Deckard's System Scanner v20071014.68
Run by Justin on 2008-05-27 19:39:10
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
34: 2008-05-28 00:39:18 UTC - RP157 - Deckard's System Scanner Restore Point
33: 2008-05-27 19:45:49 UTC - RP156 - System Checkpoint
32: 2008-05-26 16:23:43 UTC - RP155 - Last known good configuration
31: 2008-05-26 16:23:40 UTC - RP154 - Software Distribution Service 3.0
30: 2008-05-26 16:23:39 UTC - RP153 - Installed Windows Internet Explorer 7.
-- First Restore Point --
1: 2008-05-26 16:23:37 UTC - RP124 - Installed Windows XP KB924496.
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Justin.exe) ----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:39:55 PM, on 5/27/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Zamaan's Software\Browser Hijack Retaliator 4.5\BHR.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Documents and Settings\Justin.N\Desktop\virus stuff\dss.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Justin.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {28675366-3F8C-4365-96A8-E4B788F76031} - C:\WINDOWS\system32\geBspnNf.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {613E416F-BCB6-43AD-B0FC-DF7B0D5A70BF} - (no file)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: (no name) - {C98C57D8-E895-4D6F-BB4A-9E9617E91059} - (no file)
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [BHR] "C:\Program Files\Zamaan's Software\Browser Hijack Retaliator 4.5\BHR.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) -
http://lads.myspace....ploader1006.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.mi...b?1211227830526O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) -
http://cdn2.zone.msn...ro.cab56649.cabO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: wbsys.dll,avgrsstx.dll
O20 - Winlogon Notify: khfDtqno - khfDtqno.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 5290 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------
backup-20080525-185826-328 O4 - HKCU\..\Run: [WinSpywareProtect (ver. 5.1)] "C:\Documents and Settings\All Users.WINDOWS\Application Data\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe" /autorun
backup-20080527-193757-889 O4 - HKLM\..\Run: [fc182c4f] "rundll32.exe" "C:\WINDOWS\system32\mghfvmab.dll",b
-- File Associations -----------------------------------------------------------
.bat - batfile - DefaultIcon - C:\Program Files\AlienGUIse\Themes\Alienware Invader Icon Packager\Alienware Invader.icl,43.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*.inf - inffile - DefaultIcon - C:\WINDOWS\System32\shell32.dll,69.ini - inifile - DefaultIcon - C:\Program Files\AlienGUIse\Themes\Alienware Invader Icon Packager\Alienware Invader.icl,35.txt - txtfile - DefaultIcon - C:\Program Files\AlienGUIse\Themes\Alienware Invader Icon Packager\Alienware Invader.icl,22-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R3 ALCXSENS (Service for WDM 3D Audio Driver) - c:\windows\system32\drivers\alcxsens.sys <Not Verified; Sensaura Ltd; >
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
All services whitelisted.
-- Device Manager: Disabled ----------------------------------------------------
Class GUID:
Description: psc 1300 series
Device ID: USB\VID_03F0&PID_3B11&MI_00\6&2EE9CF71&0&0000
Manufacturer:
Name: psc 1300 series
PNP Device ID: USB\VID_03F0&PID_3B11&MI_00\6&2EE9CF71&0&0000
Service:
Class GUID:
Description: psc 1300 series
Device ID: USB\VID_03F0&PID_3B11&MI_02\6&2EE9CF71&0&0002
Manufacturer:
Name: psc 1300 series
PNP Device ID: USB\VID_03F0&PID_3B11&MI_02\6&2EE9CF71&0&0002
Service:
-- Scheduled Tasks -------------------------------------------------------------
2008-05-27 16:36:41 1500 --a------ C:\WINDOWS\Tasks\wrSpySweeperTrialSweep.job
-- Files created between 2008-04-27 and 2008-05-27 -----------------------------
2008-05-27 17:01:55 0 d-------- C:\Program Files\Enigma Software Group
2008-05-27 16:50:46 0 dr-h---c- C:\Documents and Settings\Justin.N\Recent
2008-05-27 16:43:55 0 d-------- C:\Program Files\Yahoo!
2008-05-27 16:43:43 0 d-------- C:\Program Files\CCleaner
2008-05-27 16:42:39 118784 --a------ C:\WINDOWS\system32\msstdfmt.dll <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
2008-05-27 16:42:38 0 d-------- C:\Program Files\Zamaan's Software
2008-05-27 16:36:44 0 d------c- C:\Documents and Settings\LocalService.NT AUTHORITY.000\Application Data\Webroot
2008-05-27 16:36:23 0 d-------- C:\Program Files\Webroot
2008-05-27 16:36:23 0 d------c- C:\Documents and Settings\Justin.N\Application Data\Webroot
2008-05-27 16:36:23 0 d------c- C:\Documents and Settings\All Users.WINDOWS\Application Data\Webroot
2008-05-27 16:35:07 164 --a----c- C:\install.dat
2008-05-27 11:28:24 94208 --a----c- C:\WINDOWS\system32\mghfvmab.dll
2008-05-26 12:24:12 765952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-05-26 12:23:49 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-05-26 12:23:49 0 d-------- C:\Program Files\Xvid
2008-05-26 11:23:27 626961 --ahs---- C:\WINDOWS\system32\fNnpsBeg.ini2
2008-05-26 11:23:24 318848 --a------ C:\WINDOWS\system32\geBspnNf.dll
2008-05-26 09:33:53 318848 --a------ C:\WINDOWS\system32\fccywUno.dll
2008-05-26 08:33:55 318848 --a------ C:\WINDOWS\system32\tuvWpQhf.dll
2008-05-26 07:33:51 318848 --a------ C:\WINDOWS\system32\yayxULdc.dll
2008-05-26 06:33:49 318848 --a------ C:\WINDOWS\system32\fccbXPjG.dll
2008-05-25 19:18:52 68096 --a------ C:\WINDOWS\zip.exe
2008-05-25 19:18:52 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-25 19:18:51 49152 --a------ C:\WINDOWS\VFind.exe
2008-05-25 19:18:51 98816 --a------ C:\WINDOWS\sed.exe
2008-05-25 19:18:51 80412 --a------ C:\WINDOWS\grep.exe
2008-05-25 19:18:51 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-25 19:18:49 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-25 19:18:49 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-25 02:18:26 0 d-------- C:\Program Files\Trend Micro
2008-05-24 11:07:38 0 d-------- C:\Program Files\Registry Defender Platinum
2008-05-24 10:59:55 0 d-------- C:\WINDOWS\ERUNT
2008-05-23 17:44:23 0 d-------- C:\Program Files\Alwil Software
2008-05-23 15:10:29 0 d--h---c- C:\$AVG8.VAULT$
2008-05-23 15:07:33 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-23 15:07:32 0 d------c- C:\Documents and Settings\Justin.N\Application Data\AVGTOOLBAR
2008-05-23 15:06:58 0 d-------- C:\Program Files\AVG
2008-05-23 15:06:58 0 d------c- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8
2008-05-23 14:25:58 0 d-a----c- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-05-20 19:36:12 0 d------c- C:\Documents and Settings\Justin.N\Application Data\acccore
2008-05-20 19:35:08 0 d------c- C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint
2008-05-20 19:34:58 0 d------c- C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL
2008-05-20 19:34:58 0 d------c- C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL OCP
2008-05-20 19:34:39 0 d-------- C:\Program Files\Common Files\AOL
2008-05-20 19:34:34 0 d-------- C:\Program Files\AIM6
2008-05-20 19:16:32 0 d-------- C:\WINDOWS\Prefetch
2008-05-20 19:08:15 0 d-------- C:\WINDOWS\system32\scripting
2008-05-20 19:08:14 0 d-------- C:\WINDOWS\l2schemas
2008-05-20 19:08:13 0 d-------- C:\WINDOWS\system32\en
2008-05-19 22:04:43 0 d------c- C:\Documents and Settings\Justin.N\Application Data\Ahead
2008-05-19 20:33:49 0 d------c- C:\Documents and Settings\Justin.N\Application Data\WinRAR
2008-05-19 19:16:29 0 d-------- C:\Program Files\uTorrent
2008-05-19 19:16:21 0 d------c- C:\Documents and Settings\Justin.N\Application Data\uTorrent
2008-05-19 18:42:32 106496 --a------ C:\WINDOWS\system32\TwnLib20.dll <Not Verified; Pegasus Software; TWNLIB20>
2008-05-19 18:42:31 38912 --a------ C:\WINDOWS\system32\picn20.dll <Not Verified; Pegasus Imaging Corp.; PEGASUS>
2008-05-19 18:42:29 544768 --a------ C:\WINDOWS\system32\imagx5.dll <Not Verified; Pegasus Software, LLC; ImagXpress>
2008-05-19 18:42:29 569344 --a------ C:\WINDOWS\system32\imagr5.dll <Not Verified; Pegasus Software,LLC; ImagXpress>
2008-05-19 18:42:26 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe <Not Verified; Ahead Software Gmbh; Ahead Software Gmbh NeroCheck>
2008-05-19 18:09:21 0 d-------- C:\Program Files\MSXML 4.0
2008-05-19 17:47:50 0 d-------- C:\Program Files\Microsoft Silverlight
2008-05-19 17:23:17 0 d------c- C:\Documents and Settings\LocalService.NT AUTHORITY.000\Start Menu
2008-05-19 16:00:00 171280 --a------ C:\WINDOWS\system32\jit.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-05-19 16:00:00 46352 --a------ C:\WINDOWS\setdebug.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-05-19 15:59:59 139536 --a------ C:\WINDOWS\system32\javaee.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-05-19 15:59:59 313856 --a------ C:\WINDOWS\system32\dx3j.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Java>
