Deckard's System Scanner v20070728.55
Run by Peter on 2007-07-29 at 09:22:51
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 3 Restore Point(s) --
3: 2007-07-29 08:22:59 UTC - RP53 - Deckard's System Scanner Restore Point
2: 2007-07-25 21:44:13 UTC - RP52 - System Checkpoint
1: 2007-07-22 08:59:09 UTC - RP51 - gtg malware removal
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Peter.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:23:59, on 29/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Apps\Powercinema\PCMService.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\wltray.exe
C:\Program Files\Common Files\AOL\1158252760\ee\AOLSoftware.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
c:\program files\common files\aol\1158252760\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
c:\program files\common files\aol\1158252760\ee\aolsoftware.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\PROGRA~1\AOL9~1.0\waol.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Peter\Desktop\dss sytem scanner.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Peter.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [wltray.exe] C:\WINDOWS\system32\wltray.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1158252760\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Search -
http://kl.bar.need2f...earch.html?p=KLO9 - Extra button: Ãâ·Ñ¾«²ÊÊÓƵ³¬Á÷³©ÔÚÏß¹Û¿´ - {022C4009-5283-4365-97BF-144054B40E2E} -
http://itv.mop.com (file missing)
O9 - Extra 'Tools' menuitem: ²¥°ÔµçÊÓ - {022C4009-5283-4365-97BF-144054B40E2E} -
http://itv.mop.com (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) -
http://ipgweb.cce.hp...ads/sysinfo.cabO16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) -
http://ipgweb.cce.hp...oads/msxml4.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoft...free/asinst.cabO16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) -
http://update.videoe...ggPublisher.exeO16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} -
http://ps.itv.mop.co...89_20060727.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{19612D84-61CD-49B8-9CE9-B12926D1F675}: NameServer = 85.255.116.37,85.255.112.85
O17 - HKLM\System\CCS\Services\Tcpip\..\{572C385D-1650-47F4-901B-12DB5C1E54E3}: NameServer = 85.255.116.37,85.255.112.85
O17 - HKLM\System\CCS\Services\Tcpip\..\{9229948A-2599-4635-8BCC-1D83EBB93665}: NameServer = 205.188.146.145
O17 - HKLM\System\CCS\Services\Tcpip\..\{97AD5F8B-FB35-475D-B89E-755C78686446}: NameServer = 85.255.116.37,85.255.112.85
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.37 85.255.112.85
O17 - HKLM\System\CS2\Services\Tcpip\..\{19612D84-61CD-49B8-9CE9-B12926D1F675}: NameServer = 85.255.116.37,85.255.112.85
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.116.37 85.255.112.85
O17 - HKLM\System\CS3\Services\Tcpip\..\{19612D84-61CD-49B8-9CE9-B12926D1F675}: NameServer = 85.255.116.37,85.255.112.85
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.37 85.255.112.85
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
--
End of file - 10593 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
R2 MASPINT - c:\windows\system32\drivers\maspint.sys <Not Verified; MicroStaff Co.,Ltd.; Aspi32 Driver for WinNT>
S0 SiSRaid - c:\windows\system32\drivers\sisraid.sys <Not Verified; Silicon Integrated Systems; SiS 180 Controller>
S3 PPPoEWin (PPPoEWin Miniport) - c:\windows\system32\drivers\pppoewin.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 CLCapSvc (CyberLink Background Capture Service (CBCS)) - "c:\apps\powercinema\kernel\tv\clcapsvc.exe" <Not Verified; ; CLCapSvc Module>
R2 CLSched (CyberLink Task Scheduler (CTS)) - "c:\apps\powercinema\kernel\tv\clsched.exe" <Not Verified; ; CLSched Module>
R2 CyberLink Media Library Service - "c:\program files\cyberlink\shared files\clml_ntservice\clmlserver.exe" <Not Verified; Cyberlink; Cyberlink Media Library Server>
R2 GenericHidService (Generic Service for HID Keyboard Input Collections) - c:\apps\hidservice\hidservice.exe
S2 Automatic LiveUpdate Scheduler - "c:\program files\symantec\liveupdate\aluschedulersvc.exe" (file missing)
-- Scheduled Tasks -------------------------------------------------------------
2007-07-26 22:27:32 362 --a------ C:\WINDOWS\Tasks\WebReg 20070726222731.job
2007-07-09 21:02:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2005-07-10 16:43:37 258 --a------ C:\WINDOWS\Tasks\Registration reminder 3.job
-- Files created between 2007-06-29 and 2007-07-29 -----------------------------
2007-07-29 09:17:32 0 d-------- C:\Program Files\Trend Micro
2007-07-26 19:16:51 0 d-------- C:\Documents and Settings\Damian\Application Data\Grisoft
2007-07-26 18:13:56 0 d-------- C:\Documents and Settings\Martha\Application Data\Grisoft
2007-07-25 22:07:47 0 d-------- C:\Documents and Settings\Peter\Application Data\Grisoft
2007-07-25 22:07:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
-- Find3M Report ---------------------------------------------------------------
2007-06-20 20:30:24 0 d-------- C:\Program Files\Common Files\Adobe
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [04/08/2004 14:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04/08/2004 14:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04/08/2004 14:00]
"SiSPower"="SiSPower.dll" [04/01/2005 16:54 C:\WINDOWS\system32\SiSPower.dll]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [28/01/2005 11:10]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe" [24/12/2002 03:33]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [22/06/2005 11:26]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [25/10/2006 19:58]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [11/04/2002 05:19]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [10/01/2007 12:06]
"wltray.exe"="C:\WINDOWS\system32\wltray.exe" [29/01/2005 02:09]
"HostManager"="C:\Program Files\Common Files\AOL\1158252760\ee\AOLSoftware.exe" [17/11/2006 14:21]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [30/04/2007 16:42]
"SoundMan"="SOUNDMAN.EXE" [03/08/2006 05:12 C:\WINDOWS\soundman.exe]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [04/02/2002 23:32]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [22/12/2006 13:27]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [22/12/2006 13:28]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [13/04/2005 03:48]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/05/2007 03:06]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 10:25]
"yeuivy"="c:\windows\system32\yeuivy.exe" [29/07/2007 09:04]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 14:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [19/01/2007 13:54]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [14/07/2007 17:18]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [22/06/2005 11:13:10]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"system"="kdizo.exe"
-- End of Deckard's System Scanner: finished at 2007-07-29 at 09:26:13 ---------
This topic is locked
Sign In
Create Account
