Tech Support banner

Status
Not open for further replies.
1 - 1 of 1 Posts

·
Registered
Joined
·
1 Posts
Discussion Starter #1
My pc is very slow and hangs up everytime i start it up. I wanted to check for adware/spyware junk.



Activescan log

Incident Status Location

Spyware:spyware/virtumonde Not disinfected Windows Registry
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\CAG\Cookies\[email protected][1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\CAG\Cookies\[email protected][2].txt
Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\CAG\Cookies\[email protected][2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\CAG\Cookies\[email protected][2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\CAG\Cookies\[email protected][2].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\CAG\Cookies\[email protected][1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\CAG\Cookies\[email protected][1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\CAG\Local Settings\Temp\Cookies\[email protected][1].txt




Deckard's System Scanner v20071014.68
Run by CAG on 2007-12-04 20:52:31
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
29: 2007-12-05 01:52:35 UTC - RP408 - Deckard's System Scanner Restore Point
28: 2007-12-05 01:10:22 UTC - RP407 - System Checkpoint
27: 2007-12-02 20:47:20 UTC - RP406 - System Checkpoint
26: 2007-12-01 20:35:19 UTC - RP405 - System Checkpoint
25: 2007-11-30 19:52:31 UTC - RP404 - System Checkpoint


-- First Restore Point --
1: 2007-11-05 23:47:39 UTC - RP380 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-12-04 20:55:18
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\LogMeIn\x86\ramaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\snmp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIAIA.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
C:\Documents and Settings\CAG\Desktop\Deckersscan.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myscanninginnovations.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
O1 - Hosts: 192.168.2.55 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Alcohol Toolbar Helper - {0ACF00E0-C1E4-4F6B-B290-10AC7505C47A} - C:\Program Files\Alcohol Toolbar\v3.0.0.0\AudioGizmo_Toolbar.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar4.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Alcohol Toolbar - {DC59A0D4-0ED6-4A73-B356-1B977F2A7725} - C:\Program Files\Alcohol Toolbar\v3.0.0.0\AudioGizmo_Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar4.dll
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB002" /M "Stylus Photo R220"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://online.musicmatch.com (HKLM)
O15 - ProtocolDefaults: Unknown 'myui' protocol is in Trusted Zone (HKLM)
O15 - ProtocolDefaults: Unknown 'myrm' protocol is in Trusted Zone (HKLM)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\Software\..\Telephony: DomainName = scanning.local
O17 - HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: Domain = scanning.local
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: Domain = scanning.local
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O23 - Service: McAfee Application Installer Cleanup (0222241196363489) (0222241196363489mcinstcleanup) - Unknown owner - C:\DOCUME~1\SUSANB~1\LOCALS~1\Temp\022224~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\ramaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: SentinelProtectionServer - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: ViewWise EAS Service - Unknown owner - \System\EASService.exe
O23 - Service: ViewWiseService - Unknown owner - C:\ViewWise\system\ViewWiseService.exe
O23 - Service: ViewWise Storage Service (ViewWiseStorage) - Unknown owner - C:\ViewWise\system\StorageService.exe


--
End of file - 11434 bytes

-- HijackThis Fixed Entries (C:\\backups\) -------------------------------------

backup-20060409-123050-195 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz
backup-20060409-123050-278 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
backup-20060409-123050-912 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 Kf650a - c:\windows\system32\drivers\kf650a2k.sys <Not Verified; Kofax Image Products; Kofax Adrenaline 650>
R0 KofaxIO - c:\windows\system32\drivers\kofaxio.sys <Not Verified; Kofax Image Products; Kofax IO Driver>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R2 InAspi32 - c:\windows\system32\drivers\inaspi32.sys <Not Verified; Initio Corporation; Initio Aspi32 Driver For Windows NT>
R3 vaxscsi - c:\windows\system32\drivers\vaxscsi.sys

S3 DSproct - c:\program files\dell support\gtaction\triggers\dsproct.sys <Not Verified; GTek Technologies Ltd.; processt>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ViewWiseService - c:\viewwise\system\viewwiseservice.exe
R2 ViewWiseStorage (ViewWise Storage Service) - c:\viewwise\system\storageservice.exe

S2 0222241196363489mcinstcleanup (McAfee Application Installer Cleanup (0222241196363489)) - c:\docume~1\susanb~1\locals~1\temp\022224~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service (file missing)
S2 ViewWise EAS Service - \system\easservice.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2007-11-04 and 2007-12-04 -----------------------------

