Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

baidubar.dll problem [RESOLVED]


  • This topic is locked This topic is locked

#1
kredik

kredik

    Member

  • Member
  • PipPip
  • 59 posts
hi. im again finding some trojans as baidubar.dll
can you help me remove these as they slow my laptop down.

Ive done all the neccesary scanning and cleaning and will poat my hjt. thanks again!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:09:26, on 05.02.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programfiler\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\Programfiler\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Programfiler\TOSHIBA\Power Management\CePMTray.exe
C:\Programfiler\TOSHIBA\TouchPad\TPTray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programfiler\SyncroSoft\Pos\H2O\cledx.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programfiler\PowerISO\PWRISOVM.EXE
C:\Programfiler\Winamp\winampa.exe
C:\Programfiler\TuneUp Utilities 2007\MemOptimizer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\winmech\NTSERV~1\srunner.exe
C:\WINDOWS\System32\alg.exe
C:\Programfiler\Microsoft IntelliPoint\Point32.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programfiler\Azureus\Azureus.exe
C:\Programfiler\mmMozilla Firefox\firefox.exe
C:\Programfiler\Winamp\winamp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://livefooty.doctor-serv.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://bar.baidu.com...aultsearch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://bar.baidu.com...aultsearch.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programfiler\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\baidubar.dll
O2 - BHO: (no name) - {8834A77B-DEA9-4645-B5A5-8C3D4651A594} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ٶȳѰ - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\PROGRA~1\baidu\bar\baidubar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Programfiler\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Programfiler\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [TPNF] C:\Programfiler\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [H2O] C:\Programfiler\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Google IME Autoupdater] "C:\Programfiler\Google\Google Pinyin\GooglePinyinDaemon.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programfiler\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Programfiler\Winamp\winampa.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Programfiler\TuneUp Utilities 2007\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Programfiler\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O16 - DPF: {1FFE232A-BBBF-4234-A040-10C0DBEF1EF4} (ClientX Control) - http://cop.dusee.cn/...lientx12500.cab
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.euchannel...e/KooPlayer.ocx
O16 - DPF: {3C38DEE8-BE1A-4DEC-B232-2C78706CC7EA} - http://ps.itv.mop.co...0.10-signed.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx
O16 - DPF: {62BA437C-7712-48C6-9F0B-D251FA43192B} (SayaTV Control) - http://www.sayatv.co...load/SayaTV.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/p...owserPlugin.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comne...login-devel.cab
O16 - DPF: {8867A595-7696-4FF0-B6C0-2756DD53BFDC} (ActiveXUpgrade Class) - http://211.55.34.219...veX/NJTVCOM.cab
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) -
O16 - DPF: {9BF607E0-4CC1-4099-9A07-362C9E4FB090} (WStarter Control) - http://live.pdbox.co...57/WStarter.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.on...e/en/crlocx.ocx
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - http://ps.itv.mop.co...0.94_signed.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: winmfu32 - winmfu32.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Programfiler\TOSHIBA\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programfiler\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programfiler\WinPcap\rpcapd.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - c:\windows\svchost.exe (file missing)
O23 - Service: Security Services Internet (winmech) - Unknown owner - C:\WINDOWS\winmech\NTSERV~1\srunner.exe

--
End of file - 8959 bytes
  • 0

Advertisements


#2
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Hello

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
kredik

kredik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
hi. Here ya go. thanks again!

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: Norwegian

CPU 0: Intel® Pentium® M processor 1.70GHz
Percentage of Memory in Use: 50%
Physical Memory (total/avail): 1022.48 MiB / 510.97 MiB
Pagefile Memory (total/avail): 1694.34 MiB / 1268.89 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1935.29 MiB

C: is Fixed (NTFS) - 55.88 GiB total, 27.56 GiB free.
D: is CDROM (CDFS)
E: is CDROM (No Media)
G: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - TOSHIBA MK6025GAS - 55.89 GiB - 1 partition
\PARTITION0 (bootable) - Installerbart filsystem - 55.88 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

AV: AVG 7.5.516 v7.5.516 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\PROGRA~1\\pcast\\PODCAS~1\\PODCAS~2.EXE"="C:\\PROGRA~1\\pcast\\PODCAS~1\\PODCAS~2.EXE:*:Enabled:Share Streaming"
"C:\\PROGRA~1\\pcast\\PODCAS~1\\PODCAS~1.EXE"="C:\\PROGRA~1\\pcast\\PODCAS~1\\PODCAS~1.EXE:*:Enabled:Share Streaming"
"C:\\Programfiler\\PPStream\\PPStream.exe"="C:\\Programfiler\\PPStream\\PPStream.exe:*:Enabled:PPStream"
"C:\\Programfiler\\Grisoft\\AVG Free\\avginet.exe"="C:\\Programfiler\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Programfiler\\Grisoft\\AVG Free\\avgamsvr.exe"="C:\\Programfiler\\Grisoft\\AVG Free\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Programfiler\\Grisoft\\AVG Free\\avgcc.exe"="C:\\Programfiler\\Grisoft\\AVG Free\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Programfiler\\Grisoft\\AVG Free\\avgemc.exe"="C:\\Programfiler\\Grisoft\\AVG Free\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Programfiler\\TVAnts\\Tvants.exe"="C:\\Programfiler\\TVAnts\\Tvants.exe:*:Enabled:TVAnts"
"C:\\Programfiler\\PPMate\\ppmnet.exe"="C:\\Programfiler\\PPMate\\ppmnet.exe:*:Enabled:PPMate"
"C:\\Programfiler\\PPMate\\ppmate.exe"="C:\\Programfiler\\PPMate\\ppmate.exe:*:Enabled:PPMate"
"C:\\Programfiler\\PPLive\\PPLive.exe"="C:\\Programfiler\\PPLive\\PPLive.exe:*:Enabled:PPLive"
"C:\\Programfiler\\Mozilla Firefox\\firefox.exe"="C:\\Programfiler\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Programfiler\\TVU Player\\TVUPlayer.exe"="C:\\Programfiler\\TVU Player\\TVUPlayer.exe:*:Enabled:TVUPlayer"
"C:\\Programfiler\\Winamp\\winamp.exe"="C:\\Programfiler\\Winamp\\winamp.exe:*:Enabled:Winamp"
"C:\\DOCUME~1\\jim\\LOKALE~1\\Temp\\Rar$EX01.516\\UUSee˲+ԦΦ\\UUSeePlayer.exe"="C:\\DOCUME~1\\jim\\LOKALE~1\\Temp\\Rar$EX01.516\\UUSee˲+ԦΦ\\UUSeePlayer.exe:*:Enabled:UUPlayer"
"C:\\DOCUME~1\\jim\\LOKALE~1\\Temp\\Rar$EX08.469\\UUSee˲+ԦΦ\\UUSeePlayer.exe"="C:\\DOCUME~1\\jim\\LOKALE~1\\Temp\\Rar$EX08.469\\UUSee˲+ԦΦ\\UUSeePlayer.exe:*:Enabled:UUPlayer"
"C:\\Documents and Settings\\jim\\Skrivebord\\ViViPlay.exe"="C:\\Documents and Settings\\jim\\Skrivebord\\ViViPlay.exe:*:Enabled:ViViMediaPlay"
"C:\\Programfiler\\PPMate\\PPMate\\ppmate.exe"="C:\\Programfiler\\PPMate\\PPMate\\ppmate.exe:*:Enabled:PPMate"
"C:\\PROGRA~1\\boba\\boba2\\PODCAS~1.EXE"="C:\\PROGRA~1\\boba\\boba2\\PODCAS~1.EXE:*:Enabled:Share Streaming"
"C:\\Programfiler\\boba\\boba2\\PodcastBar.exe"="C:\\Programfiler\\boba\\boba2\\PodcastBar.exe:*:Enabled:Share Streaming"
"C:\\Programfiler\\Pro Evolution Soccer 2008\\PES2008.exe"="C:\\Programfiler\\Pro Evolution Soccer 2008\\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008"
"C:\\Documents and Settings\\jim\\Skrivebord\\PES2008.exe"="C:\\Documents and Settings\\jim\\Skrivebord\\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008"
"C:\\Programfiler\\mmMozilla Firefox\\firefox.exe"="C:\\Programfiler\\mmMozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Programfiler\\uusee\\UUSeePlayer.exe"="C:\\Programfiler\\uusee\\UUSeePlayer.exe:*:Enabled:UUSEE"
"C:\\Documents and Settings\\misc\\utorrent.exe"="C:\\Documents and Settings\\misc\\utorrent.exe:*:Enabled:Torrent"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Programfiler\\TVUPlayer\\TVUPlayer.exe"="C:\\Programfiler\\TVUPlayer\\TVUPlayer.exe:*:Enabled:TVUPlayer Component"
"C:\\Documents and Settings\\jim\\Skrivebord\\TVKoo%20by%20Myp2p.eu%20%21.exe"="C:\\Documents and Settings\\jim\\Skrivebord\\TVKoo%20by%20Myp2p.eu%20%21.exe:*:Enabled:ViViMediaPlay"
"C:\\Programfiler\\VideoLAN\\VLC\\vlc.exe"="C:\\Programfiler\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"
"C:\\Programfiler\\SopCast\\SopCast.exe"="C:\\Programfiler\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\\Programfiler\\SopCast\\adv\\SopAdver.exe"="C:\\Programfiler\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\\Programfiler\\Azureus\\Azureus.exe"="C:\\Programfiler\\Azureus\\Azureus.exe:*:Enabled:Azureus"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\jim\Programdata
CLASSPATH=.;C:\Programfiler\Java\jre1.6.0_02\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Programfiler\Fellesfiler
COMPUTERNAME=YOUR-7C1E2B028D
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\jim
LOGONSERVER=\\YOUR-7C1E2B028D
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Programfiler\mmMozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Programfiler\ATI Technologies\ATI Control Panel;C:\Programfiler\Fellesfiler\iZotope\Runtimes;C:\Programfiler\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d06
ProgramFiles=C:\Programfiler
PROMPT=$P$G
QTJAVA=C:\Programfiler\Java\jre1.6.0_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\jim\LOKALE~1\Temp
TMP=C:\DOCUME~1\jim\LOKALE~1\Temp
USERDOMAIN=YOUR-7C1E2B028D
USERNAME=jim
USERPROFILE=C:\Documents and Settings\jim
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