2008-05-19 15:59:59 6550 --a------ C:\WINDOWS\jautoexp.dat
2008-05-19 15:59:47 113 --a------ C:\WINDOWS\system32\zonedon.reg
2008-05-19 15:59:47 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2008-05-19 15:59:46 171792 --a------ C:\WINDOWS\system32\wjview.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-05-19 15:59:45 286992 --a------ C:\WINDOWS\system32\vmhelper.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-05-19 15:59:45 21264 --a------ C:\WINDOWS\system32\msjdbc10.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-05-19 15:59:44 947472 --a------ C:\WINDOWS\system32\msjava.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-05-19 15:59:44 154384 --a------ C:\WINDOWS\system32\msawt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-05-19 15:59:43 172304 --a------ C:\WINDOWS\system32\jview.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-05-19 15:59:43 15120 --a------ C:\WINDOWS\system32\jdbgmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-05-19 15:59:43 404752 --a------ C:\WINDOWS\system32\javart.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-05-19 15:59:43 63248 --a------ C:\WINDOWS\system32\javaprxy.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-05-19 15:59:42 187152 --a------ C:\WINDOWS\system32\javacypt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-05-19 15:59:41 49424 --a------ C:\WINDOWS\system32\clspack.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-05-19 15:43:16 0 d-------- C:\WINDOWS\Windows Update Setup Files
2008-05-19 15:27:41 0 d------c- C:\Documents and Settings\Justin.N\Application Data\Macromedia
2008-05-19 15:27:39 0 d------c- C:\Documents and Settings\Justin.N\Application Data\Adobe
2008-05-19 15:13:58 0 d--h----- C:\WINDOWS\$hf_mig$
2008-05-19 15:10:27 0 d--hs--c- C:\Documents and Settings\Justin.N\UserData
-- Find3M Report ---------------------------------------------------------------
2008-05-27 19:39:18 987 --a----c- C:\Documents and Settings\Justin.N\Application Data\bhrslog.txt
2008-05-24 01:19:12 0 d-------- C:\Program Files\Viewpoint
2008-05-24 01:16:20 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-23 16:15:14 0 d-------- C:\Program Files\DIGStream
2008-05-20 19:34:39 0 d-------- C:\Program Files\Common Files
2008-05-20 19:08:13 0 d-------- C:\Program Files\Movie Maker
2008-05-20 19:05:18 0 d-------- C:\Program Files\Windows NT
2008-05-19 18:42:19 0 d-------- C:\Program Files\Ahead
2008-05-19 16:04:56 0 d--h----- C:\Program Files\WindowsUpdate
2008-05-03 09:21:03 0 d-------- C:\Program Files\InterActual
2008-04-17 13:06:09 0 d-------- C:\Program Files\MSN Games
2008-04-17 13:03:33 0 d-------- C:\Program Files\Windows Media Connect 2
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{28675366-3F8C-4365-96A8-E4B788F76031}]
05/26/2008 11:23 AM 318848 --a------ C:\WINDOWS\system32\geBspnNf.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{613E416F-BCB6-43AD-B0FC-DF7B0D5A70BF}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
05/23/2008 03:07 PM 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C98C57D8-E895-4D6F-BB4A-9E9617E91059}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [05/23/2008 03:07 PM 2050816]
[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [04/21/2003 07:00 AM C:\WINDOWS\SOUNDMAN.EXE]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 10:50 AM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [05/23/2008 03:07 PM]
"BHR"="C:\Program Files\Zamaan's Software\Browser Hijack Retaliator 4.5\BHR.exe" [10/24/2006 10:14 PM]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [01/04/2008 08:56 PM]
"SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [01/23/2008 03:47 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/14/2008 05:42 AM]
"Aim6"="" []
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfDtqno]
khfDtqno.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 12/21/2001 01:34 AM 24576 C:\Program Files\AlienGUIse\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll,avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\geBspnNf
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc
*Newly Created Service* - MCHINJDRV
*Newly Created Service* - SSFS0BB9
*Newly Created Service* - SSHRMD
*Newly Created Service* - SSIDRV
*Newly Created Service* - WEBROOTSPYSWEEPERSERVICE
-- End of Deckard's System Scanner: finished at 2008-05-27 19:45:08 ------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 3.0
Architecture: X86; Language: English
CPU 0: AMD Athlon XP 2500+
Percentage of Memory in Use: 73%
Physical Memory (total/avail): 511.49 MiB / 134.24 MiB
Pagefile Memory (total/avail): 1248.38 MiB / 773.31 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1816.96 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 37.27 GiB total, 5.84 GiB free.
