Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Still Bugged? [CLOSED]

Started by AQUA258 , Feb 24 2008 04:46 AM

  • This topic is locked This topic is locked

#1
AQUA258
Posted 24 February 2008 - 04:46 AM

AQUA258

    Member

  • Member
  • PipPipPip
  • 169 posts
OK, since i had all those problems with trojans i have been trying to keep my comp as clean as possible BUT on closer inspection this is what i found. This is what HJT says i have in my Cpanel but i dont. Why and What is up with that first lot of 2007 stuff. That even comes up in Regseeker????
Cleaners that i am using; Regseeker, ATF cleaner, Window washer, Rootkit buster, SuperAntispyware and the biggy is Trend. Still can not run Ad-aware as something stops the updates?? I set it all, run a scan, turn it off, start it up and its all been changed.

OH, and with Limewire i uninstalled that because it kept saying that i was sharing over 2,500 files. I'm lucky if i have 50 in the my shared folder. Even changed the settings to NO share but the same thing comes back up. I then installed Frostwire and it did the same; 2500+ sharing.


2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Adobe Flash Player ActiveX
Adobe Reader 8.1.0
Adobe Shockwave Player
Download Accelerator Plus (DAP)
easy Internet sign-up
EPSON CardMonitor
EPSON PhotoQuicker3.5
EPSON PhotoStarter3.1
EPSON Printer Software
EPSON Scan Tool Light 1.0
EPSON Web-To-Page
ESCX1500 Reference Guide
ESCX1500 Software Guide
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB918997)
Hotfix for Windows XP (KB926239)
HP Memories Disc
HP Photo and Imaging 1.1 - Photosmart Cameras
Inactive HP Printer Drivers (Remove only)
Inactive HP ScanJet Drivers (Remove only)
Intel® Extreme Graphics Driver Software
J2SE Runtime Environment 5.0 Update 11
Java™ 6 Update 3
Java™ 6 Update 4
KBD
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Picture It! Photo 7.0
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works 2003 Setup Launcher
Microsoft Works 7.0
Microsoft Works Suite Add-in for Microsoft Word
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
MySpaceIM
NVIDIA Windows 2000/XP Display Drivers
Ozzy Bubbles
PC-Doctor for Windows
PIF DESIGNER2.1
PS2
RecordNow
Ricochet Infinity
S3Display
S3Gamma2
S3Info2
S3Overlay
ScanToWeb
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 8 (KB917734)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
Shockwave
SmartCamera Ver 2.1
SUPERAntiSpyware Free Edition
Trend Micro PC-cillin Internet Security 2005
Turtix
Turtle Odyssey
Update for Outlook 2007 Junk Email Filter (kb944965)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
USB PC Cam
USB Storage RW
Vista Anthracite Pack - Lite 1.30
Window Washer
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver



NORMAL HJT LOG;;;;;;;

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:45:53 PM, on 24/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\USB Storage RW\shwicon.exe
C:\Windows\system32\HpSrvUI.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3V1.EXE
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\WINDOWS\system32\wwSecure.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\My Documents\My Completed Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"
O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe
O4 - HKLM\..\Run: [hpScannerFirstBoot] c:\hp\drivers\scanners\scannerfb.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [EPSON Stylus CX1500 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3V1.EXE /P26 "EPSON Stylus CX1500 Series" /O6 "USB001" /M "Stylus CX1500"
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [EPSON Stylus CX1500 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3V1.EXE /P26 "EPSON Stylus CX1500 Series" /M "Stylus CX1500" /EF "HKCU"
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1186103321781
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1186116406453
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

--
End of file - 6635 bytes

Edited by AQUA258, 24 February 2008 - 06:02 AM.

  • 0

Advertisements

#2
sage5
Posted 08 March 2008 - 06:32 AM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi AQUA258,

Welcome to Geeks To Go,

I'm sorry that we haven't got to you until now, but the forum can get hectic at times.

I am sage5 and I will be helping you with this problem.

First I need you to download the following tools & save them to your Desktop.
Malwarebytes' Anti-Malware from Here or Here
Deckard's System Scanner


Run Malwarebytes' Anti-Malware:
Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Save the log as C:\mbam.txt
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Run Deckard's System Scanner:
  • Close all other windows before proceeding.
  • Double click on the dss.exe file on your Desktop and follow the prompts.
  • Scans will run, and 2 text files will open in Notepad.
  • Close both of the text files.
These files are C:\Deckard\System Scanner\main.txt & extra.txt. I will need you to copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply. Also include the text from C:\mbam.txt



The text from these files may exceed the maximum post length for this forum, and may need to be sent over 2 or more posts. Please ensure all text is posted.

Cheers,

sage5
  • 0

#3
AQUA258
Posted 08 March 2008 - 09:32 AM

AQUA258

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 169 posts
This is just one of the 2 that you asked me to do. With the other d/oad "MBAM" it went to install but then asked me to insert memory disc? I tried to click cancel but then it wouldnt remove itself off the screen. I've uninstalled it and will try from that second "HERE". See if that one works, if so, will post.

Deckard's System Scanner v20071014.68
Run by Owner on 2008-03-09 00:13:53
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
6: 2008-03-08 15:14:27 UTC - RP57 - Deckard's System Scanner Restore Point
5: 2008-03-08 02:00:11 UTC - RP56 - System Checkpoint
4: 2008-03-07 01:52:11 UTC - RP55 - System Checkpoint
3: 2008-03-06 00:11:26 UTC - RP54 - System Checkpoint
2: 2008-03-04 23:36:54 UTC - RP53 - System Checkpoint


-- First Restore Point --
1: 2008-03-03 21:19:35 UTC - RP52 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 76% (more than 75%).
Total Physical Memory: 448 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:18:57 AM, on 9/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\USB Storage RW\shwicon.exe
C:\Windows\system32\HpSrvUI.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\WINDOWS\vsnpstd.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\WINDOWS\system32\wwSecure.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Owner\My Documents\My Completed Downloads\dss.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"
O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe
O4 - HKLM\..\Run: [hpScannerFirstBoot] c:\hp\drivers\scanners\scannerfb.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [EPSON Stylus CX1500 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3V1.EXE /P26 "EPSON Stylus CX1500 Series" /O6 "USB001" /M "Stylus CX1500"
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [EPSON Stylus CX1500 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3V1.EXE /P26 "EPSON Stylus CX1500 Series" /M "Stylus CX1500" /EF "HKCU"
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = ?
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1186103321781
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1186116406453
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

--
End of file - 7734 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 BTHidMgr (Bluetooth HID Manager Service) - c:\windows\system32\drivers\bthidmgr.sys <Not Verified; IVT Corporation; BlueSoleil©>
R1 AFS2K - c:\windows\system32\drivers\afs2k.sys <Not Verified; Oak Technology Inc.; AFS>
R1 tmtdi (Trend Micro TDI Driver) - c:\windows\system32\drivers\tmtdi.sys <Not Verified; Trend Micro Inc.; Trend Micro Network Security Component 1.0>
R2 tm_cfw (Common Firewall Driver) - c:\windows\system32\drivers\tm_cfw.sys <Not Verified; Trend Micro Inc.; Trend Network Security Component 1.0>
R3 BlueletAudio (Bluetooth Audio Service) - c:\windows\system32\drivers\blueletaudio.sys <Not Verified; IVT Corporation; Windows ® 2000 DDK driver>
R3 BTHidEnum (Bluetooth HID Enumerator) - c:\windows\system32\drivers\vbtenum.sys
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
R3 VComm (Virtual Serial port driver) - c:\windows\system32\drivers\vcomm.sys <Not Verified; IVT Corporation; BlueSoleil>
R3 VcommMgr (Bluetooth VComm Manager Service) - c:\windows\system32\drivers\vcommmgr.sys <Not Verified; IVT Corporation; BlueSoleil>

