29 18:40:24 95296 --a------ C:\Windows\system32\tithoylr.dll 2008-04-29 18:32:03 32320 --a------ C:\Windows\system32\__c00CE2A9.dat 2008-04-29 18:32:02 32320 --a------ C:\Windows\system32\edhmnlqd.dll 2008-04-29 18:31:48 104000 --a------ C:\Windows\system32\jkotcydw.dll 2008-04-28 21:42:09 389120 --a------ C:\Windows\system32\igxpun.exe <Not Verified; Intel(R) Corporation; Intel(R) Graphics Media Accelerator Driver> 2008-04-28 21:40:14 0 d-------- C:\Program Files\Microsoft Silverlight 2008-04-28 19:34:38 94784 -----n--- C:\Windows\system32\mpjchyhq.dll 2008-04-28 18:47:34 0 d-------- C:\ie-spyad_zo 2008-04-28 18:31:21 0 d-------- C:\Program Files\SpywareBlaster 2008-04-28 18:29:36 32320 --a------ C:\Windows\system32\__c00FB607.dat 2008-04-28 18:29:34 32320 --a------ C:\Windows\system32\rbmqvyjw.dll 2008-04-28 18:29:12 105024 --a------ C:\Windows\system32\iljgbfuf.dll 2008-04-28 18:26:02 0 d-------- C:\Downloads 2008-04-27 20:39:13 0 d-------- C:\Program Files\Panda Security 2008-04-27 15:38:30 0 d-------- C:\Users\All Users\FreeDownloadManager.ORG 2008-04-27 15:38:30 0 d-------- C:\Program Files\Free Download Manager 2008-04-27 14:52:38 32320 --a------ C:\Windows\system32\__c007EEE3.dat 2008-04-27 14:52:36 32320 --a------ C:\Windows\system32\exlvfakw.dll 2008-04-27 14:52:25 106048 --a------ C:\Windows\system32\bokfdheb.dll 2008-04-26 11:04:42 32320 --a------ C:\Windows\system32\__c0079006.dat 2008-04-26 11:04:41 32320 --a------ C:\Windows\system32\diagecvm.dll 2008-04-26 11:04:27 105536 --a------ C:\Windows\system32\hrllscpt.dll 2008-04-25 12:38:28 0 d-------- C:\Program Files\Common Files\Adobe 2008-04-25 12:38:15 0 d-------- C:\Users\All Users\Adobe 2008-04-24 20:40:00 32320 --a------ C:\Windows\system32\__c0078B27.dat 2008-04-24 20:39:59 32320 --a------ C:\Windows\system32\jpxqtjyu.dll 2008-04-24 20:39:48 96320 --a------ C:\Windows\system32\gpcbtyce.dll 2008-04-24 20:20:01 0 d-------- C:\Windows\system32\outlook express contact 2008-04-23 18:46:33 32320 --a------ C:\Windows\system32\__c0085FE8.dat 2008-04-23 18:46:32 32320 --a------ C:\Windows\system32\ywwltnva.dll 2008-04-23 18:44:10 97856 --a------ C:\Windows\system32\ltpxpkwv.dll 2008-04-21 13:39:20 32320 --a------ C:\Windows\system32\__c0058C64.dat 2008-04-21 13:39:19 32320 --a------ C:\Windows\system32\dtqfabhx.dll 2008-04-21 13:36:58 96320 --a------ C:\Windows\system32\cvqaebxi.dll 2008-04-20 00:08:37 32320 --a------ C:\Windows\system32\__c0045660.dat 2008-04-20 00:08:35 32320 --a------ C:\Windows\system32\cyyffhou.dll 2008-04-20 00:00:23 32320 --a------ C:\Windows\system32\qgdnwmyc.dll 2008-04-19 23:58:40 95296 --a------ C:\Windows\system32\htgnlmsw.dll 2008-04-18 20:21:32 32320 --a------ C:\Windows\system32\__c00F50A4.dat 2008-04-18 20:21:31 32320 --a------ C:\Windows\system32\rbtecrao.dll 2008-04-17 19:37:41 32320 --a------ C:\Windows\system32\__c00FBEFC.dat 2008-04-17 19:37:40 32320 --a------ C:\Windows\system32\djjpggcb.dll 2008-04-17 19:35:25 95808 --a------ C:\Windows\system32\vjbnnxhf.dll 2008-04-14 20:41:26 32320 --a------ C:\Windows\system32\__c00AB200.dat 2008-04-14 20:41:25 32320 --a------ C:\Windows\system32\ldhobujw.dll 2008-04-14 20:35:34 3648 --a------ C:\Windows\system32\xkcqouom.dll 2008-04-14 20:35:25 96320 --a------ C:\Windows\system32\bexrxghx.dll 2008-04-13 20:35:21 32320 --a------ C:\Windows\system32\__c00C18B6.dat 2008-04-13 20:35:20 32320 --a------ C:\Windows\system32\wlmwvvxf.dll 2008-04-13 20:33:26 3648 --a------ C:\Windows\system32\leufkind.dll 2008-04-13 20:33:15 95296 --a------ C:\Windows\system32\pvtqjeea.dll 2008-04-12 20:17:18 32320 --a------ C:\Windows\system32\__c009C344.dat 2008-04-12 20:17:17 32320 --a------ C:\Windows\system32\mygdsbmq.dll 2008-04-12 20:15:11 3648 --a------ C:\Windows\system32\dqefmnnk.dll 2008-04-12 20:14:59 94272 --a------ C:\Windows\system32\masxalue.dll 2008-04-11 13:55:51 0 d-------- C:\Program Files\Common Files\xing shared 2008-04-11 13:23:33 32320 --a------ C:\Windows\system32\__c007A06D.dat 2008-04-11 13:23:30 32320 --a------ C:\Windows\system32\xtjsnblg.dll 2008-04-11 13:21:20 3648 --a------ C:\Windows\system32\nrotwaby.dll 2008-04-11 13:21:08 88128 --a------ C:\Windows\system32\acfhdgpb.dll 2008-04-10 03:25:07 32320 --a------ C:\Windows\system32\__c0063AB5.dat 2008-04-10 03:25:06 32320 --a------ C:\Windows\system32\hdmlmwqa.dll 2008-04-10 03:25:05 32320 --a------ C:\Windows\system32\bxusirvx.dll 2008-04-10 03:21:28 32320 --a------ C:\Windows\system32\aexlaikt.dll 2008-04-10 03:19:18 3648 --a------ C:\Windows\system32\rkujcsfy.dll 2008-04-10 03:19:08 87616 --a------ C:\Windows\system32\harmxfgb.dll 2008-04-08 19:42:24 83520 --a------ C:\Windows\system32\dcvugprh.dll 2008-04-08 19:41:44 32320 --a------ C:\Windows\system32\__c003D14A.dat 2008-04-08 19:41:43 32320 --a------ C:\Windows\system32\ulwsowbl.dll 2008-04-08 19:38:44 88640 --a------ C:\Windows\system32\hjhaneko.dll 2008-04-07 19:38:35 32320 --a------ C:\Windows\system32\__c00CD68.dat 2008-04-07 19:38:33 32320 --a------ C:\Windows\system32\ymllrtwn.dll 2008-04-07 19:36:52 88128 --a------ C:\Windows\system32\ndxwvngk.dll 2008-04-06 17:53:20 32320 --a------ C:\Windows\system32\__c00E5E0C.dat 2008-04-06 17:53:19 32320 --a------ C:\Windows\system32\utcrchny.dll 2008-04-06 17:51:08 87104 --a------ C:\Windows\system32\tsdjwtoc.dll 2008-04-06 15:50:16 32320 --a------ C:\Windows\system32\__c002CE3.dat 2008-04-06 15:50:15 32320 --a------ C:\Windows\system32\fgymspgt.dll 2008-04-06 15:47:37 87104 --a------ C:\Windows\system32\wjbnldba.dll 2008-04-06 01:20:37 0 d-------- C:\Program Files\VideoLAN 2008-04-05 17:49:43 87104 --a------ C:\Windows\system32\fepnueos.dll 2008-04-05 05:31:08 0 d-------- C:\Program Files\AVG 2008-04-05 05:31:05 0 d-------- C:\Users\All Users\avg8 2008-04-05 05:21:44 88640 --a------ C:\Windows\system32\ltopybmj.dll 2008-04-05 04:19:30 0 d-------- C:\Program Files\Spyware Doctor 2008-04-04 10:30:52 0 d-------- C:\Program Files\Trend Micro 2008-04-04 10:27:10 0 d-------- C:\VundoFix Backups 2008-04-04 03:08:16 32320 --a------ C:\Windows\system32\kldpdrks.dll 2008-04-04 03:08:05 88128 --a------ C:\Windows\system32\wyffgeju.dll 2008-04-04 02:57:56 37888 --a------ C:\Windows\system32\qoMdEWnk.dll 2008-04-02 18:45:52 36352 --a------ C:\Windows\system32\ssqNHaBt.dll 2008-04-02 03:33:29 0 d-a------ C:\Users\All Users\TEMP 2008-04-01 11:16:44 187908 --ahs---- C:\Windows\system32\pWwFNXbc.ini2 2008-04-01 11:16:34 268288 -----n--- C:\Windows\system32\cbXNFwWp.dll 2008-04-01 09:53:13 37888 --a------ C:\Windows\system32\efcBsRhe.dll 2008-04-01 09:45:23 36352 --a------ C:\Windows\system32\urqQhGAS.dll 2008-04-01 03:17:29 37888 --a------ C:\Windows\system32\rqRKEVMG.dll 2008-04-01 01:45:49 37888 --a------ C:\Windows\system32\vtUlJdAp.dll -- Find3M Report --------------------------------------------------------------- 2008-04-29 13:44:44 0 d-------- C:\Users\Steve\AppData\Roaming\LimeWire 2008-04-28 21:55:38 0 d-------- C:\Users\Steve\AppData\Roaming\Free Download Manager 2008-04-27 20:39:21 4781 --a------ C:\Windows\mozver.dat 2008-04-25 12:38:28 0 d-------- C:\Program Files\Common Files 2008-04-23 20:30:25 0 d-------- C:\Users\Steve\AppData\Roaming\Media Player Classic 2008-04-11 14:55:57 0 d-------- C:\Users\Steve\AppData\Roaming\Real 2008-04-11 13:55:34 0 d-------- C:\Program Files\Common Files\Real 2008-04-10 11:37:13 0 d-------- C:\Program Files\Windows Mail 2008-04-06 01:23:58 0 d-------- C:\Users\Steve\AppData\Roaming\vlc 2008-04-05 04:01:16 0 d-------- C:\Program Files\Metal Gear Solid 2008-04-02 03:32:37 0 d-------- C:\Users\Steve\AppData\Roaming\PC Tools 2008-03-27 23:53:18 0 d-------- C:\Users\Steve\AppData\Roaming\TrueCrypt 2008-03-26 23:32:24 0 d-------- C:\Program Files\TrueCrypt 2008-03-18 20:20:31 0 d-------- C:\Program Files\ffdshow 2008-03-18 16:04:04 0 d-------- C:\Program Files\Dell Support Center 2008-03-18 16:02:59 0 d-------- C:\Program Files\Common Files\supportsoft 2008-03-17 16:36:54 0 d-------- C:\Program Files\Windows Live Safety Center 2008-03-14 22:56:58 0 d-------- C:\Program Files\LimeWire 2008-03-11 20:20:45 0 d-------- C:\Program Files\Windows Live 2008-03-11 20:16:34 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller 2008-03-11 12:50:35 0 d-------- C:\Program Files\iTunes 2008-03-11 12:50:25 0 d-------- C:\Program Files\iPod 2008-03-11 12:47:30 0 d-------- C:\Program Files\Bonjour 2008-03-11 12:46:50 0 d-------- C:\Program Files\QuickTime 2008-03-11 12:41:38 0 d-------- C:\Program Files\Apple Software Update 2008-03-11 12:38:10 0 d-------- C:\Program Files\Common Files\Apple 2008-03-11 12:28:30 0 d-------- C:\Users\Steve\AppData\Roaming\Adobe 2008-03-11 11:35:58 174 --ahs---- C:\Program Files\desktop.ini 2008-03-11 11:28:20 0 d-------- C:\Program Files\Windows Calendar 2008-03-11 11:28:03 0 d-------- C:\Program Files\Windows Defender 2008-03-11 11:27:28 0 d-------- C:\Program Files\Windows Sidebar 2008-03-11 09:57:20 0 d--h----- C:\Program Files\CanonBJ 2008-03-08 21:33:48 0 d-------- C:\Program Files\EphPod 2008-03-03 19:43:08 0 d-------- C:\Program Files\R 2008-02-24 21:21:51 136 --a------ C:\Windows\popcinfo.dat 2008-01-29 17:57:59 577 --a------ C:\Users\Steve\AppData\Roaming\AutoGK.ini -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BBC2696F-1C1E-4612-8A6A-7AB1D3ABFC1C}] 01/04/2008 11:16 a.m. 268288 --------- C:\Windows\system32\cbXNFwWp.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2008 10:44 a.m.] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [18/11/2006 11:52 a.m.] "SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [10/02/2007 11:48 a.m.] "PMX Daemon"="ICO.EXE" [08/11/2006 07:01 p.m. C:\Windows\System32\ico.exe] "SigmatelSysTrayApp"="sttray.exe" [02/12/2006 09:40 a.m. C:\Windows\sttray.exe] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [03/10/2006 03:37 p.m.] "@"="" [] "RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [05/11/2006 03:22 p.m.] "RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [17/08/2006 01:00 p.m.] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [10/02/2007 12:01 p.m.] "PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [13/10/2006 03:31 p.m.] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [26/10/2006 11:47 p.m.] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [31/01/2008 10:13 p.m.] "dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [15/11/2007 08:24 a.m.] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [19/02/2008 12:10 p.m.] "MSServer"="C:\Windows\system32\ljJCrRhe.dll" [] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [11/04/2008 01:53 p.m.] "IgfxTray"="C:\Windows\system32\igfxtray.exe" [12/12/2006 10:02 a.m.] "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [12/12/2006 10:03 a.m.] "Persistence"="C:\Windows\system32\igfxpers.exe" [12/12/2006 10:02 a.m.] "BM11e4513d"="C:\Windows\system32\iljgbfuf.dll" [28/04/2008 06:29 p.m.] "12d762a1"="C:\Windows\system32\tithoylr.dll" [29/04/2008 06:40 p.m.] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [11/03/2008 10:28 a.m.] "DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [12/11/2006 06:19 a.m.] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [03/11/2006 12:35 a.m.] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [03/11/2006 12:36 a.m.] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 10:34 a.m.] "DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [15/11/2007 08:23 a.m.] C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [26/10/2006 7:24:54 p.m.] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 10:05:26 p.m.] Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [10/02/2007 11:53:50 a.m.] QuickSet.lnk - C:\Windows\Installer\{53A01CC6-14B0-4512-A2E7-10D39BF83DC4}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [10/02/2007 11:50:48 a.m.] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"=2 (0x2) "EnableLUA"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{7CE67716-5803-4FB7-B344-0C7A17F93B5D}"= C:\Windows\system32\ljJCrRhe.dll [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cyyffhou] cyyffhou.dll 20/04/2008 12:08 a.m. 32320 C:\Windows\System32\cyyffhou.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\diagecvm] diagecvm.dll 26/04/2008 11:04 a.m. 32320 C:\Windows\System32\diagecvm.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\djjpggcb] djjpggcb.dll 17/04/2008 07:37 p.m. 32320 C:\Windows\System32\djjpggcb.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dtqfabhx] dtqfabhx.dll 21/04/2008 01:39 p.m. 32320 C:\Windows\System32\dtqfabhx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\edhmnlqd] edhmnlqd.dll 29/04/2008 06:32 p.m. 32320 C:\Windows\System32\edhmnlqd.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\exlvfakw] exlvfakw.dll 27/04/2008 02:52 p.m. 32320 C:\Windows\System32\exlvfakw.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fgymspgt] fgymspgt.dll 06/04/2008 03:50 p.m. 32320 C:\Windows\System32\fgymspgt.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hdmlmwqa] hdmlmwqa.dll 10/04/2008 03:25 a.m. 32320 C:\Windows\System32\hdmlmwqa.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jpxqtjyu] jpxqtjyu.dll 24/04/2008 08:40 p.m. 32320 C:\Windows\System32\jpxqtjyu.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\kldpdrks] kldpdrks.dll 04/04/2008 03:08 a.m. 32320 C:\Windows\System32\kldpdrks.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ldhobujw] ldhobujw.dll 14/04/2008 08:41 p.m. 32320 C:\Windows\System32\ldhobujw.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mygdsbmq] mygdsbmq.dll 12/04/2008 08:17 p.m. 32320 C:\Windows\System32\mygdsbmq.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rbmqvyjw] rbmqvyjw.dll 28/04/2008 06:29 p.m. 32320 C:\Windows\System32\rbmqvyjw.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rbtecrao] rbtecrao.dll 18/04/2008 08:21 p.m. 32320 C:\Windows\System32\rbtecrao.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ulwsowbl] ulwsowbl.dll 08/04/2008 07:41 p.m. 32320 C:\Windows\System32\ulwsowbl.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\utcrchny] utcrchny.dll 06/04/2008 05:53 p.m. 32320 C:\Windows\System32\utcrchny.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlmwvvxf] wlmwvvxf.dll 13/04/2008 08:35 p.m. 32320 C:\Windows\System32\wlmwvvxf.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xtjsnblg] xtjsnblg.dll 11/04/2008 01:23 p.m. 32320 C:\Windows\System32\xtjsnblg.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ymllrtwn] ymllrtwn.dll 07/04/2008 07:38 p.m. 32320 C:\Windows\System32\ymllrtwn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ywwltnva] ywwltnva.dll 23/04/2008 06:46 p.m. 32320 C:\Windows\System32\ywwltnva.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c002CE3] __c002CE3.dat 06/04/2008 03:50 p.m. 32320 C:\Windows\System32\__c002CE3.dat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c0045660] __c0045660.dat 20/04/2008 12:08 a.m. 32320 C:\Windows\System32\__c0045660.dat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c0058C64] __c0058C64.dat 21/04/2008 01:39 p.m. 32320 C:\Windows\System32\__c0058C64.dat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c0063AB5] __c0063AB5.dat 10/04/2008 03:25 a.m. 32320 C:\Windows\System32\__c0063AB5.dat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c0078B27] __c0078B27.dat 24/04/2008 08:40 p.m. 32320 C:\Windows\System32\__c0078B27.dat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c0079006] __c0079006.dat 26/04/2008 11:04 a.m. 32320 C:\Windows\System32\__c0079006.dat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c007A06D] __c007A06D.dat 11/04/2008 01:23 p.m. 32320 C:\Windows\System32\__c007A06D.dat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c007EEE3] __c007EEE3.dat 27/04/2008 02:52 p.m. 32320 C:\Windows\System32\__c007EEE3.dat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c0085FE8] __c0085FE8.dat 23/04/2008 06:46 p.m. 32320 C:\Windows\System32\__c0085FE8.dat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c009C344] __c009C344.dat 12/04/2008 08:17 p.m. 32320 C:\Windows\System32\__c009C344.dat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c00AB200] __c00AB200.dat 14/04/2008 08:41 p.m. 32320 C:\Windows\System32\__c00AB200.dat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c00BA2E4] __c00BA2E4.dat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c00C18B6] __c00C18B6.dat 13/04/2008 08:35 p.m. 32320 C:\Windows\System32\__c00C18B6.dat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c00CD68] __c00CD68.dat 07/04/2008 07:38 p.m. 32320 C:\Windows\System32\__c00CD68.dat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c00CE2A9] __c00CE2A9.dat 29/04/2008 06:32 p.m. 32320 C:\Windows\System32\__c00CE2A9.dat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c00E5E0C] __c00E5E0C.dat 06/04/2008 05:53 p.m. 32320 C:\Windows\System32\__c00E5E0C.dat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c00F50A4] __c00F50A4.dat 18/04/2008 08:21 p.m. 32320 C:\Windows\System32\__c00F50A4.dat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c00FB607] __c00FB607.dat 28/04/2008 06:29 p.m. 32320 C:\Windows\System32\__c00FB607.dat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c00FBEFC] __c00FBEFC.dat 17/04/2008 07:37 p.m. 32320 C:\Windows\System32\__c00FBEFC.dat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\Windows\system32\cbXNFwWp [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] @="IEEE 1394 Bus host controllers" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] @="SBP2 IEEE 1394 Devices" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] @="SecurityDevices" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{18e9ec39-292a-11dc-8f47-0019b94cc024}] Auto\command- oxbvpen.exe AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL oxbvpen.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2519b59a-bbd4-11db-878a-0019b94cc024}] AutoRun\command- G:\browsercall.exe index.html [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45a94678-2c3d-11dc-a715-0019b94cc024}] Auto\command- oxbvpen.exe AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL oxbvpen.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] C:\Windows\system32\unregmp2.exe /ShowWMP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI -- End of Deckard's System Scanner: finished at 2008-04-29 18:52:09 ------------ |
|
     |
|
06-04-2008, 10:35 AM
|
#6 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 25,565
OS: 2000 Pro; XP Pro; XP Home
|
Re: MSN-'is this you virus' screwed my comp
Hello and Welcome. Apologies for any delay in replying, but we have been rather busy lately.
Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe. If you're not receiving help elsewhere, and still require assistance for this issue, and since it has been quite a while since you first posted, I would like a new set of logs from Deckard's System Scanner Please do this: Please run Deckard's System Scanner once again, this time using these instructions: Click the Windows 'Start' button > Select 'Run' - then copy/paste this into the run box & click OK "C:\Users\Steve\Desktop\dss.exe" /configClick on "Check All" Click Scan! When finished, it shall produce two logs for you. Post those logs in your next reply. --------------------------------------------------------------------------------------------- Thank you.
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you.  Our help is voluntary, but this site needs donations to operate.
Please consider Donating to the Forum. Please do not ask for help via Private Message. Ask in the forums, so all may gain from the experience. |
|
|
|
|
06-04-2008, 04:34 PM
|
#7 (permalink) |
|
Registered User
Join Date: Apr 2008
Posts: 17
OS: vista
|
Re: MSN-'is this you virus' screwed my comp
late reply is no problem, it's just good to be getting some help! here are the two requested logs: Deckard's System Scanner v20071014.68 Run by Steve on 2008-06-05 11:28:50 Computer is in Normal Mode. -------------------------------------------------------------------------------- Performed disk cleanup. Percentage of Memory in Use: 88% (more than 75%). Total Physical Memory: 1014 MiB (1024 MiB recommended). System Drive C: has 1.01 GiB (less than 15%) free. -- HijackThis (run as Steve.exe) ----------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:28:58 a.m., on 5/06/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16643) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre1.6.0\bin\jusched.exe C:\Windows\System32\ico.exe C:\Windows\sttray.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Windows\System32\Pmxmiced.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Windows\ehome\ehmsas.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\Windows\system32\taskeng.exe C:\Program Files\iTunes\iTunes.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\Steve\Desktop\dss.exe C:\Windows\system32\DllHost.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Steve.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe" O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O4 - Global Startup: QuickSet.lnk = ? O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsAuxs.exe (file missing) O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsSvc.exe (file missing) O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 10502 bytes -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) ----------- backup-20080405-004607-205 O2 - BHO: (no name) - {28EB9A0F-128D-42F7-9475-BF78243372B0} - C:\Windows\system32\cbXNFwWp.dll backup-20080405-004703-747 O2 - BHO: (no name) - {28EB9A0F-128D-42F7-9475-BF78243372B0} - C:\Windows\system32\cbXNFwWp.dll -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R2 dsunidrv - \??\c:\program files\dellsupport\drivers\dsunidrv.sys R3 DSproct - \??\c:\program files\dellsupport\gtaction\triggers\dsproct.sys -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service> R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour> R2 sprtsvc_dellsupportcenter (SupportSoft Sprocket Service (dellsupportcenter)) - c:\program files\dell support center\bin\sprtsvc.exe /service /p dellsupportcenter R2 STacSV (SigmaTel Audio Service) - c:\program files\sigmatel\c-major audio\wdm\stacsv.exe <Not Verified; SigmaTel, Inc.; C-Major Audio> S3 DSBrokerService - "c:\program files\dellsupport\brkrsvc.exe" <Not Verified; ; Gteko BrkrSvc Application> S3 sdAuxService (PC Tools Auxiliary Service) - c:\program files\spyware doctor\pctsauxs.exe (file missing) S3 sdCoreService (PC Tools Security Service) - c:\program files\spyware