D: is CDROM (No Media)
E: is Removable (No Media)
\\.\PHYSICALDRIVE0 - WDC WD400BB-00DEA0 - 37.27 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.27 GiB - C:
\\.\PHYSICALDRIVE1 - HP USB Device
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS
APPDATA=C:\Documents and Settings\Justin.N\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=N
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Justin.N
LOGONSERVER=\\N
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Justin.N\LOCALS~1\Temp
TMP=C:\DOCUME~1\Justin.N\LOCALS~1\Temp
USERDOMAIN=N
USERNAME=Justin
USERPROFILE=C:\Documents and Settings\Justin.N
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Justin.N
(admin)-- Add/Remove Programs ---------------------------------------------------------
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Adobe Flash Player ActiveX --> C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AIM Toolbar 5.0 --> "C:\Program Files\AOL\AIM Toolbar 5.0\uninstall.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Browser Hijack Retaliator 4.5.0 Build 471 --> "C:\Program Files\Zamaan's Software\Browser Hijack Retaliator 4.5\unins000.exe"
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MSXML4 Parser --> MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log
Spy Sweeper --> "C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
SpyHunter --> "C:\Program Files\Enigma Software Group\SpyHunter\Uninstall.exe" "C:\Program Files\Enigma Software Group\SpyHunter\install.log" -u
Theme Manager --> C:\PROGRA~1\ALIENG~1\thememgr.exe /uninstallwise
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Xvid 1.1.3 final uninstall --> "C:\Program Files\Xvid\unins000.exe"
-- Application Event Log -------------------------------------------------------
Event Record #/Type333 / Error
Event Submitted/Written: 05/27/2008 03:39:27 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application taskmgr.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x660211bf.
Processing media-specific event for [taskmgr.exe!ws!]
Event Record #/Type328 / Error
Event Submitted/Written: 05/26/2008 00:23:07 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application wmplayer.exe, version 11.0.5721.5145, faulting module unknown, version 0.0.0.0, fault address 0x0015cd1d.
Processing media-specific event for [wmplayer.exe!ws!]
Event Record #/Type327 / Error
Event Submitted/Written: 05/26/2008 00:21:30 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application wmplayer.exe, version 11.0.5721.5145, faulting module unknown, version 0.0.0.0, fault address 0x381c0003.
Processing media-specific event for [wmplayer.exe!ws!]
Event Record #/Type321 / Error
Event Submitted/Written: 05/26/2008 09:53:47 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.2900.5512, faulting module , version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [explorer.exe!ws!]
Event Record #/Type319 / Error
Event Submitted/Written: 05/26/2008 00:27:21 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x000dc5c1.
Processing media-specific event for [explorer.exe!ws!]
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type4068 / Error
Event Submitted/Written: 05/27/2008 05:04:45 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}
Event Record #/Type4067 / Error
Event Submitted/Written: 05/27/2008 05:04:41 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}
Event Record #/Type4066 / Error
Event Submitted/Written: 05/27/2008 05:04:39 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}
Event Record #/Type4065 / Error
Event Submitted/Written: 05/27/2008 05:04:13 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}
Event Record #/Type4064 / Error
Event Submitted/Written: 05/27/2008 05:04:06 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}
-- End of Deckard's System Scanner: finished at 2008-05-27 19:45:08 ------------