jim (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{4095E277-3005-42E9-8D84-DE6EB8704CEC}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{4095E277-3005-42E9-8D84-DE6EB8704CEC}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{4F2F3E0C-2025-4F5E-9583-AB8CD5AA88A6}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{4F2F3E0C-2025-4F5E-9583-AB8CD5AA88A6}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{66BCC50C-22D9-4927-9251-27FA88A32214}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{66BCC50C-22D9-4927-9251-27FA88A32214}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{7550D6AA-CCF3-4FDA-87D6-C2C1B2E5358D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{7550D6AA-CCF3-4FDA-87D6-C2C1B2E5358D}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{D42EFA6C-0553-45F7-AD03-6D36207CA6D4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{D42EFA6C-0553-45F7-AD03-6D36207CA6D4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ٶȳѰ --> C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\baidu\bar\BaiduBar.dll,Uninstall
Acoustica Effects Pack --> C:\PROGRA~1\ACOUST~1\UNWISE.EXE C:\PROGRA~1\ACOUST~1\INSTALL.LOG
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Advanced Live Update ActiveX Control 2.51 --> "C:\Programfiler\Advanced LiveUpdate ActiveX Control\unins000.exe"
AKAI professional VST Collection v1.0 --> F:\CUBASE~2\VSTPLU~1\VSTPLU~1\UNWISE.EXE F:\CUBASE~2\VSTPLU~1\VSTPLU~1\INSTALL.LOG
ALPS Touch Pad Driver --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL
ArtsAcoustic Reverb 1.2.2 --> C:\Programfiler\ArtsAcoustic Reverb\uninst.exe
ASAPI Update --> C:\WINDOWS\system32\IWUNIN~1.EXE -uninstall C:\WINDOWS\ISUNINST.EXE -fC:\PROGRA~1\VOB\ASAPIU~1\ASAPI.isu
ATI - Software Uninstall Utility --> C:\Programfiler\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,[email protected] -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AudibleManager --> C:\Programfiler\Audible\Bin\Upgrade.exe /Uninstall
AVG Anti-Spyware 7.5 --> C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
AVG Free Edition --> C:\Programfiler\Grisoft\AVG Free\setup.exe /UNINSTALL
Azureus Vuze --> C:\Programfiler\Azureus\uninstall.exe
CCleaner (remove only) --> "C:\Programfiler\CCleaner\uninst.exe"
CD/DVD Drive Acoustic Silencer --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\Setup.exe" -l0x14
Creative MediaSource --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}\SETUP.EXE" -l0x9 /remove
Creative Removable Disk Manager --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9 /remove
Creative System Information --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Creative Zen Vision M --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{DC3065BF-95B4-42C5-B47D-0B713CDA75D0}\SETUP.EXE" -l0x9 /remove
DivX Web Player --> C:\Programfiler\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Easy Button --> C:\WINDOWS\UnInst32.exe EzButton.UNI
EAX Unified --> C:\WINDOWS\IsUninst.exe -f"C:\Programfiler\Creative\EAX Unified\Uninst.isu"
Edirol HQ Orchestral v1.01 --> F:\CUBASE~2\CUBASE~1\VSTPLU~1\Edirol\ORCHES~1\UNWISE.EXE F:\CUBASE~2\CUBASE~1\VSTPLU~1\Edirol\ORCHES~1\INSTALL.LOG
Enemy Engaged 2 Speech --> MsiExec.exe /I{5CB6A112-DA36-486B-9B1C-6341CB95DE37}
Enemy Territory - QUAKE Wars™ 1.2 Patch --> C:\Programfiler\InstallShield Installation Information\{2EC66D1C-4AF5-4811-BEDE-849D90461AF5}\setup.exe -runfromtemp -l0x0409
Google Earth --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Pinyin IME --> "C:\Programfiler\Google\Google Pinyin\Uninstall.exe"
HijackThis 2.0.2 --> "C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
InterLok Driver Kit --> MsiExec.exe /X{2CA032FD-09D9-4B52-BA1D-4932216885FE}
InterVideo WinDVD for TOSHIBA --> "C:\Programfiler\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
IsoBuster 1.9.1 --> "C:\Programfiler\Smart Projects\IsoBuster\Uninst\unins000.exe"
iZotope Ozone 3 --> "F:\Cubase SX\Cubase SX\Vstplugins\Ozone 3\unins000.exe"
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java 2 Runtime Environment, SE v1.4.2_05 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142050}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Macromedia Flash Player --> MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office OneNote 2003 --> MsiExec.exe /I{91A10414-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mIRC --> C:\Programfiler\mIRC\uninstall.exe _?=C:\Programfiler\mIRC
Mozilla Firefox (2.0.0.11) --> C:\Programfiler\mmMozilla Firefox\uninstall\helper.exe
MSXML4 Parser --> MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
Native Instruments FM7 v1.10.006 --> F:\CUBASE~2\CUBASE~1\VSTPLU~1\FM7\UNWISE.EXE F:\CUBASE~2\CUBASE~1\VSTPLU~1\FM7\INSTALL.LOG
Oppdatering for Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB929338) --> "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB933360) --> "C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB936357) --> "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB942840) --> "C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB946627) --> "C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe"
PowerISO --> "C:\Programfiler\PowerISO\uninstall.exe"
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Real Alternative 1.7.5 --> "C:\Programfiler\Real Alternative\unins000.exe"
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Realtek Fast Ethernet Adapter Driver --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}\Setup.exe" -l0x14 REMOVE
Sikkerhetsoppdatering for Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB911567) --> "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB917159) --> "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB918899) --> "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB920214) --> "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB921503) --> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB921883) --> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB922760) --> "C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB925454) --> "C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB925486) --> "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB928090) --> "C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB929969) --> "C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB931768) --> "C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB933566) --> "C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB937143) --> "C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB938127) --> "C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB939653) --> "C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB941568) --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB941644) --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB942615) --> "C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB943485) --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
SMSC IrCC V5.1.3600.5 --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{F1B8DB67-D30E-4FF9-A85F-3CEE51825AA2}\setup.exe" -l0x14 UNINSTALL
SopCast 2.0.4 --> C:\Programfiler\SopCast\uninst.exe
Spybot - Search & Destroy 1.4 --> "C:\Programfiler\Spybot - Search & Destroy\unins000.exe"
Steinberg Cubase SX v2.2.0.33 --> F:\CUBASE~2\CUBASE~1\UNWISE.EXE F:\CUBASE~2\CUBASE~1\INSTALL.LOG
Steinberg DeClicker v1.21 --> C:\WINDOWS\UNWISE.EXE F:\CUBASE~2\VSTPLU~1\INSTALL.LOG
Steinberg Mastering Edition v1.0 --> C:\WINDOWS\UNWISE.EXE F:\Audio\STEINB~1\MASTER~1\INSTALL.LOG
Steinberg WaveLab 5.00a --> F:\CUBASE~2\WaveLab\UNWISE.EXE F:\CUBASE~2\WaveLab\INSTALL.LOG
Streamripper Plugin 1.62.2 (Remove only) --> C:\Programfiler\Winamp\streamripper_uninstall.exe
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Syncrosoft's License Control --> C:\PROGRA~1\SYNCRO~1\UNWISE.EXE C:\PROGRA~1\SYNCRO~1\INSTALL.LOG
SyncroSoft Emu (Remove only) --> C:\Programfiler\SyncroSoft\Pos\H2O\Uninst.exe
System Requirements Lab --> C:\Programfiler\SystemRequirementsLab\Uninstall.exe
TOSHIBA ConfigFree --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\setup.exe" -l0x14 UNINSTALL
TOSHIBA Console --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{3CF0858D-1AC5-4308-9DE7-AD15288A8BDC}\Setup.exe" -l0x14
TOSHIBA diagnoseverkty for pc --> C:\WINDOWS\IsUn0414.exe -fC:\Programfiler\TOSHIBA\PCDiag\Uninst.isu
TOSHIBA hndbker --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{188BA1CC-F3A1-49B0-A34D-8C861C64E1AE}\Setup.exe" -l0x14
TOSHIBA Software Modem --> Tosmreg -U
TOSHIBA zoom --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{64212898-097F-4F3F-AECA-6D34A7EF82DF}\setup.exe"
Touch and Launch --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{3470FBE6-B743-420F-B5CE-0D27FA749C16}\Setup.exe" -l0x14
TuneUp Utilities 2007 --> MsiExec.exe /I{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}
TVAnts 1.0 --> C:\PROGRA~1\TVAnts\UNWISE.EXE C:\PROGRA~1\TVAnts\INSTALL.LOG
TVUPlayer 2.3.5.2 --> C:\Programfiler\TVUPlayer\uninst.exe
VeohTV BETA --> C:\Programfiler\InstallShield Installation Information\{97A96172-A963-4A37-9FFB-DA6805BB915A}\setup.exe -runfromtemp -l0x0409
Verkt?et TOSHIBA Str?styring --> C:\PROGRA~1\FELLES~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{D674A81F-0216-4523-B6AB-3F18D789798E} /l1044
Verkt?et TOSHIBA Tilgangstast --> C:\PROGRA~1\FELLES~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{A933190B-9C8E-4E81-B4D4-038D594A1675} /l1044
Verkt?et TouchPad av/p --> C:\PROGRA~1\FELLES~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7EF2432D-8C52-40C1-962A-1EB0413F25ED} /l1044
VideoLAN VLC media player 0.8.6b --> C:\Programfiler\VideoLAN\VLC\uninstall.exe
Winamp (remove only) --> "C:\Programfiler\Winamp\UninstWA.exe"
Windows Driver Package - Intel (NETw4x32) net (09/26/2007 11.5.0.32) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPInst32.EXE /u C:\WINDOWS\system32\DRVSTORE\netw4x32_B0AEEEEDA759744D7D2AC236F54CA6D4CFC0961C\netw4x32.inf
Windows Driver Package - Intel (w29n51) net (07/25/2007 9.0.4.37) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPInst32.EXE /u C:\WINDOWS\system32\DRVSTORE\w29n51_E99959A506B0423451BFDD2FE3C8B527B6AF45BD\w29n51.inf
Windows Driver Package - Intel net (09/26/2007 11.5.0.32) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPInst32.EXE /u C:\WINDOWS\system32\DRVSTORE\netw4k32_4CD46BE21BE74C8D663C65B8DC2D7EEA091E50F5\netw4k32.inf
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP hurtigreparasjon - KB873339 --> C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP hurtigreparasjon - KB885835 --> C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP hurtigreparasjon - KB885836 --> C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP hurtigreparasjon - KB886185 --> C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP hurtigreparasjon - KB887472 --> C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP hurtigreparasjon - KB888302 --> C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP hurtigreparasjon - KB890859 --> "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP hurtigreparasjon - KB891781 --> C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
WinRAR archiver --> C:\Programfiler\WinRAR\uninstall.exe
x264 Revision 531 x264.nl (remove only) --> "C:\Programfiler\x264\x264-uninstall.exe"
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type3305 / Warning
Event Submitted/Written: 02/05/2008 00:52:28 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Gjenkjenning av produktet {CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} og funksjonen Complete mislyktes under foresprselen etter komponenten {A6C8A50F-4808-43A4-A147-ACAA2598DE52}

