Tech Support banner

Status
Not open for further replies.
1 - 2 of 2 Posts

·
Registered
Joined
·
2 Posts
Discussion Starter #1 (Edited)
hijackthis log- pop ups asking for downloads and homepage takeover

Deckard's System Scanner v20071014.68
Run by Customer on 2007-11-14 15:32:45
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
68: 2007-11-14 20:32:53 UTC - RP459 - Deckard's System Scanner Restore Point
67: 2007-11-14 16:58:59 UTC - RP458 - System Checkpoint
66: 2007-11-13 16:53:43 UTC - RP457 - System Checkpoint
65: 2007-11-12 15:48:13 UTC - RP456 - System Checkpoint
64: 2007-11-09 21:15:23 UTC - RP455 - System Checkpoint


-- First Restore Point --
1: 2007-08-17 19:12:13 UTC - RP392 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Customer.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:34:57 PM, on 11/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Video Add-on\icthis.exe
C:\Program Files\Video Add-on\isfmntr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\system32\hphmon04.exe
C:\Program Files\Video Add-on\icmntr.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Video Add-on\isfmm.exe
C:\Program Files\ScanSoft\NaturallySpeaking\Program\natspeak.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\system32\HPHipm11.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Customer\Local Settings\Temporary Internet Files\Content.IE5\OZFB0R93\dss[1].exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Customer.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: (no name) - {23B760D6-C98B-450B-9B32-26C7775CDF83} - C:\Program Files\Video Add-on\isfmdl.dll
O2 - BHO: (no name) - {34E6F97C-34E0-4CE5-B92B-F83634BEDC01} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Video Add-on\icthis.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Video Add-on\isfmntr.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: Dragon NaturallySpeaking.lnk = C:\Program Files\ScanSoft\NaturallySpeaking\Program\natspeak.exe
O8 - Extra context menu item: &Search - ?p=ZSzed001IWUS_ZNxmk762DWUS
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_5.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143233894937
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab55579.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5051/mcfscan.cab
O22 - SharedTaskScheduler: atrichia - {4a9e875b-d032-45e4-8294-789fe3be5b19} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe

--
End of file - 10085 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 BsStor (InCD Storage Helper Driver) - c:\windows\system32\drivers\bsstor.sys <Not Verified; B.H.A Co.,Ltd.; >
R2 BsUDF (InCD UDF Driver) - c:\windows\system32\drivers\bsudf.sys <Not Verified; ahead software; UDF File System Driver (WindowsXP)>
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-11-13 03:00:01 494 --a------ C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job
2007-11-01 00:00:25 362 --a------ C:\WINDOWS\Tasks\McQcTask.job
2007-08-15 00:28:10 270 --a------ C:\WINDOWS\Tasks\McDefragTask.job


-- Files created between 2007-10-14 and 2007-11-14 -----------------------------

2007-11-14 15:34:46 0 d-------- C:\Program Files\Trend Micro
2007-11-14 13:08:57 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-11-14 13:08:54 0 d-------- C:\WINDOWS\LastGood
2007-11-13 17:45:01 0 d-------- C:\Program Files\Video Add-on
2007-11-06 18:23:57 0 d-------- C:\AdContac
2007-11-06 13:02:31 0 d-------- C:\Documents and Settings\Customer\Application Data\MySpace
2007-11-06 13:02:28 0 d-------- C:\Program Files\MySpace
2007-10-31 12:03:49 0 d-------- C:\Documents and Settings\All Users\Application Data\infoUSA Security
2007-10-31 11:47:58 0 d-------- C:\Program Files\Common Files\ESRI
2007-10-31 11:47:56 1056768 --a------ C:\WINDOWS\system32\Roboex32.dll <Not Verified; Blue Sky Software Corporation.; RoboHELP Classic 2000>
2007-10-31 11:47:56 0 d-------- C:\Program Files\Polk Directories
2007-10-31 10:54:00 0 d-------- C:\Program Files\Common Files\Software FX Shared
2007-10-31 10:53:55 0 d-------- C:\Program Files\BudgetSmart
2007-10-29 14:23:09 4 --a------ C:\WINDOWS\system32\F34650
2007-10-29 14:21:51 8413 --a------ C:\WINDOWS\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
2007-10-29 14:19:59 0 d-------- C:\Program Files\Rhapsody
2007-10-25 13:56:35 125440 -----n--- C:\WINDOWS\system32\sx96v32.dll <Not Verified; Lucent Technologies; elemedia variable speed playback speech codec>
2007-10-25 13:55:22 21504 --a------ C:\WINDOWS\system32\docobj.dll
2007-10-25 13:55:20 94208 --a------ C:\WINDOWS\system32\[email protected] <Not Verified; Polar Engineering and Consulting; WinWrap Basic>
2007-10-25 13:55:20 98304 --a------ C:\WINDOWS\system32\[email protected] <Not Verified; Polar Engineering and Consulting; WinWrap Basic>
2007-10-25 13:55:20 102400 --a------ C:\WINDOWS\system32\[email protected] <Not Verified; Polar Engineering and Consulting; WinWrap Basic>
2007-10-25 13:55:20 94208 --a------ C:\WINDOWS\system32\[email protected] <Not Verified; Polar Engineering and Consulting; WinWrap Basic>
2007-10-25 13:55:20 81920 --a------ C:\WINDOWS\system32\[email protected] <Not Verified; Polar Engineering and Consulting; WinWrap Basic>
2007-10-25 13:55:20 106496 --a------ C:\WINDOWS\system32\[email protected] <Not Verified; Polar Engineering and Consulting; WinWrap Basic>
2007-10-25 13:55:20 102400 --a------ C:\WINDOWS\system32\[email protected] <Not Verified; Polar Engineering and Consulting; WinWrap Basic>
2007-10-25 13:55:20 102400 --a------ C:\WINDOWS\system32\[email protected] <Not Verified; Polar Engineering and Consulting; WinWrap Basic>
2007-10-25 13:55:20 98304 --a------ C:\WINDOWS\system32\[email protected] <Not Verified; Polar Engineering and Consulting; WinWrap Basic>
2007-10-25 13:55:20 94208 --a------ C:\WINDOWS\system32\[email protected] <Not Verified; Polar Engineering and Consulting; WinWrap Basic>
2007-10-25 13:55:19 1344624 --a------ C:\WINDOWS\system32\sbe6_32.dll <Not Verified; Polar Engineering and Consulting; WinWrap Basic>
2007-10-25 13:54:38 0 d-------- C:\WINDOWS\speech
2007-10-25 13:54:07 0 d-------- C:\Program Files\ScanSoft
2007-10-19 17:48:09 0 d-------- C:\Program Files\Virtual Earth 3D
2007-10-16 15:52:29 0 d-------- C:\Program Files\The Weather Channel FW


-- Find3M Report ---------------------------------------------------------------

2007-11-14 15:09:29 0 d-------- C:\Program Files\MSN Messenger
2007-11-14 14:49:46 0 d-------- C:\Documents and Settings\Customer\Application Data\SiteAdvisor
2007-11-14 08:35:13 0 d-------- C:\Program Files\McAfee
2007-10-31 16:48:20 0 d-------- C:\Program Files\RentMaster
2007-10-31 11:47:58 0 d-------- C:\Program Files\Common Files
2007-10-29 14:21:59 0 d-------- C:\Program Files\Common Files\Real
2007-10-29 14:21:52 0 d-------- C:\Documents and Settings\Customer\Application Data\Real
2007-10-29 14:20:51 0 d-------- C:\Program Files\Real
2007-10-25 13:35:34 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-10-23 08:17:25 0 d-------- C:\Program Files\Java
2007-10-17 08:16:14 0 d-------- C:\Program Files\Google


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{23B760D6-C98B-450B-9B32-26C7775CDF83}]
11/14/2007 08:35 AM 13824 --a------ C:\Program Files\Video Add-on\isfmdl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{34E6F97C-34E0-4CE5-B92B-F83634BEDC01}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [01/23/2005 10:36 AM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [01/23/2005 10:31 AM]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [10/14/2004 02:42 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 12:11 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/10/2006 07:12 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 07:51 PM]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [01/06/2006 02:07 PM]
"HPHmon04"="C:\WINDOWS\system32\hphmon04.exe" [01/06/2006 02:07 PM]
"HPHUPD04"="C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" []
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [01/17/2007 03:30 PM]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [10/08/2002 05:03 AM]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [02/12/2003 08:27 AM]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [07/24/2006 03:28 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 11:56 PM]
"DW4"="" []
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 07:05 PM]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [08/13/2007 07:04 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\Customer\Start Menu\Programs\Startup\
Dragon NaturallySpeaking.lnk - C:\Program Files\ScanSoft\NaturallySpeaking\Program\natspeak.exe [10/25/2007 1:54:51 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"some"=C:\Program Files\Video Add-on\icthis.exe
"start"=C:\Program Files\Video Add-on\isfmntr.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a2fdb8ae-2356-11dc-9564-0040f4df1320}]
AutoRun\command- F:\LaunchU3.exe




-- End of Deckard's System Scanner: finished at 2007-11-14 15:35:32 ------------

Deckard's System Scanner v20071014.68
Run by Customer on 2007-11-14 15:32:45
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
68: 2007-11-14 20:32:53 UTC - RP459 - Deckard's System Scanner Restore Point
67: 2007-11-14 16:58:59 UTC - RP458 - System Checkpoint
66: 2007-11-13 16:53:43 UTC - RP457 - System Checkpoint
65: 2007-11-12 15:48:13 UTC - RP456 - System Checkpoint
64: 2007-11-09 21:15:23 UTC - RP455 - System Checkpoint


-- First Restore Point --
1: 2007-08-17 19:12:13 UTC - RP392 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Customer.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:34:57 PM, on 11/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Video Add-on\icthis.exe
C:\Program Files\Video Add-on\isfmntr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\system32\hphmon04.exe
C:\Program Files\Video Add-on\icmntr.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Video Add-on\isfmm.exe
C:\Program Files\ScanSoft\NaturallySpeaking\Program\natspeak.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\system32\HPHipm11.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Customer\Local Settings\Temporary Internet Files\Content.IE5\OZFB0R93\dss[1].exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Customer.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: (no name) - {23B760D6-C98B-450B-9B32-26C7775CDF83} - C:\Program Files\Video Add-on\isfmdl.dll
O2 - BHO: (no name) - {34E6F97C-34E0-4CE5-B92B-F83634BEDC01} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Video Add-on\icthis.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Video Add-on\isfmntr.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: Dragon NaturallySpeaking.lnk = C:\Program Files\ScanSoft\NaturallySpeaking\Program\natspeak.exe
O8 - Extra context menu item: &Search - ?p=ZSzed001IWUS_ZNxmk762DWUS
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_5.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143233894937
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab55579.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5051/mcfscan.cab
O22 - SharedTaskScheduler: atrichia - {4a9e875b-d032-45e4-8294-789fe3be5b19} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe

--
End of file - 10085 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 BsStor (InCD Storage Helper Driver) - c:\windows\system32\drivers\bsstor.sys <Not Verified; B.H.A Co.,Ltd.; >
R2 BsUDF (InCD UDF Driver) - c:\windows\system32\drivers\bsudf.sys <Not Verified; ahead software; UDF File System Driver (WindowsXP)>
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-11-13 03:00:01 494 --a------ C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job
2007-11-01 00:00:25 362 --a------ C:\WINDOWS\Tasks\McQcTask.job
2007-08-15 00:28:10 270 --a------ C:\WINDOWS\Tasks\McDefragTask.job


-- Files created between 2007-10-14 and 2007-11-14 -----------------------------

2007-11-14 15:34:46 0 d-------- C:\Program Files\Trend Micro
2007-11-14 13:08:57 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-11-14 13:08:54 0 d-------- C:\WINDOWS\LastGood
2007-11-13 17:45:01 0 d-------- C:\Program Files\Video Add-on
2007-11-06 18:23:57 0 d-------- C:\AdContac
2007-11-06 13:02:31 0 d-------- C:\Documents and Settings\Customer\Application Data\MySpace
2007-11-06 13:02:28 0 d-------- C:\Program Files\MySpace
2007-10-31 12:03:49 0 d-------- C:\Documents and Settings\All Users\Application Data\infoUSA Security
2007-10-31 11:47:58 0 d-------- C:\Program Files\Common Files\ESRI
2007-10-31 11:47:56 1056768 --a------ C:\WINDOWS\system32\Roboex32.dll <Not Verified; Blue Sky Software Corporation.; RoboHELP Classic 2000>
2007-10-31 11:47:56 0 d-------- C:\Program Files\Polk Directories
2007-10-31 10:54:00 0 d-------- C:\Program Files\Common Files\Software FX Shared
2007-10-31 10:53:55 0 d-------- C:\Program Files\BudgetSmart
2007-10-29 14:23:09 4 --a------ C:\WINDOWS\system32\F34650
2007-10-29 14:21:51 8413 --a------ C:\WINDOWS\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
2007-10-29 14:19:59 0 d-------- C:\Program Files\Rhapsody
2007-10-25 13:56:35 125440 -----n--- C:\WINDOWS\system32\sx96v32.dll <Not Verified; Lucent Technologies; elemedia variable speed playback speech codec>
2007-10-25 13:55:22 21504 --a------ C:\WINDOWS\system32\docobj.dll
2007-10-25 13:55:20 94208 --a------ C:\WINDOWS\system32\[email protected] <Not Verified; Polar Engineering and Consulting; WinWrap Basic>
2007-10-25 13:55:20 98304 --a------ C:\WINDOWS\system32\[email protected] <Not Verified; Polar Engineering and Consulting; WinWrap Basic>
2007-10-25 13:55:20 102400 --a------ C:\WINDOWS\system32\[email protected] <Not Verified; Polar Engineering and Consulting; WinWrap Basic>
2007-10-25 13:55:20 94208 --a------ C:\WINDOWS\system32\[email protected] <Not Verified; Polar Engineering and Consulting; WinWrap Basic>
2007-10-25 13:55:20 81920 --a------ C:\WINDOWS\system32\[email protected] <Not Verified; Polar Engineering and Consulting; WinWrap Basic>
2007-10-25 13:55:20 106496 --a------ C:\WINDOWS\system32\[email protected] <Not Verified; Polar Engineering and Consulting; WinWrap Basic>
2007-10-25 13:55:20 102400 --a------ C:\WINDOWS\system32\[email protected] <Not Verified; Polar Engineering and Consulting; WinWrap Basic>
2007-10-25 13:55:20 102400 --a------ C:\WINDOWS\system32\[email protected] <Not Verified; Polar Engineering and Consulting; WinWrap Basic>
2007-10-25 13:55:20 98304 --a------ C:\WINDOWS\system32\[email protected] <Not Verified; Polar Engineering and Consulting; WinWrap Basic>
2007-10-25 13:55:20 94208 --a------ C:\WINDOWS\system32\[email protected] <Not Verified; Polar Engineering and Consulting; WinWrap Basic>
2007-10-25 13:55:19 1344624 --a------ C:\WINDOWS\system32\sbe6_32.dll <Not Verified; Polar Engineering and Consulting; WinWrap Basic>
2007-10-25 13:54:38 0 d-------- C:\WINDOWS\speech
2007-10-25 13:54:07 0 d-------- C:\Program Files\ScanSoft
2007-10-19 17:48:09 0 d-------- C:\Program Files\Virtual Earth 3D
2007-10-16 15:52:29 0 d-------- C:\Program Files\The Weather Channel FW


-- Find3M Report ---------------------------------------------------------------

2007-11-14 15:09:29 0 d-------- C:\Program Files\MSN Messenger
2007-11-14 14:49:46 0 d-------- C:\Documents and Settings\Customer\Application Data\SiteAdvisor
2007-11-14 08:35:13 0 d-------- C:\Program Files\McAfee
2007-10-31 16:48:20 0 d-------- C:\Program Files\RentMaster
2007-10-31 11:47:58 0 d-------- C:\Program Files\Common Files
2007-10-29 14:21:59 0 d-------- C:\Program Files\Common Files\Real
2007-10-29 14:21:52 0 d-------- C:\Documents and Settings\Customer\Application Data\Real
2007-10-29 14:20:51 0 d-------- C:\Program Files\Real
2007-10-25 13:35:34 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-10-23 08:17:25 0 d-------- C:\Program Files\Java
2007-10-17 08:16:14 0 d-------- C:\Program Files\Google


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{23B760D6-C98B-450B-9B32-26C7775CDF83}]
11/14/2007 08:35 AM 13824 --a------ C:\Program Files\Video Add-on\isfmdl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{34E6F97C-34E0-4CE5-B92B-F83634BEDC01}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [01/23/2005 10:36 AM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [01/23/2005 10:31 AM]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [10/14/2004 02:42 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 12:11 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/10/2006 07:12 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 07:51 PM]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [01/06/2006 02:07 PM]
"HPHmon04"="C:\WINDOWS\system32\hphmon04.exe" [01/06/2006 02:07 PM]
"HPHUPD04"="C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" []
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [01/17/2007 03:30 PM]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [10/08/2002 05:03 AM]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [02/12/2003 08:27 AM]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [07/24/2006 03:28 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 11:56 PM]
"DW4"="" []
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 07:05 PM]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [08/13/2007 07:04 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\Customer\Start Menu\Programs\Startup\
Dragon NaturallySpeaking.lnk - C:\Program Files\ScanSoft\NaturallySpeaking\Program\natspeak.exe [10/25/2007 1:54:51 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"some"=C:\Program Files\Video Add-on\icthis.exe
"start"=C:\Program Files\Video Add-on\isfmntr.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a2fdb8ae-2356-11dc-9564-0040f4df1320}]
AutoRun\command- F:\LaunchU3.exe




-- End of Deckard's System Scanner: finished at 2007-11-14 15:35:32 ------------
 

·
Registered
Joined
·
3,025 Posts
Hello,

If you still require assistance then.....


Please run Deckard's System Scanner again, this time using these instructions:

Click the Windows 'Start' button > Select 'Run' - then copy/paste this into the run box & click OK
"%userprofile%\desktop\dss.exe" /config

Click on "Check All"

Click Scan!

When finished, it shall produce two log for you (main.txt & extra.txt)

Please post main.txt, and attach extra.txt in your next reply.
 
1 - 2 of 2 Posts
Status
Not open for further replies.
Top