S1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
S3 BT (Bluetooth PAN Network Adapter) - c:\windows\system32\drivers\btnetdrv.sys <Not Verified; IVT Corporation; BlueSoleil>
S3 Btcsrusb (Bluetooth USB For Bluetooth Service) - c:\windows\system32\drivers\btcusb.sys <Not Verified; IVT Corporation; Bluetooth USB Device Driver>
S3 NPF (Netgroup Packet Filter) - c:\windows\system32\drivers\packet.sys
S3 PCDRDRV (Pcdr Helper Driver) - c:\progra~1\pc-doc~1\diagno~1\pcdrdrv.sys (file missing)
S3 PcdrNt - c:\windows\system32\drivers\pcdrnt.sys <Not Verified; PC-Doctor Inc.; PC-Doctor NT 3.0>
S3 SDTHOOK - c:\windows\system32\drivers\sdthook.sys <Not Verified; Panda Software; Panda® Antivirus>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 BlueSoleil Hid Service - c:\program files\ivt corporation\bluesoleil\btntservice.exe
R2 PcCtlCom (Trend Micro Central Control Component) - c:\progra~1\trendm~1\intern~1\pcctlcom.exe <Not Verified; Trend Micro Incorporated.; Trend Micro Internet Security>
R2 Tmntsrv (Trend Micro Real-time Service) - c:\progra~1\trendm~1\intern~1\tmntsrv.exe <Not Verified; Trend Micro Incorporated.; Trend Micro Internet Security>
R2 TmPfw (Trend Micro Personal Firewall) - c:\progra~1\trendm~1\intern~1\tmpfw.exe <Not Verified; Trend Micro Inc.; Trend Network Security Component 1.0>
R2 tmproxy (Trend Micro Proxy Service) - c:\progra~1\trendm~1\intern~1\tmproxy.exe <Not Verified; Trend Micro Inc.; Trend Micro Network Security Components 1.0>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Bluetooth PAN Network Adapter
Device ID: ROOT\NET\0000
Manufacturer: IVT Corporation
Name: Bluetooth PAN Network Adapter
PNP Device ID: ROOT\NET\0000
Service: BT


-- Scheduled Tasks -------------------------------------------------------------

2008-03-08 17:00:01 438 --a------ C:\WINDOWS\Tasks\RegCure Program Check.job
2008-03-07 08:31:20 372 --a------ C:\WINDOWS\Tasks\RegCure.job
2008-03-06 20:13:24 406 --a------ C:\WINDOWS\Tasks\Pareto UNS.job


-- Files created between 2008-02-09 and 2008-03-09 -----------------------------

2008-03-09 00:06:38 0 d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-03-09 00:01:52 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-08 19:54:51 0 dr-h----- C:\Documents and Settings\Owner\Recent
2008-03-08 08:25:39 0 d-------- C:\Program Files\Executive Software
2008-03-07 08:28:21 0 d-------- C:\Program Files\RegCure
2008-03-07 08:27:59 0 d-------- C:\Documents and Settings\Owner\RegCure 1.5.0.0 + Crack
2008-03-07 07:31:31 0 d-------- C:\Documents and Settings\Owner\Application Data\LimeWire
2008-03-07 07:31:03 0 d-------- C:\Program Files\LimeWire
2008-03-07 07:27:08 0 d-------- C:\Documents and Settings\Owner\Application Data\SampleView
2008-03-04 00:05:40 0 d-------- C:\Program Files\Lavasoft
2008-03-04 00:05:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-03 20:03:41 0 d-------- C:\Program Files\Magic Ball 3
2008-03-02 18:15:29 0 d-------- C:\Documents and Settings\Owner\.housecall6.6
2008-03-02 02:34:24 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-02 02:34:06 0 d-------- C:\Program Files\Windows Live
2008-03-02 02:33:25 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-28 18:10:54 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-02-28 05:32:19 6918144 --a------ C:\Documents and Settings\Owner\ntuser.dat
2008-02-26 21:21:18 0 d-------- C:\Documents and Settings\All Users\Application Data\The Game Equation
2008-02-26 20:22:45 0 d-------- C:\Program Files\Deep Blue Sea
2008-02-26 08:17:52 188416 --a------ C:\WINDOWS\system32\intelbth.dll
2008-02-26 08:17:52 65536 --a------ C:\WINDOWS\system32\ICE_JNIRegistry.dll
2008-02-26 08:17:51 0 d-------- C:\Program Files\btscanner
2008-02-26 07:51:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Bluetooth
2008-02-26 07:47:16 63488 -ra------ C:\WINDOWS\system32\drivers\wssbtr1f.sys <Not Verified; National Semiconductor Sweden AB; National Semiconductor Sweden AB BlueCard PCMCIA driver>
2008-02-26 07:47:16 48556 -ra------ C:\WINDOWS\system32\drivers\SktBt2k.sys <Not Verified; Socket Communications, Inc.; SIO9502K>
2008-02-26 07:47:15 77824 -ra------ C:\WINDOWS\system32\drivers\SioUi2k.dll <Not Verified; Socket Communications Inc.; 16C950>
2008-02-26 07:47:15 48076 -ra------ C:\WINDOWS\system32\drivers\Sio9502k.sys <Not Verified; Socket Communications, Inc.; SIO9502K>
2008-02-26 07:47:15 40960 -ra------ C:\WINDOWS\system32\drivers\SCTray.exe <Not Verified; Socket Communications Inc.; SCTray>
2008-02-26 07:47:15 51169 -ra------ C:\WINDOWS\system32\drivers\OXSER.SYS <Not Verified; OEM; OX16C95x>
2008-02-26 07:46:57 12504 --a------ C:\WINDOWS\system32\drivers\VHIDMini.sys <Not Verified; IVT Corporation; IVT BlueSoleil>
2008-02-26 07:46:57 82148 --a------ C:\WINDOWS\system32\drivers\VcommMgr.sys <Not Verified; IVT Corporation; BlueSoleil>
2008-02-26 07:46:57 61312 --a------ C:\WINDOWS\system32\drivers\VComm.sys <Not Verified; IVT Corporation; BlueSoleil>
2008-02-26 07:46:57 11604 --a------ C:\WINDOWS\system32\drivers\vbtenum.sys
2008-02-26 07:46:57 13299 --a------ C:\WINDOWS\system32\drivers\packet.sys
2008-02-26 07:46:57 116021 --a------ C:\WINDOWS\system32\drivers\fw203x.sys <Not Verified; Broadcom; >
2008-02-26 07:46:57 10804 --a------ C:\WINDOWS\system32\drivers\BtNetDrv.sys <Not Verified; IVT Corporation; BlueSoleil>
2008-02-26 07:46:57 28207 --a------ C:\WINDOWS\system32\drivers\BTHidMgr.sys <Not Verified; IVT Corporation; BlueSoleil©>
2008-02-26 07:46:57 20096 --a------ C:\WINDOWS\system32\drivers\blueletaudio.sys <Not Verified; IVT Corporation; Windows ® 2000 DDK driver>
2008-02-26 07:46:56 24152 --a------ C:\WINDOWS\system32\drivers\btcusb.sys <Not Verified; IVT Corporation; Bluetooth USB Device Driver>
2008-02-26 07:46:56 7680 --a------ C:\WINDOWS\system32\btinstall.dll <Not Verified; IVT Corporation; BlueSoleil>
2008-02-26 07:46:56 0 d-------- C:\Program Files\IVT Corporation
2008-02-24 18:49:35 0 d-------- C:\Program Files\rootkitbusterv1.6.1060
2008-02-24 08:00:23 0 d-------- C:\Documents and Settings\Owner\Application Data\WinRAR
2008-02-22 09:25:22 0 d-------- C:\Program Files\Ricochet Infinity
2008-02-20 16:32:10 0 d-------- C:\Program Files\Trend Micro
2008-02-20 07:07:31 0 d-------- C:\Documents and Settings\Owner\Application Data\Webroot
2008-02-20 07:07:29 0 d-------- C:\Program Files\Webroot
2008-02-20 07:07:29 0 d-------- C:\Program Files\Common Files\Webroot Shared
2008-02-20 07:07:19 57344 --a------ C:\WINDOWS\Unwash6.exe <Not Verified; Webroot Software, Inc.; >
2008-02-20 07:07:19 486400 --a------ C:\WINDOWS\system32\wwSecure.exe <Not Verified; Webroot Software, Inc.; >
2008-02-17 21:51:09 0 d-------- C:\My Documents
2008-02-17 21:38:08 0 --a------ C:\WINDOWS\nsreg.dat
2008-02-17 14:48:06 0 d-------- C:\Documents and Settings\Owner\Incomplete
2008-02-16 14:57:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-02-16 10:30:32 0 d-------- C:\Program Files\Windows Installer Clean Up
2008-02-16 10:29:55 0 d-------- C:\Program Files\MSECACHE
2008-02-14 22:55:16 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-14 22:54:53 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-02-14 22:54:53 0 d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-02-14 22:53:29 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-10 20:21:35 4096 --a------ C:\WINDOWS\d3dx.dat


