Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

deleteme$$deleteme$$deleteme$$deleteme&a

Started by roughnecken , Aug 10 2008 07:44 AM

  • Please log in to reply

#1
roughnecken
Posted 10 August 2008 - 07:44 AM

roughnecken

    New Member

  • Member
  • Pip
  • 1 posts
Deckard's System Scanner v20071014.68
Run by ? on 2008-08-10 08:15:14
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
18: 2008-08-10 12:53:20 UTC - RP20 - Installed Google Toolbar for Internet Explorer
17: 2008-08-10 12:43:49 UTC - RP19 - Installed Java™ 6 Update 7
16: 2008-08-10 12:40:45 UTC - RP18 - Removed Java™ 6 Update 7
15: 2008-08-10 10:15:52 UTC - RP17 - Removed VidLord
14: 2008-08-10 10:04:22 UTC - RP16 - Installed VidLord


-- First Restore Point --
1: 2008-08-04 17:34:12 UTC - RP2 - Windows Update


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as ?.exe) ---------------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-08-10 08:25:44
Platform: Windows Vista (6.00.6000)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\System32\taskeng.exe
C:\Windows\System32\dwm.exe
C:\Windows\explorer.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotifye.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\microsoft shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.911.3380\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\?\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MGRC2TGO\dss[1].exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.live.com/?mkt=en-us
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fssui.exe" -autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.911.3380\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onec...s/wlscctrl2.cab
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: usrdm - C:\Windows\system32\usrdm.dll


--
End of file - 4775 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

Class GUID:
Description: Multimedia Controller
Device ID: PCI\VEN_1002&DEV_4D50&SUBSYS_A6981002&REV_00\3&13C0B0C5&1&58
Manufacturer:
Name: Multimedia Controller
PNP Device ID: PCI\VEN_1002&DEV_4D50&SUBSYS_A6981002&REV_00\3&13C0B0C5&1&58
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-08-09 06:45:17 246 --a------ C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job


-- Files created between 2008-07-10 and 2008-08-10 -----------------------------

2008-08-10 08:16:54 0 d-------- C:\Program Files\Trend Micro
2008-08-10 07:53:44 0 d-------- C:\Users\All Users\Google
2008-08-10 07:53:41 0 d-------- C:\Program Files\Google
2008-08-10 07:51:59 0 d-------- C:\Program Files\Java
2008-08-10 07:45:20 0 d-------- C:\Program Files\Common Files\Java
2008-08-10 05:39:23 164352 --a------ C:\Windows\system32\unrar.dll
2008-08-10 05:39:15 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-08-10 05:39:13 0 d-------- C:\Program Files\AviSynth 2.5
2008-08-10 05:38:41 0 d-------- C:\Program Files\AML Products
2008-08-10 05:24:15 0 d-------- C:\Users\All Users\RoboForm
2008-08-10 05:23:53 0 d-------- C:\My RoboForm Data
2008-08-10 05:21:02 0 d-------- C:\Program Files\Siber Systems
2008-08-10 05:14:56 0 d-------- C:\Users\All Users\Protexis
2008-08-10 04:59:10 0 d-------- C:\Program Files\Xilisoft
2008-08-10 04:24:25 21619 --a------ C:\Windows\system32\usrdm.dll
2008-08-09 06:49:51 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-08-09 06:44:48 0 d-------- C:\Program Files\Windows Live Toolbar
2008-08-09 06:44:45 0 d-------- C:\Program Files\Windows Live Favorites
2008-08-09 06:33:39 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-09 06:33:33 0 d-------- C:\Program Files\Windows Live
2008-08-09 06:33:12 0 d-------- C:\Users\All Users\WLInstaller
2008-08-09 05:59:31 0 d-------- C:\Users\All Users\RapidSolution
2008-08-04 17:57:27 0 d-------- C:\Program Files\ValuSoft
2008-08-04 17:57:11 283648 --a------ C:\Windows\uninst.exe <Not Verified; Stirling Technologies, Inc.; InstallShield Deinstaller>
2008-08-04 17:20:31 0 d-------- C:\Windows\system32\IMGAL
2008-08-04 17:20:20 0 d-------- C:\Program Files\Galswin
2008-08-04 16:49:27 0 d-------- C:\Program Files\Windows Live Safety Center
2008-08-04 15:14:37 0 d-------- C:\Windows\Panther
2008-08-04 15:02:17 0 d-------- C:\Windows.old
2008-08-04 14:19:19 0 d-------- C:\Windows\Debug
2008-08-04 14:15:48 0 d-------- C:\Windows\Prefetch
2008-08-04 13:17:13 0 d-------- C:\Program Files\Common Files\PX Storage Engine
2008-08-04 13:16:59 0 d------c- C:\Windows\system32\DRVSTORE
2008-08-04 12:58:11 0 d-------- C:\Windows\PCHEALTH
2008-08-04 12:58:09 0 d--hs---- C:\Windows\Installer
2008-08-04 12:56:42 0 d-------- C:\Program Files\Microsoft Windows OneCare Live
2008-08-04 12:37:32 0 dr------- C:\Users\?\Searches
2008-08-04 12:37:05 0 dr------- C:\Users\?\Contacts
2008-08-04 12:36:51 0 d--hs---- C:\Users\?\Templates <TEMPLA~1>
2008-08-04 12:36:51 0 d--hs---- C:\Users\?\Start Menu <STARTM~1>
2008-08-04 12:36:51 0 d--hs---- C:\Users\?\SendTo
2008-08-04 12:36:51 0 d--hs---- C:\Users\?\Recent
2008-08-04 12:36:51 0 d--hs---- C:\Users\?\PrintHood <PRINTH~1>
2008-08-04 12:36:51 0 d--hs---- C:\Users\?\NetHood
2008-08-04 12:36:51 0 d--hs---- C:\Users\?\My Documents <MYDOCU~1>
2008-08-04 12:36:51 0 d--hs---- C:\Users\?\Local Settings <LOCALS~1>
2008-08-04 12:36:51 0 d--hs---- C:\Users\?\Cookies
2008-08-04 12:36:51 0 d--hs---- C:\Users\?\Application Data <APPLIC~1>
2008-08-04 12:36:46 0 dr------- C:\Users\?\Links
2008-08-04 12:36:46 0 dr------- C:\Users\?\Favorites <FAVORI~1>
2008-08-04 12:36:46 0 dr------- C:\Users\?\Downloads <DOWNLO~1>
2008-08-04 12:36:46 0 dr------- C:\Users\?\Documents <DOCUME~1>
2008-08-04 12:36:46 0 dr------- C:\Users\?\Desktop
2008-08-04 12:36:46 0 d--h----- C:\Users\?\AppData
2008-08-04 12:36:45 0 dr------- C:\Users\?\Videos
2008-08-04 12:36:45 0 dr------- C:\Users\?\Saved Games <SAVEDG~1>
2008-08-04 12:36:45 0 dr------- C:\Users\?\Pictures
2008-08-04 12:36:45 1048576 --ahs---- C:\Users\?\NTUSER.DAT
2008-08-04 12:36:45 0 dr------- C:\Users\?\Music
2008-08-04 12:22:16 0 d-------- C:\Windows\SoftwareDistribution
2008-07-17 12:40:41 0 d-------- C:\ATI Multimedia


-- Find3M Report ---------------------------------------------------------------

2008-08-10 07:57:03 0 d-------- C:\Users\?\AppData\Roaming\Google
2008-08-10 07:45:20 0 d-------- C:\Program Files\Common Files
2008-08-09 14:42:39 0 d---s---- C:\Users\?\AppData\Roaming\Microsoft
2008-08-04 19:34:50 174 --ahs---- C:\Program Files\desktop.ini
2008-08-04 19:29:46 0 d-------- C:\Program Files\Windows Calendar
2008-08-04 19:29:44 0 d-------- C:\Program Files\Windows Mail
2008-08-04 19:29:42 0 d-------- C:\Program Files\Windows Defender
2008-08-04 19:29:34 0 d-------- C:\Program Files\Windows Sidebar
2008-05-25 18:19:00 351232 --a------ C:\Windows\system32\avisynth.dll <Not Verified; The Public; Avisynth 2.5>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
12/17/2007 11:12 AM 56360 --a------ C:\Program Files\Windows Live\Family Safety\fssbho.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [08/04/2008 07:10 PM]
"OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [06/25/2008 06:48 AM]
"SoundMan"="SOUNDMAN.EXE" [03/09/2007 04:28 PM C:\Windows\SOUNDMAN.EXE]
"fssui"="C:\Program Files\Windows Live\Family Safety\fssui.exe" [12/17/2007 11:12 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [08/04/2008 06:34 PM]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [11/02/2006 07:35 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.911.3380\GoogleToolbarNotifier.exe" [08/10/2008 07:53 AM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 07:36 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\usrdm]
usrdm.dll 08/10/2008 04:24 AM 21619 C:\Windows\System32\usrdm.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-08-10 08:27:16 ------------
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP