Joined
·
1 Posts
Got A Virus! My desktop is all white! Desktop Properties will not let me change it. My clock on the lower left is in military time and for example it says " 21:30: VIRUS ALERT! " Start menu was messed up. My computer menu doesn't even show the C: drive. I can only access the C: drive from the run menu. I did the five step process. I did the DSS as well. The DSS didn't post the Extra file, so i could not attach it.
I did attach the Active Scan from the panda software.
Any other information you need let me know?
Deckard's System Scanner v20071014.68
Run by Anthony Abreu on 2008-06-09 21:10:49
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis (run as Anthony Abreu.exe) ---------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:10: VIRUS ALERT!, on 6/9/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
C:\Program Files\SpywareDetector\SDService.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HP DVD\Umbrella\DVDTray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCM3.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\ANTHON~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\W1YHVWXL\dss[1].exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\ANTHON~1.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=laptop
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.3558\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [\\COOPERENTINC\EPSON Stylus CX6400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE /P34 "\\COOPERENTINC\EPSON Stylus CX6400" /O6 "USB002" /M "Stylus CX6400"
O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\HP DVD\Umbrella\DVDTray.exe"
O4 - HKLM\..\Run: [DVDBitSet] "C:\Program Files\HP DVD\Umbrella\DVDBitSet.exe" /NOUI
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SystemTraySD] C:\Program Files\SpywareDetector\SDSystemTray.exe -AUTO
O4 - HKLM\..\Run: [SDAutoLiveupdate] C:\Program Files\SpywareDetector\LiveUpdateSD.exe -AUTO
O4 - HKLM\..\Run: [RCAutoLiveUpdate] C:\Program Files\Max Registry Cleaner\MaxLiveUpdateRC.exe -AUTO
O4 - HKLM\..\Run: [RCSystemTray] C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=laptop
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1213040634781
O17 - HKLM\System\CCS\Services\Tcpip\..\{7FC6BA09-237C-41E1-B35F-19E70645820A}: NameServer = 68.28.154.92 68.28.146.92
O21 - SSODL: adgpfoxs - {8DF93FBD-E305-4AB6-8008-F6EFB004DFA9} - (no file)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: OSCM Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SDService - Max Secure Software - C:\Program Files\SpywareDetector\SDService.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
--
End of file - 11513 bytes
-- Files created between 2008-05-09 and 2008-06-09 -----------------------------
2008-06-09 20:49:15 0 d-------- C:\ie-spyad_zo
2008-06-09 20:41:29 0 d-------- C:\Program Files\SpywareBlaster
2008-06-09 17:40:11 0 d-------- C:\Program Files\Panda Security
2008-06-09 17:40:10 0 d-------- C:\WINDOWS\LastGood
2008-06-09 16:40:04 0 d-------- C:\Program Files\Trend Micro
2008-06-09 16:24:02 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-06-09 15:37:35 0 d-------- C:\WINDOWS\Prefetch
2008-06-09 15:27:54 0 d-------- C:\WINDOWS\system32\scripting
2008-06-09 15:27:54 0 d-------- C:\WINDOWS\l2schemas
2008-06-09 15:27:53 0 d-------- C:\WINDOWS\system32\en
2008-06-09 15:27:52 0 d-------- C:\WINDOWS\system32\bits
2008-06-09 15:25:39 0 d-------- C:\WINDOWS\ServicePackFiles
2008-06-09 15:17:55 0 d-------- C:\WINDOWS\EHome
2008-06-09 13:49:44 94208 --a------ C:\WINDOWS\eobp.exe
2008-06-09 12:56:07 0 d-------- C:\Program Files\VirtualDJ
2008-06-08 14:02:24 233472 --a------ C:\WINDOWS\system32\REX Shared Library.dll <Not Verified; Propellerhead Software AB; REX SDK>
2008-06-08 14:02:24 368640 --a------ C:\WINDOWS\system32\ReWire.dll <Not Verified; Propellerhead Software AB; ReWire>
2008-06-08 13:56:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Propellerhead Software
2008-06-08 13:56:01 0 d-------- C:\Documents and Settings\Anthony Abreu\Application Data\Propellerhead Software
2008-06-08 11:51:32 0 d-------- C:\Program Files\Propellerhead
