1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

spybot,ctfmon,coolwebsearch,raidys trojan

Discussion in 'Malware and Virus Removal Archive' started by flygreen, 2008/01/24.

  1. 2008/01/24
    flygreen

    flygreen Inactive Thread Starter

    Joined:
    2008/01/24
    Messages:
    2
    Likes Received:
    0
    I've been searching around here for some answers but can't seem to find exactly what I am looking for. When I run Spybot System Startup it tells me that a specific startup ctfmon...is a virus, coolwebsearch,trojan, etc....specifically coolwebsearch and Raidys trojan keystroke logger. I know that the ctfmon it references is suppossed to have something to do with MS Office? I think...But then I have since run half a dozen spyware and virus removers and found nothing when I should have. No Coolwebsearch, no Raidys trojan. Could somebody explain what I might be experiencing. I have included a hjt scan if it helps. Thanks, JR

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:01:59 PM, on 1/24/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe "
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
    O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h30155.www3.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
    O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O16 - DPF: {6CE31B8D-8340-4DBD-B78E-BF59620924DC} (Quest3DCtlr2 Class) - http://www.quest3d.com/webplugin/download/quest3dactivex2.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1190165187249
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 5049 bytes
     
    flygreen,
    #1
  2. 2008/01/25
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Welcome to WindowsBBS JR :)

    We need to use another tool that will give us a better look at things. Download Deckard's System Scanner (dss.exe) and save it to your desktop.
    • Close all applications and windows.
    • Double click on dss.exe to run it and follow the prompts.
    • When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.
    Post the contents of main.txt only for now.
     
    noahdfear,
    #2


  3. to hide this advert.

  4. 2008/01/25
    flygreen

    flygreen Inactive Thread Starter

    Joined:
    2008/01/24
    Messages:
    2
    Likes Received:
    0
    here is the scan

    Deckard's System Scanner v20071014.68
    Run by Ally on 2008-01-25 18:08:55
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- System Restore --------------------------------------------------------------

    Successfully created a Deckard's System Scanner Restore Point.


    -- Last 5 Restore Point(s) --
    81: 2008-01-26 02:09:05 UTC - RP120 - Deckard's System Scanner Restore Point
    80: 2008-01-24 21:11:26 UTC - RP119 - Removed SUPERAntiSpyware Free Edition
    79: 2008-01-24 21:09:36 UTC - RP118 - Removed Kaspersky Anti-Virus 6.0 SOS.
    78: 2008-01-24 21:08:48 UTC - RP117 - Removed Ad-Aware 2007
    77: 2008-01-24 20:39:13 UTC - RP116 - Installed Kaspersky Anti-Virus 6.0 SOS.


    -- First Restore Point --
    1: 2007-10-27 05:56:11 UTC - RP40 - System Checkpoint


    Backed up registry hives.
    Performed disk cleanup.



    -- HijackThis (run as Ally.exe) ------------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:09:45 PM, on 1/25/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Documents and Settings\Ally\Desktop\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Ally.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
    O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h30155.www3.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
    O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O16 - DPF: {6CE31B8D-8340-4DBD-B78E-BF59620924DC} (Quest3DCtlr2 Class) - http://www.quest3d.com/webplugin/download/quest3dactivex2.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1190165187249
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 5183 bytes

    -- File Associations -----------------------------------------------------------

    All associations okay.


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    R2 irda (IrDA Protocol) - c:\windows\system32\drivers\irda.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
    R3 aeaudio - c:\windows\system32\drivers\aeaudio.sys <Not Verified; Andrea Electronics Corporation; Andrea Audio Driver>
    R3 AgereSoftModem (Agere Systems Soft Modem) - c:\windows\system32\drivers\agrsm.sys <Not Verified; Agere Systems; Agere SoftModem Driver>
    R3 CONAN - c:\windows\system32\drivers\o2mmb.sys <Not Verified; O2 Micro; o2mmb>
    R3 MbxStby - c:\windows\system32\drivers\mbxstby.sys <Not Verified; O2 Micro; o2mmb>
    R3 Rasirda (WAN Miniport (IrDA)) - c:\windows\system32\drivers\rasirda.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
    R3 SMCIRDA (SMC IrCC Miniport Device Driver) - c:\windows\system32\drivers\smcirda.sys <Not Verified; SMC; Fast Infrared Miniport Driver>
    R3 smwdm - c:\windows\system32\drivers\smwdm.sys <Not Verified; Analog Devices, Inc.; SoundMAX Digital Audio Driver>
    R3 w29n51 (Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP) - c:\windows\system32\drivers\w29n51.sys <Not Verified; Intel® Corporation; Intel® Wireless LAN Adapter>


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    R2 Irmon (Infrared Monitor) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
    R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>


    -- Device Manager: Disabled ----------------------------------------------------

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Broadcom NetXtreme Gigabit Ethernet
    Device ID: PCI\VEN_14E4&DEV_165E&SUBSYS_0890103C&REV_03\4&16793A72&0&70F0
    Manufacturer: Broadcom
    Name: Broadcom NetXtreme Gigabit Ethernet
    PNP Device ID: PCI\VEN_14E4&DEV_165E&SUBSYS_0890103C&REV_03\4&16793A72&0&70F0
    Service: b57w2k


    -- Scheduled Tasks -------------------------------------------------------------

    2008-01-04 16:40:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


    -- Files created between 2007-12-25 and 2008-01-25 -----------------------------

    2008-01-24 20:56:10 0 dr-h----- C:\Documents and Settings\Ally\Recent
    2008-01-24 16:02:33 0 d-------- C:\Documents and Settings\Ally\Application Data\Apple Computer
    2008-01-24 13:46:11 0 d-------- C:\Program Files\Trend Micro
    2008-01-24 13:09:01 0 d-------- C:\WINDOWS\system32\appmgmt
    2008-01-24 12:48:17 0 d-------- C:\Program Files\Startup Optimizer
    2008-01-24 12:38:25 0 d-------- C:\KAV
    2008-01-24 11:49:41 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2008-01-24 11:49:28 0 d-------- C:\Program Files\SUPERAntiSpyware
    2008-01-24 11:49:28 0 d-------- C:\Documents and Settings\Ally\Application Data\SUPERAntiSpyware.com
    2008-01-24 11:44:18 0 d-------- C:\Documents and Settings\Ally\Application Data\TrojanHunter
    2008-01-24 11:17:26 0 d-------- C:\Program Files\TrojanHunter 5.0
    2008-01-19 17:30:34 2017312 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
    2008-01-19 17:26:23 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
    2008-01-19 17:26:17 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
    2008-01-19 17:26:08 11264 --a------ C:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
    2008-01-19 17:25:41 0 d-------- C:\WINDOWS\system32\ZoneLabs
    2008-01-19 17:12:20 0 d-------- C:\WINDOWS\Internet Logs
    2008-01-19 16:26:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-01-19 16:18:06 313 --a------ C:\WINDOWS\option.dat
    2008-01-19 16:13:22 277504 --a------ C:\WINDOWS\system32\oestore.dll <Not Verified; Nektra S.A.; OEAPI>
    2008-01-19 16:13:21 0 d-------- C:\Program Files\Acesoft
    2008-01-14 15:52:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
    2007-12-29 10:09:21 5632 --a------ C:\WINDOWS\system32\ptpusb.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
    2007-12-29 10:09:19 159232 --a------ C:\WINDOWS\system32\ptpusd.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
    2007-12-29 10:09:18 15104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
    2007-12-25 08:55:44 0 d-------- C:\Documents and Settings\Ally\Application Data\DivX
    2007-12-25 08:55:35 0 d-------- C:\Documents and Settings\Ally\Application Data\InterVideo
    2007-12-25 08:50:01 0 d-------- C:\Program Files\DivX


    -- Find3M Report ---------------------------------------------------------------

    2008-01-24 13:11:32 0 d-------- C:\Program Files\Common Files
    2007-12-22 18:19:55 0 d-------- C:\Program Files\Virtools
    2007-12-11 14:34:56 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
    2007-12-11 14:33:14 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
    2007-12-11 14:33:14 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
    2007-12-11 14:33:04 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
    2007-12-11 14:33:04 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
    2007-12-11 14:33:04 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
    2007-12-11 14:33:04 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
    2007-12-11 14:32:28 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
    2007-12-05 20:49:30 0 d-------- C:\Documents and Settings\Ally\Application Data\Leadertech
    2007-11-18 20:02:12 46840 --a------ C:\Documents and Settings\Ally\Application Data\Update_HP_RedboxHprblog_HPSU.log
    2007-11-07 01:26:56 721920 --a------ C:\WINDOWS\system32\lsasrv.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
    2007-10-29 14:43:03 1287680 --a------ C:\WINDOWS\system32\quartz.dll
    2007-10-27 15:39:20 230912 --a------ C:\WINDOWS\system32\wmasf.dll <Not Verified; Microsoft Corporation; Microsoft® Windows Media Services>


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPLpr "= "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [11/04/2004 03:40 PM]
    "SynTPEnh "= "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [11/04/2004 03:38 PM]
    "AGRSMMSG "= "AGRSMMSG.exe" [04/19/2005 07:03 AM C:\WINDOWS\AGRSMMSG.exe]
    "ATIPTA "= "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [06/07/2005 06:05 PM]
    "DLA "= "C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [08/31/2005 02:20 AM]
    "ZoneAlarm Client "= "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [11/14/2007 02:05 PM]
    "QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [06/29/2007 03:24 AM]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 05:07 PM]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe [5/11/2005 8:23:26 PM]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "Aim6 "=
    "ctfmon.exe "=C:\WINDOWS\system32\ctfmon.exe
    "SUPERAntiSpyware "=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Adobe Photo Downloader "= "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe "
    "Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
    "HP Software Update "=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    "QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" -atboottime
    "AVP "= "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe "
    "THGuard "= "C:\Program Files\TrojanHunter 5.0\THGuard.exe "


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a0b77e20-7de8-11dc-b414-00166f85d150}]
    AutoRun\command- LinksysConnectPC.exe




    -- Hosts -----------------------------------------------------------------------

    127.0.0.1 babe.the-killer.bz
    127.0.0.1 www.babe.the-killer.bz
    127.0.0.1 babe.k-lined.com
    127.0.0.1 www.babe.k-lined.com
    127.0.0.1 did.i-used.cc
    127.0.0.1 www.did.i-used.cc
    127.0.0.1 coolwwwsearch.com
    127.0.0.1 www.coolwwwsearch.com
    127.0.0.1 coolwebsearch.com
    127.0.0.1 www.coolwebsearch.com

    7868 more entries in hosts file.


    -- End of Deckard's System Scanner: finished at 2008-01-25 18:10:15 ------------
     
    flygreen,
    #3
  5. 2008/01/26
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Looks clean. Is that Spybot Search & Destroy reporting that? What version and what definitions are currently used?
     
    noahdfear,
    #4

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...