2007-12-04 18:35:39 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-12-04 18:35:38 0 d-------- C:\WINDOWS\LastGood
2007-11-30 13:51:32 0 d-------- C:\Documents and Settings\CAG\Application Data\AVG7
2007-11-29 14:16:39 0 d-------- C:\Documents and Settings\NetworkService\Application Data\AVG7
2007-11-29 14:11:37 240 --a------ C:\WINDOWS\myClean.bat
2007-11-29 14:05:32 0 d-------- C:\Documents and Settings\Susan B\Application Data\AVG7
2007-11-29 14:05:24 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-11-29 14:05:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-29 14:05:08 0 dr-h----- C:\Documents and Settings\Susan B\Recent
2007-11-29 14:03:59 0 d-------- C:\Program Files\CCleaner
2007-11-29 14:00:39 0 d-------- C:\Program Files\LogMeIn
2007-11-28 09:33:54 0 d-------- C:\WINDOWS\network diagnostic
2007-11-20 10:28:14 0 d-------- C:\Documents and Settings\Susan B\Application Data\Stamps.com Internet Postage
2007-11-20 10:23:41 0 d-------- C:\Documents and Settings\All Users\Application Data\{EF257B1A-26EA-4A90-9BCC-54CA818488E8}
2007-11-20 10:23:23 36 --ah----- C:\WINDOWS\system32\f9t.dat
2007-11-20 10:23:23 0 d-------- C:\Program Files\Stamps.com Internet Postage
2007-11-19 10:04:43 0 d-------- C:\Program Files\Muratec
2007-11-19 10:04:33 49152 --a------ C:\WINDOWS\system32\mmlln205.dll <Not Verified; MURATA MACHINERY,LTD.; Muratec MFX-Series/F-Series>
2007-11-19 10:04:33 98304 --a------ C:\WINDOWS\system32\mmlh205p.dll <Not Verified; MURATA MACHINERY,LTD.; Muratec MFX-Series/F-Series>
2007-11-19 10:04:33 102400 --a------ C:\WINDOWS\system32\mmlg013l.dll <Not Verified; MURATA MACHINERY,LTD.; Muratec MFX-Series/F-Series>
2007-11-19 10:04:32 208896 --a------ C:\WINDOWS\system32\mmlxpmns.dll <Not Verified; MURATA MACHINERY,LTD.; Muratec MFX-Series/F-Series>
2007-11-19 10:04:32 49152 --a------ C:\WINDOWS\system32\mmlweb.exe <Not Verified; MURATA MACHINERY,LTD.; Muratec V-Series/MFX-Series/F-Series>
2007-11-19 10:04:32 172032 --a------ C:\WINDOWS\system32\mmlupxml.dll <Not Verified; MURATA MACHINERY,LTD.; Muratec V-Series/MFX-Series>
2007-11-19 10:04:32 69632 --a------ C:\WINDOWS\system32\mmltoenc.dll <Not Verified; MURATA MACHINERY,LTD.; Muratec V-Series/MFX-Series/F-Series>
2007-11-19 10:04:32 208896 --a------ C:\WINDOWS\system32\mmlnpxml.dll <Not Verified; MURATA MACHINERY,LTD.; Muratec V-Series/MFX-Series>
2007-11-19 10:04:32 0 d-------- C:\Program Files\Common Files\MURATEC
2007-11-19 10:04:09 249856 --a------ C:\WINDOWS\system32\mmlssearch.exe <Not Verified; MURATA MACHINERY,LTD.; Muratec Is+Plus SSearch>
2007-11-19 10:03:40 0 d-------- C:\Documents and Settings\Susan B\Application Data\InstallShield
2007-11-15 15:29:41 0 d-------- C:\Program Files\EPSON Print CD
2007-11-15 15:27:21 483328 --a------ C:\WINDOWS\system32\PICSDK.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON PIC SDK>
2007-11-15 15:27:21 45056 --a------ C:\WINDOWS\system32\EpPicPrt.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON PIC SDK>
2007-11-15 15:27:21 60565 --a------ C:\WINDOWS\system32\EPPICPrinterDB.dat
2007-11-15 15:27:20 1140 --a------ C:\WINDOWS\system32\EPPICPresetData_PT.dat
2007-11-15 15:27:20 1130 --a------ C:\WINDOWS\system32\EPPICPresetData_FR.dat
2007-11-15 15:27:20 1137 --a------ C:\WINDOWS\system32\EPPICPresetData_ES.dat
2007-11-15 15:27:20 1104 --a------ C:\WINDOWS\system32\EPPICPresetData_EN.dat
2007-11-15 15:27:20 1130 --a------ C:\WINDOWS\system32\EPPICPresetData_CF.dat
2007-11-15 15:27:20 1140 --a------ C:\WINDOWS\system32\EPPICPresetData_BP.dat
2007-11-15 15:27:20 4943 --a------ C:\WINDOWS\system32\EPPICPattern6.dat
2007-11-15 15:27:20 15670 --a------ C:\WINDOWS\system32\EPPICPattern5.dat
2007-11-15 15:27:20 10673 --a------ C:\WINDOWS\system32\EPPICPattern4.dat
2007-11-15 15:27:20 21021 --a------ C:\WINDOWS\system32\EPPICPattern3.dat
2007-11-15 15:27:20 13280 --a------ C:\WINDOWS\system32\EPPICPattern2.dat
2007-11-15 15:27:20 29114 --a------ C:\WINDOWS\system32\EPPICPattern1.dat
2007-11-15 15:27:20 45056 --a------ C:\WINDOWS\system32\EpPicMgr.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON PIC SDK>
2007-11-08 10:35:13 0 d-------- C:\Program Files\support.com
2007-11-08 10:35:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Support.com
2007-11-06 13:03:46 0 d-------- C:\Program Files\Dell Support
2007-11-05 19:12:04 0 d--h----- C:\Documents and Settings\Susan B.SCANNING\Templates
2007-11-05 19:12:04 0 dr------- C:\Documents and Settings\Susan B.SCANNING\Start Menu
2007-11-05 19:12:04 0 dr-h----- C:\Documents and Settings\Susan B.SCANNING\SendTo
2007-11-05 19:12:04 0 dr-h----- C:\Documents and Settings\Susan B.SCANNING\Recent
2007-11-05 19:12:04 0 d--h----- C:\Documents and Settings\Susan B.SCANNING\PrintHood
2007-11-05 19:12:04 507904 --a------ C:\Documents and Settings\Susan B.SCANNING\NTUSER.DAT
2007-11-05 19:12:04 0 d--h----- C:\Documents and Settings\Susan B.SCANNING\NetHood
2007-11-05 19:12:04 0 dr------- C:\Documents and Settings\Susan B.SCANNING\My Documents
2007-11-05 19:12:04 0 d--h----- C:\Documents and Settings\Susan B.SCANNING\Local Settings
2007-11-05 19:12:04 0 dr------- C:\Documents and Settings\Susan B.SCANNING\Favorites
2007-11-05 19:12:04 0 d-------- C:\Documents and Settings\Susan B.SCANNING\Desktop
2007-11-05 19:12:04 0 d---s---- C:\Documents and Settings\Susan B.SCANNING\Cookies
2007-11-05 19:12:04 0 dr-h----- C:\Documents and Settings\Susan B.SCANNING\Application Data
2007-11-05 19:12:04 0 d-------- C:\Documents and Settings\Susan B.SCANNING\Application Data\Symantec
2007-11-05 19:12:04 0 d-------- C:\Documents and Settings\Susan B.SCANNING\Application Data\Sun
2007-11-05 19:12:04 0 d---s---- C:\Documents and Settings\Susan B.SCANNING\Application Data\Microsoft
2007-11-05 19:12:04 0 d-------- C:\Documents and Settings\Susan B.SCANNING\Application Data\Identities
2007-11-05 19:12:04 0 d-------- C:\Documents and Settings\Susan B.SCANNING\Application Data\Gtek


-- Find3M Report ---------------------------------------------------------------

2007-12-04 19:32:36 0 d-------- C:\Program Files\Google
2007-11-29 14:16:38 0 d-------- C:\Program Files\Common Files
2007-11-29 14:16:37 0 d-------- C:\Program Files\McAfee
2007-11-20 09:38:20 4184 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-11-20 09:38:18 104 -r-hs---- C:\WINDOWS\system32\7656E9C74B.sys
2007-11-19 10:04:31 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-15 15:29:59 0 d-------- C:\Program Files\EPSON


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [02/23/2005 05:19 PM]
"EPSON Stylus Photo R220 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.exe" [03/09/2005 04:00 AM]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [08/03/2007 03:09 PM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [11/29/2007 02:05 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/27/2007 12:29 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 06:00 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"RegisterDropHandler"=C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 11/15/2007 06:46 PM 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^APC UPS Status.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk
backup=C:\WINDOWS\pss\APC UPS Status.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Error Recovery Guide.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Error Recovery Guide.lnk
backup=C:\WINDOWS\pss\Error Recovery Guide.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Palo Alto Software Update Manager 8.0.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Palo Alto Software Update Manager 8.0.lnk
backup=C:\WINDOWS\pss\Palo Alto Software Update Manager 8.0.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=C:\WINDOWS\pss\Service Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
"C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
"C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\Dell Support\DSAgnt.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FJTWAIN Setup]
C:\WINDOWS\Twain_32\fjscan32\FjtwSetup.exe /Station

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FtLnSOP_setup]
C:\WINDOWS\Twain_32\Fjscan32\SOP\FtLnSOP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantAccess]
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iobi]
C:\Program Files\Verizon\iobi\iobiClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
C:\PROGRA~1\MUSICM~1\MUSICM~3\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsmqIntCert]
regsvr32 /s mqrt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]
C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegisterDropHandler]
C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc




-- Hosts -----------------------------------------------------------------------

127.0.0.1 phpadsnew.abac.com
127.0.0.1 a.abnad.net
127.0.0.1 b.abnad.net
127.0.0.1 c.abnad.net #[IE-SpyAd]
127.0.0.1 d.abnad.net
127.0.0.1 e.abnad.net
127.0.0.1 m3.abnad.net
127.0.0.1 gtcc1.acecounter.com
127.0.0.1 gtp1.acecounter.com
127.0.0.1 acestats.com

11203 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2007-12-04 20:55:45 ------------
 

Attachments

1 - 1 of 1 Posts
Status
Not open for further replies.
Top