Tech Support Forum banner
Cancel

spywares, malwares, viruses, rootkits, lions oh my. :(

Jump to Latest Follow
Status
Not open for further replies.
1 - 3 of 3 Posts
W

· Registered
Joined
·
2 Posts
Discussion Starter · #1 ·
o k guys im will try my best to help u guys help me by describing my problems best i can. the first time i encountered something was when the computer popped up a window suggesting i choose "yes or no" in order to clean up some trojans/viruses/spwares. it was the same window that displays fatal errors, but this time it looked a little off. i didn't think too much of it, but the next day internet explorer kept sprouting up with random and crude looking spyware sites. i don't even use internet explorer. IE has a weird toolbar on it "security toolbar 7.1" and if oft time goes to "www.savetheinformation.com" with the title safety center or security center. does www.htepo.com ring a bell also? Also it automatically installs "online security" and "live safety center" onto my desktop which when clicked leads to www.htepo.com. i've had ad-adware, spybot, windows defender, stinger, and even the windows malicious virus detector and i never ran into this before, but now its crazy. windows defender found win32/fotomo. i kno there are a lot of nasties and even when i feel like i get rid of a lot of them they come back. thx for ur help. p.s. my norton has been expired for a while now, but this was never a issue before.

Deckard's System Scanner v20071014.68
Run by user on 2007-11-09 13:19:00
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2007-11-09 21:19:13 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 81% (more than 75%).
Total Physical Memory: 255 MiB (512 MiB recommended).


-- HijackThis (run as user.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 오후 1:29:26, on 2007-11-09
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\cleardisk\cds.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\acdgnetk.exe
C:\Documents and Settings\user\Desktop\dss.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\conime.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\user.exe

O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {21E0DEBD-AACE-4AE4-8384-3A59BA02EE00} - C:\WINDOWS\system32\ssttu.dll
O2 - BHO: {cc6a0fe3-cde4-267b-1664-bde6a118f5b3} - {3b5f811a-6edb-4661-b762-4edc3ef0a6cc} - C:\WINDOWS\system32\ooxnvvsw.dll
O2 - BHO: (no name) - {634BBAB7-3F60-4426-944F-A62B9007F67F} - C:\WINDOWS\system32\tuvvttu.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\jsvihicy.dll
O2 - BHO: MainCtrl Class - {ACB9752A-FB42-436E-84AF-35EA8313A587} - C:\Program Files\Club5678\Ctrl\Club5678Login\ClubLogin35.dll
O2 - BHO: (no name) - {F8323547-FB42-4AB6-B8B6-3899D2CFAD91} - \
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O3 - Toolbar: Search - {57AC854E-381C-4CBF-F508-B22C00E4A386} - C:\WINDOWS\Gzmhdcyd.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\jsvihicy.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [G2] C:\Program Files\G2\G2Main.exe
O4 - HKLM\..\Run: [CDInit] C:\Program Files\cleardisk\CDInit.exe
O4 - HKLM\..\Run: [cds] C:\Program Files\cleardisk\cds.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [e85427c2] rundll32.exe "C:\WINDOWS\system32\qcfjksay.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .nwc: C:\Program Files\NoteWorthy Software\NWC Browser Plugin\npnwcw32.dll
O14 - IERESET.INF: START_PAGE_URL=http://yahoo.com
O14 - IERESET.INF: MS_START_PAGE_URL=http://yahoo.com
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {023A3744-EA13-4C8A-8B23-ABF98974A9F5} (JoyOnPack Control) - http://gunbound.joyon.com/joyonpack.cab
O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.crezio.com/test/leeyunho/AlwaysOn/AlwaysOn.CAB
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://cs8.chat.sc5.yahoo.com/v45/yacscom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/03a4e48c2d95cdb7aa23/netzip/RdxIE601.cab
O16 - DPF: {72ED8878-6E16-4EA1-BDD6-3B21EF676E45} (CVTrace Control) - http://www.cineyes.com/download/cvtrace.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3C46E1D-4929-4FE8-853E-5CD43938047D} - http://g2.co.kr/program/install/g2.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {FFA0B580-F85C-11D4-B501-00010261BA08} - http://assessment.esylvan.com/PCInfo.cab
O20 - Winlogon Notify: jsvihicy - C:\WINDOWS\SYSTEM32\jsvihicy.dll
O20 - Winlogon Notify: tuvvttu - C:\WINDOWS\SYSTEM32\tuvvttu.dll
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\acdgnetk.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 12693 bytes

