My internet seems very slow lately. Initial spyware scan seems as though I'm infected. I read the forum rules and wish I could have been more specific with the title of my thread, I'm sorry for that if someone could bear with me. At any rate, here is my log. Thanks for any assistance!
Deckard's System Scanner v20071014.68
Run by SPIKE on 2007-11-15 21:35:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
99: 2007-11-16 02:35:26 UTC - RP631 - Deckard's System Scanner Restore Point
98: 2007-11-15 09:35:51 UTC - RP630 - System Checkpoint
97: 2007-11-14 08:00:35 UTC - RP629 - Software Distribution Service 3.0
96: 2007-11-13 13:44:20 UTC - RP628 - System Checkpoint
95: 2007-11-12 05:41:07 UTC - RP627 - System Checkpoint
-- First Restore Point --
1: 2007-08-18 12:52:22 UTC - RP533 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as SPIKE.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:39:02 PM, on 11/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIA.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\MICROS~4\wcescomm.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Documents and Settings\SPIKE\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\SPIKE.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rfcunited.com/phpBB/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus CX6000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIA.EXE /FU "C:\WINDOWS\TEMP\E_SAD.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~4\wcescomm.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Trillian (2).lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1135699559843
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.com/client/msnmusax4421.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
--
End of file - 8905 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 INO_FLPY - c:\windows\system32\drivers\ino_flpy.sys <Not Verified; Computer Associates; CA eTrust eTrust Antivirus/InoculateIT version 7.X/6.X/4.X>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
R2 INO_FLTR - c:\windows\system32\drivers\ino_fltr.sys <Not Verified; Computer Associates; CA eTrust Antivirus/InoculateIT version 7.X/6.X>
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
R3 Afc (PPdus ASPI Shell) - c:\windows\system32\drivers\afc.sys <Not Verified; Arcsoft, Inc.; Arcsoft(R) ASPI Shell>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
S1 nvport (NVIDIA PORT IO Control Driver) - c:\windows\system32\drivers\nvport.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 InoRPC (eTrust Antivirus RPC Server) - "c:\program files\ca\etrust antivirus\inorpc.exe" <Not Verified; Computer Associates International, Inc.; eTrust Antivirus>
R2 InoRT (eTrust Antivirus Realtime Server) - "c:\program files\ca\etrust antivirus\inort.exe" <Not Verified; Computer Associates International, Inc.; eTrust Antivirus>
R2 InoTask (eTrust Antivirus Job Server) - "c:\program files\ca\etrust antivirus\inotask.exe" <Not Verified; Computer Associates International, Inc.; eTrust Antivirus>
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2007-11-13 11:54:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
-- Files created between 2007-10-15 and 2007-11-15 -----------------------------
2007-11-15 20:54:35 0 d-------- C:\Program Files\SpywareBlaster
2007-11-15 18:30:14 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-11-15 18:05:03 0 d-------- C:\Program Files\Trend Micro
2007-11-14 18:45:26 0 d-------- C:\Documents and Settings\SPIKE\.housecall6.6
2007-10-29 18:24:12 4 --a------ C:\WINDOWS\system32\200E3E
2007-10-29 18:23:48 8413 --a------ C:\WINDOWS\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
-- Find3M Report ---------------------------------------------------------------
2007-11-15 19:51:24 0 d-------- C:\Program Files\Windows Desktop Search
2007-11-15 19:51:19 0 d-------- C:\Program Files\Trillian
2007-11-15 19:45:08 0 d-------- C:\Program Files\Microsoft IntelliPoint
2007-11-15 19:45:04 0 d-------- C:\Program Files\Microsoft ActiveSync
2007-11-15 19:44:59 0 d-------- C:\Program Files\Messenger
2007-11-15 19:41:13 0 d-------- C:\Program Files\iTunes
2007-11-15 19:40:31 0 d-------- C:\Program Files\Google
2007-11-15 19:40:30 0 d-------- C:\Program Files\ESPNRunTime
2007-11-15 19:40:16 0 d-------- C:\Program Files\DIGStream
2007-11-15 17:48:04 11289 --a------ C:\WINDOWS\system32\nvModes.dat
2007-11-07 18:31:10 0 d-------- C:\Documents and Settings\SPIKE\Application Data\U3
2007-10-04 08:19:42 4573 --a------ C:\WINDOWS\mozver.dat
2007-09-30 11:12:24 0 d-------- C:\Program Files\Quicken
2007-09-20 07:36:42 0 d-------- C:\Program Files\Java
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/26/2004 12:01 PM]
"nwiz"="nwiz.exe" [10/26/2004 12:01 PM C:\WINDOWS\system32\nwiz.exe]
