Advertisement
Help Keep Boards Alive. Support us by going ad free today. See here: https://subscriptions.boards.ie/.
If we do not hit our goal we will be forced to close the site.

Current status: https://keepboardsalive.com/

Annual subs are best for most impact. If you are still undecided on going Ad Free - you can also donate using the Paypal Donate option. All contribution helps. Thank you.
https://www.boards.ie/group/1878-subscribers-forum

Private Group for paid up members of Boards.ie. Join the club.

Spyware CyberLog-X

2»

Comments

  • #32
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    How is your PC running ? Any problems ?

    Just post one more DSS log and we can send you on your way.


  • #33
    Baldie
    Registered Users, Registered Users 2 Posts: 1,197 ✭✭✭Baldie


    Seems to be running ok now. No viruses popping up. Im in work at the moment and the pc is at home, so I'll run the report when I get home.

    I am currently running Avast anti-virus, AdAware SE, Spybot, Spyware blaster, CCleaner and now HiJackThis. Are they sufficient to keep my PC safe? Would you recommend different virus/spyware software, or anything extra I would need to stop this from happening again?


  • #34
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Those programs are pretty good. I wouldn't recommend that you use HijackThis yourself though.

    I would also include AVG anti-spyware into the list, although you have it now. That is really good. Also SpywareGuard I would recommend, it is really amazing
    http://www.javacoolsoftware.com/spywareguard.html

    Other than that, that is some pretty good protection.


  • #35
    Baldie
    Registered Users, Registered Users 2 Posts: 1,197 ✭✭✭Baldie


    I have run all my anti-virus and malware programmes, Here is the HiJackThis log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:49, on 2007-11-17
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Program Files\Comodo\Firewall\cmdagent.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
    C:\Program Files\ATI Technologies\ATI HydraVision\HydraMD.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Lexmark 4300 Series\lxcemon.exe
    C:\Program Files\Lexmark 4300 Series\ezprint.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\WINDOWS\system32\lxcecoms.exe
    C:\Program Files\ASUS\Probe\AsusProb.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Comodo\Firewall\CPF.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\Documents and Settings\Derek\Desktop\dss.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
    O4 - HKLM\..\Run: [HydraVisionViewport] C:\Program Files\ATI Technologies\ATI HydraVision\HydraMD.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
    O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [RTBatteryMeter] C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\nbj.exe"
    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: BlueSoleil.lnk = ?
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1190929777716
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1191158134265
    O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} - http://www.kodakgallery.eu.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

    --
    End of file - 8761 bytes


  • #36
    Baldie
    Registered Users, Registered Users 2 Posts: 1,197 ✭✭✭Baldie


    ..and the DSS log:

    Deckard's System Scanner v20071014.68
    Run by Derek on 2007-11-17 19:48:58
    Computer is in Normal Mode.



    -- HijackThis (run as Derek.exe)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:49, on 2007-11-17
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Program Files\Comodo\Firewall\cmdagent.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
    C:\Program Files\ATI Technologies\ATI HydraVision\HydraMD.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Lexmark 4300 Series\lxcemon.exe
    C:\Program Files\Lexmark 4300 Series\ezprint.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\WINDOWS\system32\lxcecoms.exe
    C:\Program Files\ASUS\Probe\AsusProb.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Comodo\Firewall\CPF.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\Documents and Settings\Derek\Desktop\dss.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
    O4 - HKLM\..\Run: [HydraVisionViewport] C:\Program Files\ATI Technologies\ATI HydraVision\HydraMD.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
    O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [RTBatteryMeter] C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\nbj.exe"
    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: BlueSoleil.lnk = ?
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1190929777716
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1191158134265
    O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} - http://www.kodakgallery.eu.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

    --
    End of file - 8761 bytes

    -- Files created between 2007-10-17 and 2007-11-17

    2007-11-17 19:49:19 0 d
    C:\Program Files\Trend Micro
    2007-11-17 19:06:11 0 dr-h
    C:\Documents and Settings\Derek\Recent
    2007-11-17 10:52:18 0 d
    C:\Documents and Settings\Derek\Application Data\Comodo
    2007-11-17 10:52:17 0 d
    C:\Documents and Settings\All Users\Application Data\Comodo
    2007-11-17 10:48:01 0 d
    C:\Program Files\Comodo
    2007-11-17 10:26:30 0 d
    C:\Program Files\SpywareGuard
    2007-11-15 23:15:03 0 d
    C:\Documents and Settings\Derek\Application Data\Grisoft
    2007-11-15 23:14:49 0 d
    C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-11-14 19:57:38 0 d
    C:\WINDOWS\ERUNT
    2007-11-13 23:06:06 0 d--h
    C:\WINDOWS\system32\GroupPolicy
    2007-11-11 15:44:26 0 d
    C:\Program Files\Java
    2007-11-11 15:43:21 0 d
    C:\Program Files\Common Files\Java
    2007-11-10 14:46:45 0 d
    C:\Program Files\VibrateGameDeviceDriver
    2007-11-10 13:57:42 0 d
    C:\Documents and Settings\Scott\Application Data\Adobe
    2007-11-04 12:29:40 0 d
    C:\Documents and Settings\Derek\Application Data\VideoEgg
    2007-10-28 15:31:40 0 d
    C:\Documents and Settings\Scott\Application Data\Macromedia
    2007-10-28 15:30:12 0 d
    C:\Documents and Settings\Scott\Application Data\Mozilla
    2007-10-28 15:29:43 0 d
    C:\Documents and Settings\Scott\Application Data\Real
    2007-10-28 15:29:40 0 d
    C:\Documents and Settings\Scott\Application Data\PC Suite
    2007-10-28 15:29:36 0 d
    C:\Documents and Settings\Scott\Application Data\FaxCtr
    2007-10-28 15:29:09 0 d
    C:\Documents and Settings\Scott\Application Data\Identities
    2007-10-28 15:28:28 0 d--h
    C:\Documents and Settings\Scott\Templates
    2007-10-28 15:28:28 0 dr
    C:\Documents and Settings\Scott\Start Menu
    2007-10-28 15:28:28 0 dr-h
    C:\Documents and Settings\Scott\SendTo
    2007-10-28 15:28:28 0 dr-h
    C:\Documents and Settings\Scott\Recent
    2007-10-28 15:28:28 0 d--h
    C:\Documents and Settings\Scott\PrintHood
    2007-10-28 15:28:28 1048576 --ah
    C:\Documents and Settings\Scott\NTUSER.DAT
    2007-10-28 15:28:28 0 d--h
    C:\Documents and Settings\Scott\NetHood
    2007-10-28 15:28:28 0 dr
    C:\Documents and Settings\Scott\My Documents
    2007-10-28 15:28:28 0 d--h
    C:\Documents and Settings\Scott\Local Settings
    2007-10-28 15:28:28 0 dr
    C:\Documents and Settings\Scott\Favorites
    2007-10-28 15:28:28 0 d
    C:\Documents and Settings\Scott\Desktop
    2007-10-28 15:28:28 0 d--hs---- C:\Documents and Settings\Scott\Cookies
    2007-10-28 15:28:28 0 dr-h
    C:\Documents and Settings\Scott\Application Data
    2007-10-28 15:28:28 0 d---s---- C:\Documents and Settings\Scott\Application Data\Microsoft
    2007-10-28 15:02:29 0 d
    C:\Documents and Settings\Ellen\Application Data\Real
    2007-10-27 09:32:47 0 d
    C:\Program Files\Common Files\Real
    2007-10-27 09:32:46 0 d
    C:\Program Files\Real
    2007-10-27 09:30:02 0 d
    C:\Documents and Settings\Derek\Application Data\Real
    2007-10-22 21:32:42 4738 --a
    C:\WINDOWS\system32\tmp.reg
    2007-10-22 21:29:34 25600 --a
    C:\WINDOWS\system32\WS2Fix.exe
    2007-10-22 21:29:32 289144 --a
    C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
    2007-10-22 21:29:30 51200 --a
    C:\WINDOWS\system32\dumphive.exe
    2007-10-22 21:29:29 288417 --a
    C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
    2007-10-22 21:29:26 53248 --a
    C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
    2007-10-22 21:13:53 0 d
    C:\Documents and Settings\Derek\dwhelper
    2007-10-22 20:11:31 0 d--h
    C:\WINDOWS\PIF
    2007-10-22 19:33:20 0 d--hs---- C:\WINDOWS\CSC
    2007-10-22 19:27:59 0 dr
    C:\Documents and Settings\LocalService\My Documents
    2007-10-22 19:14:33 0 d
    C:\WINDOWS\system32\appmgmt
    2007-10-20 13:21:01 0 d
    C:\Documents and Settings\Derek\Application Data\Video DVD Maker FREE