-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - C:\Program Files\Macromedia\Dreamweaver 4\Dreamweaver.exe,2
.js - JSFile - shell\open\command - "C:\Program Files\Macromedia\Dreamweaver 4\Dreamweaver.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 NPPTNT - c:\windows\system32\npptnt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
R2 STEC3 - c:\windows\system32\stec3.sys <Not Verified; AntiCracking; SVKP driver for NT>
R3 ham50 (Intel V92 HaM Data Fax Voice) - c:\windows\system32\drivers\intelh51.sys <Not Verified; Intel Corporation; Intel® Hardware accelerated Modem Driver>
R3 mohfilt (MOH Filter) - c:\windows\system32\drivers\mohfilt.sys <Not Verified; Intel; Filter Driver to Support Modem-on-Hold>
R3 smwdm - c:\windows\system32\drivers\smwdm.sys <Not Verified; Analog Devices, Inc.; SoundMAX Digital Audio Driver>

S3 ATWPKT2 - c:\program files\america online 8.0c\atwpkt2.sys (file missing)
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 DomainService - c:\windows\system32\acdgnetk.exe /service <Not Verified; ; DDC>

S0 wscsvc (Security Center) - \systemroot\c:\windows\system32\svchost.exe -k netsvcs (file missing)
S2 AOLService (AOL Spyware Protection Service) - c:\progra~1\common~1\aol\aolspy~1\\aolserv.exe
S3 YPCService - c:\windows\system32\ypcser~1.exe <Not Verified; Yahoo! Inc.; YPCService Module>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-11-09 02:19:59 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2007-10-26 19:01:19 528 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - user.job


-- Files created between 2007-10-09 and 2007-11-09 -----------------------------

2007-11-09 13:26:21 0 d-------- C:\Program Files\Trend Micro
2007-11-09 10:18:44 0 d-------- C:\Program Files\SpywareBlaster
2007-11-09 09:49:24 0 d-------- C:\ie-spyad_zo
2007-11-09 01:04:43 77888 --a------ C:\WINDOWS\system32\ooxnvvsw.dll
2007-11-09 01:02:14 88128 --a------ C:\WINDOWS\system32\qcfjksay.dll
2007-11-09 01:01:43 71232 --a------ C:\WINDOWS\system32\acdgnetk.exe <Not Verified; ; DDC>
2007-11-09 00:59:49 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-11-09 00:59:44 0 d-------- C:\WINDOWS\LastGood
2007-11-07 13:49:52 87104 --a------ C:\WINDOWS\system32\sfqgcmnj.dll
2007-11-07 13:46:53 81472 --a------ C:\WINDOWS\system32\mbljjiqf.dll
2007-11-07 13:43:53 71232 --a------ C:\WINDOWS\system32\nutsqxdh.exe <Not Verified; ; DDC>
2007-11-07 07:07:17 0 d--h----- C:\WINDOWS\PIF
2007-11-06 13:49:39 87104 --a------ C:\WINDOWS\system32\ivdmetdj.dll
2007-11-06 13:46:29 81472 --a------ C:\WINDOWS\system32\rmwymfyo.dll
2007-11-06 13:44:08 145984 --a------ C:\WINDOWS\system32\jsvihicy.dll
2007-11-06 13:43:39 145984 --a------ C:\WINDOWS\system32\feutyvev.dll
2007-11-06 13:43:26 436970 ---hs---- C:\WINDOWS\system32\uttss.bak2
2007-11-06 01:42:05 6465 ---hs---- C:\WINDOWS\system32\uttss.bak1
2007-11-06 01:41:07 319584 --a------ C:\WINDOWS\system32\ssttu.dll
2007-11-06 01:39:59 36352 --a------ C:\WINDOWS\system32\gebcbcd.dll
2007-11-06 01:36:35 35840 --a------ C:\WINDOWS\mrofinu1000106.exe
2007-11-06 01:36:23 35840 --a------ C:\WINDOWS\mrofinu572.exe
2007-11-06 01:36:09 0 d-------- C:\WINDOWS\system32\r2
2007-11-06 01:36:09 0 d-------- C:\WINDOWS\system32\g2
2007-11-06 01:36:09 0 d-------- C:\WINDOWS\system32\a1
2007-11-06 01:35:57 0 d-------- C:\WINDOWS\system32\Mz02r
2007-11-06 01:35:57 0 d-------- C:\Temp
2007-11-06 01:35:56 36352 --a------ C:\WINDOWS\system32\tuvvttu.dll
2007-10-20 11:08:27 0 d-------- C:\Program Files\Easy Upload Tools