Event Record #/Type3304 / Warning
Event Submitted/Written: 02/05/2008 00:52:28 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Gjenkjenning av produkt {CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}, funksjon Complete, komponent {B2B6EDF3-22B8-47B3-8358-4D1976F0949D} mislyktes. Ressursen C:\Programfiler\SUPERAntiSpyware\Quarantine\ finnes ikke.

Event Record #/Type3302 / Error
Event Submitted/Written: 02/03/2008 11:28:52 PM
Event ID/Source: 0 / SRunner
Event Description:
SRunner error: 123Unable to spawn process

Event Record #/Type3298 / Error
Event Submitted/Written: 02/03/2008 11:35:31 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hengende program SopCast.exe, versjon 2.0.4.1120, hengende modul hungapp, versjon 0.0.0.0, hengeadresse 0x00000000.

Event Record #/Type3297 / Error
Event Submitted/Written: 02/02/2008 08:08:04 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hengende program SopCast.exe, versjon 2.0.4.1120, hengende modul hungapp, versjon 0.0.0.0, hengeadresse 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type15626 / Warning
Event Submitted/Written: 02/06/2008 08:06:46 PM
Event ID/Source: 18 / BTHUSB
Event Description:
Kan ikke lagre Bluetooth-koblingsnkler p den lokale mottakeren fordi det ikke kan avgjres om tilstrekkelig sikkerhet er aktivert for enheten.

Event Record #/Type15625 / Warning
Event Submitted/Written: 02/06/2008 08:06:40 PM
Event ID/Source: 18 / BTHUSB
Event Description:
Kan ikke lagre Bluetooth-koblingsnkler p den lokale mottakeren fordi det ikke kan avgjres om tilstrekkelig sikkerhet er aktivert for enheten.

Event Record #/Type15624 / Warning
Event Submitted/Written: 02/06/2008 08:06:40 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Datamaskinen kan ikke fornye adressen fra nettverket (fra DHCP-serveren)
for nettverkskortet med nettverksadressen 000FB03797A0. Flgende feil
oppstod:
%%1223.
Datamaskinen vil fortsette prve hente en adresse p egen hnd fra
nettverksadresseserveren (DHCP).

Event Record #/Type15622 / Warning
Event Submitted/Written: 02/06/2008 11:15:20 AM
Event ID/Source: 15208 / WPDMTPDriver
Event Description:
MTP Protocol Driver has detected that the device 'Creative Technology Ltd, Creative Zen Vision:M, 1.62.02_0.00.23' cannot accept read-only properties when creating new objects ((27)).

Event Record #/Type15621 / Warning
Event Submitted/Written: 02/06/2008 10:08:00 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Datamaskinen kan ikke fornye adressen fra nettverket (fra DHCP-serveren)
for nettverkskortet med nettverksadressen 000FB03797A0. Flgende feil
oppstod:
%%1223.
Datamaskinen vil fortsette prve hente en adresse p egen hnd fra
nettverksadresseserveren (DHCP).



-- End of Deckard's System Scanner: finished at 2008-02-06 20:19:56 ------------

Deckard's System Scanner v20071014.68
Run by jim on 2008-02-06 20:17:43
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
27: 2008-02-06 19:17:51 UTC - RP401 - Deckard's System Scanner Restore Point
26: 2008-02-06 10:37:00 UTC - RP400 - Kontrollpunkt for system
25: 2008-02-01 15:26:22 UTC - RP399 - Kontrollpunkt for system
24: 2008-01-23 09:08:17 UTC - RP398 - Kontrollpunkt for system
23: 2008-01-20 01:32:03 UTC - RP397 - Kontrollpunkt for system


-- First Restore Point --
1: 2008-01-02 00:36:18 UTC - RP375 - Kontrollpunkt for system


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as jim.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:19:01, on 06.02.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programfiler\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\Programfiler\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Programfiler\TOSHIBA\Power Management\CePMTray.exe
C:\Programfiler\TOSHIBA\TouchPad\TPTray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programfiler\SyncroSoft\Pos\H2O\cledx.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programfiler\PowerISO\PWRISOVM.EXE
C:\Programfiler\Winamp\winampa.exe
C:\Programfiler\TuneUp Utilities 2007\MemOptimizer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\winmech\NTSERV~1\srunner.exe
C:\WINDOWS\System32\alg.exe
C:\Programfiler\Microsoft IntelliPoint\Point32.exe
C:\Programfiler\mmMozilla Firefox\firefox.exe
C:\Programfiler\Creative\Creative Zen Vision M\CTPlyLsU.exe
C:\Documents and Settings\jim\Skrivebord\dss.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\jim.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://livefooty.doctor-serv.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://bar.baidu.com...aultsearch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://bar.baidu.com...aultsearch.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programfiler\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\baidubar.dll
O2 - BHO: (no name) - {8834A77B-DEA9-4645-B5A5-8C3D4651A594} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ٶȳѰ - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\PROGRA~1\baidu\bar\baidubar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Programfiler\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Programfiler\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [TPNF] C:\Programfiler\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [H2O] C:\Programfiler\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Google IME Autoupdater] "C:\Programfiler\Google\Google Pinyin\GooglePinyinDaemon.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programfiler\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Programfiler\Winamp\winampa.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Programfiler\TuneUp Utilities 2007\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501
  • 0

#4
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Some of the DSS log is missing, can you run DSS again and post the log

Also do this

* I notice that you have no firewall on your PC, this is extremely dangerous and leaves your PC open to vulnerabilities, so please download and install one of the following programs : ZoneAlarm, Comodo, or
Outpost
Make sure you only use one firewall though. A tutorial on understanding and using firewalls may be found here.
  • 0

#5
kredik

kredik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
hi. i turned my firewall back on and ran another test but it only gave me a main.txt file this time....