"Dell Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" []
"Realtime Monitor"="C:\PROGRA~1\CA\ETRUST~1\realmon.exe" [04/06/2004 05:14 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 03:00 AM]
"DIGStream"="C:\Program Files\DIGStream\digstream.exe" [10/31/2005 11:05 AM]
"DIGServices"="C:\Program Files\ESPNRunTime\DIGServices.exe" [10/31/2005 11:18 AM]
"@"="" []
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [12/04/2005 03:39 PM]
"Windows Media Connect 2"="C:\Program Files\Windows Media Connect 2\WMCCFG.exe" [10/18/2006 08:58 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [12/03/2006 01:25 PM]
"EPSON Stylus CX6000 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIA.exe" [02/13/2006 04:00 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 05:24 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [07/31/2007 05:44 PM]
"BCMSMMSG"="BCMSMMSG.exe" [08/29/2003 03:59 AM C:\WINDOWS\BCMSMMSG.exe]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/12/2004 08:18 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/11/2007 08:43 PM]
"H/PC Connection Agent"="C:\PROGRA~1\MICROS~4\wcescomm.exe" [06/20/2006 09:36 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 07:05 PM]
C:\Documents and Settings\SPIKE\Start Menu\Programs\Startup\
Trillian (2).lnk - C:\Program Files\Trillian\trillian.exe [6/13/2007 11:00:00 PM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 9:05:26 PM]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [5/25/2006 5:53:13 PM]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [9/3/2005 7:45:28 AM]
Kodak software updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2/13/2004 2:12:08 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2/5/2007 2:40:46 PM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [02/05/2007 02:39 PM 294400]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Symantec Fax Starter Edition Port.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Symantec Fax Starter Edition Port.lnk
backup=C:\WINDOWS\pss\Symantec Fax Starter Edition Port.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\Dell Support\DSAgnt.exe" /startup
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command- G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4985c8a0-e825-11db-8093-000f1f120982}]
AutoRun\command- G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4985c8a1-e825-11db-8093-000f1f120982}]
AutoRun\command- H:\PCConnect.exe
-- End of Deckard's System Scanner: finished at 2007-11-15 21:40:19 ------------
Deckard's System Scanner v20071014.68
Run by SPIKE on 2007-11-15 21:35:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
99: 2007-11-16 02:35:26 UTC - RP631 - Deckard's System Scanner Restore Point
98: 2007-11-15 09:35:51 UTC - RP630 - System Checkpoint
97: 2007-11-14 08:00:35 UTC - RP629 - Software Distribution Service 3.0
96: 2007-11-13 13:44:20 UTC - RP628 - System Checkpoint
95: 2007-11-12 05:41:07 UTC - RP627 - System Checkpoint
-- First Restore Point --
1: 2007-08-18 12:52:22 UTC - RP533 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as SPIKE.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:39:02 PM, on 11/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIA.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\MICROS~4\wcescomm.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Documents and Settings\SPIKE\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\SPIKE.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rfcunited.com/phpBB/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus CX6000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIA.EXE /FU "C:\WINDOWS\TEMP\E_SAD.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~4\wcescomm.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Trillian (2).lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1135699559843
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.com/client/msnmusax4421.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
--
End of file - 8905 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 INO_FLPY - c:\windows\system32\drivers\ino_flpy.sys <Not Verified; Computer Associates; CA eTrust eTrust Antivirus/InoculateIT version 7.X/6.X/4.X>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
R2 INO_FLTR - c:\windows\system32\drivers\ino_fltr.sys <Not Verified; Computer Associates; CA eTrust Antivirus/InoculateIT version 7.X/6.X>
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
R3 Afc (PPdus ASPI Shell) - c:\windows\system32\drivers\afc.sys <Not Verified; Arcsoft, Inc.; Arcsoft(R) ASPI Shell>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
