Hello,
I just did what you said to do and it seems to have resolved most of the issues but there are still some problems.
Here is a list of known unresolved issues:
~The Pop Up for the Windows 2009 Antivirus still shows up now and then
~The clock is still in military time.
~My desktop Background has switched to a blue background with an image saying,"Warning! Spyware detected on your computer. Install an antivirus or spyware remover to clean your computer."
~I also have lost the ability to save pictures from the web. (Save as function)
Note: I ran a the registry cleaner in Ccleaner after I did this as well, not sure if that effected anything
Here is the run down of what you said to do:
The NoLop log: No infections were found so there is no list to post
The SDFix log: Included below
The DSS main.txt and extra.txt: main.txt is included below
NOTE: Only the main.txt showed up with the DSS.
Here are the lists:NoLop: Again no infections were found so no list was generated
SDFix log:SDFix: Version 1.210 Run by cbentti on Thu 07/31/2008 at 19:19
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\DOCUME~1\cbentti\Desktop\UNUSED~1\SDFix\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Restoring Default HomePage Value
Restoring Default Desktop Components Value
Restoring Windows ProductId To Remove Fake Virus Alert
Restoring Time Format To Remove Fake Virus Alert
Rebooting
Checking Files :
Trojan Files Found:
C:\WINDOWS\system32\efcCvSMF.dll - Deleted
C:\WINDOWS\ENVO.EXE - Deleted
C:\Documents and Settings\cbentti\Desktop\Error Cleaner.url - Deleted
C:\Documents and Settings\cbentti\Favorites\Error Cleaner.url - Deleted
C:\Documents and Settings\cbentti\Desktop\Privacy Protector.url - Deleted
C:\Documents and Settings\cbentti\Favorites\Privacy Protector.url - Deleted
C:\Documents and Settings\cbentti\Desktop\Spyware&Malware Protection.url - Deleted
C:\Documents and Settings\cbentti\Favorites\Spyware&Malware Protection.url - Deleted
C:\WINDOWS\privacy_danger\index.htm - Deleted
C:\WINDOWS\privacy_danger\images\capt.gif - Deleted
C:\WINDOWS\privacy_danger\images\danger.jpg - Deleted
C:\WINDOWS\privacy_danger\images\down.gif - Deleted
C:\WINDOWS\privacy_danger\images\spacer.gif - Deleted
C:\WINDOWS\nfavxwdbbfk.dll - Deleted
C:\WINDOWS\eqvwamkl.dll - Deleted
C:\WINDOWS\fdkowvbp.dll - Deleted
C:\WINDOWS\grswptdl.exe - Deleted
C:\WINDOWS\system32\pac.txt - Deleted
C:\WINDOWS\wnslvxtf.dll - Deleted
Folder C:\WINDOWS\privacy_danger - Removed
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-07-31 19:29:54
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwClose
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\CatalogNames\Windows\SystemIndex]
"pkm:catalog:LastCatalogCrawlId"=dword:000001f6
"pkm:catalog:LastCatalogCrawlModified"=dword:0000016c
"pkm:catalog:LastCatalogCrawlErrors"=dword:00000000
"pkm:catalog:LastCatalogCrawlExcludes"=dword:0000001b
"pkm:catalog:LastCatalogCrawlKBytes"=dword:00001ffe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex]
"CheckPointNumber"=dword:00000003
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\503]
"CrawlType"=dword:00000005
"InProgress"=dword:00000001
"DoneAddingCrawlSeeds"=dword:00000001
"LogName"="C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Crwl503.gthr"
"CheckPoint"=hex:c0,ef,03,00,00,00,00,00
"IsCatalogLevel"=dword:00000000
"LogStartAddId"=dword:00000000
"SuccessfulTransactions"=dword:00000001
"ErrorTransactions"=dword:00000000
"WarningTransactions"=dword:00000000
"ExcludedTransactions"=dword:00000017
"RetryTransactions"=dword:00000000
"KilobytesCrawled"=dword:00000000
"Modified"=dword:00000028
"UnvisitedItems"=dword:00000000
"ForcedFullCrawl"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\504]
"InProgress"=dword:00000000
"DoneAddingCrawlSeeds"=dword:00000000
"LogStartAddId"=dword:ffffffff
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages\0]
"CrawlNumberInProgress"=dword:000001f7
"CrawlNumberScheduled"=dword:000001f8
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Nortel Networks\\Extranet.exe"="C:\\Program Files\\Nortel Networks\\Extranet.exe:*:Enabled:Contivity VPN Client"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Trillian\\trillian.exe"="C:\\Program Files\\Trillian\\trillian.exe:*:Enabled:Trillian"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\BitDownload\\BitDownload.exe"="C:\\Program Files\\BitDownload\\BitDownload.exe:*:Enabled:Warez3"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
Remaining Files :
File Backups: - C:\DOCUME~1\cbentti\Desktop\UNUSED~1\SDFix\SDFix\backups\backups.zip
Files with Hidden Attributes :
Mon 2 Jul 2007 40,960 A..HR --- "C:\WINDOWS\spm.exe"
Fri 9 Mar 2007 479,096 A..H. --- "C:\nmutools\NetAgent\klcfginst.exe"
Fri 9 Mar 2007 607,832 A..H. --- "C:\nmutools\NetAgent\klrbtagt.exe"
Fri 9 Mar 2007 603,664 A..H. --- "C:\nmutools\NetAgent\lsexec.exe"
Fri 9 Mar 2007 12,244,608 A..H. --- "C:\nmutools\NetAgent\setup.exe"
Mon 3 Dec 2007 19,639 ...H. --- "C:\Documents and Settings\cbentti\Desktop\~WRL1805.tmp"
Mon 9 Jun 2008 29,184 ...H. --- "C:\Documents and Settings\cbentti\My Documents\~WRL0001.tmp"
Tue 11 Sep 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Thu 13 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fe627730c4f93db8af2aa6f435442134\BITB.tmp"
Wed 30 Jul 2008 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\t01ridy2.TMP"
Wed 30 Jul 2008 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\ut6qh2of.TMP"
Finished!DSS log:(Again, only the main.txt appeared)
Deckard's System Scanner v20071014.68
Run by cbentti on 2008-07-31 19:44:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis (run as cbentti.exe) ---------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:44:59, on 7/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kaspersky Lab\NetworkAgent\klnagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\nmutools\nmuebs.exe
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
c:\WINDOWS\spm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\cbentti\Desktop\dss(2).exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\cbentti.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {71B4822F-8642-460D-A7BE-8CE2DBC17A37} - C:\WINDOWS\system32\yaywxuTM.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {E6DF0B46-7D6F-407A-A6A2-62D17A021A9A} - (no file)
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.mi...b?1189564189156O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.mi...b?1189564182062O16 - DPF: {CAFECAFE-0013-0001-0026-ABCDEFABCDEF} (JInitiator 1.3.1.26) -
O16 - DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} (WebBasedClientInstall Class) -
http://liveupdate.nm...all/webinst.cabO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0FO\adialhk.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Kaspersky Network Agent (klnagent) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\NetworkAgent\klnagent.exe
O23 - Service: NMU Emergency Broadcast System (nmuebs) - Northern Michigan University - c:\nmutools\nmuebs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: System Profile Monitor (spm) - Northern Michigan University - c:\WINDOWS\spm.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
--
End of file - 9422 bytes
-- Files created between 2008-06-30 and 2008-07-31 -----------------------------
2008-07-31 19:16:42 0 d-------- C:\WINDOWS\ERUNT
2008-07-31 18:28:32 212 --a------ C:\delete.bat
2008-07-31 02:58:59 99712 --a------ C:\WINDOWS\system32\oarfnodc.dll
2008-07-30 20:59:04 99712 --a------ C:\WINDOWS\system32\rxuoabfe.dll
2008-07-30 20:56:01 636264 --ahs---- C:\WINDOWS\system32\MTuxwyay.ini2
2008-07-30 20:55:57 323328 --a------ C:\WINDOWS\system32\yaywxuTM.dll
2008-07-30 20:49:07 0 d-------- C:\Documents and Settings\cbentti\Application Data\AdwareAlert
2008-07-30 20:48:58 0 d-------- C:\Program Files\AdwareAlert
2008-07-30 20:39:45 0 d-------- C:\Program Files\Trend Micro
2008-07-30 20:23:49 0 d-------- C:\Program Files\Desktop Hijack fix