-- Find3M Report ---------------------------------------------------------------

2007-11-09 07:20:04 0 d-------- C:\Program Files\Windows Defender
2007-11-09 07:20:01 0 d-------- C:\Program Files\Symantec
2007-11-09 07:12:08 0 d-------- C:\Program Files\iTunes
2007-11-09 07:09:47 0 d-------- C:\Program Files\DIGStream
2007-11-09 07:08:14 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-11-09 07:06:01 0 d-------- C:\Program Files\cleardisk
2007-11-09 06:49:05 0 d-------- C:\Documents and Settings\user\Application Data\Symantec
2007-11-08 21:52:53 0 d-------- C:\Program Files\Norton AntiVirus
2007-11-08 20:55:22 0 d-------- C:\Program Files\Steam
2007-11-07 20:20:33 0 d-------- C:\Program Files\Windows NT
2007-10-26 20:23:58 137862 --a------ C:\WINDOWS\hpoins12.dat
2007-08-26 04:01:51 12288 --a------ C:\Documents and Settings\user\Application Data\plugcach.fon


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{21E0DEBD-AACE-4AE4-8384-3A59BA02EE00}]
2007-11-06 오전 01:41 319584 --a------ C:\WINDOWS\system32\ssttu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3b5f811a-6edb-4661-b762-4edc3ef0a6cc}]
2007-11-09 오전 01:04 77888 --a------ C:\WINDOWS\system32\ooxnvvsw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{634BBAB7-3F60-4426-944F-A62B9007F67F}]
2007-11-06 오전 01:35 36352 --a------ C:\WINDOWS\system32\tuvvttu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-11-06 오후 01:44 145984 --a------ C:\WINDOWS\system32\jsvihicy.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F8323547-FB42-4AB6-B8B6-3899D2CFAD91}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\jsvihicy.dll [2007-11-06 오후 01:44 145984]

[-HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" []
"DIGStream"="C:\Program Files\DIGStream\digstream.exe" [2005-05-18 오후 02:49]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-03-31 오후 03:00]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-05-04 오후 04:21]
"NAV Agent"="C:\PROGRA~1\NORTON~1\navapw32.exe" [2003-04-20 오후 03:02]
"G2"="C:\Program Files\G2\G2Main.exe" []
"CDInit"="C:\Program Files\cleardisk\CDInit.exe" []
"cds"="C:\Program Files\cleardisk\cds.exe" [2006-03-22 오후 02:44]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-04-12 오전 10:30]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 오후 06:20]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 오후 05:30]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 오후 08:52]
"e85427c2"="C:\WINDOWS\system32\qcfjksay.dll" [2007-11-09 오전 01:02]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 오전 12:56]
"Steam"="" []
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 오후 03:45]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{634BBAB7-3F60-4426-944F-A62B9007F67F}"= C:\WINDOWS\system32\tuvvttu.dll [2007-11-06 오전 01:35 36352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jsvihicy]
jsvihicy.dll 2007-11-06 오후 01:44 145984 C:\WINDOWS\system32\jsvihicy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvvttu]
tuvvttu.dll 2007-11-06 오전 01:35 36352 C:\WINDOWS\system32\tuvvttu.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ssttu.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc




-- End of Deckard's System Scanner: finished at 2007-11-09 13:31:27 ------------
 

Attachments

1 - 3 of 3 Posts
Status
Not open for further replies.
About this Discussion
2 Replies
2 Participants
Last post:
Angelfire777
Tech Support Forum
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Windows XP Support Windows 7 , Windows Vista Support Motherboards, Bios|UEFI & CPU Networking Support Laptop Support
Top