doctor\pctssvc.exe (file missing) S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler> -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Process Modules ------------------------------------------------------------- C:\Windows\explorer.exe (pid 1968) 2008-02-19 12:10:32 43008 --a------ C:\Program Files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll <Not Verified; Apple Inc.; iTunes> 2008-02-19 12:10:32 129536 --a------ C:\Program Files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll <Not Verified; Apple Inc.; iTunes> 2006-11-09 18:39:20 131072 --a------ C:\Windows\System32\pmxscrll.dll <Not Verified; Primax Electronics Ltd.; MouseSuite 98> 2006-06-15 22:40:28 49152 --a------ C:\Windows\System32\pmxcomm.dll <Not Verified; Primax Electronics Ltd.; Mouse Suite 98> 2006-06-15 22:40:26 65536 --a------ C:\Windows\System32\pmxhooks.dll <Not Verified; Primax Electronics Ltd.; Mouse Suite 98> 2004-11-02 15:57:08 121344 --a------ C:\Program Files\WinRAR\RarExt.dll -- Scheduled Tasks ------------------------------------------------------------- 2008-06-05 11  45 418 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{4D0D7B84-ACD9-433D-AFA8-609000CF7C96}.job2008-06-05 11:04:26 438 --a------ C:\Windows\Tasks\RegCure Program Check.job 2008-05-21 16:53:00 372 --a------ C:\Windows\Tasks\RegCure.job -- Files created between 2008-05-05 and 2008-06-05 ----------------------------- 2008-05-22 14:16:19 0 d-------- C:\Mozilla 2008-05-21 19 48 0 d-------- C:\Program Files\Media Player Classic2008-05-21 16:53:30 0 d-------- C:\Windows\system32\Profiles 2008-05-21 16:38:33 765952 --a------ C:\Windows\system32\xvidcore.dll 2008-05-21 16:38:32 0 d-------- C:\Program Files\Xvid 2008-05-21 16:29:42 0 d-------- C:\Program Files\RegCure 2008-05-21 16:17:55 0 d-------- C:\temp 2008-05-19 18:02:25 162304 --a------ C:\Windows\system32\ztvunrar36.dll 2008-05-19 18:02:25 77312 --a------ C:\Windows\system32\ztvunace26.dll 2008-05-19 18:02:25 69632 --a------ C:\Windows\system32\ztvcabinet.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System> 2008-05-19 18:02:25 153088 --a------ C:\Windows\system32\UNRAR3.dll 2008-05-19 18:02:25 75264 --a------ C:\Windows\system32\unacev2.dll 2008-05-19 18:02:23 0 d-------- C:\Program Files\Trojan Remover 2008-05-19 18:02:23 0 d-------- C:\Program Files\Simply Super Software 2008-05-19 18:02:05 0 d-------- C:\Users\All Users\Simply Super Software 2008-05-19 12:26:22 0 d--h----- C:\$AVG8.VAULT$ 2008-05-19 12:21:04 0 d-------- C:\Windows\system32\drivers\Avg 2008-05-17 14:32:42 7588 --a------ C:\Windows\system32\ajhdjgvo.dll 2008-05-17 14:32:41 7588 --a------ C:\Windows\system32\stytxdxm.exe 2008-05-17 14:29:41 7588 --a------ C:\Windows\system32\wctkwesv.dll 2008-05-17 14:27:04 7588 --a------ C:\Windows\system32\qeuxfuab.dll 2008-05-17 14:26:59 7588 --a------ C:\Windows\system32\abcdvdlq.dll 2008-05-15 16:11:53 0 d-------- C:\Program Files\Apple Software Update 2008-05-10 18:50:17 0 d-------- C:\iPod_Control 2008-05-10 18:50:17 0 d-------- C:\Contacts -- Find3M Report --------------------------------------------------------------- 2008-06-04 23:03:12 0 d-------- C:\Users\Steve\AppData\Roaming\LimeWire 2008-06-03 21:38:56 0 d-------- C:\Program Files\Audacity 2008-06-03 11:20:16 0 d-------- C:\Program Files\R 2008-05-25 16:09:15 0 d-------- C:\Users\Steve\AppData\Roaming\Free Download Manager 2008-05-23 11:46:05 0 d-------- C:\Program Files\Free Download Manager 2008-05-22 21:16:37 0 d-------- C:\Program Files\BitComet 2008-05-21 20:23:13 0 d-------- C:\Program Files\Microsoft Silverlight 2008-05-19 19:52:50 0 d-------- C:\Program Files\Windows Mail 2008-05-19 18:05:23 0 d-------- C:\Users\Steve\AppData\Roaming\Simply Super Software 2008-05-18 21:41:01 459423 --ahs---- C:\Windows\system32\pWwFNXbc.ini2 2008-05-18 14:33:55 99965 --a------ C:\Windows\UninstallFirefox.exe 2008-05-18 14:33:51 4877 --a------ C:\Windows\mozver.dat 2008-05-15 22:45:49 0 