2008-07-30 20:23:06 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-07-30 19:12:33 0 d--h----- C:\Documents and Settings\cbentti\Recent
2008-07-30 06:06:56 0 d-------- C:\Documents and Settings\cbentti\Application Data\TmpRecentIcons
2008-07-30 06:04:07 34176 --a------ C:\WINDOWS\system32\fccaYspN.dll
2008-07-27 12:22:41 0 d-------- C:\Program Files\Easy Adder
2008-07-27 09:36:50 0 d-------- C:\Program Files\MySpaceMusicPromoter
2008-07-27 09:28:20 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-24 01:04:47 0 d-------- C:\WINDOWS\system32\kBin15
2008-07-24 01:04:47 0 d-------- C:\Temp
2008-07-22 23:25:24 0 d-------- C:\Program Files\view cool license
2008-07-15 23:08:14 21008 -----n--- C:\WINDOWS\system32\Ctl3d.dll <Not Verified; Microsoft Corporation; 3d Windows Control>
2008-07-15 23:08:03 0 d-------- C:\Program Files\Serif
2008-07-12 01:43:36 0 d-------- C:\Documents and Settings\cbentti\Application Data\BitDownload
2008-07-12 01:42:49 0 d-------- C:\Documents and Settings\All Users\Application Data\live 64 math does
2008-07-12 01:42:31 0 d-------- C:\Documents and Settings\cbentti\Application Data\view cool license
2008-07-12 01:42:13 0 d-------- C:\Program Files\BitDownload
2008-07-12 01:06:04 0 d-------- C:\Documents and Settings\cbentti\Application Data\.wyzo
-- Find3M Report ---------------------------------------------------------------
2008-07-31 05:14:33 0 d-------- C:\Program Files\Spyware Doctor
2008-07-30 22:45:11 0 d-------- C:\Documents and Settings\cbentti\Application Data\LimeWire
2008-07-27 09:28:20 0 d-------- C:\Program Files\Common Files
2008-07-16 15:22:54 0 d-------- C:\Documents and Settings\cbentti\Application Data\Adobe
2008-07-12 00:58:30 0 d-------- C:\Program Files\LimeWire
2008-07-01 01:13:30 0 d-------- C:\Program Files\VirtualDJ
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{71B4822F-8642-460D-A7BE-8CE2DBC17A37}]
07/30/2008 20:56 323328 --a------ C:\WINDOWS\system32\yaywxuTM.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ACTray"="C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe" [07/05/2007 14:58]
"ACWLIcon"="C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [07/05/2007 14:51]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe" [05/28/2008 22:00]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [11/12/2007 10:13]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 20:05]
"AdwareAlert"="C:\Program Files\AdwareAlert\AdwareAlert.exe" [07/28/2008 12:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 00:56]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [9/25/2007 8:35:50 PM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [6/29/2006 12:52:57 PM]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2/5/2007 3:40:46 PM]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeStartMenu"=
"NoLogOff"=
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [02/05/2007 15:39 294400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
ACNotify.dll 07/05/2007 14:52 32768 C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
C:\Program Files\Lenovo\AwayTask\AwayNotify.dll 04/13/2006 02:05 49152 C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
notifyf2.dll 07/05/2005 23:45 28672 C:\WINDOWS\system32\notifyf2.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 11/30/2005 20:16 24576 C:\WINDOWS\system32\tphklock.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\KASPER~1\KASPER~1.0FO\adialhk.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\yaywxuTM
"Notification Packages"= scecli csspwntfy ACGina
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4fb367d0-60dd-11dc-b657-444553544200}]
AutoRun\command- E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ee5de0df-1ad5-11dd-b66d-444553544200}]
AutoRun\command- E:\DCoTMenu.exe
menu\command- E:\DCoTMenu.exe
-- End of Deckard's System Scanner: finished at 2008-07-31 19:46:03 ------------
THANKS
Edited by aliasjones, 01 August 2008 - 02:48 AM.