    -- Find3M Report

    2007-11-17 19:49:56 0 d
    C:\Documents and Settings\Derek\Application Data\uTorrent
    2007-11-17 19:46:40 29786 --a
    C:\logfile
    2007-11-14 22:11:02 4212 ---h
    C:\WINDOWS\system32\zllictbl.dat
    2007-11-13 21:27:35 0 d
    C:\Program Files\Ahead
    2007-11-11 15:45:22 1447 --a
    C:\WINDOWS\mozver.dat
    2007-11-11 15:43:21 0 d
    C:\Program Files\Common Files
    2007-11-10 14:46:19 0 d
    C:\Program Files\Common Files\InstallShield
    2007-10-23 17:30:24 0 d
    C:\Documents and Settings\Derek\Application Data\Ahead
    2007-10-22 19:55:24 0 d
    C:\Program Files\Windows Media Connect 2
    2007-10-22 19:34:09 0 d
    C:\Documents and Settings\Derek\Application Data\Lavasoft
    2007-10-22 19:22:30 0 d
    C:\Program Files\Lavasoft
    2007-10-11 18:49:03 0 d
    C:\Documents and Settings\Derek\Application Data\PC Suite
    2007-10-11 18:45:00 0 d
    C:\Documents and Settings\Derek\Application Data\Nokia Multimedia Player
    2007-10-11 18:29:09 335 --a
    C:\WINDOWS\mozregistry.dat
    2007-10-11 18:05:01 0 d
    C:\Documents and Settings\Derek\Application Data\Talkback
    2007-10-09 21:45:46 0 d
    C:\Documents and Settings\Derek\Application Data\Mozilla
    2007-10-08 11:18:33 0 d
    C:\Documents and Settings\Derek\Application Data\Nokia
    2007-10-08 11:16:11 0 d
    C:\Program Files\Common Files\Nokia
    2007-10-08 11:16:10 0 d
    C:\Program Files\Common Files\PCSuite
    2007-10-08 11:16:08 0 d
    C:\Program Files\Nokia
    2007-10-08 11:15:40 0 d
    C:\Program Files\DIFX
    2007-10-08 11:15:29 0 d
    C:\Program Files\PC Connectivity Solution
    2007-10-08 10:37:18 0 d
    C:\Program Files\IVT Corporation
    2007-10-08 10:37:17 0 d--h
    C:\Program Files\InstallShield Installation Information
    2007-10-01 20:26:10 0 d
    C:\Program Files\Runtime Software
    2007-10-01 20:18:05 0 d
    C:\Documents and Settings\Derek\Application Data\Adobe
    2007-09-30 14:15:01 0 d
    C:\Documents and Settings\Derek\Application Data\OfficeUpdate12
    2007-09-30 13:11:53 0 d
    C:\Program Files\MSXML 4.0
    2007-09-30 12:52:21 0 d
    C:\Program Files\Microsoft ActiveSync
    2007-09-30 11:22:19 0 d
    C:\Program Files\Microsoft.NET
    2007-09-29 19:43:46 0 d
    C:\Program Files\Kodak
    2007-09-29 19:42:51 0 d
    C:\Program Files\Common Files\Kodak
    2007-09-29 15:09:22 0 d
    C:\Documents and Settings\Derek\Application Data\Apple Computer
    2007-09-29 15:09:15 0 d
    C:\Program Files\iTunes
    2007-09-29 15:09:06 0 d
    C:\Program Files\iPod
    2007-09-29 15:08:24 0 d
    C:\Program Files\QuickTime
    2007-09-29 15:07:26 0 d
    C:\Program Files\Apple Software Update
    2007-09-29 15:06:50 0 d
    C:\Program Files\Common Files\Apple
    2007-09-29 14:21:20 0 d
    C:\Documents and Settings\Derek\Application Data\DivX
    2007-09-29 14:20:49 0 d
    C:\Program Files\DivX
    2007-09-29 14:11:44 0 --a
    C:\WINDOWS\nsreg.dat
    2007-09-29 14:08:39 0 d
    C:\Program Files\uTorrent
    2007-09-29 14:01:24 0 d
    C:\Program Files\DVD Shrink
    2007-09-29 13:47:38 0 d
    C:\Program Files\CCleaner
    2007-09-28 23:04:03 0 d
    C:\Program Files\ASUS
    2007-09-28 21:58:00 0 d
    C:\Program Files\Common Files\Adobe
    2007-09-28 21:57:23 0 d
    C:\Documents and Settings\Derek\Application Data\Leadertech
    2007-09-28 21:18:55 0 d
    C:\Program Files\MSXML 6.0
    2007-09-28 18:46:46 0 d
    C:\Program Files\MSBuild
    2007-09-28 18:42:01 0 d
    C:\Program Files\Reference Assemblies
    2007-09-28 18:33:29 0 d
    C:\Documents and Settings\Derek\Application Data\Macromedia
    2007-09-28 16:48:17 0 d
    C:\Program Files\Messenger
    2007-09-27 23:26:54 0 d
    C:\Program Files\Common Files\Nero
    2007-09-27 23:24:10 0 d
    C:\Program Files\Common Files\Ahead
    2007-09-27 23:16:43 0 d
    C:\Documents and Settings\Derek\Application Data\FaxCtr
    2007-09-27 23:16:16 0 d
    C:\Program Files\Lexmark 4300 Series
    2007-09-27 23:08:44 0 d
    C:\Program Files\Abbyy FineReader 6.0 Sprint
    2007-09-27 23:07:30 0 d
    C:\Program Files\Lexmark Fax Solutions
    2007-09-27 22:50:01 0 d
    C:\Program Files\Movie Maker
    2007-09-27 22:47:51 0 d
    C:\Program Files\Windows NT
    2007-09-27 21:50:16 0 d--h
    C:\Program Files\WindowsUpdate
    2007-09-27 21:48:00 0 d
    C:\Program Files\Netopia
    2007-09-27 21:29:24 0 d
    C:\Program Files\Analog Devices
    2007-09-27 21:27:17 0 d
    C:\Program Files\Intel
    2007-09-27 21:23:01 0 d
    C:\Documents and Settings\Derek\Application Data\Help
    2007-09-27 21:14:09 0 d
    C:\Program Files\ATI Technologies
    2007-09-27 21:13:06 0 d
    C:\Program Files\Common Files\ODBC
    2007-09-27 21:13:04 0 d
    C:\Program Files\Common Files\SpeechEngines
    2007-09-27 21:12:44 62 --ahs---- C:\Documents and Settings\Derek\Application Data\desktop.ini
    2007-09-27 20:30:27 0 d
    C:\Program Files\Alwil Software
    2007-09-27 20:26:06 0 d
    C:\Documents and Settings\Derek\Application Data\Identities
    2007-09-27 20:21:38 0 d
    C:\Program Files\microsoft frontpage
    2007-09-27 20:21:00 0 -rahs---- C:\MSDOS.SYS
    2007-09-27 20:21:00 0 -rahs---- C:\IO.SYS
    2007-09-27 20:21:00 0 --a
    C:\CONFIG.SYS
    2007-09-27 20:21:00 0 --a
    C:\AUTOEXEC.BAT
    2007-09-27 20:20:04 0 d
    C:\Program Files\Online Services
    2007-09-27 20:19:01 0 d
    C:\Program Files\Common Files\MSSoap
    2007-09-27 20:18:33 21640 --a
    C:\WINDOWS\system32\emptyregdb.dat
    2007-09-27 20:18:01 0 d
    C:\Program Files\MSN Gaming Zone
    2007-09-17 18:23:00 823296 --a
    C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
    2007-09-17 18:23:00 823296 --a
    C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
    2007-09-17 18:22:58 802816 --a
    C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
    2007-09-17 18:22:58 739840 --a
    C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
    2007-08-21 00:26:52 196608 --a
    C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
    2007-08-21 00:26:52 81920 --a
    C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>


    -- Registry Dump

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-10-25 16:20]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-04-21 20:10]
    "HydraVisionDesktopManager"="C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe" [2003-04-01 15:41]
    "HydraVisionViewport"="C:\Program Files\ATI Technologies\ATI HydraVision\HydraMD.exe" [2003-04-01 15:41]
    "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 15:28]
    "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2003-05-30 08:42]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 23:56 C:\WINDOWS\system32\bthprops.cpl]
    "LXCECATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll" [2005-07-20 13:46]
    "lxcemon.exe"="C:\Program Files\Lexmark 4300 Series\lxcemon.exe" [2005-08-02 17:45]
    "EzPrint"="C:\Program Files\Lexmark 4300 Series\ezprint.exe" [2005-07-26 12:17]
    "FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 09:36]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 15:40]
    "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-01-27 17:17]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
    "ASUS Probe"="C:\Program Files\ASUS\Probe\AsusProb.exe" [2002-12-06 15:07]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]
    "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 14:10]
    "RTBatteryMeter"="C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe" [2003-01-16 11:32]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 09:25]
    "COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-11-17 10:48]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NBJ"="C:\Program Files\Ahead\Nero BackItUp\nbj.exe" [2006-09-15 13:27]
    "uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2007-09-29 14:08]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

    C:\Documents and Settings\Derek\Start Menu\Programs\Startup\
    SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-10-08 10:37:20]
    Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-09-19 03:33:46]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"=0 (0x0)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @=&quot;Volume shadow copy"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs BthServ




    -- End of Deckard's System Scanner: finished at 2007-11-17 19:51:04


  • Advertisement
Advertisement