d-------- C:\Program Files\EphPod 2008-05-02 19:33:54 136 --a------ C:\Windows\popcinfo.dat 2008-04-28 18:31:23 0 d-------- C:\Program Files\SpywareBlaster 2008-04-27 20:40:19 0 d-------- C:\Program Files\Panda Security 2008-04-25 12:38:28 0 d-------- C:\Program Files\Common Files 2008-04-25 12:38:28 0 d-------- C:\Program Files\Common Files\Adobe 2008-04-23 20:30:25 0 d-------- C:\Users\Steve\AppData\Roaming\Media Player Classic 2008-04-11 14:55:57 0 d-------- C:\Users\Steve\AppData\Roaming\Real 2008-04-11 13:55:51 0 d-------- C:\Program Files\Common Files\xing shared 2008-04-11 13:55:34 0 d-------- C:\Program Files\Common Files\Real 2008-04-06 01:23:58 0 d-------- C:\Users\Steve\AppData\Roaming\vlc 2008-04-06 01:20:37 0 d-------- C:\Program Files\VideoLAN 2008-04-05 22:41:28 0 d-------- C:\Program Files\m 2008-04-05 05:31:08 0 d-------- C:\Program Files\AVG 2008-04-05 04:01:16 0 d-------- C:\Program Files\Metal Gear Solid 2008-03-11 11:35:58 174 --ahs---- C:\Program Files\desktop.ini -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2008 10:44 a.m.] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [18/11/2006 11:52 a.m.] "SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [10/02/2007 11:48 a.m.] "PMX Daemon"="ICO.EXE" [08/11/2006 07:01 p.m. C:\Windows\System32\ico.exe] "SigmatelSysTrayApp"="sttray.exe" [02/12/2006 09:40 a.m. C:\Windows\sttray.exe] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [03/10/2006 03:37 p.m.] "@"="" [] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [10/02/2007 12:01 p.m.] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [26/10/2006 11:47 p.m.] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [31/01/2008 10:13 p.m.] "dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [15/11/2007 08:24 a.m.] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [19/02/2008 12:10 p.m.] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [11/04/2008 01:53 p.m.] "IgfxTray"="C:\Windows\system32\igfxtray.exe" [12/12/2006 10:02 a.m.] "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [12/12/2006 10:03 a.m.] "Persistence"="C:\Windows\system32\igfxpers.exe" [12/12/2006 10:02 a.m.] "DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [15/11/2007 08:23 a.m.] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [19/05/2008 12:20 p.m.] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [11/03/2008 10:28 a.m.] "DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [12/11/2006 06:19 a.m.] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [03/11/2006 12:35 a.m.] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [03/11/2006 12:36 a.m.] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 10:34 a.m.] "DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [15/11/2007 08:23 a.m.] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [30/03/2006 04:45 p.m.] C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [26/10/2006 7:24:54 p.m.] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 10:05:26 p.m.] Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [10/02/2007 11:53:50 a.m.] QuickSet.lnk - C:\Windows\Installer\{53A01CC6-14B0-4512-A2E7-10D39BF83DC4}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [10/02/2007 11:50:48 a.m.] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"=2 (0x2) "EnableLUA"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\Windows\system32\cbXNFwWp [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] @="IEEE 1394 Bus host controllers" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] @="SBP2 IEEE 1394 Devices" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] @="SecurityDevices" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM11e4513d] Rundll32.exe "C:\Windows\system32\euuhwsmr.dll",s [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer] rundll32.exe C:\Windows\system32\ljJCrRhe.dll,#1 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum [HKEY_CURRENT_USER\software\microsoft\windows\current |