Deckard's System Scanner v20071014.68
Run by jim on 2008-02-06 21:49:12
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as jim.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:49:15, on 06.02.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programfiler\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\Programfiler\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Programfiler\TOSHIBA\Power Management\CePMTray.exe
C:\Programfiler\TOSHIBA\TouchPad\TPTray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programfiler\SyncroSoft\Pos\H2O\cledx.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programfiler\PowerISO\PWRISOVM.EXE
C:\Programfiler\Winamp\winampa.exe
C:\Programfiler\TuneUp Utilities 2007\MemOptimizer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\winmech\NTSERV~1\srunner.exe
C:\WINDOWS\System32\alg.exe
C:\Programfiler\Microsoft IntelliPoint\Point32.exe
C:\Programfiler\Creative\Creative Zen Vision M\CTPlyLsU.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\jim\Skrivebord\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\jim.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://livefooty.doctor-serv.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://bar.baidu.com...aultsearch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://bar.baidu.com...aultsearch.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programfiler\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\baidubar.dll
O2 - BHO: (no name) - {8834A77B-DEA9-4645-B5A5-8C3D4651A594} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ٶȳѰ - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\PROGRA~1\baidu\bar\baidubar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Programfiler\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Programfiler\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [TPNF] C:\Programfiler\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [H2O] C:\Programfiler\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Google IME Autoupdater] "C:\Programfiler\Google\Google Pinyin\GooglePinyinDaemon.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programfiler\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Programfiler\Winamp\winampa.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Programfiler\TuneUp Utilities 2007\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Programfiler\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O16 - DPF: {1FFE232A-BBBF-4234-A040-10C0DBEF1EF4} (ClientX Control) - http://cop.dusee.cn/...lientx12500.cab
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.euchannel...e/KooPlayer.ocx
O16 - DPF: {3C38DEE8-BE1A-4DEC-B232-2C78706CC7EA} - http://ps.itv.mop.co...0.10-signed.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx
O16 - DPF: {62BA437C-7712-48C6-9F0B-D251FA43192B} (SayaTV Control) - http://www.sayatv.co...load/SayaTV.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/p...owserPlugin.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comne...login-devel.cab
O16 - DPF: {8867A595-7696-4FF0-B6C0-2756DD53BFDC} (ActiveXUpgrade Class) - http://211.55.34.219...veX/NJTVCOM.cab
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) -
O16 - DPF: {9BF607E0-4CC1-4099-9A07-362C9E4FB090} (WStarter Control) - http://live.pdbox.co...57/WStarter.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.on...e/en/crlocx.ocx
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - http://ps.itv.mop.co...0.94_signed.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: winmfu32 - winmfu32.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Programfiler\TOSHIBA\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programfiler\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programfiler\WinPcap\rpcapd.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - c:\windows\svchost.exe (file missing)
O23 - Service: Security Services Internet (winmech) - Unknown owner - C:\WINDOWS\winmech\NTSERV~1\srunner.exe

--
End of file - 8935 bytes

-- Files created between 2008-01-06 and 2008-02-06 -----------------------------

2008-02-05 17:09:00 0 d-------- C:\Programfiler\Trend Micro
2008-02-05 13:10:24 0 d-------- C:\Programfiler\Enigma Software Group
2008-02-05 12:56:30 0 d-------- C:\WINDOWS\system32\SuperAdBlocker.com
2008-02-01 17:23:54 15192 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-02-01 17:18:38 0 d-------- C:\Programfiler\mIRC
2008-01-30 10:50:25 0 d-------- C:\WINDOWS\vbSkinner
2008-01-30 10:50:09 0 d-------- C:\Programfiler\PFConfig
2008-01-21 16:59:25 0 d-------- C:\Programfiler\WMR11
2008-01-21 16:34:41 0 d-------- C:\Programfiler\WinPcap
2008-01-21 16:31:39 0 d-------- C:\Programfiler\Windows Media Recorder
2008-01-21 16:22:13 0 d-------- C:\Programfiler\Mini-stream
2008-01-18 20:17:22 0 d-------- C:\Programfiler\Winamp
2008-01-18 20:14:02 0 d-------- C:\My Music
2008-01-15 12:48:57 0 d-------- C:\WINDOWS\system32\nb-no
2008-01-15 12:42:36 0 d-------- C:\WINDOWS\network diagnostic
2008-01-07 23:03:13 0 d-------- C:\Programfiler\Panzer Elite Action


-- Find3M Report ---------------------------------------------------------------

2008-02-06 12:01:09 0 d-------- C:\Programfiler\mmMozilla Firefox
2008-02-05 19:33:45 0 d-------- C:\Documents and Settings\jim\Programdata\uTorrent
2008-02-05 18:37:35 0 d-------- C:\Documents and Settings\jim\Programdata\Azureus
2008-02-05 12:58:19 6597 --a----c- C:\WINDOWS\mozver.dat
2008-02-05 12:57:50 0 d-------- C:\Programfiler\SUPERAntiSpyware
2008-02-04 17:28:55 0 d-------- C:\Documents and Settings\jim\Programdata\Adobe
2008-02-03 10:32:30 0 d-------- C:\Documents and Settings\jim\Programdata\Media Player Classic
2008-02-03 10:30:52 0 d-------- C:\Programfiler\Real Alternative
2008-02-03 10:29:55 0 d-------- C:\Programfiler\Fellesfiler\Real
2008-02-03 10:29:19 0 d-------- C:\Documents and Settings\jim\Programdata\Real
2008-02-01 17:31:14 0 d-------- C:\Documents and Settings\jim\Programdata\mIRC
2008-01-31 20:27:36 0 d-------- C:\Programfiler\TVUPlayer
2008-01-30 20:20:41 0 d-------- C:\Programfiler\SpeedFan
2008-01-18 20:29:01 0 d-------- C:\Programfiler\SopCast
2008-01-18 18:41:16 0 d-------- C:\Programfiler\Azureus
2008-01-06 10:26:57 0 d-------- C:\Programfiler\Creative
2008-01-03 16:32:04 0 d-------- C:\Programfiler\KONAMI
2008-01-03 13:50:25 0 d--h----- C:\Programfiler\InstallShield Installation Information
2008-01-02 20:34:14 0 d-------- C:\Programfiler\TVAnts
2007-12-31 20:09:16 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-12-31 19:55:37 0 d-------- C:\Programfiler\Rockstar Games
2007-12-29 21:14:45 21840 --a-----t C:\WINDOWS\system32\SIntfNT.dll
2007-12-29 21:14:45 17212 --a-----t C:\WINDOWS\system32\SIntf32.dll
2007-12-29 21:14:45 12067 --a-----t C:\WINDOWS\system32\SIntf16.dll
2007-12-27 23:50:01 0 d-------- C:\Programfiler\ContractJack
2007-12-25 15:08:25 0 d-------- C:\Programfiler\Mozilla Firefox 3 Beta 2
2007-12-25 15:07:19 0 d-------- C:\Programfiler\RCrawler
2007-12-25 15:05:14 0 d-------- C:\Programfiler\VistaCodecPack
2007-12-24 18:47:08 0 --a------ C:\Documents and Settings\jim\Programdata\pssetup.cfg
2007-12-24 18:44:00 0 d-------- C:\Documents and Settings\jim\Programdata\CrystalSpace
2007-12-24 18:44:00 0 d-------- C:\Documents and Settings\jim\Programdata\CrystalApp
2007-12-22 12:26:24 0 d-------- C:\Programfiler\Fellesfiler
2007-12-20 23:02:23 0 d-------- C:\Programfiler\Microsoft Silverlight
2007-12-19 12:23:50 0 d-------- C:\Programfiler\Fellesfiler\DirectX
2007-12-19 12:23:43 0 --a------ C:\tt
2007-12-19 01:01:23 0 d-------- C:\Programfiler\Game Graphic Studio
2007-12-19 01:00:12 0 d-------- C:\Documents and Settings\jim\Programdata\ppStream
2007-12-19 00:53:16 0 d-------- C:\Programfiler\BitComet
2007-12-14 19:11:12 0 d-------- C:\Programfiler\DIFX
2007-12-12 12:32:54 0 d-------- C:\Documents and Settings\jim\Programdata\Google
2007-12-11 20:35:27 0 d-------- C:\Programfiler\Google
2007-12-01 15:36:24 406338 --a------ C:\WINDOWS\system32\perfh014.dat
2007-12-01 15:36:24 71608 --a------ C:\WINDOWS\system32\perfc014.dat
2007-11-13 21:30:20 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-11-12 17:22:49 7904 --a------ C:\WINDOWS\system32\BDGuardS.DAT
2007-11-12 17:22:49 1464 --a------ C:\WINDOWS\system32\BDGuard.DAT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
11.01.2008 11:45 1343622 --a------ C:\PROGRA~1\baidu\bar\baidubar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8834A77B-DEA9-4645-B5A5-8C3D4651A594}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [10.06.2004 20:10]
"Apoint"="C:\Programfiler\Apoint2K\Apoint.exe" [30.10.2003 15:46]
"CeEPOWER"="C:\Programfiler\TOSHIBA\Power Management\CePMTray.exe" [18.08.2004 09:21]
"@"="" []
"TPNF"="C:\Programfiler\TOSHIBA\TouchPad\TPTray.exe" [28.07.2004 15:23]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [21.12.2007 13:22]
"!AVG Anti-Spyware"="C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11.06.2007 10:25]
"H2O"="C:\Programfiler\SyncroSoft\Pos\H2O\cledx.exe" [22.10.2005 23:00]
"Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10.10.2007 19:51]
"BluetoothAuthenticationAgent"="bthprops.cpl" [04.08.2004 11:00 C:\WINDOWS\system32\bthprops.cpl]
"QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [29.06.2007 05:24]
"Google IME Autoupdater"="C:\Programfiler\Google\Google Pinyin\GooglePinyinDaemon.exe" [04.12.2007 04:38]
"PWRISOVM.EXE"="C:\Programfiler\PowerISO\PWRISOVM.EXE" [29.07.2006 12:07]
"WinampAgent"="C:\Programfiler\Winamp\winampa.exe" [21.06.2006 18:14]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TuneUp MemOptimizer"="C:\Programfiler\TuneUp Utilities 2007\MemOptimizer.exe" [27.04.2007 05:50]
"@"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04.08.2004 11:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [20.12.2006 11:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programfiler\SUPERAntiSpyware\SASWINLO.DLL 25.06.2007 23:31 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winmfu32]
winmfu32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Programfiler\QuickTime\QTTask.exe" -atboottime

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"TOSCDSPD"=C:\Programfiler\TOSHIBA\TOSCDSPD\toscdspd.exe
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe
"MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" /background
"Creative Detector"=C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe /R
"SUPERAntiSpyware"=C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NDSTray.exe"=NDSTray.exe
"DAEMON Tools"="C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033
"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe"
"PWRISOVM.EXE"=C:\Programfiler\PowerISO\PWRISOVM.EXE
"SmoothView"=C:\Programfiler\TOSHIBA\TOSHIBA zoom\SmoothView.exe
"CeEKEY"=C:\Programfiler\TOSHIBA\E-KEY\CeEKey.exe
"WinampAgent"=C:\Programfiler\Winamp\winampa.exe
"ZoomingHook"=c:\WINDOWS\System32\ZoomingHook.exe
"EzButton"=C:\Programfiler\EzButton\EzButton.EXE
"IntelliPoint"="C:\Programfiler\Microsoft IntelliPoint\point32.exe"
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
"Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"AGRSMMSG"=AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd7ecf5c-061c-11d9-80d2-806d6172696f}]
AutoRun\command- D:\browser.exe

*Newly Created Service* - MCHINJDRV

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{BA8E97E2-CC5E-35C5-6A6F-6BEF23395712}]
C:\Programfiler\Free_PDF\spooler.exe s



-- End of Deckard's System Scanner: finished at 2008-02-06 21:49:44 ------------
  • 0

#6
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Go to this site:
http://www.virustotal.com/
On top you'll find 'Browse'
Click the browse button and browse to the file:

C:\Programfiler\Free_PDF\spooler.exe

Click open.
Then click the 'Send' button next to it.
This will scan the file. Please be patient.
Once scanned, copy and paste the results as well in your next reply.



1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\baidubar.dll
O2 - BHO: (no name) - {8834A77B-DEA9-4645-B5A5-8C3D4651A594} - (no file)
O3 - Toolbar: ٶȳѰ - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\PROGRA~1\baidu\bar\baidubar.dll
O20 - Winlogon Notify: winmfu32 - winmfu32.dll (file missing)


2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.



Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\PROGRA~1\baidu
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    purity
  • Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


Reboot and post a new DSS log
  • 0

#7
kredik

kredik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
hi did not have :\Programfiler\Free_PDF\spooler.exe
I had C:\Programfiler\Free_PDF\klog.dat

anyhow I did a check with virustotal


Antivirus Version Last Update Result
AhnLab-V3 2008.2.6.10 2008.02.05 -
AntiVir 7.6.0.62 2008.02.07 -
Authentium 4.93.8 2008.02.06 -
Avast 4.7.1098.0 2008.02.06 -
AVG 7.5.0.516 2008.02.06 -
BitDefender 7.2 2008.02.07 -
CAT-QuickHeal 9.00 2008.02.04 -
ClamAV 0.92 2008.02.07 -
DrWeb 4.44.0.09170 2008.02.07 -
eSafe 7.0.15.0 2008.01.28 -
eTrust-Vet 31.3.5518 2008.02.07 -
Ewido 4.0 2008.02.06 -
FileAdvisor 1 2008.02.07 -
Fortinet 3.14.0.0 2008.02.06 -
F-Prot 4.4.2.54 2008.02.06 -
F-Secure 6.70.13260.0 2008.02.07 -
Ikarus T3.1.1.20 2008.02.07 -
Kaspersky 7.0.0.125 2008.02.07 -
McAfee 5224 2008.02.06 -
Microsoft 1.3204 2008.02.07 -
NOD32v2 2855 2008.02.07 -
Norman 5.80.02 2008.02.06 -
Panda 9.0.0.4 2008.02.07 -
Prevx1 V2 2008.02.07 -
Rising 20.29.22.00 2008.01.30 -
Sophos 4.26.0 2008.02.07 -
Sunbelt 2.2.907.0 2008.02.07 -
Symantec 10 2008.02.07 -
TheHacker 6.2.9.211 2008.02.06 -
VBA32 3.12.6.0 2008.02.07 -
VirusBuster 4.3.26:9 2008.02.06 -
Webwasher-Gateway 6.6.2 2008.02.07 -
Additional information
File size: 64691 bytes
MD5: f8cb74ea3fb2fb95a2fa78fe9bb9dad9
SHA1: e686695183c2fa4d0f6fe188b267e422f570be07
PEiD: -
  • 0

#8
kredik

kredik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
my dss

Deckard's System Scanner v20071014.68
Run by jim on 2008-02-07 10:11:06
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as jim.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:11:15, on 07.02.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programfiler\TOSHIBA\Power Management\CePMTray.exe
C:\Programfiler\TOSHIBA\TouchPad\TPTray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programfiler\SyncroSoft\Pos\H2O\cledx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programfiler\PowerISO\PWRISOVM.EXE
C:\Programfiler\Winamp\winampa.exe
C:\Programfiler\TuneUp Utilities 2007\MemOptimizer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programfiler\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\Programfiler\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\winmech\NTSERV~1\srunner.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programfiler\Microsoft IntelliPoint\Point32.exe
C:\Documents and Settings\jim\Skrivebord\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\jim.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://livefooty.doctor-serv.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://bar.baidu.com...aultsearch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://bar.baidu.com...aultsearch.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programfiler\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\baidubar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ٶȳѰ - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\PROGRA~1\baidu\bar\baidubar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Programfiler\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Programfiler\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [TPNF] C:\Programfiler\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [H2O] C:\Programfiler\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Google IME Autoupdater] "C:\Programfiler\Google\Google Pinyin\GooglePinyinDaemon.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programfiler\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Programfiler\Winamp\winampa.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Programfiler\TuneUp Utilities 2007\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Programfiler\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O16 - DPF: {1FFE232A-BBBF-4234-A040-10C0DBEF1EF4} (ClientX Control) - http://cop.dusee.cn/...lientx12500.cab
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.euchannel...e/KooPlayer.ocx
O16 - DPF: {3C38DEE8-BE1A-4DEC-B232-2C78706CC7EA} - http://ps.itv.mop.co...0.10-signed.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx
O16 - DPF: {62BA437C-7712-48C6-9F0B-D251FA43192B} (SayaTV Control) - http://www.sayatv.co...load/SayaTV.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/p...owserPlugin.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comne...login-devel.cab
O16 - DPF: {8867A595-7696-4FF0-B6C0-2756DD53BFDC} (ActiveXUpgrade Class) - http://211.55.34.219...veX/NJTVCOM.cab
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) -
O16 - DPF: {9BF607E0-4CC1-4099-9A07-362C9E4FB090} (WStarter Control) - http://live.pdbox.co...57/WStarter.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.on...e/en/crlocx.ocx
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - http://ps.itv.mop.co...0.94_signed.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Programfiler\TOSHIBA\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programfiler\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programfiler\WinPcap\rpcapd.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - c:\windows\svchost.exe (file missing)
O23 - Service: Security Services Internet (winmech) - Unknown owner - C:\WINDOWS\winmech\NTSERV~1\srunner.exe

--
End of file - 8506 bytes

-- Files created between 2008-01-07 and 2008-02-07 -----------------------------

2008-02-05 17:09:00 0 d-------- C:\Programfiler\Trend Micro
2008-02-05 13:10:24 0 d-------- C:\Programfiler\Enigma Software Group
2008-02-05 12:56:30 0 d-------- C:\WINDOWS\system32\SuperAdBlocker.com
2008-02-01 17:23:54 15192 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-02-01 17:18:38 0 d-------- C:\Programfiler\mIRC
2008-01-30 10:50:25 0 d-------- C:\WINDOWS\vbSkinner
2008-01-30 10:50:09 0 d-------- C:\Programfiler\PFConfig
2008-01-21 16:59:25 0 d-------- C:\Programfiler\WMR11
2008-01-21 16:34:41 0 d-------- C:\Programfiler\WinPcap
2008-01-21 16:31:39 0 d-------- C:\Programfiler\Windows Media Recorder
2008-01-21 16:22:13 0 d-------- C:\Programfiler\Mini-stream
2008-01-18 20:17:22 0 d-------- C:\Programfiler\Winamp
2008-01-18 20:14:02 0 d-------- C:\My Music
2008-01-15 12:48:57 0 d-------- C:\WINDOWS\system32\nb-no
2008-01-15 12:42:36 0 d-------- C:\WINDOWS\network diagnostic
2008-01-07 23:03:13 0 d-------- C:\Programfiler\Panzer Elite Action


-- Find3M Report ---------------------------------------------------------------

2008-02-07 10:04:19 0 d-------- C:\Programfiler\mmMozilla Firefox
2008-02-05 19:33:45 0 d-------- C:\Documents and Settings\jim\Programdata\uTorrent
2008-02-05 18:37:35 0 d-------- C:\Documents and Settings\jim\Programdata\Azureus
2008-02-05 12:58:19 6597 --a----c- C:\WINDOWS\mozver.dat
2008-02-05 12:57:50 0 d-------- C:\Programfiler\SUPERAntiSpyware
2008-02-04 17:28:55 0 d-------- C:\Documents and Settings\jim\Programdata\Adobe
2008-02-03 10:32:30 0 d-------- C:\Documents and Settings\jim\Programdata\Media Player Classic
2008-02-03 10:30:52 0 d-------- C:\Programfiler\Real Alternative
2008-02-03 10:29:55 0 d-------- C:\Programfiler\Fellesfiler\Real
2008-02-03 10:29:19 0 d-------- C:\Documents and Settings\jim\Programdata\Real
2008-02-01 17:31:14 0 d-------- C:\Documents and Settings\jim\Programdata\mIRC
2008-01-31 20:27:36 0 d-------- C:\Programfiler\TVUPlayer
2008-01-30 20:20:41 0 d-------- C:\Programfiler\SpeedFan
2008-01-18 20:29:01 0 d-------- C:\Programfiler\SopCast
2008-01-18 18:41:16 0 d-------- C:\Programfiler\Azureus
2008-01-06 10:26:57 0 d-------- C:\Programfiler\Creative
2008-01-03 16:32:04 0 d-------- C:\Programfiler\KONAMI
2008-01-03 13:50:25 0 d--h----- C:\Programfiler\InstallShield Installation Information
2008-01-02 20:34:14 0 d-------- C:\Programfiler\TVAnts
2007-12-31 20:09:16 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-12-31 19:55:37 0 d-------- C:\Programfiler\Rockstar Games
2007-12-29 21:14:45 21840 --a-----t C:\WINDOWS\system32\SIntfNT.dll
2007-12-29 21:14:45 17212 --a-----t C:\WINDOWS\system32\SIntf32.dll
2007-12-29 21:14:45 12067 --a-----t C:\WINDOWS\system32\SIntf16.dll
2007-12-27 23:50:01 0 d-------- C:\Programfiler\ContractJack
2007-12-25 15:08:25 0 d-------- C:\Programfiler\Mozilla Firefox 3 Beta 2
2007-12-25 15:07:19 0 d-------- C:\Programfiler\RCrawler
2007-12-25 15:05:14 0 d-------- C:\Programfiler\VistaCodecPack
2007-12-24 18:47:08 0 --a------ C:\Documents and Settings\jim\Programdata\pssetup.cfg
2007-12-24 18:44:00 0 d-------- C:\Documents and Settings\jim\Programdata\CrystalSpace
2007-12-24 18:44:00 0 d-------- C:\Documents and Settings\jim\Programdata\CrystalApp
2007-12-22 12:26:24 0 d-------- C:\Programfiler\Fellesfiler
2007-12-20 23:02:23 0 d-------- C:\Programfiler\Microsoft Silverlight
2007-12-19 12:23:50 0 d-------- C:\Programfiler\Fellesfiler\DirectX
2007-12-19 12:23:43 0 --a------ C:\tt
2007-12-19 01:01:23 0 d-------- C:\Programfiler\Game Graphic Studio
2007-12-19 01:00:12 0 d-------- C:\Documents and Settings\jim\Programdata\ppStream
2007-12-19 00:53:16 0 d-------- C:\Programfiler\BitComet
2007-12-14 19:11:12 0 d-------- C:\Programfiler\DIFX
2007-12-12 12:32:54 0 d-------- C:\Documents and Settings\jim\Programdata\Google
2007-12-11 20:35:27 0 d-------- C:\Programfiler\Google
2007-12-01 15:36:24 406338 --a------ C:\WINDOWS\system32\perfh014.dat
2007-12-01 15:36:24 71608 --a------ C:\WINDOWS\system32\perfc014.dat
2007-11-13 21:30:20 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-11-12 17:22:49 7904 --a------ C:\WINDOWS\system32\BDGuardS.DAT
2007-11-12 17:22:49 1464 --a------ C:\WINDOWS\system32\BDGuard.DAT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
11.01.2008 11:45 1343622 --a------ C:\PROGRA~1\baidu\bar\baidubar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [10.06.2004 20:10]
"Apoint"="C:\Programfiler\Apoint2K\Apoint.exe" [30.10.2003 15:46]
"CeEPOWER"="C:\Programfiler\TOSHIBA\Power Management\CePMTray.exe" [18.08.2004 09:21]
"@"="" []
"TPNF"="C:\Programfiler\TOSHIBA\TouchPad\TPTray.exe" [28.07.2004 15:23]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [21.12.2007 13:22]
"!AVG Anti-Spyware"="C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11.06.2007 10:25]
"H2O"="C:\Programfiler\SyncroSoft\Pos\H2O\cledx.exe" [22.10.2005 23:00]
"Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10.10.2007 19:51]
"BluetoothAuthenticationAgent"="bthprops.cpl" [04.08.2004 11:00 C:\WINDOWS\system32\bthprops.cpl]
"QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [29.06.2007 05:24]
"Google IME Autoupdater"="C:\Programfiler\Google\Google Pinyin\GooglePinyinDaemon.exe" [04.12.2007 04:38]
"PWRISOVM.EXE"="C:\Programfiler\PowerISO\PWRISOVM.EXE" [29.07.2006 12:07]
"WinampAgent"="C:\Programfiler\Winamp\winampa.exe" [21.06.2006 18:14]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TuneUp MemOptimizer"="C:\Programfiler\TuneUp Utilities 2007\MemOptimizer.exe" [27.04.2007 05:50]
"@"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04.08.2004 11:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [20.12.2006 11:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programfiler\SUPERAntiSpyware\SASWINLO.DLL 25.06.2007 23:31 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Programfiler\QuickTime\QTTask.exe" -atboottime

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"TOSCDSPD"=C:\Programfiler\TOSHIBA\TOSCDSPD\toscdspd.exe
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe
"MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" /background
"Creative Detector"=C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe /R
"SUPERAntiSpyware"=C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NDSTray.exe"=NDSTray.exe
"DAEMON Tools"="C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033
"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe"
"PWRISOVM.EXE"=C:\Programfiler\PowerISO\PWRISOVM.EXE
"SmoothView"=C:\Programfiler\TOSHIBA\TOSHIBA zoom\SmoothView.exe
"CeEKEY"=C:\Programfiler\TOSHIBA\E-KEY\CeEKey.exe
"WinampAgent"=C:\Programfiler\Winamp\winampa.exe
"ZoomingHook"=c:\WINDOWS\System32\ZoomingHook.exe
"EzButton"=C:\Programfiler\EzButton\EzButton.EXE
"IntelliPoint"="C:\Programfiler\Microsoft IntelliPoint\point32.exe"
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
"Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"AGRSMMSG"=AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd7ecf5c-061c-11d9-80d2-806d6172696f}]
AutoRun\command- D:\browser.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{BA8E97E2-CC5E-35C5-6A6F-6BEF23395712}]
C:\Programfiler\Free_PDF\spooler.exe s



-- End of Deckard's System Scanner: finished at 2008-02-07 10:12:15 ------------
  • 0

#9
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://bar.baidu.com...aultsearch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://bar.baidu.com...aultsearch.html
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\baidubar.dll
O3 - Toolbar: ٶȳѰ - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\PROGRA~1\baidu\bar\baidubar.dll


2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.



Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\PROGRA~1\baidu
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    purity
  • Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Reboot and post a new DSS log
  • 0

#10
kredik

kredik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Folder cleanup failed. C:\PROGRA~1\baidu\bar\img scheduled to be deleted on reboot.
Folder cleanup failed. C:\PROGRA~1\baidu\bar scheduled to be deleted on reboot.
Folder cleanup failed. C:\PROGRA~1\baidu scheduled to be deleted on reboot.
[Custom Input]
< purity >

OTMoveIt2 v1.0.19 log created on 02072008_202620
  • 0

Advertisements


#11
kredik

kredik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Deckard's System Scanner v20071014.68
Run by jim on 2008-02-07 20:32:01
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as jim.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:32:10, on 07.02.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programfiler\TOSHIBA\Power Management\CePMTray.exe
C:\Programfiler\TOSHIBA\TouchPad\TPTray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programfiler\SyncroSoft\Pos\H2O\cledx.exe
C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programfiler\PowerISO\PWRISOVM.EXE
C:\Programfiler\Winamp\winampa.exe
C:\Programfiler\TuneUp Utilities 2007\MemOptimizer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programfiler\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\Programfiler\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Programfiler\mmMozilla Firefox\firefox.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\winmech\NTSERV~1\srunner.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programfiler\Microsoft IntelliPoint\Point32.exe
C:\Documents and Settings\jim\Skrivebord\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\jim.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://livefooty.doctor-serv.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programfiler\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\baidubar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ٶȳѰ - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\PROGRA~1\baidu\bar\baidubar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Programfiler\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Programfiler\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [TPNF] C:\Programfiler\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [H2O] C:\Programfiler\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Google IME Autoupdater] "C:\Programfiler\Google\Google Pinyin\GooglePinyinDaemon.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programfiler\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Programfiler\Winamp\winampa.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Programfiler\TuneUp Utilities 2007\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Programfiler\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O16 - DPF: {1FFE232A-BBBF-4234-A040-10C0DBEF1EF4} (ClientX Control) - http://cop.dusee.cn/...lientx12500.cab
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.euchannel...e/KooPlayer.ocx
O16 - DPF: {3C38DEE8-BE1A-4DEC-B232-2C78706CC7EA} - http://ps.itv.mop.co...0.10-signed.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx
O16 - DPF: {62BA437C-7712-48C6-9F0B-D251FA43192B} (SayaTV Control) - http://www.sayatv.co...load/SayaTV.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/p...owserPlugin.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comne...login-devel.cab
O16 - DPF: {8867A595-7696-4FF0-B6C0-2756DD53BFDC} (ActiveXUpgrade Class) - http://211.55.34.219...veX/NJTVCOM.cab
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) -
O16 - DPF: {9BF607E0-4CC1-4099-9A07-362C9E4FB090} (WStarter Control) - http://live.pdbox.co...57/WStarter.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.on...e/en/crlocx.ocx
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - http://ps.itv.mop.co...0.94_signed.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Programfiler\TOSHIBA\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programfiler\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programfiler\WinPcap\rpcapd.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - c:\windows\svchost.exe (file missing)
O23 - Service: Security Services Internet (winmech) - Unknown owner - C:\WINDOWS\winmech\NTSERV~1\srunner.exe

--
End of file - 8370 bytes

-- Files created between 2008-01-07 and 2008-02-07 -----------------------------

2008-02-05 17:09:00 0 d-------- C:\Programfiler\Trend Micro
2008-02-05 13:10:24 0 d-------- C:\Programfiler\Enigma Software Group
2008-02-05 12:56:30 0 d-------- C:\WINDOWS\system32\SuperAdBlocker.com
2008-02-01 17:23:54 15192 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-02-01 17:18:38 0 d-------- C:\Programfiler\mIRC
2008-01-30 10:50:25 0 d-------- C:\WINDOWS\vbSkinner
2008-01-30 10:50:09 0 d-------- C:\Programfiler\PFConfig
2008-01-21 16:59:25 0 d-------- C:\Programfiler\WMR11
2008-01-21 16:34:41 0 d-------- C:\Programfiler\WinPcap
2008-01-21 16:31:39 0 d-------- C:\Programfiler\Windows Media Recorder
2008-01-21 16:22:13 0 d-------- C:\Programfiler\Mini-stream
2008-01-18 20:17:22 0 d-------- C:\Programfiler\Winamp
2008-01-18 20:14:02 0 d-------- C:\My Music
2008-01-15 12:48:57 0 d-------- C:\WINDOWS\system32\nb-no
2008-01-15 12:42:36 0 d-------- C:\WINDOWS\network diagnostic
2008-01-07 23:03:13 0 d-------- C:\Programfiler\Panzer Elite Action


-- Find3M Report ---------------------------------------------------------------

2008-02-07 20:30:48 0 d-------- C:\Programfiler\mmMozilla Firefox
2008-02-05 19:33:45 0 d-------- C:\Documents and Settings\jim\Programdata\uTorrent
2008-02-05 18:37:35 0 d-------- C:\Documents and Settings\jim\Programdata\Azureus
2008-02-05 12:58:19 6597 --a----c- C:\WINDOWS\mozver.dat
2008-02-05 12:57:50 0 d-------- C:\Programfiler\SUPERAntiSpyware
2008-02-04 17:28:55 0 d-------- C:\Documents and Settings\jim\Programdata\Adobe
2008-02-03 10:32:30 0 d-------- C:\Documents and Settings\jim\Programdata\Media Player Classic
2008-02-03 10:30:52 0 d-------- C:\Programfiler\Real Alternative
2008-02-03 10:29:55 0 d-------- C:\Programfiler\Fellesfiler\Real
2008-02-03 10:29:19 0 d-------- C:\Documents and Settings\jim\Programdata\Real
2008-02-01 17:31:14 0 d-------- C:\Documents and Settings\jim\Programdata\mIRC
2008-01-31 20:27:36 0 d-------- C:\Programfiler\TVUPlayer
2008-01-30 20:20:41 0 d-------- C:\Programfiler\SpeedFan
2008-01-18 20:29:01 0 d-------- C:\Programfiler\SopCast
2008-01-18 18:41:16 0 d-------- C:\Programfiler\Azureus
2008-01-06 10:26:57 0 d-------- C:\Programfiler\Creative
2008-01-03 16:32:04 0 d-------- C:\Programfiler\KONAMI
2008-01-03 13:50:25 0 d--h----- C:\Programfiler\InstallShield Installation Information
2008-01-02 20:34:14 0 d-------- C:\Programfiler\TVAnts
2007-12-31 20:09:16 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-12-31 19:55:37 0 d-------- C:\Programfiler\Rockstar Games
2007-12-29 21:14:45 21840 --a-----t C:\WINDOWS\system32\SIntfNT.dll
2007-12-29 21:14:45 17212 --a-----t C:\WINDOWS\system32\SIntf32.dll
2007-12-29 21:14:45 12067 --a-----t C:\WINDOWS\system32\SIntf16.dll
2007-12-27 23:50:01 0 d-------- C:\Programfiler\ContractJack
2007-12-25 15:08:25 0 d-------- C:\Programfiler\Mozilla Firefox 3 Beta 2
2007-12-25 15:07:19 0 d-------- C:\Programfiler\RCrawler
2007-12-25 15:05:14 0 d-------- C:\Programfiler\VistaCodecPack
2007-12-24 18:47:08 0 --a------ C:\Documents and Settings\jim\Programdata\pssetup.cfg
2007-12-24 18:44:00 0 d-------- C:\Documents and Settings\jim\Programdata\CrystalSpace
2007-12-24 18:44:00 0 d-------- C:\Documents and Settings\jim\Programdata\CrystalApp
2007-12-22 12:26:24 0 d-------- C:\Programfiler\Fellesfiler
2007-12-20 23:02:23 0 d-------- C:\Programfiler\Microsoft Silverlight
2007-12-19 12:23:50 0 d-------- C:\Programfiler\Fellesfiler\DirectX
2007-12-19 12:23:43 0 --a------ C:\tt
2007-12-19 01:01:23 0 d-------- C:\Programfiler\Game Graphic Studio
2007-12-19 01:00:12 0 d-------- C:\Documents and Settings\jim\Programdata\ppStream
2007-12-19 00:53:16 0 d-------- C:\Programfiler\BitComet
2007-12-14 19:11:12 0 d-------- C:\Programfiler\DIFX
2007-12-12 12:32:54 0 d-------- C:\Documents and Settings\jim\Programdata\Google
2007-12-11 20:35:27 0 d-------- C:\Programfiler\Google
2007-12-01 15:36:24 406338 --a------ C:\WINDOWS\system32\perfh014.dat
2007-12-01 15:36:24 71608 --a------ C:\WINDOWS\system32\perfc014.dat
2007-11-13 21:30:20 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-11-12 17:22:49 7904 --a------ C:\WINDOWS\system32\BDGuardS.DAT
2007-11-12 17:22:49 1464 --a------ C:\WINDOWS\system32\BDGuard.DAT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
11.01.2008 11:45 1343622 --a------ C:\PROGRA~1\baidu\bar\baidubar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [10.06.2004 20:10]
"Apoint"="C:\Programfiler\Apoint2K\Apoint.exe" [30.10.2003 15:46]
"CeEPOWER"="C:\Programfiler\TOSHIBA\Power Management\CePMTray.exe" [18.08.2004 09:21]
"@"="" []
"TPNF"="C:\Programfiler\TOSHIBA\TouchPad\TPTray.exe" [28.07.2004 15:23]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [21.12.2007 13:22]
"!AVG Anti-Spyware"="C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11.06.2007 10:25]
"H2O"="C:\Programfiler\SyncroSoft\Pos\H2O\cledx.exe" [22.10.2005 23:00]
"Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10.10.2007 19:51]
"BluetoothAuthenticationAgent"="bthprops.cpl" [04.08.2004 11:00 C:\WINDOWS\system32\bthprops.cpl]
"QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [29.06.2007 05:24]
"Google IME Autoupdater"="C:\Programfiler\Google\Google Pinyin\GooglePinyinDaemon.exe" [04.12.2007 04:38]
"PWRISOVM.EXE"="C:\Programfiler\PowerISO\PWRISOVM.EXE" [29.07.2006 12:07]
"WinampAgent"="C:\Programfiler\Winamp\winampa.exe" [21.06.2006 18:14]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TuneUp MemOptimizer"="C:\Programfiler\TuneUp Utilities 2007\MemOptimizer.exe" [27.04.2007 05:50]
"@"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04.08.2004 11:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [20.12.2006 11:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programfiler\SUPERAntiSpyware\SASWINLO.DLL 25.06.2007 23:31 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Programfiler\QuickTime\QTTask.exe" -atboottime

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"TOSCDSPD"=C:\Programfiler\TOSHIBA\TOSCDSPD\toscdspd.exe
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe
"MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" /background
"Creative Detector"=C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe /R
"SUPERAntiSpyware"=C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NDSTray.exe"=NDSTray.exe
"DAEMON Tools"="C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033
"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe"
"PWRISOVM.EXE"=C:\Programfiler\PowerISO\PWRISOVM.EXE
"SmoothView"=C:\Programfiler\TOSHIBA\TOSHIBA zoom\SmoothView.exe
"CeEKEY"=C:\Programfiler\TOSHIBA\E-KEY\CeEKey.exe
"WinampAgent"=C:\Programfiler\Winamp\winampa.exe
"ZoomingHook"=c:\WINDOWS\System32\ZoomingHook.exe
"EzButton"=C:\Programfiler\EzButton\EzButton.EXE
"IntelliPoint"="C:\Programfiler\Microsoft IntelliPoint\point32.exe"
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
"Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"AGRSMMSG"=AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd7ecf5c-061c-11d9-80d2-806d6172696f}]
AutoRun\command- D:\browser.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{BA8E97E2-CC5E-35C5-6A6F-6BEF23395712}]
C:\Programfiler\Free_PDF\spooler.exe s



-- End of Deckard's System Scanner: finished at 2008-02-07 20:32:39 ------------
  • 0

#12
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
It's refusing to go

Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#13
kredik

kredik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
ok...here they are

ComboFix 08-02.05.3 - jim 2008-02-07 20:57:50.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.611 [GMT 1:00]
Running from: C:\Documents and Settings\jim\Skrivebord\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\BDGuard.DAT
C:\WINDOWS\system32\BDGuardS.DAT
C:\WINDOWS\system32\drivers\bdguard.sys
C:\Documents and Settings\All Users\Start-meny\Programmer\2556~1
C:\Documents and Settings\All Users\Start-meny\Programmer\2556~1\.url
C:\Documents and Settings\All Users\Start-meny\Programmer\2556~1\.url
C:\Documents and Settings\All Users\Start-meny\Programmer\2556~1\ָ.url
C:\Documents and Settings\All Users\Start-meny\Programmer\2556~1\µ.url
C:\Documents and Settings\All Users\Start-meny\Programmer\2556~1\ϵͳ.url
C:\Documents and Settings\All Users\Start-meny\Programmer\2556~1\б.url
C:\Documents and Settings\All Users\Start-meny\Programmer\2556~1\޸.url
C:\Documents and Settings\All Users\Start-meny\Programmer\2556~1\˽.url
C:\Documents and Settings\All Users\Start-meny\Programmer\2556~1\Զ尴ť.url
C:\Documents and Settings\jim\Lokale innstillinger\Programdata\baidu
C:\Documents and Settings\jim\Programdata\addon.dat
C:\Programfiler\autorun.inf
C:\Programfiler\baidu
C:\Programfiler\baidu\bar\baidubar.dat
C:\Programfiler\baidu\bar\BaiduBar.dll
C:\Programfiler\baidu\bar\bang.ini
C:\Programfiler\baidu\bar\bdgdins.dll
C:\Programfiler\baidu\bar\img\imglist.bmp
C:\Programfiler\baidu\bar\img\logo.bmp
C:\Programfiler\baidu\bar\loadmovie.swf
C:\WINDOWS\system32\BDGuard.DAT
C:\WINDOWS\system32\BDGuardS.DAT
C:\WINDOWS\system32\drivers\bdguard.sys
C:\WINDOWS\system32\iexp_log.txt
C:\WINDOWS\system32\plugin1.dat
C:\WINDOWS\system32\scchk32.exe.bak

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_BDGUARD
-------\LEGACY_NPF
-------\NPF


((((((((((((((((((((((((( Files Created from 2008-01-07 to 2008-02-07 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-06-25 16:30 6,369 --sh--w C:\WINDOWS\system32\prqss.bak1
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TuneUp MemOptimizer"="C:\Programfiler\TuneUp Utilities 2007\MemOptimizer.exe" [2007-04-27 05:50 312328]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 11:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-10 20:10 339968]
"Apoint"="C:\Programfiler\Apoint2K\Apoint.exe" [2003-10-30 15:46 192512]
"CeEPOWER"="C:\Programfiler\TOSHIBA\Power Management\CePMTray.exe" [2004-08-18 09:21 135168]
"TPNF"="C:\Programfiler\TOSHIBA\TouchPad\TPTray.exe" [2004-07-28 15:23 53248]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-12-21 13:22 579072]
"!AVG Anti-Spyware"="C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"H2O"="C:\Programfiler\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-22 23:00 385024]
"Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 11:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2007-06-29 05:24 286720]
"Google IME Autoupdater"="C:\Programfiler\Google\Google Pinyin\GooglePinyinDaemon.exe" [2007-12-04 04:38 252600]
"PWRISOVM.EXE"="C:\Programfiler\PowerISO\PWRISOVM.EXE" [2006-07-29 12:07 188416]
"WinampAgent"="C:\Programfiler\Winamp\winampa.exe" [2006-06-21 18:14 35328]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 11:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-24 11:47 219136]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 11:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programfiler\SUPERAntiSpyware\SASWINLO.DLL 2007-06-25 23:31 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 05:24 286720 C:\Programfiler\QuickTime\QTTask.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"TOSCDSPD"=C:\Programfiler\TOSHIBA\TOSCDSPD\toscdspd.exe
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe
"MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" /background
"Creative Detector"=C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe /R
"SUPERAntiSpyware"=C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NDSTray.exe"=NDSTray.exe
"DAEMON Tools"="C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033
"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe"
"PWRISOVM.EXE"=C:\Programfiler\PowerISO\PWRISOVM.EXE
"SmoothView"=C:\Programfiler\TOSHIBA\TOSHIBA zoom\SmoothView.exe
"CeEKEY"=C:\Programfiler\TOSHIBA\E-KEY\CeEKey.exe
"WinampAgent"=C:\Programfiler\Winamp\winampa.exe
"ZoomingHook"=c:\WINDOWS\System32\ZoomingHook.exe
"EzButton"=C:\Programfiler\EzButton\EzButton.EXE
"IntelliPoint"="C:\Programfiler\Microsoft IntelliPoint\point32.exe"
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
"Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"AGRSMMSG"=AGRSMMSG.exe

R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2002-04-17 19:27]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 11:00]
R2 winmech;Security Services Internet;C:\WINDOWS\winmech\NTSERV~1\srunner.exe [2004-02-18 16:41]
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 19:08]
S2 r_server;Remote Administrator Service;"c:\windows\svchost.exe" []

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd7ecf5c-061c-11d9-80d2-806d6172696f}]
\Shell\AutoRun\command - D:\browser.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{BA8E97E2-CC5E-35C5-6A6F-6BEF23395712}]
C:\Programfiler\Free_PDF\spooler.exe s
.
Contents of the 'Scheduled Tasks' folder
"2008-02-01 16:17:48 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Programfiler\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-07 21:04:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\wudfhost.exe
C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programfiler\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\Programfiler\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-02-07 21:07:14 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-07 20:07:11
.
2008-01-16 17:56:31 --- E O F ---






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:07:57, on 07.02.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programfiler\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\Programfiler\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programfiler\TOSHIBA\Power Management\CePMTray.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programfiler\TOSHIBA\TouchPad\TPTray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programfiler\SyncroSoft\Pos\H2O\cledx.exe
C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\winmech\NTSERV~1\srunner.exe
C:\Programfiler\PowerISO\PWRISOVM.EXE
C:\Programfiler\Winamp\winampa.exe
C:\Programfiler\TuneUp Utilities 2007\MemOptimizer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Programfiler\mmMozilla Firefox\firefox.exe
C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://livefooty.doctor-serv.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programfiler\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Programfiler\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Programfiler\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [TPNF] C:\Programfiler\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [H2O] C:\Programfiler\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Google IME Autoupdater] "C:\Programfiler\Google\Google Pinyin\GooglePinyinDaemon.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programfiler\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Programfiler\Winamp\winampa.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Programfiler\TuneUp Utilities 2007\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Programfiler\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O16 - DPF: {1FFE232A-BBBF-4234-A040-10C0DBEF1EF4} (ClientX Control) - http://cop.dusee.cn/...lientx12500.cab
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.euchannel...e/KooPlayer.ocx
O16 - DPF: {3C38DEE8-BE1A-4DEC-B232-2C78706CC7EA} - http://ps.itv.mop.co...0.10-signed.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx
O16 - DPF: {62BA437C-7712-48C6-9F0B-D251FA43192B} (SayaTV Control) - http://www.sayatv.co...load/SayaTV.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/p...owserPlugin.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comne...login-devel.cab
O16 - DPF: {8867A595-7696-4FF0-B6C0-2756DD53BFDC} (ActiveXUpgrade Class) - http://211.55.34.219...veX/NJTVCOM.cab
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) -
O16 - DPF: {9BF607E0-4CC1-4099-9A07-362C9E4FB090} (WStarter Control) - http://live.pdbox.co...57/WStarter.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.on...e/en/crlocx.ocx
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - http://ps.itv.mop.co...0.94_signed.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Programfiler\TOSHIBA\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programfiler\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programfiler\WinPcap\rpcapd.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - c:\windows\svchost.exe (file missing)
O23 - Service: Security Services Internet (winmech) - Unknown owner - C:\WINDOWS\winmech\NTSERV~1\srunner.exe

--
End of file - 8075 bytes
  • 0

#14
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Looking good

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\system32\prqss.bak1
D:\browser.exe

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd7ecf5c-061c-11d9-80d2-806d6172696f}]


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall





Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.


Then tell me how your PC is running
  • 0

#15
kredik

kredik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
crap Im watchin the ANC...drogbas gettin spanked! will do it at halftime in 30 min.!!
thanks for the help!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP