Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page I would post a HJT LOG, but errorplace.com won't let me...
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 07-19-2007, 09:45 PM   #1 (permalink)
Registered User
 
shmef's Avatar
 
Join Date: Jan 2007
Location: Seattle
Posts: 89
OS: Vista SP2

My System

I would post a HJT LOG, but errorplace.com won't let me...
I tried to get HJT but it always pops up a window of Errorplace.com instead of a DL link for HJT. I've used it in the past, for a previous computer. This is another one I need to clean up. I can give you guys a Panda Scan at the moment, but I will keep trying to find DSS somewhere else...
Attached Files
File Type: txt Activescan1.txt (34.1 KB, 6 views)
shmef is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 07-19-2007, 10:02 PM   #2 (permalink)
Registered User
 
shmef's Avatar
 
Join Date: Jan 2007
Location: Seattle
Posts: 89
OS: Vista SP2

My System

Re: I would post a HJT LOG, but errorplace.com won't let me...
Allright, I got the program from a mirro site, heres the "main.txt"

Deckard's System Scanner v20070711.54
Run by Owner on 2007-07-19 at 20:49:49
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
80: 2007-07-20 03:50:04 UTC - RP1694 - Deckard's System Scanner Restore Point
79: 2007-07-19 07:01:15 UTC - RP1693 - System Checkpoint
78: 2007-07-18 04:04:47 UTC - RP1692 - System Checkpoint
77: 2007-07-17 01:46:45 UTC - RP1691 - System Checkpoint
76: 2007-07-15 22:25:12 UTC - RP1690 - Software Distribution Service 3.0


-- First Restore Point --
1: 2007-05-04 20:25:16 UTC - RP1615 - System Checkpoint


Backed up registry hives.

Performed disk cleanup.


-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-07-19 20:52:47
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16473)

Running processes:
C:\WINNT\system32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINNT\system32\drivers\CDAC11BA.EXE
C:\WINNT\system32\svchost.exe
C:\Program Files\McAfee.com\Agent\Mcdetect.exe
C:\Program Files\McAfee.com\Agent\McTskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Zune\ZuneNss.exe
C:\WINNT\system32\igfxtray.exe
C:\WINNT\system32\hkcmd.exe
C:\WINNT\system32\SK9910DM.EXE
C:\WINNT\GWMDMMSG.exe
C:\WINNT\system32\PROMon.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
C:\Program Files\PhoneTools\capFax.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\MultiMedia Keyboard\MultiMedia Keyboard\1.1\KbdAp32A.exe
C:\Program Files\Browser Mouse\Browser Mouse\1.1\Mouse32A.exe
C:\Program Files\SealedMedia\sealmon.exe
C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe
C:\WINNT\system32\spool\drivers\w32x86\3\E_S4I2H1.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINNT\system32\alg.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Virtual Assistant\SmartBridge\SprintDSLAlert.exe
C:\WINNT\system32\ctfmon.exe
C:\WINNT\system32\NMSSvc.Exe
C:\WINNT\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\McAfee.com\Personal Firewall\MpfAgent.exe
C:\Program Files\Virtual Assistant\bin\mpbtn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/yco...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.gateway.net/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=488
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Mediacom Online
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: jimmyhelp.CBrowserHelper - {3E306360-CA1E-4D14-99FB-8983C0178618} - C:\WINNT\qdrbx.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: jimmyhelp.CBrowserHelper - {B5DAC5FE-31FF-47DD-9418-8EF65B759312} - C:\WINNT\iwffdxu.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check"
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [CapFax] C:\Program Files\PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [LWBKEYBOARD] C:\Program Files\MultiMedia Keyboard\MultiMedia Keyboard\1.1\KbdAp32A.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [sealmon] C:\Program Files\SealedMedia\sealmon.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINNT\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe
O4 - HKLM\..\Run: [x3watch] C:\Program Files\X3watch\x3watch.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Virtual Assistant.lnk = C:\Program Files\Virtual Assistant\bin\matcli.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - CmdMapping - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - CmdMapping - (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://freewebs.com (HKCU)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} () - https://components.viewpoint.com/MTS...del/index.html
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get...irector/sw.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} () - http://zone.msn.com/bingame/trbo/def...veLauncher.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/bingame/rtlw/def...GameLoader.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} () - http://zone.msn.com/bingame/rock/def...caploader1.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...4/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/bingame/amad/default/atomaders.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} () - http://atv.disney.go.com/global/down.../OTOYAX29b.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} () - http://dm.screensavers.com/dm/instal...sinstaller.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...21/mcgdmgr.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.29.11/ttinst.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/download...ameManager.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get...sh/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} () - http://a532.g.akamai.net/f/532/6712/.../installer.exe
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/def...utLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} () - http://zone.msn.com/bingame/apop/def...ploader_v6.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINNT\system32\msvidctl.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINNT\system32\drivers\CDAC11BA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - C:\Program Files\McAfee.com\Agent\Mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - C:\Program Files\McAfee.com\Agent\McTskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\Program Files\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\system32\NMSSvc.Exe
O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 MPFIREWL - c:\winnt\system32\drivers\mpfirewall.sys <Not Verified; McAfee Security; McAfee Personal Firewall Plus>
R2 CdaC15BA - c:\winnt\system32\drivers\cdac15ba.sys
R3 NMSCFG (NIC Management Service Configuration Driver) - c:\winnt\system32\drivers\nmscfg.sys <Not Verified; Intel Corporation; Intel(R) NMSCFG Driver>
R3 RT73 (Belkin USB Network Adapter) - c:\winnt\system32\drivers\rt73.sys <Not Verified; Ralink Technology, Corp.; Ralink 802.11 Wireless Adapters>

S3 iscFlash - c:\winnt\system32\drivers\iscflash.sys (file missing)
S3 PCDRDRV (Pcdr Helper Driver) - c:\atf\qctest\pcdoc\pcdrdrv.sys (file missing)
S3 PcdrNt - c:\winnt\system32\drivers\pcdrnt.sys <Not Verified; PC-Doctor Inc.; PC-Doctor NT 3.0>
S3 wanatw (WAN Miniport (ATW)) - c:\winnt\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Belkin Wireless USB Network Adapter Service (Belkin Wireless USB Network Adapter) - c:\program files\belkin\belkin wireless network utility\wlservice.exe
R2 C-DillaCdaC11BA - c:\winnt\system32\drivers\cdac11ba.exe <Not Verified; Macrovision; SafeCast Windows NT>
R2 NMSSvc (Intel(R) NMS) - c:\winnt\system32\nmssvc.exe <Not Verified; Intel Corporation; NMS>

S3 PictureTaker - c:\fixit\pt\pctkrnt.sys (file missing)


-- Scheduled Tasks -------------------------------------------------------------

2007-07-19 19:58:15 256 --a------ C:\WINNT\Tasks\Check Updates for Windows Live Toolbar.job
2003-06-14 07:23:40 412 --a------ C:\WINNT\Tasks\Symantec NetDetect.job


-- Files created between 2007-06-19 and 2007-07-19 -----------------------------

2007-07-19 19:15:37 8576 --a------ C:\WINNT\system32\drivers\akyfphvmgdyt.sys <Not Verified; Panda Software International; RKPavProc Driver>
2007-07-19 19:14:42 45 --a------ C:\WINNT\system32\pfdnnt_actions.sys
2007-07-19 19:14:42 8704 --a------ C:\WINNT\system32\pfdnnt.exe <Not Verified; Panda Software International; Panda Anti-malware>
2007-07-19 18:59:36 0 d-------- C:\WINNT\system32\ActiveScan
2007-07-19 18:59:32 0 d-------- C:\WINNT\LastGood
2007-07-14 17:10:25 45 ---h----- C:\WINNT\dsez4655.dat
2007-07-13 22:31:29 40960 --a------ C:\WINNT\system32\B11gUSB.dll
2007-07-13 22:31:27 94208 --a------ C:\WINNT\system32\GTW32N50.dll
2007-07-13 22:31:27 15872 --a------ C:\WINNT\system32\GTNDIS5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2007-07-13 22:31:27 232192 --a------ C:\WINNT\system32\drivers\rt73.sys <Not Verified; Ralink Technology, Corp.; Ralink 802.11 Wireless Adapters>
2007-07-13 22:31:26 0 d-------- C:\Program Files\Belkin


-- Find3M Report ---------------------------------------------------------------

2007-07-19 20:13:28 0 d-------- C:\Program Files\Zune
2007-07-19 20:13:11 0 d-------- C:\Program Files\Windows Live Toolbar
2007-07-19 20:12:35 0 d-------- C:\Program Files\SealedMedia
2007-07-19 20:12:33 0 d-------- C:\Program Files\QuickTime
2007-07-19 20:12:03 0 d-------- C:\Program Files\PhoneTools
2007-07-19 20:04:23 0 d-------- C:\Program Files\iTunes
2007-07-19 18:53:01 0 d-------- C:\Program Files\MSN Games
2007-07-19 14:34:14 0 d-------- C:\Program Files\Lx_cats
2007-07-13 23:18:54 0 d-------- C:\Program Files\Virtual Assistant
2007-06-11 13:14:51 0 d-------- C:\Program Files\X3watch
2007-06-11 13:07:01 4 --a------ C:\KLSA.DAT
2007-06-06 12:30:28 0 d-------- C:\Program Files\Common Files\Real
2007-06-06 12:30:06 0 d-------- C:\Documents and Settings\Owner\Application Data\Real
2007-06-06 12:24:15 0 d-------- C:\Program Files\Viewpoint
2007-06-06 10:42:51 0 d-------- C:\Program Files\Common Files\Viewpoint
2007-06-05 17:24:01 16 --a------ C:\s3l8
2007-05-21 08:44:31 0 d-------- C:\Documents and Settings\Owner\Application Data\PlayFirst


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{3E306360-CA1E-4D14-99FB-8983C0178618} C:\WINNT\qdrbx.dll
{53707962-6F74-2D53-2644-206D7942484F} C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
{B5DAC5FE-31FF-47DD-9418-8EF65B759312} C:\WINNT\iwffdxu.dll
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} C:\Program Files\Windows Live Toolbar\msntb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IgfxTray"="C:\\WINNT\\System32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINNT\\System32\\hkcmd.exe"
"Hot Key Kbd 9910 Daemon"="SK9910DM.EXE"
"GWMDMMSG"="GWMDMMSG.exe"
"Keyboard Preload Check"="C:\\OEMDRVRS\\KEYB\\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:\"Keyboard Preload Check\""
"PROMon.exe"="PROMon.exe"
"AdaptecDirectCD"="\"C:\\Program Files\\Roxio\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\""
"CapFax"="C:\\Program Files\\PhoneTools\\CapFax.EXE"
"Microsoft Works Update Detection"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"LWBKEYBOARD"="C:\\Program Files\\MultiMedia Keyboard\\MultiMedia Keyboard\\1.1\\KbdAp32A.exe"
"LWBMOUSE"="C:\\Program Files\\Browser Mouse\\Browser Mouse\\1.1\\MOUSE32A.EXE"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe"
"sealmon"="C:\\Program Files\\SealedMedia\\sealmon.exe"
"MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"EPSON Stylus Photo R200 Series"="C:\\WINNT\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I2H1.EXE /P30 \"EPSON Stylus Photo R200 Series\" /O6 \"USB001\" /M \"Stylus Photo R200\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"LXCFCATS"="rundll32 C:\\WINNT\\System32\\spool\\DRIVERS\\W32X86\\3\\LXCFtime.dll,_RunDLLEntry@16"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Zune Launcher"="\"C:\\Program Files\\Zune\\ZuneLauncher.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"Motive SmartBridge"="C:\\PROGRA~1\\VIRTUA~1\\SMARTB~1\\SprintDSLAlert.exe"
"x3watch"="C:\\Program Files\\X3watch\\x3watch.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MoneyAgent"="\"C:\\Program Files\\Microsoft Money\\System\\Money Express.exe\""
"ctfmon.exe"="C:\\WINNT\\system32\\ctfmon.exe"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_AKYFPHVMGDYT
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_NMSSVC
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_RKPAVPROC
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_SDTHOOK


-- End of Deckard's System Scanner: finished at 2007-07-19 at 20:54:26 ---------

And Here is the "extra.txt"

Deckard's System Scanner v20070711.54
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 2.00GHz
Percentage of Memory in Use: 65%
Physical Memory (total/avail): 253.8 MiB / 87.98 MiB
Pagefile Memory (total/avail): 624.62 MiB / 292.1 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1956.9 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 37.28 GiB total, 22.19 GiB free.
D: is CDROM (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: Personal Firewall Plus v (McAfee)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLASSPATH=C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=OFFICE
ComSpec=C:\WINNT\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\OFFICE
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINNT\system32;C:\WINNT\system32;C:\WINNT;C:\WINNT\System32\Wbem;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\PC-Doctor for Windows\services;C:\Program Files\SealedMedia;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0204
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINNT
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=OFFICE
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINNT


-- User Profiles ---------------------------------------------------------------

Owner (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\PROGRA~1\VIRTUA~1\Uninstall.exe Sprint
--> C:\WINNT\IsUninst.exe -fC:\WINNT\orun32.isu
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINNT\INF\PCHealth.inf
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~2\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~2\INSTALL.LOG
Adobe Acrobat 5.0 --> C:\WINNT\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
Adobe Shockwave Player --> C:\WINNT\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINNT\system32\Macromed\SHOCKW~2\Install.log
Belkin 54g USB Network Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Belkin\Belkin Wireless Network Utility\setup.exe" -l0x9
BitTorrent 3.2.1 --> "C:\Program Files\BitTorrent\uninstall.exe"
Browser Mouse --> C:\Program Files\Browser Mouse\Browser Mouse\1.1\unins000.EXE
Calculation Skills Vol 1SV --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0C0B7D28-7A1B-4B7C-8FAF-3D13103FAC64}\setup.exe" -l0x9
DiMAGE Viewer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{976EA7B1-7562-483D-88DA-4323D263B7CD}\Setup.exe" -l0x9 anything
Disney's Toontown Online --> C:\PROGRA~1\Disney\DISNEY~1\Toontown\UNWISE.EXE /A C:\PROGRA~1\Disney\DISNEY~1\Toontown\INSTALL.LOG
Do More 5.0 --> MsiExec.exe /I{75C023EC-64A0-44F7-9D99-C6F6E21EB6F0}
DV 3100 Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D464245D-11C3-489A-B865-60BBABA64AA3}\Setup.exe"
DVD Player --> "C:\Program Files\InstallShield Installation Information\{C1939820-A945-11D4-86F6-0001031E5712}\setup.exe" REMOVEALL
Easy CD Creator 5 Basic --> MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
EPSON Printer Software --> C:\WINNT\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
GTW V.92 Voicemodem --> C:\WINNT\GWMDMU.exe verbose
Hallmark Card Studio 2 Standard --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5C24E20-E776-4E5C-8EAD-CA5B7B895848}\setup.exe"
HelpSpot --> MsiExec.exe /I{F1FBF021-B965-42D3-BF63-D7A121B5490D}
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINNT\$NtUninstallKB929399$\spuninst\spuninst.exe"
Intel(R) 845G Chipset Graphics Driver Software --> RUNDLL32.EXE C:\WINNT\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Intel(R) PRO Ethernet Adapter and Software --> Prounstl.exe
Intel(R) PROSet II --> MsiExec.exe /I{01A4AEDE-F219-49A2-B855-16A016EAF9A4}
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
iPod for Windows 2005-03-23 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{44A537A5-859C-43A6-8285-C0668142A090} /l1033
iPod for Windows 2005-09-23 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC} /l1033
iTunes --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{59C4F14F-7590-45FC-BE9F-A67AB3590709} /l1033
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Joy of Cooking --> C:\WINNT\IsUninst.exe -f"C:\Program Files\Joy of Cooking\Uninst.isu"
Kim Possible --> C:\PROGRA~1\Disney\DISNEY~1\KIMPOS~1\UNWISE.EXE C:\PROGRA~1\Disney\DISNEY~1\KIMPOS~1\INSTALL.LOG
KODAK Picture CD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C23837C-993E-11D4-9DE0-0060085C158A}\SETUP.EXE"
KONICA_MINOLTA DiMAGE remote camera driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{99E67091-D392-4031-AD2A-E9547F3615F8}\setup.exe" -l0x9
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
Lexmark 730 Series --> C:\WINNT\System32\spool\DRIVERS\W32X86\3\lxcfUNST.EXE -NOLICENSE
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.80 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
MathPlayer --> C:\Program Files\Design Science\MathPlayer\Setup.exe -u
McAfee Personal Firewall Plus --> C:\PROGRA~1\McAfee.com\PERSON~1\MpfUninstall.exe
McAfee SecurityCenter --> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=msc /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\screm.ui::uninstall.htm
Media-Motor --> C:\WINNT\unstall.exe
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINNT\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Encarta Encyclopedia Standard 2002 --> MsiExec.exe /I{01001202-823E-46CD-A70E-BEE818F97169}
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Picture It! Express 7.0 --> MsiExec.exe /I{369B36BE-3D64-4641-9AEA-808D436FE130}
Microsoft Picture It! Photo 2002 --> MsiExec.exe /I{C769A271-7E1C-48F9-B331-474600DD4C06}
Microsoft Publisher 2002 --> MsiExec.exe /I{90190409-6000-11D3-8CFE-0050048383C9}
Microsoft Streets and Trips 2002 --> MsiExec.exe /I{12BDDF23-B1DB-49C8-92D3-3E6841CCED61}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINNT\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works 2002 Setup Launcher --> C:\Program Files\Microsoft Works Suite 2002\Setup\Launcher.exe d:\
Microsoft Works 6.0 --> MsiExec.exe /I{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}
Microsoft Works Suite Add-in for Microsoft Word --> MsiExec.exe /I{C3A439E4-7303-491F-A678-CEA36A87D517}
Minnesota Cuke --> C:\WINNT\iun507.exe C:\Program Files\BigIdea\Minnesota Cuke\irunin.ini
MSN Messenger 7.5 --> MsiExec.exe /I{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINNT\INF\msninst.inf,Uninstall
MSXML 6.0 Parser (KB927977) --> MsiExec.exe /I{5A710547-B58E-488B-828D-CA9A25A0533C}
MultiMedia Keyboard 1.1 --> C:\Program Files\MultiMedia Keyboard\MultiMedia Keyboard\1.1\unins000.EXE
MUSICMATCH Jukebox --> C:\WINNT\IsUninst.exe -f"C:\Program Files\MusicMatch\MusicMatch Jukebox\Uninst.isu" -cC:\PROGRA~1\MUSICM~1\MUSICM~1\unmatch.dll
Panda ActiveScan --> C:\WINNT\system32\ASUninst.exe Panda ActiveScan
PC-Doctor Consumer UI --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\Setup.exe"
PC-Doctor Diagnostics --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\Setup.exe"
PC-Doctor for Windows --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\Setup.exe"
PC-Doctor Services --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\Setup.exe"
PCFriendly --> C:\Program Files\PCFriendly\inuninst.exe
PhoneTools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3436EE2-D5CB-4249-840B-3A0140CC34C3}\setup.exe" -l0x9 ControlPanel
PS/2 Millennium Keyboard --> SKUninst.exe SK_PS2MillenniumKeyboard
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{929408E6-D265-4174-805F-81D1D914E2A4} /l1033
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
SafeCast Shared Components --> C:\WINNT\CDAC13BA.EXE /uninstall
SealedMedia Unsealer 3.3.6.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B11BF9FF-7A12-42D5-BE71-9C3C05833D89}\Setup.exe" -l0x9
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINNT\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINNT\$NtUninstallKB923723$\spuninst\spuninst.exe"
Shockwave --> C:\WINNT\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINNT\system32\Macromed\SHOCKW~1\Install.log
SpongeBob SquarePants Typing --> C:\WINNT\TLCUninstall.exe -f "C:\Program Files\The Learning Company\SpongeBob SquarePants Typing\Uninstall.xml"
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
The Mystery of Veggie Island --> C:\WINNT\uninst.exe -f"C:\Program Files\BigIdea\The Mystery of Veggie Island\DeIsL1.isu"
Thomas & Friends - Trouble on the Tracks --> C:\WINNT\IsUninst.exe -f"C:\Program Files\Hasbro Interactive\Thomas & Friends - Trouble on the Tracks\Uninst.isu"
Thomas Screensaver 1 --> C:\WINNT\System32\Thomas Screensaver 1.scr /u
Thomas Screensaver 2 --> C:\WINNT\System32\Thomas Screensaver 2.scr /u
TrueSwitch Wizard MSN --> C:\Program Files\TrueSwitchMSN\TrueWizard.exe -uninstall
Virtual Assistant --> C:\WINNT\Motive\Sprint\MCCUninst.exe
Windows Driver Package - Microsoft WPD (12/01/2006 1.2.0.0) --> rundll32.exe C:\PROGRA~1\DIFX\F78795BBB376EE09\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\WINNT\system32\DRVSTORE\Zune_5C792572E2EB15B00F2D4CE98DE51A7BE4520011\Zune.inf
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}
Windows Live Toolbar --> MsiExec.exe /X{C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}
Windows Media Format 11 runtime --> "C:\WINNT\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Zune --> MsiExec.exe /X{ED55BFEF-90F3-4926-9536-D94FDBBF65DC}


-- End of Deckard's System Scanner: finished at 2007-07-19 at 20:54:26 ---------
shmef is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-20-2007, 02:55 PM   #3 (permalink)
Registered User
 
shmef's Avatar
 
Join Date: Jan 2007
Location: Seattle
Posts: 89
OS: Vista SP2

My System

Re: I would post a HJT LOG, but errorplace.com won't let me...
Eh... BUMP?
shmef is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-21-2007, 04:07 PM   #4 (permalink)
Registered User
 
shmef's Avatar
 
Join Date: Jan 2007
Location: Seattle
Posts: 89
OS: Vista SP2

My System

Re: I would post a HJT LOG, but errorplace.com won't let me...
bump?
shmef is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-30-2007, 11:54 PM   #5 (permalink)
Analyst, Security Team
 
Vikesrock8411's Avatar
 
Join Date: Jun 2005
Posts: 3,065
OS: Windows XP


Re: I would post a HJT LOG, but errorplace.com won't let me...
Hello and welcome to TSF. I apologize for the delay in responding to your log.

I recommend you Subscribe to this thread so you are notified of any replies via email. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Download Combofix-Save it to your Desktop.

Please turn off all Antivirus and Antispyware programs before running Combofix. If you are worried about further infection you can unplug your computer from the internet while runnning Combofix.

Double click combofix.exe & follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
__________________
Vikesrock8411 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-11-2007, 10:20 PM   #6 (permalink)
Registered User
 
shmef's Avatar
 
Join Date: Jan 2007
Location: Seattle
Posts: 89
OS: Vista SP2

My System

Re: I would post a HJT LOG, but errorplace.com won't let me...
Sorry for the delay. I was visiting relatives when this was posted, so I couldn't run the scan 'till just now...







Deckard's System Scanner v20070711.54
Run by Owner on 2007-08-11 at 21:17:42
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-08-11 21:18:17
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16473)

Running processes:
C:\WINNT\system32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINNT\system32\drivers\CDAC11BA.EXE
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\system32\NMSSvc.Exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\wscntfy.exe
C:\WINNT\system32\igfxtray.exe
C:\WINNT\system32\hkcmd.exe
C:\WINNT\system32\SK9910DM.EXE
C:\WINNT\GWMDMMSG.exe
C:\WINNT\system32\PROMon.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
C:\Program Files\PhoneTools\capFax.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\MultiMedia Keyboard\MultiMedia Keyboard\1.1\KbdAp32A.exe
C:\Program Files\Browser Mouse\Browser Mouse\1.1\Mouse32A.exe
C:\Program Files\SealedMedia\sealmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\CE\nmSvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\CE\nmFlt.exe
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
C:\WINNT\system32\lxcfcoms.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\Cleanup Logs\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/yco...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.gateway.net/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=488
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Mediacom Online
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: jimmyhelp.CBrowserHelper - {3E306360-CA1E-4D14-99FB-8983C0178618} - C:\WINNT\qdrbx.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: jimmyhelp.CBrowserHelper - {B5DAC5FE-31FF-47DD-9418-8EF65B759312} - C:\WINNT\iwffdxu.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check"
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [CapFax] C:\Program Files\PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [LWBKEYBOARD] C:\Program Files\MultiMedia Keyboard\MultiMedia Keyboard\1.1\KbdAp32A.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
O4 - HKLM\..\Run: [sealmon] C:\Program Files\SealedMedia\sealmon.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINNT\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [x3watch] C:\Program Files\X3watch\x3watch.exe
O4 - HKLM\..\Run: [NMSVC] C:\Program Files\CE\nmSvc.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - CmdMapping - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - CmdMapping - (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: C:\WINNT\system32\nmNsp.dll
O15 - Trusted Zone: https://freewebs.com (HKCU)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} () - https://components.viewpoint.com/MTS...del/index.html
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get...irector/sw.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} () - http://zone.msn.com/bingame/trbo/def...veLauncher.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/bingame/rtlw/def...GameLoader.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} () - http://zone.msn.com/bingame/rock/def...caploader1.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} () - http://download.mcafee.com/molbin/sh...4/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/bingame/amad/default/atomaders.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} () - http://atv.disney.go.com/global/down.../OTOYAX29b.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} () - http://dm.screensavers.com/dm/instal...sinstaller.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} () - http://download.mcafee.com/molbin/sh...21/mcgdmgr.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.29.11/ttinst.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/download...ameManager.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get...sh/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} () - http://a532.g.akamai.net/f/532/6712/.../installer.exe
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/def...utLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} () - http://zone.msn.com/bingame/apop/def...ploader_v6.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINNT\system32\msvidctl.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINNT\system32\drivers\CDAC11BA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\system32\NMSSvc.Exe
O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS


-- Files created between 2007-07-11 and 2007-08-11 -----------------------------

2007-08-07 22:32:56 0 d-------- C:\Documents and Settings\Owner\Application Data\CE
2007-08-07 22:30:44 114688 --a------ C:\WINNT\system32\nmNsp.dll
2007-08-07 22:30:44 147456 --a------ C:\WINNT\system32\CESpy.dll
2007-08-07 22:30:38 0 d-------- C:\Program Files\CE
2007-07-25 23:02:21 0 d-------- C:\Program Files\Common Files\ODBC
2007-07-19 18:59:36 0 d-------- C:\WINNT\system32\ActiveScan
2007-07-14 17:10:25 45 ---h----- C:\WINNT\dsez4655.dat
2007-07-13 22:31:29 40960 --a------ C:\WINNT\system32\B11gUSB.dll
2007-07-13 22:31:27 94208 --a------ C:\WINNT\system32\GTW32N50.dll
2007-07-13 22:31:27 15872 --a------ C:\WINNT\system32\GTNDIS5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2007-07-13 22:31:27 232192 --a------ C:\WINNT\system32\drivers\rt73.sys <Not Verified; Ralink Technology, Corp.; Ralink 802.11 Wireless Adapters>
2007-07-13 22:31:26 0 d-------- C:\Program Files\Belkin


-- Find3M Report ---------------------------------------------------------------

2007-08-11 20:10:36 0 d-------- C:\Program Files\Lx_cats
2007-08-07 22:30:37 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-07-22 14:51:13 0 d-------- C:\Program Files\Design Science
2007-07-22 14:47:12 0 d-------- C:\Program Files\iPod
2007-07-21 22:46:46 0 d-------- C:\Program Files\Zune
2007-07-21 09:32:17 0 d-------- C:\Program Files\QuickTime
2007-07-21 09:32:00 0 d-------- C:\Program Files\Common Files\Real
2007-07-21 09:31:54 0 d-------- C:\Program Files\Virtual Assistant
2007-07-19 20:12:35 0 d-------- C:\Program Files\SealedMedia
2007-07-19 20:12:03 0 d-------- C:\Program Files\PhoneTools
2007-07-19 20:04:23 0 d-------- C:\Program Files\iTunes
2007-06-11 13:07:01 4 --a------ C:\KLSA.DAT
2007-06-05 17:24:01 16 --a------ C:\s3l8


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{3E306360-CA1E-4D14-99FB-8983C0178618} C:\WINNT\qdrbx.dll [x]
{53707962-6F74-2D53-2644-206D7942484F} C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
{B5DAC5FE-31FF-47DD-9418-8EF65B759312} C:\WINNT\iwffdxu.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IgfxTray"="C:\\WINNT\\System32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINNT\\System32\\hkcmd.exe"
"Hot Key Kbd 9910 Daemon"="SK9910DM.EXE"
"GWMDMMSG"="GWMDMMSG.exe"
"Keyboard Preload Check"="C:\\OEMDRVRS\\KEYB\\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:\"Keyboard Preload Check\""
"PROMon.exe"="PROMon.exe"
"AdaptecDirectCD"="\"C:\\Program Files\\Roxio\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\""
"CapFax"="C:\\Program Files\\PhoneTools\\CapFax.EXE"
"Microsoft Works Update Detection"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"LWBKEYBOARD"="C:\\Program Files\\MultiMedia Keyboard\\MultiMedia Keyboard\\1.1\\KbdAp32A.exe"
"LWBMOUSE"="C:\\Program Files\\Browser Mouse\\Browser Mouse\\1.1\\MOUSE32A.EXE"
"sealmon"="C:\\Program Files\\SealedMedia\\sealmon.exe"
"EPSON Stylus Photo R200 Series"="C:\\WINNT\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I2H1.EXE /P30 \"EPSON Stylus Photo R200 Series\" /O6 \"USB001\" /M \"Stylus Photo R200\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"LXCFCATS"="rundll32 C:\\WINNT\\System32\\spool\\DRIVERS\\W32X86\\3\\LXCFtime.dll,_RunDLLEntry@16"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Zune Launcher"="\"C:\\Program Files\\Zune\\ZuneLauncher.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"x3watch"="C:\\Program Files\\X3watch\\x3watch.exe"
"NMSVC"="C:\\Program Files\\CE\\nmSvc.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MoneyAgent"="\"C:\\Program Files\\Microsoft Money\\System\\Money Express.exe\""
"ctfmon.exe"="C:\\WINNT\\system32\\ctfmon.exe"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_NMSSVC


-- End of Deckard's System Scanner: finished at 2007-08-11 at 21:19:43 ---------
shmef is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-11-2007, 10:29 PM   #7 (permalink)
Analyst, Security Team
 
Vikesrock8411's Avatar
 
Join Date: Jun 2005
Posts: 3,065
OS: Windows XP


Re: I would post a HJT LOG, but errorplace.com won't let me...
No problem on the delay. Unfortunately that looks like another log from Deckard's System scanner. Please reread and execute the directions in post #5 in this thread and post back Combofix.txt
__________________
Vikesrock8411 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-11-2007, 10:59 PM   #8 (permalink)
Registered User
 
shmef's Avatar
 
Join Date: Jan 2007
Location: Seattle
Posts: 89
OS: Vista SP2

My System

Re: I would post a HJT LOG, but errorplace.com won't let me...
Oh, whoops. I've been out of the loop a while. Last time I remeber it was just HJT, but you guys are the experts...


ComboFix 07-08-12.2 - "Owner" 2007-08-11 21:52:18.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.35 [GMT -7:00]
* Created a new restore point


((((((((((((((((((((((((( Files Created from 2007-07-12 to 2007-08-12 )))))))))))))))))))))))))))))))


2007-08-11 21:51 51,200 --a------ C:\WINNT\nircmd.exe
2007-08-07 22:32 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\CE
2007-08-07 22:30 147,456 --a------ C:\WINNT\system32\CESpy.dll
2007-08-07 22:30 114,688 --a------ C:\WINNT\system32\nmNsp.dll
2007-08-07 22:30 <DIR> d-------- C:\Program Files\CE
2007-07-25 23:02 <DIR> d-------- C:\Program Files\Common Files\ODBC
2007-07-19 20:49 <DIR> d-------- C:\Deckard
2007-07-19 18:59 <DIR> d-------- C:\WINNT\system32\ActiveScan
2007-07-14 17:10 45 ---h----- C:\WINNT\dsez4655.dat
2007-07-14 16:54 5,632 --a------ C:\WINNT\system32\ptpusb.dll
2007-07-14 16:54 159,232 --a------ C:\WINNT\system32\ptpusd.dll
2007-07-13 22:32 20,747 --a------ C:\WINNT\system32\drivers\AegisP.sys
2007-07-13 22:31 94,208 --a------ C:\WINNT\system32\GTW32N50.dll
2007-07-13 22:31 40,960 --a------ C:\WINNT\system32\B11gUSB.dll
2007-07-13 22:31 232,192 --a------ C:\WINNT\system32\drivers\rt73.sys
2007-07-13 22:31 15,872 --a------ C:\WINNT\system32\GTNDIS5.sys
2007-07-13 22:31 <DIR> d-------- C:\Program Files\Belkin


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-11 20:10 --------- d-------- C:\Program Files\Lx_cats
2007-08-07 22:30 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-22 14:51 --------- d-------- C:\Program Files\Design Science
2007-07-22 14:47 --------- d-------- C:\Program Files\iPod
2007-07-21 22:46 --------- d-------- C:\Program Files\Zune
2007-07-21 09:32 --------- d-------- C:\Program Files\QuickTime
2007-07-21 09:32 --------- d-------- C:\Program Files\Common Files\Real
2007-07-21 09:31 --------- d-------- C:\Program Files\Virtual Assistant
2007-07-19 20:12 --------- d-------- C:\Program Files\SealedMedia
2007-07-19 20:12 --------- d-------- C:\Program Files\PhoneTools
2007-07-19 20:04 --------- d-------- C:\Program Files\iTunes
2007-05-16 08:12 86528 --------- C:\WINNT\system32\dllcache\directdb.dll
2007-05-16 08:12 85504 --------- C:\WINNT\system32\dllcache\wabimp.dll
2007-05-16 08:12 683520 --a------ C:\WINNT\system32\inetcomm.dll
2007-05-16 08:12 683520 --------- C:\WINNT\system32\dllcache\inetcomm.dll
2007-05-16 08:12 510976 --------- C:\WINNT\system32\dllcache\wab32.dll
2007-05-16 08:12 1314816 --------- C:\WINNT\system32\dllcache\msoe.dll
2005-04-28 23:17 34304 --ahs---- C:\Program Files\Thumbs.db
2004-05-26 22:01 167490 --a------ C:\DOCUME~1\Owner\APPLIC~1\tvmknwrd.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3E306360-CA1E-4D14-99FB-8983C0178618}]
C:\WINNT\qdrbx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B5DAC5FE-31FF-47DD-9418-8EF65B759312}]
2004-05-22 17:32 69632 --a------ C:\WINNT\iwffdxu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINNT\System32\igfxtray.exe" [2002-05-14 18:29]
"HotKeysCmds"="C:\WINNT\System32\hkcmd.exe" [2002-05-14 18:20]
"Hot Key Kbd 9910 Daemon"="SK9910DM.EXE" [2001-01-03 12:50 C:\WINNT\system32\SK9910DM.EXE]
"GWMDMMSG"="GWMDMMSG.exe" [2002-05-06 17:12 C:\WINNT\GWMDMMSG.exe]
"Keyboard Preload Check"="C:\OEMDRVRS\KEYB\Preload.exe" []
"PROMon.exe"="PROMon.exe" [2002-04-18 16:32 C:\WINNT\system32\PROMon.exe]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-06-18 23:05]
"CapFax"="C:\Program Files\PhoneTools\CapFax.EXE" [2001-11-07 14:25]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-09-13 21:36]
"LWBKEYBOARD"="C:\Program Files\MultiMedia Keyboard\MultiMedia Keyboard\1.1\KbdAp32A.exe" [2002-04-02 02:52]
"LWBMOUSE"="C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE" [2001-11-20 03:51]
"sealmon"="C:\Program Files\SealedMedia\sealmon.exe" [2004-07-26 17:22]
"EPSON Stylus Photo R200 Series"="C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.exe" []
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-02-23 13:45]
"LXCFCATS"="C:\WINNT\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll" [2005-07-20 10:47]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-11-30 08:21]
"Zune Launcher"="C:\Program Files\Zune\ZuneLauncher.exe" [2007-03-14 17:03]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 02:23]
"x3watch"="C:\Program Files\X3watch\x3watch.exe" []
"NMSVC"="C:\Program Files\CE\nmSvc.exe" [2007-08-02 16:38]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\Money Express.exe" []
"ctfmon.exe"="C:\WINNT\system32\ctfmon.exe" [2004-08-04 00:56]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2007-04-03 20:36:58]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 20:05:26]

R1 cdudf_xp;cdudf_xp;C:\WINNT\system32\drivers\cdudf_xp.sys
R1 pwd_2k;pwd_2k;C:\WINNT\system32\drivers\pwd_2k.sys
R1 Sk9920nt;PS/2 Keyboard Filter Driver for NT 4.0;C:\WINNT\system32\DRIVERS\Sk9920nt.sys
R1 UdfReadr_xp;UdfReadr_xp;C:\WINNT\system32\drivers\UdfReadr_xp.sys
R2 Belkin Wireless USB Network Adapter Service;Belkin Wireless USB Network Adapter;C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
R2 NMSSvc;Intel(R) NMS;C:\WINNT\System32\NMSSvc.exe
R3 mmc_2K;mmc_2K;C:\WINNT\system32\drivers\mmc_2K.sys
R3 NMSCFG;NIC Management Service Configuration Driver;\??\C:\WINNT\system32\drivers\NMSCFG.SYS
R3 Sk99202k;PS/2 Keyboard Filter Driver for Win2000;C:\WINNT\system32\DRIVERS\Sk99202k.sys
S3 BCMModem;BCM V.90 56K Modem;C:\WINNT\system32\DRIVERS\BCMDM.sys
S3 dvd_2K;dvd_2K;C:\WINNT\system32\drivers\dvd_2K.sys
S3 GTWModem;GTW V.92 Voicemodem;C:\WINNT\system32\DRIVERS\GWMDM.sys
S3 iscFlash;iscFlash;\??\C:\WINNT\SYSTEM32\DRIVERS\iscflash.sys
S3 PCDRDRV;Pcdr Helper Driver;\??\C:\Atf\Qctest\PCDoc\PCDRDRV.sys

*Newly Created Service* - NMSSVC
*Newly Created Service* - SYMTDI

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-11 21:56:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCFCATS = rundll32 C:\WINNT\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

**************************************************************************

Completion time: 2007-08-11 21:58:47

--- E O F ---
shmef is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-12-2007, 10:19 PM   #9 (permalink)
Analyst, Security Team
 
Vikesrock8411's Avatar
 
Join Date: Jun 2005
Posts: 3,065
OS: Windows XP


Re: I would post a HJT LOG, but errorplace.com won't let me...
Open notepad and copy/paste the text in the quotebox below into it:

Code:
File::
C:\DOCUME~1\Owner\APPLIC~1\tvmknwrd.dll
C:\WINNT\qdrbx.dll
C:\WINNT\iwffdxu.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3E306360-CA1E-4D14-99FB-8983C0178618}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B5DAC5FE-31FF-47DD-9418-8EF65B759312}]
Save this as "CFScript"




Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.
__________________
Vikesrock8411 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-13-2007, 01:08 AM   #10 (permalink)
Registered User
 
shmef's Avatar
 
Join Date: Jan 2007
Location: Seattle
Posts: 89
OS: Vista SP2

My System

Re: I would post a HJT LOG, but errorplace.com won't let me...
Here...
Attached Files
File Type: txt log.txt (7.2 KB, 1 views)
shmef is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-14-2007, 01:06 PM   #11 (permalink)
Analyst, Security Team
 
Vikesrock8411's Avatar
 
Join Date: Jun 2005
Posts: 3,065
OS: Windows XP


Re: I would post a HJT LOG, but errorplace.com won't let me...
Last thing before we're done; are you aware that the CovenantEyes Internet Monitoring program is present on this computer?

Your log appears to be clean. If you still have any problems let me know and we will work on diagnosing those through other means. If not, there are just a few more things to go through to finish this off and help prevent future infections. Please post one more time even if you have no problems so we can mark this thread as resolved.

Setting a new Restore Point
Go to Start >> Run - type control sysdm.cpl,,4 & press Enter.
  • Tick the checkbox - Turn off System Restore on all drives
  • Click Apply
  • Turn it back 'On' by unticking the same checkbox & click OK

Windows Update
Make sure to get the latest updates for Windows and Internet Explorer at Microsoft Update Site.

Prevention
A good virus scanner is a necessity in today's computer environment. Many virus scanners include active components that protect you from infection without even running a scan. A listing of online and standalone scanners can be found here

A firewall is the first line of defense standing between the internet and your computer. A tutorial on Firewalls and a listing of some available ones can be found here

Spybot SD is an anti-spyware scanner that should be run every week or two. Spybot also contains two other useful pieces. The first is "Immunize", this helps protect your computer against known exploits. The second is "TeaTimer", with this feature enabled you will receive notifications of all changes to the registry such as programs adding themselves to start-up and you default search page being changed.

Spyware Blaster is a powerful tool that prevents "drive-by" downloads and other unwanted installations. It also uses no system resources, run it once and you're all set. Spyware Guard Is a realtime protection engine to guard your computer from spyware. This program does for spyware what an antivirus program does for viruses.

IE-Spyad is a program that only needs to be run once to protect you from many malicious sites. It adds domains of known adware companies into the Restricted List of Internet Explorer, preventing them from performing malicious actions on your PC.

The MVPS HOSTS file is a file you can download and use to replace your regular hosts file. It prevents many sites from performing malicious actions by blocking the sites from ever being accessed.

Together these programs form a powerful barrier between the Internet and your computer. However, all the programs stand alone and feel free to eliminate any you are not comfortable with. Any protection you add to your PC is better than no protection at all.

Alternative Programs
Here are some alternatives that are either less suceptible than others to malware or don't contain malware where similar programs do.

Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

Desktop Weather - Free taskbar weather program that is free, malware free, and resource light.

Firefox - This is an increasingly popular alternate browser. Whilst Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.
__________________
Vikesrock8411 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-14-2007, 08:34 PM   #12 (permalink)
Registered User
 
shmef's Avatar
 
Join Date: Jan 2007
Location: Seattle
Posts: 89
OS: Vista SP2

My System

Re: I would post a HJT LOG, but errorplace.com won't let me...
Thank you. I am aware of CovenantEyes running, but I'm happy you could find it.

I'll through Firefox on here as well. Thanks for all the help.
shmef is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 05:08 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85