S1 nvport (NVIDIA PORT IO Control Driver) - c:\windows\system32\drivers\nvport.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 InoRPC (eTrust Antivirus RPC Server) - "c:\program files\ca\etrust antivirus\inorpc.exe" <Not Verified; Computer Associates International, Inc.; eTrust Antivirus>
R2 InoRT (eTrust Antivirus Realtime Server) - "c:\program files\ca\etrust antivirus\inort.exe" <Not Verified; Computer Associates International, Inc.; eTrust Antivirus>
R2 InoTask (eTrust Antivirus Job Server) - "c:\program files\ca\etrust antivirus\inotask.exe" <Not Verified; Computer Associates International, Inc.; eTrust Antivirus>
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2007-11-13 11:54:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
-- Files created between 2007-10-15 and 2007-11-15 -----------------------------
2007-11-15 20:54:35 0 d-------- C:\Program Files\SpywareBlaster
2007-11-15 18:30:14 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-11-15 18:05:03 0 d-------- C:\Program Files\Trend Micro
2007-11-14 18:45:26 0 d-------- C:\Documents and Settings\SPIKE\.housecall6.6
2007-10-29 18:24:12 4 --a------ C:\WINDOWS\system32\200E3E
2007-10-29 18:23:48 8413 --a------ C:\WINDOWS\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
-- Find3M Report ---------------------------------------------------------------
2007-11-15 19:51:24 0 d-------- C:\Program Files\Windows Desktop Search
2007-11-15 19:51:19 0 d-------- C:\Program Files\Trillian
2007-11-15 19:45:08 0 d-------- C:\Program Files\Microsoft IntelliPoint
2007-11-15 19:45:04 0 d-------- C:\Program Files\Microsoft ActiveSync
2007-11-15 19:44:59 0 d-------- C:\Program Files\Messenger
2007-11-15 19:41:13 0 d-------- C:\Program Files\iTunes
2007-11-15 19:40:31 0 d-------- C:\Program Files\Google
2007-11-15 19:40:30 0 d-------- C:\Program Files\ESPNRunTime
2007-11-15 19:40:16 0 d-------- C:\Program Files\DIGStream
2007-11-15 17:48:04 11289 --a------ C:\WINDOWS\system32\nvModes.dat
2007-11-07 18:31:10 0 d-------- C:\Documents and Settings\SPIKE\Application Data\U3
2007-10-04 08:19:42 4573 --a------ C:\WINDOWS\mozver.dat
2007-09-30 11:12:24 0 d-------- C:\Program Files\Quicken
2007-09-20 07:36:42 0 d-------- C:\Program Files\Java
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/26/2004 12:01 PM]
"nwiz"="nwiz.exe" [10/26/2004 12:01 PM C:\WINDOWS\system32\nwiz.exe]
"Dell Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" []
"Realtime Monitor"="C:\PROGRA~1\CA\ETRUST~1\realmon.exe" [04/06/2004 05:14 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 03:00 AM]
"DIGStream"="C:\Program Files\DIGStream\digstream.exe" [10/31/2005 11:05 AM]
"DIGServices"="C:\Program Files\ESPNRunTime\DIGServices.exe" [10/31/2005 11:18 AM]
"@"="" []
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [12/04/2005 03:39 PM]
"Windows Media Connect 2"="C:\Program Files\Windows Media Connect 2\WMCCFG.exe" [10/18/2006 08:58 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [12/03/2006 01:25 PM]
"EPSON Stylus CX6000 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIA.exe" [02/13/2006 04:00 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 05:24 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [07/31/2007 05:44 PM]
"BCMSMMSG"="BCMSMMSG.exe" [08/29/2003 03:59 AM C:\WINDOWS\BCMSMMSG.exe]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/12/2004 08:18 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/11/2007 08:43 PM]
"H/PC Connection Agent"="C:\PROGRA~1\MICROS~4\wcescomm.exe" [06/20/2006 09:36 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 07:05 PM]
C:\Documents and Settings\SPIKE\Start Menu\Programs\Startup\
Trillian (2).lnk - C:\Program Files\Trillian\trillian.exe [6/13/2007 11:00:00 PM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 9:05:26 PM]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [5/25/2006 5:53:13 PM]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [9/3/2005 7:45:28 AM]
Kodak software updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2/13/2004 2:12:08 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2/5/2007 2:40:46 PM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [02/05/2007 02:39 PM 294400]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Symantec Fax Starter Edition Port.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Symantec Fax Starter Edition Port.lnk
backup=C:\WINDOWS\pss\Symantec Fax Starter Edition Port.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\Dell Support\DSAgnt.exe" /startup
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command- G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4985c8a0-e825-11db-8093-000f1f120982}]
AutoRun\command- G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4985c8a1-e825-11db-8093-000f1f120982}]
AutoRun\command- H:\PCConnect.exe
-- End of Deckard's System Scanner: finished at 2007-11-15 21:40:19 ------------