2008-06-06 10:02:08 0 d-------- C:\temp
2008-06-04 13:03:41 123 --a------ C:\WINDOWS\system\SYSRegC.dll
2008-06-04 13:03:37 143360 --a------ C:\WINDOWS\system32\GetHardDiskNo.dll <Not Verified; MaxSecure Software; MaxSecure Registration Module>
2008-06-04 13:03:37 0 d-------- C:\Program Files\Max Registry Cleaner
2008-06-04 11:29:46 123 --a------ C:\WINDOWS\system\SysSD.dll
2008-06-04 11:29:16 860160 --a------ C:\WINDOWS\system32\CheckDll.dll <Not Verified; Max Secure Software; Spyware Detector>
2008-06-04 11:29:15 0 d-------- C:\Program Files\SpywareDetector
2008-06-04 11:18:52 0 d-------- C:\Program Files\Windows Defender
2008-06-04 08:57:50 0 d-------- C:\Program Files\VSTplugins
2008-06-04 08:57:45 0 d-------- C:\Documents and Settings\Anthony Abreu\Application Data\Publish Providers
2008-06-04 08:56:33 0 d-------- C:\Documents and Settings\Anthony Abreu\Application Data\Sony
2008-06-04 08:53:22 0 d-------- C:\Program Files\Sony Setup
2008-06-03 21:20:18 0 d-------- C:\Program Files\BrowsingEnhancer
2008-06-03 21:19:53 9952 --a------ C:\regxpcom.exe
2008-06-03 21:19:52 0 d-------- C:\Program Files\FBrowsingAdvisor
2008-06-03 21:19:52 0 d-------- C:\Program Files\FBrowserAdvisor
2008-06-03 19:33:32 96896 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>
2008-06-03 19:33:32 0 d-------- C:\Program Files\MagicDisc
2008-06-02 23:40:21 0 d-------- C:\Documents and Settings\Anthony Abreu\Application Data\Nero
2008-06-02 23:37:27 0 d-------- C:\Program Files\Nero
2008-06-02 23:37:27 0 d-------- C:\Program Files\Common Files\Nero
2008-06-02 23:37:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-06-02 22:22:20 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-02 22:06:06 0 d-------- C:\Documents and Settings\Anthony Abreu\Application Data\WinRAR
2008-06-02 11:48:33 0 d-------- C:\Program Files\Torentz
2008-06-01 22:44:02 0 d-------- C:\Program Files\NEW MUZ
2008-06-01 16:44:50 0 d-------- C:\Program Files\Waves Plugins
2008-06-01 16:08:31 0 d-------- C:\Documents and Settings\Anthony Abreu\Application Data\BitTorrent
2008-06-01 16:08:25 0 d-------- C:\Program Files\BitTorrent
2008-05-31 09:32:19 45056 --a------ C:\WINDOWS\system32\WNASPI32.DLL <Not Verified; Adaptec; Adaptec's ASPI Layer>
2008-05-31 09:32:19 16877 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS <Not Verified; Adaptec; Adaptec's ASPI Layer>
2008-05-31 09:32:19 4672 --a------ C:\WINDOWS\system\WOWPOST.EXE <Not Verified; Adaptec; Adaptec's ASPI Layer>
2008-05-31 09:32:19 5600 --a------ C:\WINDOWS\system\WINASPI.DLL <Not Verified; Adaptec; Adaptec's ASPI Layer>
2008-05-09 19:04:55 0 d-------- C:\Documents and Settings\Anthony Abreu\Application Data\LimeWire
2008-05-09 19:02:50 0 d-------- C:\Program Files\LimeWire
2008-05-09 19:01:43 0 d-------- C:\Program Files\Lime Wire
-- Find3M Report ---------------------------------------------------------------
2008-06-09 17:36:23 0 d-------- C:\Program Files\Common Files
2008-06-09 17:35:44 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-06-09 17:34:23 0 d-------- C:\Program Files\Sonic
2008-06-09 17:32:16 0 d-------- C:\Program Files\Common Files\InstallShield
2008-06-09 15:36:47 0 d-------- C:\Program Files\Messenger
2008-06-09 15:27:52 0 d-------- C:\Program Files\Movie Maker
2008-06-09 15:25:17 0 d-------- C:\Program Files\Windows NT
2008-06-05 19:04:06 0 d-------- C:\Documents and Settings\Anthony Abreu\Application Data\U3
2008-06-04 12:43:06 0 d-------- C:\Program Files\NCH Software
2008-06-04 08:07:18 0 d-------- C:\Program Files\WildTangent
2008-06-02 12:43:03 0 d-------- C:\Program Files\Norton SystemWorks Basic Edition
2008-06-02 12:33:36 0 d-------- C:\Program Files\NCH Swift Sound
2008-05-31 10:05:01 0 d-------- C:\Documents and Settings\Anthony Abreu\Application Data\NCH Swift Sound
2008-05-25 13:09:14 0 d-------- C:\Program Files\ArcSoft
2008-05-15 18:38:57 0 d-------- C:\Program Files\PowerDVD
2008-05-01 12:40:23 0 d-------- C:\Program Files\Winamp
2008-04-24 12:53:03 117039 --a------ C:\WINDOWS\hpoins11.dat
2008-04-24 12:50:32 0 d-------- C:\Program Files\HP
2008-04-19 21:24:01 0 d-------- C:\Program Files\RealFlightG3
2008-04-09 13:06:58 0 d-------- C:\Program Files\Safari
2008-04-09 13:05:04 0 d-------- C:\Program Files\iTunes
2008-04-09 13:04:46 0 d-------- C:\Program Files\iPod
2008-04-09 13:03:34 0 d-------- C:\Program Files\QuickTime
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [11/11/2005 00:05: VIRUS ALERT!]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [06/19/2005 16:50: VIRUS ALERT!]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [12/22/2005 11:57: VIRUS ALERT!]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [08/01/2005 17:26: VIRUS ALERT!]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [12/13/2005 16:45: VIRUS ALERT!]
"\\COOPERENTINC\EPSON Stylus CX6400"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.exe" [06/02/2003 23:00: VIRUS ALERT!]
"DVDTray"="C:\Program Files\HP DVD\Umbrella\DVDTray.exe" [09/03/2004 13:14: VIRUS ALERT!]
"DVDBitSet"="C:\Program Files\HP DVD\Umbrella\DVDBitSet.exe" [12/18/2003 17:37: VIRUS ALERT!]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [03/09/2007 11:09: VIRUS ALERT!]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/09/2007 22:59: VIRUS ALERT!]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/19/2006 02:41: VIRUS ALERT!]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [01/29/2008 19:53: VIRUS ALERT!]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 23:16: VIRUS ALERT!]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 23:37: VIRUS ALERT!]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36: VIRUS ALERT!]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" []
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 19:20: VIRUS ALERT!]
"SystemTraySD"="C:\Program Files\SpywareDetector\SDSystemTray.exe" [05/28/2008 12:43: VIRUS ALERT!]
"SDAutoLiveupdate"="C:\Program Files\SpywareDetector\LiveUpdateSD.exe" [05/28/2008 09:27: VIRUS ALERT!]
"RCAutoLiveUpdate"="C:\Program Files\Max Registry Cleaner\MaxLiveUpdateRC.exe" [05/30/2008 15:49: VIRUS ALERT!]
"RCSystemTray"="C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe" [05/30/2008 15:49: VIRUS ALERT!]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [04/13/2008 20:12: VIRUS ALERT!]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 20:12: VIRUS ALERT!]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" []
C:\Documents and Settings\Anthony Abreu\Start Menu\Programs\Startup\
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [6/3/2008 7:33:32 PM]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
"NoDispCPL"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoToolbarCustomize"=0 (0x0)
"StartMenuLogoff"=0 (0x0)
"NoStartMenuMorePrograms"=0 (0x0)
"NoSetFolders"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SDNotify]
C:\Program Files\SpywareDetector\SDNotify.dll 05/23/2008 17:03: VIRUS ALERT! 401408 C:\Program Files\SpywareDetector\SDNotify.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
"C:\Program Files\HP\QuickPlay\QPService.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecGuard]
C:\Windows\SMINST\RecGuard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
C:\Windows\CREATOR\Remind_XP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command- G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02cd925c-076a-11dd-857e-0014a5e8e5aa}]
AutoRun\command- F:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73e6a1e2-48eb-11dc-9fe0-00038a000015}]
AutoRun\command- F:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81649e5c-31c5-11dd-85ea-0014a5e8e5aa}]
AutoRun\command- F:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba81da28-e8a4-11dc-8532-0014a5e8e5aa}]
AutoRun\command- G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{beedf548-074d-11dd-857c-0014a5e8e5aa}]
AutoRun\command- H:\WD_Windows_Tools\Setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f98de614-cad9-11dc-84e3-0014a5e8e5aa}]
AutoRun\command- G:\LaunchU3.exe -a
*Newly Created Service* - RKPAVPROC
-- End of Deckard's System Scanner: finished at 2008-06-09 21:12:49 ------------
I did attach the Active Scan from the panda software.
Any other information you need let me know?
Deckard's System Scanner v20071014.68
Run by Anthony Abreu on 2008-06-09 21:10:49
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis (run as Anthony Abreu.exe) ---------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:10: VIRUS ALERT!, on 6/9/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
C:\Program Files\SpywareDetector\SDService.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HP DVD\Umbrella\DVDTray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCM3.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\ANTHON~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\W1YHVWXL\dss[1].exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\ANTHON~1.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=laptop
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.3558\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [\\COOPERENTINC\EPSON Stylus CX6400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE /P34 "\\COOPERENTINC\EPSON Stylus CX6400" /O6 "USB002" /M "Stylus CX6400"
O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\HP DVD\Umbrella\DVDTray.exe"
O4 - HKLM\..\Run: [DVDBitSet] "C:\Program Files\HP DVD\Umbrella\DVDBitSet.exe" /NOUI
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SystemTraySD] C:\Program Files\SpywareDetector\SDSystemTray.exe -AUTO
O4 - HKLM\..\Run: [SDAutoLiveupdate] C:\Program Files\SpywareDetector\LiveUpdateSD.exe -AUTO
O4 - HKLM\..\Run: [RCAutoLiveUpdate] C:\Program Files\Max Registry Cleaner\MaxLiveUpdateRC.exe -AUTO
O4 - HKLM\..\Run: [RCSystemTray] C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=laptop
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1213040634781
O17 - HKLM\System\CCS\Services\Tcpip\..\{7FC6BA09-237C-41E1-B35F-19E70645820A}: NameServer = 68.28.154.92 68.28.146.92
O21 - SSODL: adgpfoxs - {8DF93FBD-E305-4AB6-8008-F6EFB004DFA9} - (no file)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: OSCM Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SDService - Max Secure Software - C:\Program Files\SpywareDetector\SDService.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
--
End of file - 11513 bytes
-- Files created between 2008-05-09 and 2008-06-09 -----------------------------
2008-06-09 20:49:15 0 d-------- C:\ie-spyad_zo
2008-06-09 20:41:29 0 d-------- C:\Program Files\SpywareBlaster
2008-06-09 17:40:11 0 d-------- C:\Program Files\Panda Security
2008-06-09 17:40:10 0 d-------- C:\WINDOWS\LastGood
2008-06-09 16:40:04 0 d-------- C:\Program Files\Trend Micro
2008-06-09 16:24:02 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-06-09 15:37:35 0 d-------- C:\WINDOWS\Prefetch
2008-06-09 15:27:54 0 d-------- C:\WINDOWS\system32\scripting
2008-06-09 15:27:54 0 d-------- C:\WINDOWS\l2schemas
2008-06-09 15:27:53 0 d-------- C:\WINDOWS\system32\en
2008-06-09 15:27:52 0 d-------- C:\WINDOWS\system32\bits
2008-06-09 15:25:39 0 d-------- C:\WINDOWS\ServicePackFiles
2008-06-09 15:17:55 0 d-------- C:\WINDOWS\EHome
2008-06-09 13:49:44 94208 --a------ C:\WINDOWS\eobp.exe
2008-06-09 12:56:07 0 d-------- C:\Program Files\VirtualDJ
2008-06-08 14:02:24 233472 --a------ C:\WINDOWS\system32\REX Shared Library.dll <Not Verified; Propellerhead Software AB; REX SDK>
2008-06-08 14:02:24 368640 --a------ C:\WINDOWS\system32\ReWire.dll <Not Verified; Propellerhead Software AB; ReWire>
2008-06-08 13:56:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Propellerhead Software
2008-06-08 13:56:01 0 d-------- C:\Documents and Settings\Anthony Abreu\Application Data\Propellerhead Software
2008-06-08 11:51:32 0 d-------- C:\Program Files\Propellerhead
2008-06-06 10:02:08 0 d-------- C:\temp
2008-06-04 13:03:41 123 --a------ C:\WINDOWS\system\SYSRegC.dll
2008-06-04 13:03:37 143360 --a------ C:\WINDOWS\system32\GetHardDiskNo.dll <Not Verified; MaxSecure Software; MaxSecure Registration Module>
2008-06-04 13:03:37 0 d-------- C:\Program Files\Max Registry Cleaner
2008-06-04 11:29:46 123 --a------ C:\WINDOWS\system\SysSD.dll
2008-06-04 11:29:16 860160 --a------ C:\WINDOWS\system32\CheckDll.dll <Not Verified; Max Secure Software; Spyware Detector>
2008-06-04 11:29:15 0 d-------- C:\Program Files\SpywareDetector
2008-06-04 11:18:52 0 d-------- C:\Program Files\Windows Defender
2008-06-04 08:57:50 0 d-------- C:\Program Files\VSTplugins
2008-06-04 08:57:45 0 d-------- C:\Documents and Settings\Anthony Abreu\Application Data\Publish Providers
2008-06-04 08:56:33 0 d-------- C:\Documents and Settings\Anthony Abreu\Application Data\Sony
2008-06-04 08:53:22 0 d-------- C:\Program Files\Sony Setup
2008-06-03 21:20:18 0 d-------- C:\Program Files\BrowsingEnhancer
2008-06-03 21:19:53 9952 --a------ C:\regxpcom.exe
2008-06-03 21:19:52 0 d-------- C:\Program Files\FBrowsingAdvisor
2008-06-03 21:19:52 0 d-------- C:\Program Files\FBrowserAdvisor
2008-06-03 19:33:32 96896 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>
2008-06-03 19:33:32 0 d-------- C:\Program Files\MagicDisc
2008-06-02 23:40:21 0 d-------- C:\Documents and Settings\Anthony Abreu\Application Data\Nero
2008-06-02 23:37:27 0 d-------- C:\Program Files\Nero
2008-06-02 23:37:27 0 d-------- C:\Program Files\Common Files\Nero
2008-06-02 23:37:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-06-02 22:22:20 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-02 22:06:06 0 d-------- C:\Documents and Settings\Anthony Abreu\Application Data\WinRAR
2008-06-02 11:48:33 0 d-------- C:\Program Files\Torentz
2008-06-01 22:44:02 0 d-------- C:\Program Files\NEW MUZ
2008-06-01 16:44:50 0 d-------- C:\Program Files\Waves Plugins
2008-06-01 16:08:31 0 d-------- C:\Documents and Settings\Anthony Abreu\Application Data\BitTorrent
2008-06-01 16:08:25 0 d-------- C:\Program Files\BitTorrent
2008-05-31 09:32:19 45056 --a------ C:\WINDOWS\system32\WNASPI32.DLL <Not Verified; Adaptec; Adaptec's ASPI Layer>
2008-05-31 09:32:19 16877 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS <Not Verified; Adaptec; Adaptec's ASPI Layer>
2008-05-31 09:32:19 4672 --a------ C:\WINDOWS\system\WOWPOST.EXE <Not Verified; Adaptec; Adaptec's ASPI Layer>
2008-05-31 09:32:19 5600 --a------ C:\WINDOWS\system\WINASPI.DLL <Not Verified; Adaptec; Adaptec's ASPI Layer>
2008-05-09 19:04:55 0 d-------- C:\Documents and Settings\Anthony Abreu\Application Data\LimeWire
2008-05-09 19:02:50 0 d-------- C:\Program Files\LimeWire
2008-05-09 19:01:43 0 d-------- C:\Program Files\Lime Wire
-- Find3M Report ---------------------------------------------------------------
2008-06-09 17:36:23 0 d-------- C:\Program Files\Common Files
2008-06-09 17:35:44 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-06-09 17:34:23 0 d-------- C:\Program Files\Sonic
2008-06-09 17:32:16 0 d-------- C:\Program Files\Common Files\InstallShield
2008-06-09 15:36:47 0 d-------- C:\Program Files\Messenger
2008-06-09 15:27:52 0 d-------- C:\Program Files\Movie Maker
2008-06-09 15:25:17 0 d-------- C:\Program Files\Windows NT
2008-06-05 19:04:06 0 d-------- C:\Documents and Settings\Anthony Abreu\Application Data\U3
2008-06-04 12:43:06 0 d-------- C:\Program Files\NCH Software
2008-06-04 08:07:18 0 d-------- C:\Program Files\WildTangent
2008-06-02 12:43:03 0 d-------- C:\Program Files\Norton SystemWorks Basic Edition
2008-06-02 12:33:36 0 d-------- C:\Program Files\NCH Swift Sound
2008-05-31 10:05:01 0 d-------- C:\Documents and Settings\Anthony Abreu\Application Data\NCH Swift Sound
2008-05-25 13:09:14 0 d-------- C:\Program Files\ArcSoft
2008-05-15 18:38:57 0 d-------- C:\Program Files\PowerDVD
2008-05-01 12:40:23 0 d-------- C:\Program Files\Winamp
2008-04-24 12:53:03 117039 --a------ C:\WINDOWS\hpoins11.dat
2008-04-24 12:50:32 0 d-------- C:\Program Files\HP
2008-04-19 21:24:01 0 d-------- C:\Program Files\RealFlightG3
2008-04-09 13:06:58 0 d-------- C:\Program Files\Safari
2008-04-09 13:05:04 0 d-------- C:\Program Files\iTunes
2008-04-09 13:04:46 0 d-------- C:\Program Files\iPod
2008-04-09 13:03:34 0 d-------- C:\Program Files\QuickTime
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [11/11/2005 00:05: VIRUS ALERT!]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [06/19/2005 16:50: VIRUS ALERT!]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [12/22/2005 11:57: VIRUS ALERT!]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [08/01/2005 17:26: VIRUS ALERT!]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [12/13/2005 16:45: VIRUS ALERT!]
"\\COOPERENTINC\EPSON Stylus CX6400"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.exe" [06/02/2003 23:00: VIRUS ALERT!]
"DVDTray"="C:\Program Files\HP DVD\Umbrella\DVDTray.exe" [09/03/2004 13:14: VIRUS ALERT!]
"DVDBitSet"="C:\Program Files\HP DVD\Umbrella\DVDBitSet.exe" [12/18/2003 17:37: VIRUS ALERT!]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [03/09/2007 11:09: VIRUS ALERT!]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/09/2007 22:59: VIRUS ALERT!]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/19/2006 02:41: VIRUS ALERT!]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [01/29/2008 19:53: VIRUS ALERT!]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 23:16: VIRUS ALERT!]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 23:37: VIRUS ALERT!]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36: VIRUS ALERT!]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" []
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 19:20: VIRUS ALERT!]
"SystemTraySD"="C:\Program Files\SpywareDetector\SDSystemTray.exe" [05/28/2008 12:43: VIRUS ALERT!]
"SDAutoLiveupdate"="C:\Program Files\SpywareDetector\LiveUpdateSD.exe" [05/28/2008 09:27: VIRUS ALERT!]
"RCAutoLiveUpdate"="C:\Program Files\Max Registry Cleaner\MaxLiveUpdateRC.exe" [05/30/2008 15:49: VIRUS ALERT!]
"RCSystemTray"="C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe" [05/30/2008 15:49: VIRUS ALERT!]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [04/13/2008 20:12: VIRUS ALERT!]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 20:12: VIRUS ALERT!]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" []
C:\Documents and Settings\Anthony Abreu\Start Menu\Programs\Startup\
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [6/3/2008 7:33:32 PM]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
"NoDispCPL"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoToolbarCustomize"=0 (0x0)
"StartMenuLogoff"=0 (0x0)
"NoStartMenuMorePrograms"=0 (0x0)
"NoSetFolders"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SDNotify]
C:\Program Files\SpywareDetector\SDNotify.dll 05/23/2008 17:03: VIRUS ALERT! 401408 C:\Program Files\SpywareDetector\SDNotify.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
"C:\Program Files\HP\QuickPlay\QPService.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecGuard]
C:\Windows\SMINST\RecGuard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
C:\Windows\CREATOR\Remind_XP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command- G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02cd925c-076a-11dd-857e-0014a5e8e5aa}]
AutoRun\command- F:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73e6a1e2-48eb-11dc-9fe0-00038a000015}]
AutoRun\command- F:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81649e5c-31c5-11dd-85ea-0014a5e8e5aa}]
AutoRun\command- F:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba81da28-e8a4-11dc-8532-0014a5e8e5aa}]
AutoRun\command- G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{beedf548-074d-11dd-857c-0014a5e8e5aa}]
AutoRun\command- H:\WD_Windows_Tools\Setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f98de614-cad9-11dc-84e3-0014a5e8e5aa}]
AutoRun\command- G:\LaunchU3.exe -a
*Newly Created Service* - RKPAVPROC
-- End of Deckard's System Scanner: finished at 2008-06-09 21:12:49 ------------