-- Find3M Report ---------------------------------------------------------------

2008-03-06 20:20:02 0 d-------- C:\Program Files\Common Files
2008-03-02 02:38:05 0 d-------- C:\Program Files\MSN Messenger
2008-02-26 07:46:53 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-24 08:05:01 0 d-------- C:\Program Files\Java
2008-02-24 08:01:04 494 --a------ C:\Program Files\INSTALL.LOG
2008-02-23 20:08:44 0 d-------- C:\Program Files\BluetoothJavaFiles
2008-02-17 18:31:02 0 d-------- C:\Program Files\Microsoft Works
2008-02-17 18:30:42 0 d-------- C:\Program Files\MSBuild
2008-02-11 18:08:33 0 d-------- C:\Documents and Settings\Owner\Application Data\Share-to-Web Upload Folder
2008-02-09 02:09:49 0 d-------- C:\Program Files\USB Storage RW
2008-02-08 21:52:41 0 d-------- C:\Documents and Settings\Owner\Application Data\PlayFirst
2008-02-07 21:55:12 0 d-------- C:\Program Files\Microsoft Silverlight
2008-02-07 10:45:51 0 d-------- C:\Program Files\DAP
2008-02-01 06:32:20 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2008-01-20 01:23:22 0 d-------- C:\Documents and Settings\Owner\Application Data\Zen Puzzle Garden
2008-01-20 00:50:36 0 d-------- C:\Documents and Settings\Owner\Application Data\7Wonders
2008-01-19 22:49:38 0 d-------- C:\Documents and Settings\Owner\Application Data\Age of Japan II
2008-01-19 22:29:49 0 d-------- C:\Program Files\Reflexive.Arcade.games.crack.patch.(working.for.all.games).Released.April.2
007
2008-01-18 07:50:40 0 d-------- C:\Program Files\Office 2007 Enterprise Edition
2008-01-18 06:44:43 32 --a------ C:\WINDOWS\jantje
2007-12-21 17:47:49 192512 --a------ C:\WINDOWS\system32\kdfvmgr.exe <Not Verified; ??????; ?????? KdfVMgr>
2007-12-21 17:47:48 53248 --a------ C:\WINDOWS\system32\Kdfhok.dll <Not Verified; Kings Information & Network; Kings kdfhok>
2007-12-21 17:47:48 77824 --a------ C:\WINDOWS\system32\kdfapi.dll <Not Verified; Kings Information & Network; lab kdfapi>
2007-12-21 17:02:17 849920 --a------ C:\WINDOWS\system32\kdfinj.dll <Not Verified; Bluegem Security; LocalSSL kdfinj Library>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [07/05/1998 02:04 PM]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [16/10/2002 04:18 AM]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [16/10/2002 04:05 AM]
"KYE_Showicon"="C:\Program Files\USB Storage RW\shwicon.exe" [25/10/2002 01:33 PM]
"hp Silent Service"="C:\Windows\system32\HpSrvUI.exe" [18/06/2002 06:24 PM]
"hpScannerFirstBoot"="c:\hp\drivers\scanners\scannerfb.exe" [13/12/2001 05:24 PM]
"CamMonitor"="c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [17/06/2002 09:11 PM]
"KBD"="C:\HP\KBD\KBD.EXE" [06/07/2001 06:56 PM]
"nwiz"="nwiz.exe" [28/07/2003 03:19 PM C:\WINDOWS\system32\nwiz.exe]
"PS2"="C:\WINDOWS\system32\ps2.exe" [31/07/2002 05:28 PM]
"EPSON Stylus CX1500 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3V1.exe" [01/06/2004 07:26 PM]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [10/06/2004 02:48 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/05/2007 04:06 AM]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.exe" [01/11/2007 11:23 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [14/12/2007 03:42 AM]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe" [25/11/2005 08:51 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 04:56 PM]
"NvMediaCenter"="C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit" []
"EPSON Stylus CX1500 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3V1.exe" [01/06/2004 07:26 PM]
"Window Washer"="C:\Program Files\Webroot\Washer\wwDisp.exe" [08/08/2005 01:48 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [26/02/2008 7:46:58 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2008-03-09 00:20:09 ------------



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ XP 2600+
Percentage of Memory in Use: 78%
Physical Memory (total/avail): 447.36 MiB / 97.37 MiB
Pagefile Memory (total/avail): 1058.48 MiB / 551.95 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1921.63 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 33.14 GiB total, 18.85 GiB free.
D: is Fixed (FAT32) - 4.14 GiB total, 0.91 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - SAMSUNG SV4002H - 37.3 GiB - 2 partitions
\PARTITION0 - Unknown - 4.15 GiB - D:
\PARTITION1 (bootable) - Installable File System - 33.14 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FW: Trend Micro Personal Firewall v2.0 (Trend Micro Incorporated)
AV: Trend Micro PC-cillin Internet Security v12.4.1015 (Trend Micro, Inc.) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe:*:Enabled:MySpaceIM"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=YOUR-NS7NXR4R4G
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\YOUR-NS7NXR4R4G
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\PC-Doctor\services;C:\Program Files\Sonic\MyDVD
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0801
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=YOUR-NS7NXR4R4G
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> c:\WINDOWS\System32\\MSIEXEC.EXE /x {8214CC02-6271-4DC8-B8DD-779933450264}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8D5D99B8-DFA2-4018-ADE9-A6B83E655C65}\setup.exe" -l0x9 -L0x9anything
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\Setup.exe"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
BlueSoleil --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}\Setup.exe" -l0x9
Deep Blue Sea --> "C:\Program Files\Deep Blue Sea\ReflexiveArcade\unins000.exe"
Download Accelerator Plus (DAP) --> C:\PROGRA~1\DAP\DAPREMOVE.EXE
easy Internet sign-up --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2B5DDB2C-0807-47FD-9C11-80EA761902C0}\setup.exe" -l0x9
EPSON CardMonitor --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{109D28C7-FB38-483A-9C91-001CB59E2699}\setup.exe" -l0x9 uninst
EPSON PhotoQuicker3.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{65F5B7AF-3363-11D7-BB6B-00018021113F}\setup.exe" -l0x9 uninst
EPSON PhotoStarter3.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C48817E7-AA05-4151-A99D-1E1E550CE801}\setup.exe" -l0x9 uninst
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan Tool Light 1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2ACA65CD-11E1-4502-B3BC-A3CAA8EEADB1}\setup.exe" -l0x9
EPSON Web-To-Page --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\setup.exe" -l0x9 -anything
ESCX1500 Reference Guide --> C:\Program Files\EPSON\TPMANUAL\ESCX1500\REF_G\DOCUNINS.EXE
ESCX1500 Software Guide --> C:\Program Files\EPSON\TPMANUAL\ESCX1500\PQU_G\DOCUNINS.EXE
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Memories Disc --> MsiExec.exe /X{6CAEFA23-0C08-4899-A661-29D69228AF6D}
HP Photo and Imaging 1.1 - Photosmart Cameras --> MsiExec.exe /X{1EEE2A9F-6471-42fa-8923-E8879168CE26}
Inactive HP Printer Drivers (Remove only) --> RunDll32 hpuninst.dll,InstallHinfSection UninstDefault 132 prntunin.inf
Inactive HP ScanJet Drivers (Remove only) --> RunDll32 hpuninst.dll,InstallHinfSection UninstDefault 132 sjunin.inf
Intel® Extreme Graphics Driver Software --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
KBD --> C:\HP\KBD\KBD.EXE uninstalled
LimeWire PRO 4.12.6 --> "C:\Program Files\LimeWire\uninstall.exe"
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Picture It! Photo 7.0 --> MsiExec.exe /I{369B36BE-3D64-4641-9AEA-808D436FE132}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works 2003 Setup Launcher --> C:\Program Files\Microsoft Works Suite 2003\Setup\Launcher.exe E:\
Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Microsoft Works Suite Add-in for Microsoft Word --> MsiExec.exe /I{7EE9DE0D-9228-4C33-B80E-FDD1773600DF}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MySpaceIM --> C:\Program Files\MySpace\IM\Uninstall.exe
NVIDIA Windows 2000/XP Display Drivers --> rundll32.exe C:\WINDOWS\system32\nvinstnt.dll,NvUninstallNT4 nv4_disp.inf
PC-Doctor for Windows --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\Setup.exe"
PIF DESIGNER2.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7BD0A2D8-4EA0-43C6-BDF8-DDA87B8031C6}\setup.exe" -l0x9 anything
PS2 --> C:\WINDOWS\system32\ps2.exe uninstall
RecordNow --> MsiExec.exe /I{8214CC02-6271-4DC8-B8DD-779933450264}
RegCure 1.5.0.0 --> C:\Program Files\RegCure\uninst.exe
S3Display --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Display'
S3Gamma2 --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Gamma2'
S3Info2 --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Info2'
S3Overlay --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Overlay'
ScanToWeb --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\setup.exe" ADDREMOVEDLG
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
SmartCamera Ver 2.1 --> MsiExec.exe /X{9527450C-64B3-11D5-9B31-000021116B62}
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Trend Micro PC-cillin Internet Security 2005 --> MsiExec.exe /X{7698EDA5-A90F-4205-99CB-8FF6F9048ED9}
Update for Outlook 2007 Junk Email Filter (kb944965) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {EA8C80AA-31D6-43F0-8CD8-CA85479A34F1}
USB PC Cam --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57383270-6F61-4DC8-A9B8-C1745FC29F38}\Setup.exe" -l0x9
USB Storage RW --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DCFC7D5-8608-478C-8082-1FF848B978AF}\setup.exe" UNINSTALL
Vista Anthracite Pack - Lite 1.30 --> C:\WINDOWS\Icon_Patcher\uninst.exe
Window Washer --> C:\WINDOWS\Unwash6.exe
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer Clean Up --> MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XML Paper Specification Shared Components Pack 1.0 -->


-- Application Event Log -------------------------------------------------------

Event Record #/Type1993 / Error
Event Submitted/Written: 03/09/2008 00:07:03 AM
Event ID/Source: 11706 / MsiInstaller
Event Description:
Product: HP Memories Disc -- Error 1706.No valid source could be found for product HP Memories Disc. The Windows Installer cannot continue.

Event Record #/Type1992 / Warning
Event Submitted/Written: 03/09/2008 00:06:39 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{6CAEFA23-0C08-4899-A661-29D69228AF6D}', feature 'Complete' failed during request for component '{E89A98DD-023B-11D2-B146-00C04F990B2B}'

Event Record #/Type1990 / Error
Event Submitted/Written: 03/09/2008 00:06:39 AM
Event ID/Source: 11706 / MsiInstaller
Event Description:
Product: HP Memories Disc -- Error 1706.No valid source could be found for product HP Memories Disc. The Windows Installer cannot continue.

Event Record #/Type1989 / Warning
Event Submitted/Written: 03/09/2008 00:06:35 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{6CAEFA23-0C08-4899-A661-29D69228AF6D}', feature 'Complete' failed during request for component '{E89A98DD-023B-11D2-B146-00C04F990B2B}'

Event Record #/Type1988 / Warning
Event Submitted/Written: 03/09/2008 00:06:35 AM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{6CAEFA23-0C08-4899-A661-29D69228AF6D}', feature 'Complete', component '{E13CAE84-E14C-44E5-BD41-483635C79169}' failed. The resource 'C:\Program Files\Hewlett-Packard\Memories Disc\audio\Swing.mp3' does not exist.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type40217 / Warning
Event Submitted/Written: 03/08/2008 11:38:03 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type40216 / Error
Event Submitted/Written: 03/08/2008 08:17:43 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The SASDIFSV service failed to start due to the following error:
%%183

Event Record #/Type40214 / Warning
Event Submitted/Written: 03/08/2008 07:36:53 PM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type40200 / Error
Event Submitted/Written: 03/08/2008 05:58:09 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The tmactmon service depends on the tmevtmgr service which failed to start because of the following error:
%%127

Event Record #/Type40199 / Error
Event Submitted/Written: 03/08/2008 05:58:09 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The tmevtmgr service failed to start due to the following error:
%%127



-- End of Deckard's System Scanner: finished at 2008-03-09 00:20:09 ------------
  • 0

#4
AQUA258
Posted 08 March 2008 - 10:11 AM

AQUA258

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 169 posts
Obviously, this one worked.



Malwarebytes' Anti-Malware 1.07
Database version: 468

Scan type: Quick Scan
Objects scanned: 27480
Time elapsed: 9 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\WhoisCL.exe (Adware.Fotomoto) -> Quarantined and deleted successfully.
C:\WINDOWS\explorer.backup (Heuristic.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
  • 0

#5
sage5
Posted 08 March 2008 - 07:06 PM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi AQUA258,

Please download the following & save to your Desktop:
OTMoveIt2 by OldTimer.

I see you have Limewire installed on your system.
While the program itself is legal, most of the files downloaded with it, are not.
These programs can also be one of the major infection routes for an otherwise secure PC, because you might be unknowingly downloading infected files.
I highly recommend uninstalling Limewire as outlined below.

Here at G2G, we cannot condone the use of cracked or hacked software.
This line:

C:\Documents and Settings\Owner\RegCure 1.5.0.0 + Crack

suggests that the version of RegCure 1.5.0.0 installed on your system, is not legitimate.
If this is the case, please uninstall RegCure 1.5.0.0 as well.
Downloading & using cracks are some of the best ways to get infected. The crack sites are usually loaded with code causing "drive by" infections, & a lot of crack files contain malicious code.


Remove folders & files:
  • Please go to Start > Control Panel > Add/Remove Programs and remove the following, (if present):
    easy Internet sign-up
    J2SE Runtime Environment 5.0 Update 11
    LimeWire PRO 4.12.6
    RegCure 1.5.0.0
    Please take note of any other programs that you don't recognise in that list, and include them in your next response

Run OTMoveIt2:
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\Program Files\RegCure
C:\Documents and Settings\Owner\RegCure 1.5.0.0 + Crack
C:\Documents and Settings\Owner\Application Data\LimeWire
C:\Program Files\LimeWire
C:\Program Files\Reflexive.Arcade.games.crack.patch.(working.for.all.games).Released.April.2007
C:\WINDOWS\jantje
C:\WINDOWS\system32\kdfvmgr.exe
C:\WINDOWS\system32\Kdfhok.dll
C:\WINDOWS\system32\kdfapi.dll
C:\WINDOWS\system32\kdfinj.dll
  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Open Notepad
  • Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy).
  • Paste the text into the Notepad file, click in the window and press Ctrl + V.
  • Click "Exit" to close OTMoveIt.
  • Save the text file as C:\otmove.txt
(If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.)


Shut down & Reboot normally:

Run HijackThis again:
  • Select the Run a system scan and save a logfile button. The logfile will open in Notepad.
  • Start your Web Browser and navigate back to this thread.
  • Click the Add Reply button
  • Copy and Paste the text into the Reply window.
  • Also include the text from C:\otmove.txt
Please include a note to tell me how your PC is running now.

Cheers,

sage5

Edited by sage5, 08 March 2008 - 07:19 PM.

  • 0

#6
AQUA258
Posted 08 March 2008 - 11:44 PM

AQUA258

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 169 posts
HEY HEY, sage5


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:32:54 PM, on 9/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\USB Storage RW\shwicon.exe
C:\Windows\system32\HpSrvUI.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\vsnpstd.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\wwSecure.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"
O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe
O4 - HKLM\..\Run: [hpScannerFirstBoot] c:\hp\drivers\scanners\scannerfb.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [EPSON Stylus CX1500 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3V1.EXE /P26 "EPSON Stylus CX1500 Series" /O6 "USB001" /M "Stylus CX1500"
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [EPSON Stylus CX1500 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3V1.EXE /P26 "EPSON Stylus CX1500 Series" /M "Stylus CX1500" /EF "HKCU"
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = ?
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1186103321781
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1186116406453
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

--
End of file - 7887 bytes



C:\Documents and Settings\Owner\Application Data\LimeWire\xml\misc moved successfully.
C:\Documents and Settings\Owner\Application Data\LimeWire\xml\data moved successfully.
C:\Documents and Settings\Owner\Application Data\LimeWire\xml moved successfully.
C:\Documents and Settings\Owner\Application Data\LimeWire\themes\windows_theme moved successfully.
C:\Documents and Settings\Owner\Application Data\LimeWire\themes\other_theme moved successfully.
C:\Documents and Settings\Owner\Application Data\LimeWire\themes\limewire_theme moved successfully.
C:\Documents and Settings\Owner\Application Data\LimeWire\themes\limewirePro_theme moved successfully.
C:\Documents and Settings\Owner\Application Data\LimeWire\themes\classic_theme moved successfully.
C:\Documents and Settings\Owner\Application Data\LimeWire\themes\black_theme moved successfully.
C:\Documents and Settings\Owner\Application Data\LimeWire\themes moved successfully.
C:\Documents and Settings\Owner\Application Data\LimeWire\.NetworkShare\Incomplete moved successfully.
C:\Documents and Settings\Owner\Application Data\LimeWire\.NetworkShare moved successfully.
C:\Documents and Settings\Owner\Application Data\LimeWire moved successfully.
C:\Program Files\LimeWire moved successfully.
C:\Program Files\Reflexive.Arcade.games.crack.patch.(working.for.all.games).Released.April.2
007\Reflexive Arcade games crack patch (working for all games) Released April 2007 moved successfully.
C:\Program Files\Reflexive.Arcade.games.crack.patch.(working.for.all.games).Released.April.2
007 moved successfully.
C:\WINDOWS\jantje moved successfully.
C:\WINDOWS\system32\kdfvmgr.exe moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\Kdfhok.dll
C:\WINDOWS\system32\Kdfhok.dll NOT unregistered.
C:\WINDOWS\system32\Kdfhok.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\kdfapi.dll
C:\WINDOWS\system32\kdfapi.dll NOT unregistered.
C:\WINDOWS\system32\kdfapi.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\kdfinj.dll
C:\WINDOWS\system32\kdfinj.dll NOT unregistered.
C:\WINDOWS\system32\kdfinj.dll moved successfully.

OTMoveIt2 v1.0.20 log created on 03092008_130719

******************************************************************************
All in All, Comp is running good BUT just a few Q's if i may.

QUESTIONS;

1. Security Update for Windows Media Player 6.4/ 8/ 9 = Do i need these if im running 11???

2. Security Update for Step By Step Interactive Training = What is this and do I need it?

3. Microsoft Works 2003 Setup Launcher = Do i need this if im running Word 2007???

4. When i run Regseeker "Installed applications" why do these come up....2007 Microsoft Office Suite Service Pack 1 (SP1) = 17 of them???????? (There is over 200 items that show in this "installed apps" yet they aren't in add/remove)

5. Desktop.ini is still all through files and folders???? Never use to be, can i just delete them as i go or is there an easier way.

6. If Limewire is no good to use is there a better one?
  • 0

#7
sage5
Posted 09 March 2008 - 01:29 AM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi AQUA258,

Answers:

1. I think I would err on the side of caution with the Windows Media Updates & leave them in place.

2. My guess is that at some time that PC has had Step By Step Interactive Training on it & that Windows Update is seeing entries in the Registry, which are forcing the updates. This could well be more trouble to remove, than the small benefit might be worth.

3. If you don't use Works, or have to use Works files that otherss send you, get rid of all of these:

Microsoft Works 2003 Setup Launcher
Microsoft Works 7.0
Microsoft Works Suite Add-in for Microsoft Word

4. If you look at the entries for 2007 Microsoft Office Suite Service Pack 1 (SP1), you will notice that all of them have a different CLSID, eg {90120000-0018-0409-0000-0000000FF1CE}
My guess is they are individual updates. Perhaps you should start a thread Here to check that one out.

5. About the Desktop.ini files. Have a look at This Link about why you should leave them alone, just hide them.

6. The application is not the issue here, but rather:
a) what it gets used for is nearly always a clear breach of Copyright laws, therefore illegal.
b) the uncertain nature of Security in the PC's that you connect to, leaves you wide open to infection. This can be seen in the sheer number of users, posting in this forum, who use Peer to Peer sharing, &/or Torrent apps.


Now with that out of the way let's continue.

Please go HERE to run Panda's TotalScan
  • Select the bubble for Full scan
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • Then the scan will begin
  • When the scan completes, click the Save button on the right of Scan details
  • Save it to a convenient location. Post the contents of the TotalScan report, as well as a fresh HijackThis log.


Cheers,

sage5
  • 0

#8
AQUA258
Posted 11 March 2008 - 06:50 AM

AQUA258

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 169 posts
Hello There, did the system restore.......

Testing, testing 1 2 3...
  • 0

#9
Excal
Posted 11 March 2008 - 08:27 AM

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
AQUA258,

You have been giving the rights to post again with out mod preview. I would suggest highly that you carefully review what you have posted before hitting the "add reply" button (keeping in mind that this is a family friendly site). If you have any further questions, please PM me and I can direct you to the proper staff member.

Take a look at our TOU also http://www.geekstogo...boardrules.html

:)


Excal
  • 0

#10
sage5
Posted 11 March 2008 - 08:37 AM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
OK AQUA258,

When you are ready, please give ma a last scan with Deckard's System Scanner.

Re-run Deckard's System Scanner:
  • Go to Start > Run and type or paste "%userprofile%\desktop\dss.exe" /config
  • In the Modules window click the Check All button
  • Click the Scan! button
  • Scans will run, and 2 text files will open in Notepad.
  • Paste the text from both files into your next reply.

Cheers,

sage5
  • 0

Advertisements

#11
AQUA258
Posted 11 March 2008 - 11:18 AM

AQUA258

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 169 posts
Stopped by to let you know that my computer is working fine.

Thank you for your help, stop by some time and say HI.

AQUA258
  • 0

#12
AQUA258
Posted 11 March 2008 - 05:29 PM

AQUA258

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 169 posts
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ XP 2600+
Percentage of Memory in Use: 71%
Physical Memory (total/avail): 447.36 MiB / 129.67 MiB
Pagefile Memory (total/avail): 1058.48 MiB / 647.4 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1928.13 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 33.14 GiB total, 18.78 GiB free.
D: is Fixed (FAT32) - 4.14 GiB total, 0.91 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - SAMSUNG SV4002H - 37.3 GiB - 2 partitions
\PARTITION0 - Unknown - 4.15 GiB - D:
\PARTITION1 (bootable) - Installable File System - 33.14 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FW: Trend Micro Personal Firewall v2.0 (Trend Micro Incorporated)
AV: Trend Micro PC-cillin Internet Security v12.4.1015 (Trend Micro, Inc.) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe:*:Enabled:MySpaceIM"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=YOUR-NS7NXR4R4G
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\YOUR-NS7NXR4R4G
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\PC-Doctor\services;C:\Program Files\Sonic\MyDVD;C:\PROGRA~1\DISKEE~1\DISKEE~1\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0801
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=YOUR-NS7NXR4R4G
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> c:\WINDOWS\System32\\MSIEXEC.EXE /x {8214CC02-6271-4DC8-B8DD-779933450264}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8D5D99B8-DFA2-4018-ADE9-A6B83E655C65}\setup.exe" -l0x9 -L0x9anything
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\Setup.exe"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
BlueSoleil --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}\Setup.exe" -l0x9
Deep Blue Sea --> "C:\Program Files\Deep Blue Sea\ReflexiveArcade\unins000.exe"
Diskeeper 2008 Home --> MsiExec.exe /X{D206CA38-B24C-43B1-8F56-41A920B508BD}
Download Accelerator Plus (DAP) --> C:\PROGRA~1\DAP\DAPREMOVE.EXE
EPSON CardMonitor --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{109D28C7-FB38-483A-9C91-001CB59E2699}\setup.exe" -l0x9 uninst
EPSON PhotoQuicker3.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{65F5B7AF-3363-11D7-BB6B-00018021113F}\setup.exe" -l0x9 uninst
EPSON PhotoStarter3.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C48817E7-AA05-4151-A99D-1E1E550CE801}\setup.exe" -l0x9 uninst
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan Tool Light 1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2ACA65CD-11E1-4502-B3BC-A3CAA8EEADB1}\setup.exe" -l0x9
EPSON Web-To-Page --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\setup.exe" -l0x9 -anything
ESCX1500 Reference Guide --> C:\Program Files\EPSON\TPMANUAL\ESCX1500\REF_G\DOCUNINS.EXE
ESCX1500 Software Guide --> C:\Program Files\EPSON\TPMANUAL\ESCX1500\PQU_G\DOCUNINS.EXE
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Memories Disc --> MsiExec.exe /X{6CAEFA23-0C08-4899-A661-29D69228AF6D}
HP Photo and Imaging 1.1 - Photosmart Cameras --> MsiExec.exe /X{1EEE2A9F-6471-42fa-8923-E8879168CE26}
Inactive HP Printer Drivers (Remove only) --> RunDll32 hpuninst.dll,InstallHinfSection UninstDefault 132 prntunin.inf
Inactive HP ScanJet Drivers (Remove only) --> RunDll32 hpuninst.dll,InstallHinfSection UninstDefault 132 sjunin.inf
Intel® Extreme Graphics Driver Software --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
KBD --> C:\HP\KBD\KBD.EXE uninstalled
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Picture It! Photo 7.0 --> MsiExec.exe /I{369B36BE-3D64-4641-9AEA-808D436FE132}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works 2003 Setup Launcher --> C:\Program Files\Microsoft Works Suite 2003\Setup\Launcher.exe E:\
Microsoft Works Suite Add-in for Microsoft Word --> MsiExec.exe /I{7EE9DE0D-9228-4C33-B80E-FDD1773600DF}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MySpaceIM --> C:\Program Files\MySpace\IM\Uninstall.exe
NVIDIA Windows 2000/XP Display Drivers --> rundll32.exe C:\WINDOWS\system32\nvinstnt.dll,NvUninstallNT4 nv4_disp.inf
PC-Doctor for Windows --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\Setup.exe"
PIF DESIGNER2.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7BD0A2D8-4EA0-43C6-BDF8-DDA87B8031C6}\setup.exe" -l0x9 anything
PS2 --> C:\WINDOWS\system32\ps2.exe uninstall
RecordNow --> MsiExec.exe /I{8214CC02-6271-4DC8-B8DD-779933450264}
S3Display --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Display'
S3Gamma2 --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Gamma2'
S3Info2 --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Info2'
S3Overlay --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Overlay'
ScanToWeb --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\setup.exe" ADDREMOVEDLG
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
SmartCamera Ver 2.1 --> MsiExec.exe /X{9527450C-64B3-11D5-9B31-000021116B62}
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Trend Micro PC-cillin Internet Security 2005 --> MsiExec.exe /X{7698EDA5-A90F-4205-99CB-8FF6F9048ED9}
Update for Outlook 2007 Junk Email Filter (kb944965) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {EA8C80AA-31D6-43F0-8CD8-CA85479A34F1}
USB PC Cam --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57383270-6F61-4DC8-A9B8-C1745FC29F38}\Setup.exe" -l0x9
USB Storage RW --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DCFC7D5-8608-478C-8082-1FF848B978AF}\setup.exe" UNINSTALL
Window Washer --> C:\WINDOWS\Unwash6.exe
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer Clean Up --> MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XML Paper Specification Shared Components Pack 1.0 -->


-- Application Event Log -------------------------------------------------------

Event Record #/Type2122 / Success
Event Submitted/Written: 03/12/2008 07:22:41 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type2093 / Success
Event Submitted/Written: 03/11/2008 09:45:12 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type2089 / Error
Event Submitted/Written: 03/11/2008 00:15:04 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16608, faulting module mshtml.dll, version 7.0.6000.16608, fault address 0x001922f0.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type2074 / Success
Event Submitted/Written: 03/11/2008 06:27:18 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type2064 / Success
Event Submitted/Written: 03/10/2008 11:17:16 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type40873 / Error
Event Submitted/Written: 03/12/2008 07:15:36 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The tmactmon service depends on the tmevtmgr service which failed to start because of the following error:
%%127

Event Record #/Type40872 / Error
Event Submitted/Written: 03/12/2008 07:15:36 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The tmevtmgr service failed to start due to the following error:
%%127

Event Record #/Type40860 / Error
Event Submitted/Written: 03/11/2008 09:39:24 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The IMAPI CD-Burning COM Service service failed to start due to the following error:
%%1053

Event Record #/Type40859 / Error
Event Submitted/Written: 03/11/2008 09:39:24 PM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.

Event Record #/Type40851 / Error
Event Submitted/Written: 03/11/2008 09:37:00 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The tmactmon service depends on the tmevtmgr service which failed to start because of the following error:
%%127



-- End of Deckard's System Scanner: finished at 2008-03-12 08:19:21 ------------


Deckard's System Scanner v20071014.68
Run by Owner on 2008-03-12 08:16:14
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
18: 2008-03-11 23:16:31 UTC - RP69 - Deckard's System Scanner Restore Point
17: 2008-03-11 12:33:15 UTC - RP68 - Restore Operation
16: 2008-03-10 22:58:40 UTC - RP67 - System Checkpoint
15: 2008-03-09 22:55:09 UTC - RP66 - Removed Microsoft Works Suite Add-in for Microsoft Word
14: 2008-03-09 22:37:41 UTC - RP65 - Removed Microsoft Works 7.0


-- First Restore Point --
1: 2008-03-03 21:19:35 UTC - RP52 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 448 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:18:24 AM, on 12/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\USB Storage RW\shwicon.exe
C:\Windows\system32\HpSrvUI.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\vsnpstd.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\wwSecure.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Owner\My Documents\My Completed Downloads\dss.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"
O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe
O4 - HKLM\..\Run: [hpScannerFirstBoot] c:\hp\drivers\scanners\scannerfb.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [EPSON Stylus CX1500 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3V1.EXE /P26 "EPSON Stylus CX1500 Series" /O6 "USB001" /M "Stylus CX1500"
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [EPSON Stylus CX1500 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3V1.EXE /P26 "EPSON Stylus CX1500 Series" /M "Stylus CX1500" /EF "HKCU"
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = ?
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1186103321781
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1186116406453
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

--
End of file - 8039 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 BTHidMgr (Bluetooth HID Manager Service) - c:\windows\system32\drivers\bthidmgr.sys <Not Verified; IVT Corporation; BlueSoleil©>
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 tmtdi (Trend Micro TDI Driver) - c:\windows\system32\drivers\tmtdi.sys <Not Verified; Trend Micro Inc.; Trend Micro Network Security Component 1.0>
R2 tm_cfw (Common Firewall Driver) - c:\windows\system32\drivers\tm_cfw.sys <Not Verified; Trend Micro Inc.; Trend Network Security Component 1.0>
R3 BlueletAudio (Bluetooth Audio Service) - c:\windows\system32\drivers\blueletaudio.sys <Not Verified; IVT Corporation; Windows ® 2000 DDK driver>
R3 BTHidEnum (Bluetooth HID Enumerator) - c:\windows\system32\drivers\vbtenum.sys
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 VComm (Virtual Serial port driver) - c:\windows\system32\drivers\vcomm.sys <Not Verified; IVT Corporation; BlueSoleil>
R3 VcommMgr (Bluetooth VComm Manager Service) - c:\windows\system32\drivers\vcommmgr.sys <Not Verified; IVT Corporation; BlueSoleil>

S3 BT (Bluetooth PAN Network Adapter) - c:\windows\system32\drivers\btnetdrv.sys <Not Verified; IVT Corporation; BlueSoleil>
S3 Btcsrusb (Bluetooth USB For Bluetooth Service) - c:\windows\system32\drivers\btcusb.sys <Not Verified; IVT Corporation; Bluetooth USB Device Driver>
S3 NPF (Netgroup Packet Filter) - c:\windows\system32\drivers\packet.sys
S3 PCDRDRV (Pcdr Helper Driver) - c:\progra~1\pc-doc~1\diagno~1\pcdrdrv.sys (file missing)
S3 PcdrNt - c:\windows\system32\drivers\pcdrnt.sys <Not Verified; PC-Doctor Inc.; PC-Doctor NT 3.0>
S3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
S3 SDTHOOK - c:\windows\system32\drivers\sdthook.sys <Not Verified; Panda Software; Panda® Antivirus>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 BlueSoleil Hid Service - c:\program files\ivt corporation\bluesoleil\btntservice.exe
R2 PcCtlCom (Trend Micro Central Control Component) - c:\progra~1\trendm~1\intern~1\pcctlcom.exe <Not Verified; Trend Micro Incorporated.; Trend Micro Internet Security>
R2 Tmntsrv (Trend Micro Real-time Service) - c:\progra~1\trendm~1\intern~1\tmntsrv.exe <Not Verified; Trend Micro Incorporated.; Trend Micro Internet Security>
R2 TmPfw (Trend Micro Personal Firewall) - c:\progra~1\trendm~1\intern~1\tmpfw.exe <Not Verified; Trend Micro Inc.; Trend Network Security Component 1.0>
R2 tmproxy (Trend Micro Proxy Service) - c:\progra~1\trendm~1\intern~1\tmproxy.exe <Not Verified; Trend Micro Inc.; Trend Micro Network Security Components 1.0>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Bluetooth PAN Network Adapter
Device ID: ROOT\NET\0000
Manufacturer: IVT Corporation
Name: Bluetooth PAN Network Adapter
PNP Device ID: ROOT\NET\0000
Service: BT


-- Scheduled Tasks -------------------------------------------------------------

2008-03-11 18:00:00 406 --a------ C:\WINDOWS\Tasks\Pareto UNS.job


-- Files created between 2008-02-12 and 2008-03-12 -----------------------------

2008-03-12 07:38:25 0 dr-h----- C:\Documents and Settings\Owner\Recent
2008-03-11 21:35:33 0 d-------- C:\Program Files\Microsoft Works Suite 2003
2008-03-10 07:54:37 6918144 --a------ C:\Documents and Settings\Owner\ntuser.dat
2008-03-09 23:10:54 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-03-09 01:28:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation
2008-03-09 01:28:33 0 d-------- C:\Program Files\Diskeeper Corporation
2008-03-09 00:44:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-09 00:06:38 0 d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-03-09 00:01:52 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-07 07:27:08 0 d-------- C:\Documents and Settings\Owner\Application Data\SampleView
2008-03-04 00:05:40 0 d-------- C:\Program Files\Lavasoft
2008-03-04 00:05:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-02 18:15:29 0 d-------- C:\Documents and Settings\Owner\.housecall6.6
2008-03-02 02:34:24 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-02 02:34:06 0 d-------- C:\Program Files\Windows Live
2008-03-02 02:33:25 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-28 18:10:54 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-02-26 21:21:18 0 d-------- C:\Documents and Settings\All Users\Application Data\The Game Equation
2008-02-26 20:22:45 0 d-------- C:\Program Files\Deep Blue Sea
2008-02-26 08:17:52 188416 --a------ C:\WINDOWS\system32\intelbth.dll
2008-02-26 08:17:52 65536 --a------ C:\WINDOWS\system32\ICE_JNIRegistry.dll
2008-02-26 08:17:51 0 d-------- C:\Program Files\btscanner
2008-02-26 07:51:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Bluetooth
2008-02-26 07:47:16 63488 -ra------ C:\WINDOWS\system32\drivers\wssbtr1f.sys <Not Verified; National Semiconductor Sweden AB; National Semiconductor Sweden AB BlueCard PCMCIA driver>
2008-02-26 07:47:16 48556 -ra------ C:\WINDOWS\system32\drivers\SktBt2k.sys <Not Verified; Socket Communications, Inc.; SIO9502K>
2008-02-26 07:47:15 77824 -ra------ C:\WINDOWS\system32\drivers\SioUi2k.dll <Not Verified; Socket Communications Inc.; 16C950>
2008-02-26 07:47:15 48076 -ra------ C:\WINDOWS\system32\drivers\Sio9502k.sys <Not Verified; Socket Communications, Inc.; SIO9502K>
2008-02-26 07:47:15 40960 -ra------ C:\WINDOWS\system32\drivers\SCTray.exe <Not Verified; Socket Communications Inc.; SCTray>
2008-02-26 07:47:15 51169 -ra------ C:\WINDOWS\system32\drivers\OXSER.SYS <Not Verified; OEM; OX16C95x>
2008-02-26 07:46:57 12504 --a------ C:\WINDOWS\system32\drivers\VHIDMini.sys <Not Verified; IVT Corporation; IVT BlueSoleil>
2008-02-26 07:46:57 82148 --a------ C:\WINDOWS\system32\drivers\VcommMgr.sys <Not Verified; IVT Corporation; BlueSoleil>
2008-02-26 07:46:57 61312 --a------ C:\WINDOWS\system32\drivers\VComm.sys <Not Verified; IVT Corporation; BlueSoleil>
2008-02-26 07:46:57 11604 --a------ C:\WINDOWS\system32\drivers\vbtenum.sys
2008-02-26 07:46:57 13299 --a------ C:\WINDOWS\system32\drivers\packet.sys
2008-02-26 07:46:57 116021 --a------ C:\WINDOWS\system32\drivers\fw203x.sys <Not Verified; Broadcom; >
2008-02-26 07:46:57 10804 --a------ C:\WINDOWS\system32\drivers\BtNetDrv.sys <Not Verified; IVT Corporation; BlueSoleil>
2008-02-26 07:46:57 28207 --a------ C:\WINDOWS\system32\drivers\BTHidMgr.sys <Not Verified; IVT Corporation; BlueSoleil©>
2008-02-26 07:46:57 20096 --a------ C:\WINDOWS\system32\drivers\blueletaudio.sys <Not Verified; IVT Corporation; Windows ® 2000 DDK driver>
2008-02-26 07:46:56 24152 --a------ C:\WINDOWS\system32\drivers\btcusb.sys <Not Verified; IVT Corporation; Bluetooth USB Device Driver>
2008-02-26 07:46:56 7680 --a------ C:\WINDOWS\system32\btinstall.dll <Not Verified; IVT Corporation; BlueSoleil>
2008-02-26 07:46:56 0 d-------- C:\Program Files\IVT Corporation
2008-02-24 18:49:35 0 d-------- C:\Program Files\rootkitbusterv1.6.1060
2008-02-24 08:00:23 0 d-------- C:\Documents and Settings\Owner\Application Data\WinRAR
2008-02-20 16:32:10 0 d-------- C:\Program Files\Trend Micro
2008-02-20 07:07:31 0 d-------- C:\Documents and Settings\Owner\Application Data\Webroot
2008-02-20 07:07:29 0 d-------- C:\Program Files\Webroot
2008-02-20 07:07:29 0 d-------- C:\Program Files\Common Files\Webroot Shared
2008-02-20 07:07:19 57344 --a------ C:\WINDOWS\Unwash6.exe <Not Verified; Webroot Software, Inc.; >
2008-02-20 07:07:19 486400 --a------ C:\WINDOWS\system32\wwSecure.exe <Not Verified; Webroot Software, Inc.; >
2008-02-17 21:51:09 0 d-------- C:\My Documents
2008-02-17 21:38:08 0 --a------ C:\WINDOWS\nsreg.dat
2008-02-17 14:48:06 0 d-------- C:\Documents and Settings\Owner\Incomplete
2008-02-16 14:57:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-02-16 10:30:32 0 d-------- C:\Program Files\Windows Installer Clean Up
2008-02-16 10:29:55 0 d-------- C:\Program Files\MSECACHE
2008-02-14 22:55:16 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-14 22:54:53 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-02-14 22:54:53 0 d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-02-14 22:53:29 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard


-- Find3M Report ---------------------------------------------------------------

2008-03-11 21:35:43 0 d-------- C:\Program Files\Microsoft Works
2008-03-09 23:13:16 2528 --a------ C:\Documents and Settings\Owner\Application Data\$_hpcst$.hpc
2008-03-09 14:52:19 0 d-------- C:\Program Files\Hewlett-Packard
2008-03-09 13:02:11 0 d-------- C:\Program Files\Java
2008-03-06 20:20:02 0 d-------- C:\Program Files\Common Files
2008-03-02 02:38:05 0 d-------- C:\Program Files\MSN Messenger
2008-02-26 07:46:53 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-23 20:08:44 0 d-------- C:\Program Files\BluetoothJavaFiles
2008-02-17 18:30:42 0 d-------- C:\Program Files\MSBuild
2008-02-11 18:08:33 0 d-------- C:\Documents and Settings\Owner\Application Data\Share-to-Web Upload Folder
2008-02-10 20:21:35 4096 --a------ C:\WINDOWS\d3dx.dat
2008-02-09 02:09:49 0 d-------- C:\Program Files\USB Storage RW
2008-02-08 21:52:41 0 d-------- C:\Documents and Settings\Owner\Application Data\PlayFirst
2008-02-07 21:55:12 0 d-------- C:\Program Files\Microsoft Silverlight
2008-02-07 10:45:51 0 d-------- C:\Program Files\DAP
2008-02-01 06:32:20 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2008-01-20 01:23:22 0 d-------- C:\Documents and Settings\Owner\Application Data\Zen Puzzle Garden
2008-01-20 00:50:36 0 d-------- C:\Documents and Settings\Owner\Application Data\7Wonders
2008-01-19 22:49:38 0 d-------- C:\Documents and Settings\Owner\Application Data\Age of Japan II
2008-01-18 07:50:40 0 d-------- C:\Program Files\Office 2007 Enterprise Edition


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [07/05/1998 02:04 PM]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [16/10/2002 04:18 AM]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [16/10/2002 04:05 AM]
"KYE_Showicon"="C:\Program Files\USB Storage RW\shwicon.exe" [25/10/2002 01:33 PM]
"hp Silent Service"="C:\Windows\system32\HpSrvUI.exe" [18/06/2002 06:24 PM]
"hpScannerFirstBoot"="c:\hp\drivers\scanners\scannerfb.exe" [13/12/2001 05:24 PM]
"CamMonitor"="c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [17/06/2002 09:11 PM]
"KBD"="C:\HP\KBD\KBD.EXE" [06/07/2001 06:56 PM]
"nwiz"="nwiz.exe" [28/07/2003 03:19 PM C:\WINDOWS\system32\nwiz.exe]
"PS2"="C:\WINDOWS\system32\ps2.exe" [31/07/2002 05:28 PM]
"EPSON Stylus CX1500 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3V1.exe" [01/06/2004 07:26 PM]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [10/06/2004 02:48 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/05/2007 04:06 AM]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.exe" [01/11/2007 11:23 AM]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe" [25/11/2005 08:51 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 04:56 PM]
"NvMediaCenter"="C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit" []
"EPSON Stylus CX1500 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3V1.exe" [01/06/2004 07:26 PM]
"Window Washer"="C:\Program Files\Webroot\Washer\wwDisp.exe" [08/08/2005 01:48 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [26/02/2008 7:46:58 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2008-03-12 08:19:21 ------------
  • 0

#13
sage5
Posted 12 March 2008 - 04:50 AM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi AQUA258,

Fix File Associations:
  • Go to Start > Run and type or paste "%userprofile%\desktop\dss.exe" /daft
  • Click on the Scan button.
  • Place a checkmark next to the following entries if they appear:
    • bat
    • ini
    • reg
    • txt
  • Click the Fix button.
  • Re-scan and save the logfile. This will default to daft.txt
  • Save it to your C:\ drive, I'll need that log later.
If everything is ok again, it should display the "all associations ok message"

This line worries me.

AV: Trend Micro PC-cillin Internet Security v12.4.1015 (Trend Micro, Inc.) Disabled

It suggests that either:
1. Malware has disabled your anti-virus
2. It is out of date.
3. Subscription has lapsed.

If it is current, it needs uninstalling, reinstalling & updating to correct the fault.
If it is not current, please consider one of the following free alternatives:

Anti-virus: Please install one only:
Avast! Free Edition or AntiVir PersonalEdition Classic

Anti-Virus Tutorials/Manuals:
Avast Tutorial
Avast Manual
Antivir Manual

Please allow the new Anti-virus to run a full System scan, and at the end of the process you should be able to save a scan log.
If the scan report window does not have a Save as Report Button (or similar), you may be able to highlight the text in the window & copy & paste it to a new Notepad file.
Save it as C:\avscan.txt if you can.

I need you to post me a fresh HijackThis log to confirm correct installation of the Anti-virus.

Cheers,

sage5
  • 0

#14
AQUA258
Posted 12 March 2008 - 05:52 AM

AQUA258

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 169 posts
Hey sage5,


DAFT Log saved on 2008-03-12 20:47:28
-----------------------------------------------------------------------
.scr - scrfile - shell\open\command - "%1" %*



This is it of the scan. I only had to click on one of the items you said. This is whats left.

Don't stress over Trend, that was my fault. I remembered last min to turn it off thinking it would scan better, it must have picked it up. Anti virus is definitley working.
  • 0

#15
sage5
Posted 14 March 2008 - 06:29 AM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi AQUA258,

We can clean up that with a Reg file:
  • Please open a new Notepad file by clicking Start\All Programs\Accessories\Notepad
  • Copy the text from the following Code box, by highlighting all the text and right click, Select Copy. (or use the Ctrl+C keyboard shortcut)
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\.scr]
@="scrfile"

[HKEY_CLASSES_ROOT\.scr\OpenWithList]

[HKEY_CLASSES_ROOT\.scr\OpenWithList\devenv.exe]
@=""

[HKEY_CLASSES_ROOT\scrfile]
@="Screen Saver"

[HKEY_CLASSES_ROOT\scrfile\shell]

[HKEY_CLASSES_ROOT\scrfile\shell\config]
@="C&onfigure"

[HKEY_CLASSES_ROOT\scrfile\shell\config\command]
@="\"%1\""

[HKEY_CLASSES_ROOT\scrfile\shell\install]
@="&Install"

[HKEY_CLASSES_ROOT\scrfile\shell\install\command]
@="rundll32.exe desk.cpl,InstallScreenSaver %l"

[HKEY_CLASSES_ROOT\scrfile\shell\open]
@="T&est"

[HKEY_CLASSES_ROOT\scrfile\shell\open\command]
@="\"%1\" /S"

[HKEY_CLASSES_ROOT\scrfile\shellex]

[HKEY_CLASSES_ROOT\scrfile\shellex\DropHandler]
@="{86C86720-42A0-1069-A2E8-08002B30309D}"
  • Paste it into Notepad. Right click in the window and select Paste. (or use Ctrl+V)
  • Save the file to the Desktop, make sure Type is All Files, and name it Fixrscr.reg
  • Double click on the file created and click Yes when asked to merge the information into the Registry

Send me a fresh HijackThis log to check how it all went.

Cheers,

sage5

Edited by sage5, 14 March 2008 - 06:29 AM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP