Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

This operation has been [RESOLVED] canceled due to restrictions

Started by impega , Mar 24 2008 01:29 PM

  • This topic is locked This topic is locked

#1
impega
Posted 24 March 2008 - 01:29 PM

impega

    Member

  • Member
  • PipPip
  • 30 posts
"This operation has been canceled due to restrictions in effect on this computer. Please contact your system administrator"
(This IS the only admin account...)
...I get this error everytime I try to close a window. Not all windows, just things like my documents, my computer, control panel etc. It's incredibly annyoing. I've scanned with Counterspy, Mcaffee, Addaware, AVG, Spybot S&D and SUPERantispyware, nothing has resolved the problem. I also tried doing all these scans in safe mode. Please help!

Heres my log:

=================================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:28:27, on 24/03/2008
Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.3264)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WinGate\WinGate.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\mdm.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Glary Utilities\Integrator.exe
C:\Program Files\Glary Utilities\winstd.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Nero\Nero8\Nero Vision\NeroVision.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\DfrgNtfs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.104.67.250:8080
O1 - Hosts: 75.67.92.226 http://paypal.com
O1 - Hosts: 75.67.92.226 http://www.paypal.com
O1 - Hosts: 75.67.92.226 paypal.co.uk
O1 - Hosts: 75.67.92.226 www.paypal.co.uk
O1 - Hosts: 75.67.92.226 http://paypal.co.uk
O1 - Hosts: 75.67.92.226 http://www.paypal.co.uk
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.15\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.15\MediaManager\grab.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.updat...b?1198884106419
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ad...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Qbik WinGate Engine (WinGateEngine) - Qbik Software NZ Ltd - C:\Program Files\WinGate\WinGate.exe

--
End of file - 9394 bytes

====================================



Also, I noticed the word paypal in the log. I can't get on paypal on this PC. I havn't been IP blocked or anything because I can go on just fine on my other PC when I use the same connection.

(Other annoying things are that I constantly get iexplorer.exe and explorer.exe are not responding... Not essential but it would be nice to know how to fix that, although I'd be grateful for anyone just trying to help me with my first problem)


Thanks

Edited by impega, 24 March 2008 - 01:32 PM.

  • 0

Advertisements

#2
andrewuk
Posted 24 March 2008 - 01:54 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
Hi impega

welcome to geekstogo :)

before we start, your machine is operating through a proxy with this address: Eaton Corporation, 1111 Superior Ave., Cleveland, OH, PostalCode: 44114 , US. do you recognise it? is it your company?

secondly, there have been restrictions put on your computer. did you do this? do you know if they should be there?

andrewuk
  • 0

#3
impega
Posted 24 March 2008 - 01:57 PM

impega

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
o_o


All of that is new to me

I haven't got a company, this is my personal computer. I live in the UK and my provider is NTL (or Virgin Media) so that's really strange that I'm connecting to what you said.

And no I havn't put any restrictions on my PC myself



I'm freaked out now :)
  • 0

#4
andrewuk
Posted 24 March 2008 - 02:08 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
in this post we will remove the malware i can see and then get a deeper scan of your machine.

we will also restore your hosts file - that will sort out the paypal issue.

====STEP 1====
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.104.67.250:8080
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.


====STEP 2====
Download the HostsXpert 4.2 - Hosts File Manager.
  • Unzip HostsXpert 4.2 - Hosts File Manager to a convenient folder such as C:\HostsXpert 4.2 - Hosts File Manager
  • Run HostsXpert 4.2 - Hosts File Manager from its new home
  • Click on "File Handling".
  • Click on "Restore MS Hosts File".
  • Click OK on the Confirmation box.
  • Click on "Make Read Only?"
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.


====STEP 3====
Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.


In your next reply could i see:
1. the 2 DSS logs (though there may only be one)

there will be a lot of information to post in the next reply, therefore you may need to post the information over more than one reply to ensure it is all posted.

andrewuk
  • 0

#5
impega
Posted 24 March 2008 - 02:15 PM

impega

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Woohoo I can close stuff now =D


When I try to Restore MS Host Files I get this error:

"ERROR: Cannot create file C:\WINDOWS\system32\DRIVERS\ETC\hosts"


Thank you very much for your help so far by the way :)

EDIT

Ok sorry, i deleted the file hosts and ran it again and it made a new one, I managed to do the restore MS hosts.

Ill do the next bit now..

Edited by impega, 24 March 2008 - 02:19 PM.

  • 0

#6
impega
Posted 24 March 2008 - 02:25 PM

impega

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
I ran dss a few times and only got a main.txt, no extra.txt. However, I did do this scan a couple hours ago and saved the extra file that I got then. So here's the main.txt that I got from the scan just now:


Deckard's System Scanner v20071014.68
Run by Sam on 2008-03-24 20:24:28
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Sam.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:24:30, on 24/03/2008
Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.3264)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WinGate\WinGate.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\mdm.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Sam\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Sam.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.15\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.15\MediaManager\grab.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.updat...b?1198884106419
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ad...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Qbik WinGate Engine (WinGateEngine) - Qbik Software NZ Ltd - C:\Program Files\WinGate\WinGate.exe

--
End of file - 8580 bytes

-- Files created between 2008-02-24 and 2008-03-24 -----------------------------

2008-09-18 20:43:03 0 d-------- C:\Documents and Settings\Sam\Application Data\Ventrilo
2008-09-18 20:33:18 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-24 20:14:47 0 d-------- C:\hostxpert 4.2 - host manager
2008-03-24 18:21:49 0 d-------- C:\WINDOWS\LastGood
2008-03-24 17:51:58 0 d-------- C:\Documents and Settings\Sam\Application Data\Nero
2008-03-24 17:48:30 0 d-------- C:\Program Files\Nero
2008-03-24 17:48:30 0 d-------- C:\Program Files\Common Files\Nero
2008-03-24 17:48:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-03-24 17:35:33 0 d-------- C:\Program Files\Trend Micro
2008-03-24 03:34:51 0 dr-h----- C:\$VAULT$.AVG
2008-03-24 00:51:06 7444512 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-24 00:48:03 0 d-------- C:\Documents and Settings\Sam\Application Data\AVG7
2008-03-24 00:47:58 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-24 00:47:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-24 00:33:22 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-03-24 00:33:19 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-03-24 00:32:56 0 d-------- C:\WINDOWS\system32\ZoneLabs
2008-03-24 00:32:38 0 d-------- C:\WINDOWS\Internet Logs
2008-03-24 00:00:30 0 d-------- C:\My Drivers
2008-03-23 23:59:00 0 d-------- C:\Program Files\Common Files\AVSMedia
2008-03-23 23:58:34 0 d-------- C:\Program Files\WinDriver Ghost
2008-03-23 23:58:27 261632 --a------ C:\WINDOWS\system32\mcdvd_32.dll <Not Verified; MainConcept; MainConcept DV Codec "2.0.4>
2008-03-23 23:58:27 0 d-------- C:\Program Files\AVSMedia
2008-03-23 23:35:25 0 d-------- C:\Program Files\Common Files\Download Manager
2008-03-23 19:21:26 0 d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-03-23 18:47:22 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-03-23 18:47:22 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-03-23 18:47:22 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-03-23 18:47:22 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-03-23 18:47:22 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-03-23 18:47:22 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-03-23 18:47:22 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-03-23 18:47:22 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-03-23 18:47:22 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-03-23 18:47:22 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-03-23 18:47:22 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-03-23 18:47:22 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-03-23 18:47:22 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-03-23 18:47:22 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-03-23 18:34:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-03-23 18:22:20 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-03-23 17:59:21 7688719 --a------ C:\WINDOWS\system32\SBSP.dat
2008-03-23 17:59:19 104 --a------ C:\WINDOWS\system32\SBRC.dat
2008-03-23 17:59:19 153 --a------ C:\WINDOWS\system32\SBFC.dat
2008-03-23 14:28:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-23 14:18:26 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-03-23 14:18:26 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-03-23 14:18:26 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-03-23 14:18:26 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-03-23 00:01:04 0 d-------- C:\Documents and Settings\Sam\Application Data\Amazon
2008-03-23 00:00:53 0 d-------- C:\Program Files\Amazon
2008-03-22 22:32:05 0 d-------- C:\Program Files\LogMeIn
2008-03-21 21:27:28 0 d-------- C:\Program Files\CDRWIN 6
2008-03-21 21:25:34 0 d-------- C:\Program Files\PowerISO
2008-03-21 17:31:47 0 d-------- C:\Program Files\DVD Decrypter
2008-03-20 17:03:11 0 d-------- C:\Program Files\Dorgem
2008-03-20 16:42:22 0 d-------- C:\Program Files\VirtualDJ
2008-03-20 16:41:49 0 d-------- C:\Documents and Settings\Sam\Application Data\DAEMON Tools Pro
2008-03-20 16:41:37 0 d-------- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
2008-03-20 16:38:59 0 d-------- C:\Program Files\DAEMON Tools Pro
2008-03-19 16:43:32 307200 -ra------ C:\WINDOWS\vidcap32.exe <Not Verified; Microsoft Corporation; Microsoft Windows>
2008-03-19 16:43:32 25211 -ra------ C:\WINDOWS\system32\drivers\ov519cmd.sys <Not Verified; OmniVision Technologies Inc.; Dual Mode USB Camera 519>
2008-03-19 16:43:32 200704 -ra------ C:\WINDOWS\sel3110.exe <Not Verified; ; select Application>
2008-03-19 16:43:32 61440 -ra------ C:\WINDOWS\ov519dib.dll <Not Verified; OmniVision Technologies, Inc.; OmniVision USB Camera OV519>
2008-03-19 16:43:32 135168 -ra------ C:\WINDOWS\ov519cap.exe <Not Verified; OmniVision Technologies, Inc.; OmniVision USB Camera OV519>
2008-03-19 16:43:32 40960 -ra------ C:\WINDOWS\CleanDev.exe <Not Verified; ; CleanDevice>
2008-03-19 16:43:32 32528 -ra------ C:\WINDOWS\amcap.exe
2008-03-19 16:43:31 16426 -ra------ C:\WINDOWS\system32\ov519usd.dll <Not Verified; OmniVision Technologies Inc.; Dual Mode USB Camera 519>
2008-03-19 16:43:31 40960 -ra------ C:\WINDOWS\system32\ov519ext.dll <Not Verified; OmniVision Technologies Inc.; Dual Mode USB Camera 519>
2008-03-19 16:43:31 174530 -ra------ C:\WINDOWS\system32\drivers\ov519vid.sys <Not Verified; OmniVision Technologies, Inc.; Dual Mode USB Camera 519>
2008-03-19 16:43:31 0 d-------- C:\WINDOWS\OvtCam
2008-03-16 20:36:28 0 d-------- C:\Runtime
2008-03-16 20:33:06 90112 --a------ C:\WINDOWS\unvise32.exe <Not Verified; MindVision Software; Installer VISE>
2008-03-16 20:32:56 0 d-------- C:\Program Files\DAZ
2008-03-16 20:32:56 0 d-------- C:\Program Files\Common Files\DAZ
2008-03-16 14:41:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-03-15 20:13:02 0 d-------- C:\SecondLife
2008-03-14 23:11:04 475616 --a------ C:\WINDOWS\system32\drivers\qbikhkxp.sys
2008-03-14 23:11:02 0 d-------- C:\Program Files\Qbik Licensing
2008-03-14 23:11:01 0 d-------- C:\Program Files\WinGate
2008-03-14 23:10:40 1056768 --a------ C:\WINDOWS\system32\roboex32.dll <Not Verified; eHelp Corporation.; RoboHELP for WinHelp 9>
2008-03-14 23:10:40 49152 --a------ C:\WINDOWS\system32\inetwh32.dll <Not Verified; Blue Sky Software Corporation.; Blue Sky Software - INETWH32>
2008-03-14 23:08:17 208896 --a------ C:\WINDOWS\system32\wgsrvins.dll <Not Verified; ; WGITools Dynamic Link Library>
2008-03-14 23:08:17 11264 --a------ C:\WINDOWS\system32\sporder.dll <Not Verified; Microsoft Corporation; Microsoft® Windows NT™ Operating System>
2008-03-14 21:20:19 0 d-------- C:\Documents and Settings\Sam\Application Data\SecondLife
2008-03-14 21:19:26 0 d-------- C:\Program Files\SecondLife
2008-03-14 20:03:02 0 d-------- C:\bonus
2008-03-14 02:39:49 11580 --a------ C:\WINDOWS\SurfSite
2008-03-14 02:36:56 0 d-------- C:\Program Files\Surfstats8400
2008-03-13 19:17:41 70656 --a------ C:\WINDOWS\system32\vspell32.dll <Not Verified; Visual Components, Inc.; VisualSpeller™>
2008-03-13 19:17:41 84992 --a------ C:\WINDOWS\system32\Ledit32.dll <Not Verified; AY Software Corporation; >
2008-03-13 19:17:40 503808 --a------ C:\WINDOWS\system32\ChilkatFTPx.dll <Not Verified; Chilkat Software, Inc.; Chilkat FTP ActiveX>
2008-03-13 19:17:40 0 d-------- C:\Program Files\PageBreeze
2008-03-13 15:38:40 233472 --a------ C:\WINDOWS\system32\Ilda32.dll <Not Verified; Creative Development LTD; >
2008-03-13 15:38:40 18944 --a------ C:\WINDOWS\system32\BORLNDMM.DLL <Not Verified; Inprise Corporation; Borland Memory Manager>
2008-03-13 15:38:39 0 d-------- C:\Program Files\CoffeeCup Software
2008-03-13 11:49:16 0 d--h----- C:\Documents and Settings\All Users\Application Data\{0E8E33D8-193A-414A-A909-0F101A142D26}
2008-03-13 11:43:57 0 d-------- C:\Program Files\Stardock Games
2008-03-11 20:18:45 0 d-------- C:\Program Files\PowerDataRecovery
2008-03-11 19:48:20 0 d-------- C:\Program Files\Data Doctor Recovery FAT (Demo)
2008-03-11 16:32:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software
2008-03-11 16:31:20 0 d-------- C:\Program Files\Sunbelt Software
2008-03-09 20:51:06 0 d-------- C:\Documents and Settings\Sam\Application Data\Command & Conquer 3 Tiberium Wars
2008-03-09 14:37:13 0 d-------- C:\Program Files\Lavasoft
2008-03-09 14:37:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-09 14:29:37 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-09 14:29:32 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-03-09 14:29:32 0 d-------- C:\Documents and Settings\Sam\Application Data\SUPERAntiSpyware.com
2008-03-09 12:31:09 0 d-------- C:\Program Files\Infogrames
2008-03-09 00:57:02 0 d-------- C:\WINDOWS\aod
2008-03-09 00:04:12 0 d-------- C:\Program Files\AVI Codec Pack
2008-03-09 00:04:09 0 d-------- C:\WINDOWS\system32\quicktime
2008-03-08 23:48:53 0 d-------- C:\Documents and Settings\Sam\Application Data\Opera
2008-03-08 23:48:46 0 d-------- C:\Program Files\Opera
2008-03-08 23:40:27 0 d--h----- C:\WINDOWS\$hf_mig$
2008-03-08 19:38:53 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers Headquarters
2008-03-08 19:29:33 0 d-------- C:\Program Files\Driver Magician
2008-03-08 19:17:55 23600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
2008-03-08 17:31:08 0 d-------- C:\WINDOWS\WinRAR
2008-03-08 16:41:42 0 d-------- C:\Program Files\RegVac Registry Cleaner
2008-03-08 16:23:10 0 d-------- C:\Documents and Settings\Sam\Application Data\MozillaControl
2008-03-08 16:22:46 0 d-------- C:\WINDOWS\'Full Speed' Internet Booster + Performance Tests
2008-03-08 16:22:36 0 d-------- C:\aidualc3
2008-03-08 16:09:20 0 d-------- C:\Documents and Settings\Sam\Application Data\Sammsoft
2008-03-08 13:30:28 0 d-------- C:\Documents and Settings\Sam\Application Data\Microsoft Games
2008-03-08 13:20:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Games
2008-03-07 18:53:31 0 d-------- C:\Documents and Settings\Sam\Application Data\Atari
2008-03-07 17:43:14 0 d-------- C:\Program Files\THQ
2008-03-07 14:48:38 0 d-------- C:\Program Files\EA GAMES
2008-03-07 14:48:37 442368 -ra------ C:\WINDOWS\system32\vp6vfw.dll <Not Verified; On2.com; On2_VP6>
2008-03-07 12:47:12 0 d-------- C:\Documents and Settings\Sam\Application Data\Leadertech
2008-03-07 12:47:06 197120 --a------ C:\WINDOWS\patchw32.dll
2008-03-07 12:47:05 0 d-------- C:\Program Files\Common Files\PocketSoft
2008-03-07 12:44:05 0 d-------- C:\Program Files\Atari
2008-03-07 12:41:12 529 --a------ C:\WINDOWS\eReg.dat
2008-03-07 12:41:06 0 d-------- C:\Program Files\Maxis
2008-03-06 21:41:21 0 d-------- C:\Documents and Settings\All Users\Application Data\SimCity Societies
2008-03-06 21:24:19 0 d-------- C:\Program Files\Electronic Arts
2008-03-06 16:34:48 246784 --a------ C:\WINDOWS\system32\sqlite3.dll
2008-03-06 00:06:11 0 d-------- C:\Games
2008-03-02 23:46:25 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-01 23:10:09 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-01 23:09:56 0 d-------- C:\Program Files\Windows Live
2008-03-01 23:09:44 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-01 13:53:53 0 d-------- C:\Program Files\Team Fortress 2
2008-02-29 19:02:24 0 d-------- C:\Program Files\CamStudio
2008-02-27 19:51:10 0 d-------- C:\Documents and Settings\Sam\Application Data\InstallShield Installation Information
2008-02-27 19:23:07 0 d-------- C:\Program Files\Unreal Tournament 3
2008-02-27 18:39:55 0 d-------- C:\Documents and Settings\Sam\Application Data\mIRC
2008-02-26 17:07:14 0 d-------- C:\Documents and Settings\Sam\Application Data\Sierra Entertainment
2008-02-26 16:42:36 0 d-------- C:\WINDOWS\85EBB28365AF4C539EBE7C0A232762F7.TMP
2008-02-26 16:34:08 0 d-------- C:\Program Files\Sierra Entertainment


-- Find3M Report ---------------------------------------------------------------

2008-03-24 20:13:01 0 d-------- C:\Documents and Settings\Sam\Application Data\BitTorrent
2008-03-24 17:48:30 0 d-------- C:\Program Files\Common Files
2008-03-24 00:27:47 0 d-------- C:\Documents and Settings\Sam\Application Data\GlarySoft
2008-03-23 23:41:53 0 d-------- C:\Program Files\Common Files\Ahead
2008-03-23 18:18:02 0 d-------- C:\Documents and Settings\Sam\Application Data\DNA
2008-03-23 16:14:16 0 d-------- C:\Documents and Settings\Sam\Application Data\LimeWire
2008-03-22 22:05:07 3478 --a------ C:\WINDOWS\mozver.dat
2008-03-14 21:20:50 0 d-------- C:\Documents and Settings\Sam\Application Data\Mozilla
2008-03-14 20:30:20 0 d-------- C:\Program Files\MagicISO
2008-03-14 01:27:26 0 d-------- C:\Documents and Settings\Sam\Application Data\Adobe
2008-03-10 02:29:43 0 d-------- C:\Program Files\Glary Utilities
2008-03-09 20:02:47 0 d-------- C:\Program Files\LimeWire
2008-03-09 12:44:56 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-09 12:38:13 0 d-------- C:\Program Files\Stardock
2008-03-09 01:04:00 1611 --a------ C:\Program Files\INSTALL.LOG
2008-03-08 13:15:00 0 d-------- C:\Program Files\Microsoft Games
2008-03-07 00:54:10 0 d-------- C:\Documents and Settings\Sam\Application Data\Apple Computer
2008-02-27 19:22:07 0 d-------- C:\Program Files\AGEIA Technologies
2008-02-26 16:12:50 0 d-------- C:\Program Files\AlienGUIse
2008-02-26 16:06:41 0 d-------- C:\Program Files\Common Files\Stardock
2008-02-26 15:57:27 0 d-------- C:\Program Files\Game Cam v1.4
2008-02-20 20:40:18 0 d-------- C:\Documents and Settings\Sam\Application Data\Help
2008-02-20 19:34:55 0 d-------- C:\Documents and Settings\Sam\Application Data\Ahead
2008-02-18 22:18:06 0 --a------ C:\program1
2008-02-08 22:24:54 0 d-------- C:\Documents and Settings\Sam\Application Data\Macromedia
2008-02-08 22:10:54 0 d-------- C:\Program Files\Common Files\Macromedia Shared
2008-02-08 22:10:01 0 d-------- C:\Program Files\Common Files\Macromedia
2008-02-08 22:09:15 0 d-------- C:\Program Files\Macromedia
2008-01-31 17:35:47 0 d-------- C:\Program Files\Web Publish
2008-01-27 17:48:33 0 d-------- C:\Documents and Settings\Sam\Application Data\DAEMON Tools
2008-01-27 17:43:49 0 d-------- C:\Program Files\DaemonScript
2008-01-26 17:12:30 0 dr-h----- C:\Documents and Settings\Sam\Application Data\SecuROM
2008-01-25 19:02:22 0 d-------- C:\Program Files\World of Warcraft
2008-01-04 21:58:50 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-01-04 21:57:22 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-01-04 21:57:22 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-01-04 21:57:12 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-04 21:57:10 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-01-04 21:57:10 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-04 21:56:24 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-31 19:13:51 134377 --a------ C:\Documents and Settings\Sam\Application Data\Cosmos Prefs
2007-12-29 19:32:35 0 --a------ C:\WINDOWS\ativpsrm.bin
2007-12-29 14:06:07 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-12-29 01:24:50 0 --a------ C:\WINDOWS\nsreg.dat
2007-12-28 22:50:19 0 -rahs---- C:\MSDOS.SYS
2007-12-28 22:50:19 0 -rahs---- C:\IO.SYS
2007-12-28 22:50:19 0 --a------ C:\CONFIG.SYS
2007-12-28 22:50:19 0 --a------ C:\AUTOEXEC.BAT
2007-12-28 22:48:04 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-12-28 22:42:25 62 --ahs---- C:\Documents and Settings\Sam\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [30/10/2006 12:44]
"JMB36X Configure"="C:\WINDOWS\system32\JMRaidSetup.exe" [30/10/2006 12:44]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [10/11/2006 12:35]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [18/12/2006 13:34]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [13/03/2008 23:11]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [24/03/2008 00:47]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [01/03/2007 15:57]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [20/09/2007 09:51]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [01/12/2007 08:26]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [18/10/2007 11:34]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 15/11/2007 18:46 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 20/12/2001 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, credssp.dll, msnsspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBCSSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinGate Engine Monitor.lnk]
backup=C:\WINDOWS\pss\WinGate Engine Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinGate VPN Monitor.lnk]
backup=C:\WINDOWS\pss\WinGate VPN Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
"C:\Program Files\DNA\btdna.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
"C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
"C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SiteAdvisor Service"=2 (0x2)
"Microsoft Office Groove Audit Service"=3 (0x3)
"odserv"=3 (0x3)
"MpfService"=2 (0x2)
"McNASvc"=2 (0x2)
"MSK80Service"=2 (0x2)
"NBService"=3 (0x3)
"McSysmon"=3 (0x3)
"mcmscsvc"=2 (0x2)
"McODS"=3 (0x3)
"McShield"=2 (0x2)
"McProxy"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"LogMeIn"=2 (0x2)
"LMIMaint"=2 (0x2)
"LanmanServer"=2 (0x2)
"Bonjour Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
"McENUI"=C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
"MskAgentexe"=C:\Program Files\McAfee\MSK\MskAgent.exe
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"SBCSTray"=C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fac53e58-b646-11dc-935b-001bfc841b7a}]
AutoRun\command- E:\EE3AutoRun.exe

*Newly Created Service* - NERO_BACKITUP_SCHEDULER_3
*Newly Created Service* - SBAPIFS



-- End of Deckard's System Scanner: finished at 2008-03-24 20:25:01 ------------
  • 0

#7
impega
Posted 24 March 2008 - 02:25 PM

impega

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
...And here is the extra.txt I did a couple hours ago...




Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 Duo CPU E4500 @ 2.20GHz
Percentage of Memory in Use: 25%
Physical Memory (total/avail): 2047.11 MiB / 1530.92 MiB
Pagefile Memory (total/avail): 3939.05 MiB / 3487.98 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1913.44 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 232.88 GiB total, 36.54 GiB free.
D: is CDROM (No Media)
I: is CDROM (No Media)
J: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - MAXTOR S TM325082 SCSI Disk Device - 232.88 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 232.88 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Sam\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=SAM-7F54CEF626E
ComSpec=C:\WINDOWS\system32\cmd.exe
CYGWIN=tty
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Sam
LOGONSERVER=\\SAM-7F54CEF626E
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Smart Projects\IsoBuster
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0d
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Sam\LOCALS~1\Temp
TMP=C:\DOCUME~1\Sam\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=SAM-7F54CEF626E
USERNAME=Sam
USERPROFILE=C:\Documents and Settings\Sam
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Sam (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> MsiExec /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
AC3Filter (remove only) --> C:\Program Files\AC3Filter\uninstall.exe
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings --> MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{77D2A9D3-5800-43E3-B274-87841BC87DB2}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Premiere Pro CS3 --> C:\Program Files\Common Files\Adobe\Installers\32fdd767b4383606e8168e834af5d90\Setup.exe
Adobe Premiere Pro CS3 --> MsiExec.exe /I{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}
Adobe Premiere Pro CS3 Functional Content --> MsiExec.exe /I{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}
Adobe Premiere Pro CS3 Third Party Content --> MsiExec.exe /I{485ACF57-F364-440A-8496-E1E81C8FA1AA}
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
Adobe Setup --> MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup --> MsiExec.exe /I{8AE03988-8C8C-40EE-BDC7-76781BEF1B1D}
Adobe Setup --> MsiExec.exe /I{BB81360F-041C-4CF7-B15E-71380D154244}
Adobe Setup --> MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP DVA Panels CS3 --> MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
Adobe XMP Panels CS3 --> MsiExec.exe /I{D5A31AB1-345D-47C7-A87B-036A669F6DF1}
Age of Empires III --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}
AGEIA PhysX v7.09.13 --> MsiExec.exe /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
AlienGUIse Theme Manager --> C:\PROGRA~1\ALIENG~1\thememgr.exe /uninstallwise
Apple Mobile Device Support --> MsiExec.exe /I{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x6974
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HYDRAVISION --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{083F79E4-6FE9-46FB-A6C6-4F8862742947}\setup.exe"
ATI Parental Control & Encoder --> MsiExec.exe /I{36CDA33B-909B-4719-97D1-C4B99309BDC7}
ATI Problem Report Wizard --> MsiExec.exe /X{5DA6F06A-B389-407B-BF8C-1548767914D8}
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
AVI Codec Pack --> C:\Program Files\AVI Codec Pack\uninstall.exe
AVIVO --> MsiExec.exe /X{5399ACAF-7B15-43D5-9233-4E797B184FD2}
AVS DVDMenu Editor 1.2.1.19 --> "C:\Program Files\Common Files\AVSMedia\AVS DVDMenu Editor\unins000.exe"
AVS Video Tools 5.6 --> "C:\Program Files\AVSMedia\VideoTools\unins000.exe"
BitTorrent --> "C:\Program Files\BitTorrent\BitTorrent.exe" /UNINSTALL
CamStudio --> C:\Program Files\CamStudio\uninstall.exe
CDRWIN 6.1 --> MsiExec.exe /I{C8310658-4019-4934-A7AC-AD1E35EDD8F5}
D-Link VGA Webcam --> C:\WINDOWS\CleanDev.exe C:\WINDOWS\ov519.TXT
DaemonScript --> MsiExec.exe /X{0A21D2E9-F8A2-4CF9-88D7-E04A1C4C90AE}
Data Doctor Recovery FAT (Demo) 3.0.1.5 --> C:\Program Files\Data Doctor Recovery FAT (Demo)\Uninstall.exe
DawnOfWar --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{362D5167-9716-44BE-89FD-BF9EB6EF814B}
DAZ|Mimic 3.1 --> C:\WINDOWS\unvise32.exe C:\Program Files\DAZ\Mimic 3.1\DAZ Mimic Uninstall.log
DAZ|Studio1.8.1.5 --> C:\WINDOWS\unvise32.exe C:\Program Files\DAZ\Studio\DAZ Studio Uninstall.log
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DNA --> "C:\Program Files\DNA\btdna.exe" /UNINSTALL
Dorgem 2.1.0 --> "C:\Program Files\Dorgem\unins000.exe"
Driver Magician 3.21 --> "C:\Program Files\Driver Magician\unins000.exe"
DriverAgent Plugin for Netscape by TouchStone Software --> RunDll32.exe advpack.dll, LaunchINFSection driveragent_np.inf,TVICHW32Remove
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
Empire Earth III --> C:\Program Files\InstallShield Installation Information\{B17E235C-7A3B-4482-B650-21FFDE1D452E}\setup.exe -runfromtemp -l0x0009 -removeonly
Fraps (remove only) --> "C:\Fraps\uninstall.exe"
Glary Utilities 2.4 --> "C:\Program Files\Glary Utilities\unins000.exe"
HashCalc 2.02 --> "C:\Program Files\HashCalc\unins000.exe"
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
JMB36X Raid Configurer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\setup.exe" -l0x9 -removeonly
LimeWire PRO 4.17.1 --> "C:\Program Files\LimeWire\uninstall.exe"
LogMeIn --> MsiExec.exe /I{7E7658A2-CD3F-48A7-93EA-0882BCA4FD2A}
Macromedia Flash MX 2004 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F353D44-73BB-4971-B31D-F7642E9E9531}\Setup.exe" -l0x9 UNINSTALL
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Expression Web --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall WEBDESIGNER /dll ESETUP.DLL
Microsoft Expression Web --> MsiExec.exe /X{90120000-0026-0000-0000-0000000FF1CE}
Microsoft Expression Web MUI (English) --> MsiExec.exe /X{90120000-0026-0409-0000-0000000FF1CE}
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual Studio 6.0 Enterprise Edition --> "C:\Program Files\Microsoft Visual Studio\Common\Setup\1033\Setup.exe"
Microsoft VM for Java --> RunDll32 advpack.dll,LaunchINFSection java.inf,UnInstall
Microsoft Web Publishing Wizard 1.53 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie3x86.inf,WebPostUninstall
Mozilla Firefox (2.0.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP3 Player Utilities 4.15 --> MsiExec.exe /I{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 6.0 Parser (KB927977) --> MsiExec.exe /I{5A710547-B58E-488B-828D-CA9A25A0533C}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
ObjectDock Plus --> C:\PROGRA~1\Stardock\OBJECT~2\objectdock.exe /uninstall
Opera 9.26 --> MsiExec.exe /X{FB706A00-C234-4716-AB1F-27DCB192C664}
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
Python 2.5.1 --> MsiExec.exe /I{31800004-6386-4999-A519-518F2D78D8F0}
QuickTime --> MsiExec.exe /I{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}
RCT3 Soaked --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA926717-CE5A-4CB4-AB21-9E6E9565A458}\Setup.exe" -l0x9
Real Alternative 1.7.5 --> "C:\Program Files\Real Alternative\unins000.exe"
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
REALTEK GbE & FE Ethernet PCI-E NIC Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\Setup.exe" -l0x9 -removeonly
Recover My Files --> "C:\Program Files\GetData\Recover My Files\unins000.exe"
RegVac Registry Cleaner 5.01 (Registered Version) --> "C:\Program Files\RegVac Registry Cleaner\unins000.exe"
RollerCoaster Tycoon 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}\Setup.exe" -l0x9
RollerCoaster Tycoon 2: Time Twister --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BA1E1AFD-D1F2-4C52-88C3-186FC5E61604}\SETUP.EXE" -l0x9
RollerCoaster Tycoon 2: Wacky Worlds --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B1AD83A0-DC92-41E3-B111-E9472349768C}\Setup.exe" -l0x9
RollerCoaster Tycoon® 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\Setup.exe" -l0x9
SCAR Divi CDE 3.12c --> "C:\Program Files\SCAR 3.12\unins000.exe"
SecondLife (remove only) --> "C:\Program Files\SecondLife\uninst.exe" /P="SecondLife"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
SimCity 4 Deluxe --> C:\Program Files\Maxis\SimCity 4 Deluxe\EAUninstall.exe
SimCity™ Societies --> MsiExec.exe /X{0B5154C0-8F00-4616-B0AB-6240AE80D9CE}
Sins of a Solar Empire --> "C:\Documents and Settings\All Users\Application Data\{0E8E33D8-193A-414A-A909-0F101A142D26}\setup.exe" REMOVE=TRUE MODIFY=FALSE
Sins of a Solar Empire --> C:\Documents and Settings\All Users\Application Data\{0E8E33D8-193A-414A-A909-0F101A142D26}\setup.exe
SIW version 1.73 --> "C:\Program Files\SIW\unins000.exe"
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SUPERAntiSpyware Professional --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
The Sims 2 --> C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe
The Sims 2 Glamour Life Stuff --> C:\Program Files\EA GAMES\The Sims 2 Glamour Life Stuff\EAUninstall.exe
The Sims 2 Nightlife --> C:\Program Files\EA GAMES\The Sims 2 Nightlife\EAUninstall.exe
The Sims 2 Open For Business --> C:\Program Files\EA GAMES\The Sims 2 Open For Business\EAUninstall.exe
The Sims 2 Pets --> C:\Program Files\EA GAMES\The Sims 2 Pets\EAUninstall.exe
The Sims 2 University --> C:\Program Files\EA GAMES\The Sims 2 University\EAUninstall.exe
The Sims™ 2 Bon Voyage --> C:\Program Files\EA GAMES\The Sims 2 Bon Voyage\EAUninstall.exe
The Sims™ 2 H&M® Fashion Stuff --> C:\Program Files\EA GAMES\The Sims 2 H&M® Fashion Stuff\EAUninstall.exe
The Sims™ 2 Seasons --> C:\Program Files\EA GAMES\The Sims 2 Seasons\EAUninstall.exe
UE3Redist --> "C:\Program Files\InstallShield Installation Information\{2FB04107-7BC2-449C-915A-530B29B5E0FE}\setup.exe" -runfromtemp -l0x0409 -removeonly
UE3Redist --> MsiExec.exe /X{2FB04107-7BC2-449C-915A-530B29B5E0FE}
Unreal Tournament 3 --> "C:\Documents and Settings\Sam\Application Data\InstallShield Installation Information\{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}\SetupUT3.exe" -runfromtemp -l0x0409 -removeonly
Unreal Tournament 3 --> MsiExec.exe /X{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}
Update for Outlook 2007 Junk Email Filter (kb947945) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E397056B-7AE5-4FF1-8B13-276BF8201847}
Virtual DJ - Atomix Productions --> C:\PROGRA~1\VIRTUA~1\UNWISE.EXE C:\PROGRA~1\VIRTUA~1\INSTALL.LOG
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinDriver Ghost 2.06 --> C:\PROGRA~1\WINDRI~1\UNWISE.EXE C:\PROGRA~1\WINDRI~1\INSTALL.LOG
WinGate 6.2.2 --> C:\Program Files\WinGate\unwise.exe C:\PROGRA~1\WinGate\install.log
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft (2)\Uninstall.exe
World of Warcraft Desktop --> C:\PROGRA~1\Stardock\OBJECT~1\THEMEM~1\thememgr.exe /uninstallwise
Xvid 1.1.3 final uninstall --> "C:\Program Files\Xvid\unins000.exe"
ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
Zoo Tycoon 2 - Marine Mania --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{B406605B-45FE-4D8F-8250-1E77479583AE}


-- Application Event Log -------------------------------------------------------

Event Record #/Type1955 / Error
Event Submitted/Written: 03/04/2008 04:25:44 PM
Event ID/Source: 1001 / Application Error
Event Description:
Fault bucket 561163350.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Event Record #/Type1954 / Error
Event Submitted/Written: 03/04/2008 04:24:44 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application ee3.exe, version 1.1.0.0, faulting module ee3.exe, version 1.1.0.0, fault address 0x0017295c.
Processing media-specific event for [ee3.exe!ws!]

Event Record #/Type1953 / Error
Event Submitted/Written: 03/04/2008 03:57:29 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application ee3.exe, version 1.1.0.0, faulting module ee3.exe, version 1.1.0.0, fault address 0x0017295c.
Processing media-specific event for [ee3.exe!ws!]

Event Record #/Type1945 / Success
Event Submitted/Written: 03/04/2008 01:25:02 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type1931 / Success
Event Submitted/Written: 03/03/2008 08:26:10 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type4232 / Warning
Event Submitted/Written: 03/01/2008 05:57:13 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type4229 / Warning
Event Submitted/Written: 03/01/2008 05:41:31 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type4224 / Error
Event Submitted/Written: 03/01/2008 05:38:37 PM
Event ID/Source: 1000 / Dhcp
Event Description:
Your computer has lost the lease to its IP address 192.168.100.10 on the
Network Card with network address 001BFC841B7A.

Event Record #/Type4223 / Warning
Event Submitted/Written: 03/01/2008 05:38:37 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001BFC841B7A. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type4222 / Error
Event Submitted/Written: 03/01/2008 05:38:04 PM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 81.100.91.88 for the Network Card with network address 001BFC841B7A has been
denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).



-- End of Deckard's System Scanner: finished at 2008-03-24 17:39:34 ------------
  • 0

#8
andrewuk
Posted 24 March 2008 - 04:53 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
in this post we will clear an ophaned entry and do a scan to see what else is lurking on your machine

====STEP 1====
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.



====STEP 2====
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


====STEP 3====
Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


In your next reply can i see:
1. the malwarebytes log
2. the kasperskyscan log
3. a new hijackthis log

andrewuk
  • 0

#9
impega
Posted 26 March 2008 - 01:42 AM

impega

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Ok heres what you asked for:

(Just a note: Is it possible that anything I've done so far would have caused my mp3 player to not be picked up anymore? I plug the USB in and it's like I didnt... Other USB things work tho... Could just be my dogey mp3)

MALAWARE LOG

===========================================Malwarebytes' Anti-Malware 1.09
Database version: 534

Scan type: Full Scan (C:\|)
Objects scanned: 309011
Time elapsed: 1 hour(s), 24 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{bdbebf18-7615-4971-9ac3-bd6ffb7ad6c1} (Adware.WebDir) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Sam\Application Data\Sammsoft (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.

Files Infected:
(No malicious items detected)

==================================================


KASPERSKY LOG

==================================================


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, March 26, 2008 7:37:58 AM
Operating System: Microsoft Windows XP Professional, Service Pack 3, v.3264 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 25/03/2008
Kaspersky Anti-Virus database records: 663365
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
I:\
J:\

Scan Statistics:
Total number of scanned objects: 272048
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 08:03:00

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kontiki\error.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Nero\Nero8\Nero BackItUp\Cache\NeroBackItUpScheduler3.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Sam\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Sam\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Sam\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\Sam\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\Sam\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_D8A4_127A_A412_5B78\dfsr.db Object is locked skipped
C:\Documents and Settings\Sam\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_D8A4_127A_A412_5B78\fsr.log Object is locked skipped
C:\Documents and Settings\Sam\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_D8A4_127A_A412_5B78\fsrtmp.log Object is locked skipped
C:\Documents and Settings\Sam\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_D8A4_127A_A412_5B78\tmp.edb Object is locked skipped
C:\Documents and Settings\Sam\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Sam\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Sam\Local Settings\Application Data\Microsoft\Windows Live Contacts\[email protected]\real\members.stg Object is locked skipped
C:\Documents and Settings\Sam\Local Settings\Application Data\Microsoft\Windows Live Contacts\[email protected]\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Sam\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Sam\Local Settings\History\History.IE5\MSHist012008032520080326\index.dat Object is locked skipped
C:\Documents and Settings\Sam\Local Settings\Temp\~DF805C.tmp Object is locked skipped
C:\Documents and Settings\Sam\Local Settings\Temp\~DF8078.tmp Object is locked skipped
C:\Documents and Settings\Sam\Local Settings\Temp\~DFA305.tmp Object is locked skipped
C:\Documents and Settings\Sam\Local Settings\Temp\~DFA321.tmp Object is locked skipped
C:\Documents and Settings\Sam\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Sam\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Sam\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Sam\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Sam\UserData\index.dat Object is locked skipped
C:\Program Files\Nero\Nero8\Nero BackItUp\BIU1.txt Object is locked skipped
C:\Program Files\WinGate\HISTORY.CDX Object is locked skipped
C:\Program Files\WinGate\HISTORY.DBF Object is locked skipped
C:\Program Files\WinGate\Logs\Scheduler\Scheduler.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{FD3FE5FB-4CC7-43C4-9EA8-7F4795992E2C}\RP19\change.log Object is locked skipped
C:\System Volume Information\_restore{FD3FE5FB-4CC7-43C4-9EA8-7F4795992E2C}\RP5\A0005836.exe Object is locked skipped
C:\System Volume Information\_restore{FD3FE5FB-4CC7-43C4-9EA8-7F4795992E2C}\RP5\A0005837.exe Object is locked skipped
C:\System Volume Information\_restore{FD3FE5FB-4CC7-43C4-9EA8-7F4795992E2C}\RP5\A0005838.exe Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\SAM-7F54CEF626E.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\TEMP\Perflib_Perfdata_106c.dat Object is locked skipped
C:\WINDOWS\TEMP\ZLT00120.TMP Object is locked skipped
C:\WINDOWS\TEMP\ZLT00123.TMP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.


====================================================

NEW HIJACKTHIS

====================================================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:41:41, on 26/03/2008
Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WinGate\WinGate.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\QuickTime\QuickTimePlayer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\mdm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\RunOnce: [MPlayer2_FixUp] C:\WINDOWS\inf\unregmp2.exe /Fixups
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.15\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.15\MediaManager\grab.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.updat...b?1198884106419
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ad...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Qbik WinGate Engine (WinGateEngine) - Qbik Software NZ Ltd - C:\Program Files\WinGate\WinGate.exe

--
End of file - 9255 bytes
  • 0

#10
andrewuk
Posted 26 March 2008 - 10:51 AM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts

(Just a note: Is it possible that anything I've done so far would have caused my mp3 player to not be picked up anymore? I plug the USB in and it's like I didnt... Other USB things work tho... Could just be my dogey mp3)

cant see anything we have removed that could have done that.....lets leave it until the end. otherwise does the MP3 connection all work etc? any other programs showing signs of deterioration? i suspect we may uninstall and then re-install your MP3 Player Utilities 4.15 program

though i can see this entry has just appeared in your logs: O4 - HKCU\..\RunOnce: [MPlayer2_FixUp] C:\WINDOWS\inf\unregmp2.exe /Fixups which should be gone by the next time you reboot your computer as they fall in the RunOnce Category of your Registry. It was caused because there must have been some problem with your Windows Media Player last time you opened it. but in any case, see if your Windows Media Player is in working order.

the malwarebytes scan cleared a couple of traces and the kaspersky scan came back clean. in this post we will update your out-of-date java and scan one file i dont know about (actually, it does give me some concern), and we will remove a couple of entries.

firslty, does this mean anything to you: C:\WINDOWS\system32\wgsrvins.dll <Not Verified; ; WGITools Dynamic Link Library>


====STEP 1====
Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\WINDOWS\ativpsrm.bin
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    purity
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fac53e58-b646-11dc-935b-001bfc841b7a}
  • Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



====STEP 2====
Updating Java and Clearing Cache
  • Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.
  • It will say "Java Plug-in" under the icon.
    Please find the update button or tab in the Java Control Panel. Update your Java then reboot.
  • If you are unable to update you can manually update by going here:
  • After the reboot, go back into the Control Panel and double-click the Java Icon.
  • Under Temporary Internet Files, click the Delete Files button.
  • There are three options in the window to clear the cache - Leave ALL 3 Checked
    Downloaded Applets
    Downloaded Applications
    Other Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Java Control Panel.


====STEP 3====
you may have to temporarily close down all your security programs including firewall to make this work.

Please go to Jotti's malware scan
Copy and paste the following file path into the "File to upload & scan"box on the top of the page:
C:\WINDOWS\system32\drivers\qbikhkxp.sys

Click on the submit button

Please post the results of the scan in your next reply.

If Jotti is busy, try the same atVirustotal



In your next reply could i see:
1. the OTMoveIT log
2. the jotti scan results
3. a new hijackthis log
4. some idea of how your machine is running now

andrewuk
  • 0

Advertisements

#11
impega
Posted 26 March 2008 - 02:37 PM

impega

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Here's my moveit log:

C:\WINDOWS\ativpsrm.bin moved successfully.
[Custom Input]
< purity >
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fac53e58-b646-11dc-935b-001bfc841b7a} >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fac53e58-b646-11dc-935b-001bfc841b7a}\\ deleted successfully.

OTMoveIt2 by OldTimer - Version 1.0.21 log created on 03262008_195712


==========================

VirusTotal online scan:

File qbikhkxp.sys received on 03.26.2008 21:13:28 (CET)Antivirus Version Last Update Result
AhnLab-V3 2008.3.26.0 2008.03.26 -
AntiVir 7.6.0.75 2008.03.26 -
Authentium 4.93.8 2008.03.26 -
Avast 4.7.1098.0 2008.03.26 -
AVG 7.5.0.516 2008.03.26 -
BitDefender 7.2 2008.03.26 -
CAT-QuickHeal 9.50 2008.03.26 -
ClamAV 0.92.1 2008.03.26 -
DrWeb 4.44.0.09170 2008.03.26 -
eSafe 7.0.15.0 2008.03.18 -
eTrust-Vet 31.3.5644 2008.03.26 -
Ewido 4.0 2008.03.26 -
F-Prot 4.4.2.54 2008.03.26 -
F-Secure 6.70.13260.0 2008.03.26 -
FileAdvisor 1 2008.03.26 -
Fortinet 3.14.0.0 2008.03.26 -
Ikarus T3.1.1.20 2008.03.26 -
Kaspersky 7.0.0.125 2008.03.26 -
McAfee 5260 2008.03.26 -
Microsoft 1.3301 2008.03.26 -
NOD32v2 2975 2008.03.26 -
Norman 5.80.02 2008.03.26 -
Panda 9.0.0.4 2008.03.25 -
Prevx1 V2 2008.03.26 -
Rising 20.37.22.00 2008.03.26 -
Sophos 4.27.0 2008.03.26 -
Sunbelt 3.0.978.0 2008.03.18 -
Symantec 10 2008.03.26 -
TheHacker 6.2.92.255 2008.03.26 -
VBA32 3.12.6.3 2008.03.25 -
VirusBuster 4.3.26:9 2008.03.26 -
Webwasher-Gateway 6.6.2 2008.03.26 -

Additional information
File size: 475616 bytes
MD5: 82498ab897cb5135bb6c13753d06fc2f
SHA1: df1617768e4fadeeee38dd36f39529e4e363e497
PEiD: -

====================================

New hijackthis:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:28:15, on 26/03/2008
Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WinGate\WinGate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\mdm.exe
C:\Program Files\BitTorrent\BitTorrent.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.15\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.15\MediaManager\grab.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.updat...b?1198884106419
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ad...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Qbik WinGate Engine (WinGateEngine) - Qbik Software NZ Ltd - C:\Program Files\WinGate\WinGate.exe

--
End of file - 8906 bytes

=============================================


My PC seems to be A OK, IE doesn't crash anymore because I just downloaded the new version, but explorer.exe does all the time, it's weird beause when the "explorer.exe is not responding" popup comes, I can just move it out the way and continue doing what I was doing.

Speaking of WMP I installed the new one yesterday, which is probably the problem then right?

The MP3 Utilities thing doesn't really have anything to do with the MP3 player being picked up, it's just a tool it uses to convert video files into .flvs so it can read them, I mean I could connect my mp3 just fine before I installed that and after until now, but hey, I guess I'm only finding problems now because I'm looking for them; I can always use my other PC to put songs on it.
  • 0

#12
andrewuk
Posted 26 March 2008 - 03:23 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts

Speaking of WMP I installed the new one yesterday, which is probably the problem then right?

sounds like the culprit.

but explorer.exe does all the time, it's weird beause when the "explorer.exe is not responding" popup comes, I can just move it out the way and continue doing what I was doing.

indeed, quite odd. does the popup look like a genuine microsoft popup, or does it look odd?

when this next happens, could you go into the task manager (CTLR ALT DELETE and look in Processes and tell me what it says for explore.exe.

also, when did the explore.exe issue start? at the same time as the other issues? or did it happen when you installed counterspy from Sunbelt? or when you installed AVG? i am thinking that there may be a conflict going on somewhere

andrewuk
  • 0

#13
impega
Posted 26 March 2008 - 03:50 PM

impega

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
I'd say the popup was genuine.

Ah, sorry, I've only just realised, it's not a not responsing window, its a different one. It looks almost identicle, but it looks like this:

Posted Image

I've been using CounterSpy since I first got this PC, so if there was a clash I'd assume it would be from AVG. I only ever use counterspy however when I suspect something wrong and use it's scan, so I don't have it open until then (I do have AVG running all the time though).

When it crashes, the process is like this:

explorer.exe Sam 00 52,904k

The numbers stay fixed.
  • 0

#14
andrewuk
Posted 26 March 2008 - 03:57 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
yep, looks pretty genuine

click on Start, click on Run
copy and paste the following in bold in the open window and then click OK
"%userprofile%\desktop\dss.exe" /config
This will open up DSS configuration
click on Check All
click Scan
DSS will now run again when finished
Please post back both logs that open in notepad
Main txt and extra txt

andrewuk
  • 0

#15
impega
Posted 26 March 2008 - 04:00 PM

impega

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Main:

Deckard's System Scanner v20071014.68
Run by Sam on 2008-03-26 21:58:01
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
22: 2008-03-26 21:58:05 UTC - RP22 - Deckard's System Scanner Restore Point
21: 2008-03-26 20:59:03 UTC - RP21 - Installed Sentinel Protection Installer 7.4.0
20: 2008-03-26 19:59:07 UTC - RP20 - Installed Java™ 6 Update 5
19: 2008-03-25 20:23:52 UTC - RP19 - Installed 4oD.
18: 2008-03-25 20:22:30 UTC - RP18 - Removed 4oD.


-- First Restore Point --
1: 2008-03-23 18:19:46 UTC - RP1 - System Checkpoint


Performed disk cleanup.

System Drive C: has 30.18 GiB (less than 15%) free.


-- HijackThis (run as Sam.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:58:15, on 26/03/2008
Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WinGate\WinGate.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\DivX\DivX Player\DivX Player.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\system32\mdm.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Sam\desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Sam.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.15\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.15\MediaManager\grab.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.updat...b?1198884106419
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemreq.../sysreqlab2.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ad...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Qbik WinGate Engine (WinGateEngine) - Qbik Software NZ Ltd - C:\Program Files\WinGate\WinGate.exe

--
End of file - 9628 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080324-201332-751 O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
backup-20080324-201332-971 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.104.67.250:8080
backup-20080324-201333-594 O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
backup-20080324-225927-762 O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,71
.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*
.hlp - hlpfile - DefaultIcon - C:\WINDOWS\System32\shell32.dll,23
.inf - inffile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.ini - inifile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.reg - regfile - shell\open\command - regedit.exe"%1" %*
.scr - scrfile - shell\open\command - "%1" %*
.txt - txtfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,70


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 QbikHkXP (Wingate NDIS Hook Driver) - c:\windows\\systemroot\system32\drivers\qbikhkxp.sys (file missing)
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R3 ovt519 (Eye Toy) - c:\windows\system32\drivers\ov519vid.sys <Not Verified; OmniVision Technologies, Inc.; Dual Mode USB Camera 519>
R3 SBAPIFS - c:\windows\system32\drivers\sbapifs.sys (file missing)

S1 rxp - c:\windows\system32\drivers\rxp.sys (file missing)
S3 Ad-Watch Connect Filter (Ad-Watch Connect Kernel Filter) - c:\windows\system32\drivers\nsdriver.sys <Not Verified; Lavasoft AB; Ad-Watch Connections>
S3 Ad-Watch Real-Time Scanner (AW Real-Time Scanner) - c:\windows\system32\drivers\awrtpd.sys <Not Verified; Lavasoft AB; Ad-Watch Beta>
S3 Ad-Watch Registry Filter (Ad-Watch Registry Kernel Filter) - c:\windows\system32\drivers\awrtrd.sys <Not Verified; Lavasoft AB; Ad-Watch Registry Protection>
S3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys (file missing)
S3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe
R2 WinGateEngine (Qbik WinGate Engine) - c:\program files\wingate\wingate.exe <Not Verified; Qbik Software NZ Ltd; WinGate>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S4 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Process Modules -------------------------------------------------------------

C:\WINDOWS\system32\winlogon.exe (pid 740)
2003-02-26 22:27:44 36864 --a------ C:\WINDOWS\system32\wbsys.dll <Not Verified; Stardock.Net, Inc; WindowBlinds 4.x for x86 machines>
2007-04-19 12:41:36 294912 --a------ C:\Program Files\SUPERAntiSpyware\SASWINLO.dll <Not Verified; SUPERAntiSpyware.com; SUPERAntiSpyware WinLogon Processor>
2001-12-20 23:34:52 24576 --a------ C:\Program Files\AlienGUIse\fastload.dll <Not Verified; Stardock; fLoad>

C:\WINDOWS\system32\svchost.exe (pid 976)
2003-02-26 22:27:44 36864 --a------ C:\WINDOWS\system32\wbsys.dll <Not Verified; Stardock.Net, Inc; WindowBlinds 4.x for x86 machines>

C:\WINDOWS\system32\svchost.exe (pid 1180)
2003-02-26 22:27:44 36864 --a------ C:\WINDOWS\system32\wbsys.dll <Not Verified; Stardock.Net, Inc; WindowBlinds 4.x for x86 machines>

C:\WINDOWS\system32\svchost.exe (pid 684)
2003-02-26 22:27:44 36864 --a------ C:\WINDOWS\system32\wbsys.dll <Not Verified; Stardock.Net, Inc; WindowBlinds 4.x for x86 machines>
2003-10-15 17:52:50 16426 -ra------ C:\WINDOWS\system32\ov519usd.dll <Not Verified; OmniVision Technologies Inc.; Dual Mode USB Camera 519>

C:\WINDOWS\explorer.exe (pid 3968)
2003-02-26 22:27:44 36864 --a------ C:\WINDOWS\system32\wbsys.dll <Not Verified; Stardock.Net, Inc; WindowBlinds 4.x for x86 machines>
2003-02-26 22:24:32 28740 --a------ C:\Program Files\AlienGUIse\wbhelp.dll <Not Verified; Stardock.Net, Inc; WindowBlinds 4 for Win32 x86 machines>
2006-12-20 12:55:48 77824 --a------ C:\Program Files\SUPERAntiSpyware\SASSEH.DLL <Not Verified; SuperAdBlocker.com; SuperAntiSpyware>


-- Scheduled Tasks -------------------------------------------------------------

2008-03-24 17:06:07 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-02-26 and 2008-03-26 -----------------------------

2008-09-18 20:43:03 0 d-------- C:\Documents and Settings\Sam\Application Data\Ventrilo
2008-09-18 20:33:18 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-26 20:59:08 0 d-------- C:\WINDOWS\LastGood
2008-03-26 20:59:06 0 d-------- C:\Program Files\SafeNet Sentinel
2008-03-26 20:59:05 0 d-------- C:\Program Files\Common Files\SafeNet Sentinel
2008-03-26 20:58:38 0 d-------- C:\WINDOWS\Downloaded Installations
2008-03-26 20:51:09 0 d-------- C:\Program Files\SystemRequirementsLab
2008-03-26 20:50:18 0 d-------- C:\Program Files\NewTek
2008-03-26 20:50:03 0 d-------- C:\Documents
2008-03-26 20:44:00 0 d-------- C:\Documents and Settings\Sam\Application Data\SystemRequirementsLab
2008-03-26 20:02:32 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-03-25 20:23:54 0 d-------- C:\Program Files\Kontiki
2008-03-25 20:23:54 0 d-------- C:\Program Files\Channel4
2008-03-25 20:02:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Kontiki
2008-03-25 20:01:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Channel4
2008-03-25 16:14:43 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-25 16:14:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-24 22:57:17 0 d-------- C:\Documents and Settings\Sam\Application Data\Malwarebytes
2008-03-24 22:56:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-24 22:56:50 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-24 20:14:47 0 d-------- C:\hostxpert 4.2 - host manager
2008-03-24 17:51:58 0 d-------- C:\Documents and Settings\Sam\Application Data\Nero
2008-03-24 17:48:30 0 d-------- C:\Program Files\Nero
2008-03-24 17:48:30 0 d-------- C:\Program Files\Common Files\Nero
2008-03-24 17:48:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-03-24 17:35:33 0 d-------- C:\Program Files\Trend Micro
2008-03-24 03:34:51 0 dr-h----- C:\$VAULT$.AVG
2008-03-24 00:51:06 18124832 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-24 00:48:03 0 d-------- C:\Documents and Settings\Sam\Application Data\AVG7
2008-03-24 00:47:58 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-24 00:47:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-24 00:33:22 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-03-24 00:33:19 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-03-24 00:32:56 0 d-------- C:\WINDOWS\system32\ZoneLabs
2008-03-24 00:32:38 0 d-------- C:\WINDOWS\Internet Logs
2008-03-24 00:00:30 0 d-------- C:\My Drivers
2008-03-23 23:59:00 0 d-------- C:\Program Files\Common Files\AVSMedia
2008-03-23 23:58:34 0 d-------- C:\Program Files\WinDriver Ghost
2008-03-23 23:58:27 261632 --a------ C:\WINDOWS\system32\mcdvd_32.dll <Not Verified; MainConcept; MainConcept DV Codec "2.0.4>
2008-03-23 23:58:27 0 d-------- C:\Program Files\AVSMedia
2008-03-23 23:35:25 0 d-------- C:\Program Files\Common Files\Download Manager
2008-03-23 19:21:26 0 d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-03-23 18:47:22 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-03-23 18:47:22 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-03-23 18:47:22 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-03-23 18:47:22 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-03-23 18:47:22 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-03-23 18:47:22 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-03-23 18:47:22 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-03-23 18:47:22 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-03-23 18:47:22 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-03-23 18:47:22 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-03-23 18:47:22 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-03-23 18:47:22 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-03-23 18:47:22 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-03-23 18:47:22 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-03-23 18:34:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-03-23 18:22:20 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-03-23 17:59:21 7688719 --a------ C:\WINDOWS\system32\SBSP.dat
2008-03-23 17:59:19 104 --a------ C:\WINDOWS\system32\SBRC.dat
2008-03-23 17:59:19 153 --a------ C:\WINDOWS\system32\SBFC.dat
2008-03-23 14:28:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-23 14:18:26 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-03-23 14:18:26 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-03-23 14:18:26 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-03-23 14:18:26 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-03-23 00:01:04 0 d-------- C:\Documents and Settings\Sam\Application Data\Amazon
2008-03-23 00:00:53 0 d-------- C:\Program Files\Amazon
2008-03-22 22:32:05 0 d-------- C:\Program Files\LogMeIn
2008-03-21 21:27:28 0 d-------- C:\Program Files\CDRWIN 6
2008-03-21 21:25:34 0 d-------- C:\Program Files\PowerISO
2008-03-21 17:31:47 0 d-------- C:\Program Files\DVD Decrypter
2008-03-20 17:03:11 0 d-------- C:\Program Files\Dorgem
2008-03-20 16:42:22 0 d-------- C:\Program Files\VirtualDJ
2008-03-20 16:41:49 0 d-------- C:\Documents and Settings\Sam\Application Data\DAEMON Tools Pro
2008-03-20 16:41:37 0 d-------- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
2008-03-20 16:38:59 0 d-------- C:\Program Files\DAEMON Tools Pro
2008-03-19 16:43:32 307200 -ra------ C:\WINDOWS\vidcap32.exe <Not Verified; Microsoft Corporation; Microsoft Windows>
2008-03-19 16:43:32 25211 -ra------ C:\WINDOWS\system32\drivers\ov519cmd.sys <Not Verified; OmniVision Technologies Inc.; Dual Mode USB Camera 519>
2008-03-19 16:43:32 200704 -ra------ C:\WINDOWS\sel3110.exe <Not Verified; ; select Application>
2008-03-19 16:43:32 61440 -ra------ C:\WINDOWS\ov519dib.dll <Not Verified; OmniVision Technologies, Inc.; OmniVision USB Camera OV519>
2008-03-19 16:43:32 135168 -ra------ C:\WINDOWS\ov519cap.exe <Not Verified; OmniVision Technologies, Inc.; OmniVision USB Camera OV519>
2008-03-19 16:43:32 40960 -ra------ C:\WINDOWS\CleanDev.exe <Not Verified; ; CleanDevice>
2008-03-19 16:43:32 32528 -ra------ C:\WINDOWS\amcap.exe
2008-03-19 16:43:31 16426 -ra------ C:\WINDOWS\system32\ov519usd.dll <Not Verified; OmniVision Technologies Inc.; Dual Mode USB Camera 519>
2008-03-19 16:43:31 40960 -ra------ C:\WINDOWS\system32\ov519ext.dll <Not Verified; OmniVision Technologies Inc.; Dual Mode USB Camera 519>
2008-03-19 16:43:31 174530 -ra------ C:\WINDOWS\system32\drivers\ov519vid.sys <Not Verified; OmniVision Technologies, Inc.; Dual Mode USB Camera 519>
2008-03-19 16:43:31 0 d-------- C:\WINDOWS\OvtCam
2008-03-16 20:36:28 0 d-------- C:\Runtime
2008-03-16 20:33:06 90112 --a------ C:\WINDOWS\unvise32.exe <Not Verified; MindVision Software; Installer VISE>
2008-03-16 20:32:56 0 d-------- C:\Program Files\DAZ
2008-03-16 20:32:56 0 d-------- C:\Program Files\Common Files\DAZ
2008-03-16 14:41:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-03-15 20:13:02 0 d-------- C:\SecondLife
2008-03-14 23:11:04 475616 --a------ C:\WINDOWS\system32\drivers\qbikhkxp.sys
2008-03-14 23:11:02 0 d-------- C:\Program Files\Qbik Licensing
2008-03-14 23:11:01 0 d-------- C:\Program Files\WinGate
2008-03-14 23:10:40 1056768 --a------ C:\WINDOWS\system32\roboex32.dll <Not Verified; eHelp Corporation.; RoboHELP for WinHelp 9>
2008-03-14 23:10:40 49152 --a------ C:\WINDOWS\system32\inetwh32.dll <Not Verified; Blue Sky Software Corporation.; Blue Sky Software - INETWH32>
2008-03-14 23:08:17 208896 --a------ C:\WINDOWS\system32\wgsrvins.dll <Not Verified; ; WGITools Dynamic Link Library>
2008-03-14 23:08:17 11264 --a------ C:\WINDOWS\system32\sporder.dll <Not Verified; Microsoft Corporation; Microsoft® Windows NT™ Operating System>
2008-03-14 21:20:19 0 d-------- C:\Documents and Settings\Sam\Application Data\SecondLife
2008-03-14 21:19:26 0 d-------- C:\Program Files\SecondLife
2008-03-14 20:03:02 0 d-------- C:\bonus
2008-03-14 02:39:49 11580 --a------ C:\WINDOWS\SurfSite
2008-03-14 02:36:56 0 d-------- C:\Program Files\Surfstats8400
2008-03-13 19:17:41 70656 --a------ C:\WINDOWS\system32\vspell32.dll <Not Verified; Visual Components, Inc.; VisualSpeller™>
2008-03-13 19:17:41 84992 --a------ C:\WINDOWS\system32\Ledit32.dll <Not Verified; AY Software Corporation; >
2008-03-13 19:17:40 503808 --a------ C:\WINDOWS\system32\ChilkatFTPx.dll <Not Verified; Chilkat Software, Inc.; Chilkat FTP ActiveX>
2008-03-13 19:17:40 0 d-------- C:\Program Files\PageBreeze
2008-03-13 15:38:40 233472 --a------ C:\WINDOWS\system32\Ilda32.dll <Not Verified; Creative Development LTD; >
2008-03-13 15:38:40 18944 --a------ C:\WINDOWS\system32\BORLNDMM.DLL <Not Verified; Inprise Corporation; Borland Memory Manager>
2008-03-13 15:38:39 0 d-------- C:\Program Files\CoffeeCup Software
2008-03-13 11:49:16 0 d--h----- C:\Documents and Settings\All Users\Application Data\{0E8E33D8-193A-414A-A909-0F101A142D26}
2008-03-13 11:43:57 0 d-------- C:\Program Files\Stardock Games
2008-03-11 20:18:45 0 d-------- C:\Program Files\PowerDataRecovery
2008-03-11 19:48:20 0 d-------- C:\Program Files\Data Doctor Recovery FAT (Demo)
2008-03-11 16:32:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software
2008-03-11 16:31:20 0 d-------- C:\Program Files\Sunbelt Software
2008-03-09 20:51:06 0 d-------- C:\Documents and Settings\Sam\Application Data\Command & Conquer 3 Tiberium Wars
2008-03-09 14:37:13 0 d-------- C:\Program Files\Lavasoft
2008-03-09 14:37:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-09 14:29:37 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-09 14:29:32 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-03-09 14:29:32 0 d-------- C:\Documents and Settings\Sam\Application Data\SUPERAntiSpyware.com
2008-03-09 12:31:09 0 d-------- C:\Program Files\Infogrames
2008-03-09 00:57:02 0 d-------- C:\WINDOWS\aod
2008-03-09 00:04:12 0 d-------- C:\Program Files\AVI Codec Pack
2008-03-09 00:04:09 0 d-------- C:\WINDOWS\system32\quicktime
2008-03-08 23:48:53 0 d-------- C:\Documents and Settings\Sam\Application Data\Opera
2008-03-08 23:48:46 0 d-------- C:\Program Files\Opera
2008-03-08 23:40:27 0 d--h----- C:\WINDOWS\$hf_mig$
2008-03-08 19:38:53 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers Headquarters
2008-03-08 19:29:33 0 d-------- C:\Program Files\Driver Magician
2008-03-08 19:17:55 23600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
2008-03-08 17:31:08 0 d-------- C:\WINDOWS\WinRAR
2008-03-08 16:41:42 0 d-------- C:\Program Files\RegVac Registry Cleaner
2008-03-08 16:23:10 0 d-------- C:\Documents and Settings\Sam\Application Data\MozillaControl
2008-03-08 16:22:46 0 d-------- C:\WINDOWS\'Full Speed' Internet Booster + Performance Tests
2008-03-08 16:22:36 0 d-------- C:\aidualc3
2008-03-08 13:30:28 0 d-------- C:\Documents and Settings\Sam\Application Data\Microsoft Games
2008-03-08 13:20:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Games
2008-03-07 18:53:31 0 d-------- C:\Documents and Settings\Sam\Application Data\Atari
2008-03-07 17:43:14 0 d-------- C:\Program Files\THQ
2008-03-07 14:48:38 0 d-------- C:\Program Files\EA GAMES
2008-03-07 14:48:37 442368 -ra------ C:\WINDOWS\system32\vp6vfw.dll <Not Verified; On2.com; On2_VP6>
2008-03-07 12:47:12 0 d-------- C:\Documents and Settings\Sam\Application Data\Leadertech
2008-03-07 12:47:06 197120 --a------ C:\WINDOWS\patchw32.dll
2008-03-07 12:47:05 0 d-------- C:\Program Files\Common Files\PocketSoft
2008-03-07 12:44:05 0 d-------- C:\Program Files\Atari
2008-03-07 12:41:12 529 --a------ C:\WINDOWS\eReg.dat
2008-03-07 12:41:06 0 d-------- C:\Program Files\Maxis
2008-03-06 21:41:21 0 d-------- C:\Documents and Settings\All Users\Application Data\SimCity Societies
2008-03-06 21:24:19 0 d-------- C:\Program Files\Electronic Arts
2008-03-06 16:34:48 246784 --a------ C:\WINDOWS\system32\sqlite3.dll
2008-03-06 00:06:11 0 d-------- C:\Games
2008-03-02 23:46:25 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-01 23:10:09 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-01 23:09:56 0 d-------- C:\Program Files\Windows Live
2008-03-01 23:09:44 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-01 13:53:53 0 d-------- C:\Program Files\Team Fortress 2
2008-02-29 19:02:24 0 d-------- C:\Program Files\CamStudio
2008-02-27 19:51:10 0 d-------- C:\Documents and Settings\Sam\Application Data\InstallShield Installation Information
2008-02-27 19:23:07 0 d-------- C:\Program Files\Unreal Tournament 3
2008-02-27 18:39:55 0 d-------- C:\Documents and Settings\Sam\Application Data\mIRC
2008-02-26 17:07:14 0 d-------- C:\Documents and Settings\Sam\Application Data\Sierra Entertainment
2008-02-26 16:42:36 0 d-------- C:\WINDOWS\85EBB28365AF4C539EBE7C0A232762F7.TMP
2008-02-26 16:34:08 0 d-------- C:\Program Files\Sierra Entertainment


-- Find3M Report ---------------------------------------------------------------

2008-03-26 20:59:05 0 d-------- C:\Program Files\Common Files
2008-03-26 20:49:01 0 d-------- C:\Documents and Settings\Sam\Application Data\BitTorrent
2008-03-26 20:00:36 0 d-------- C:\Program Files\Java
2008-03-25 20:15:34 0 d-------- C:\Program Files\Windows Media Connect 2
2008-03-25 19:54:23 0 d-------- C:\Documents and Settings\Sam\Application Data\Adobe
2008-03-25 14:12:40 0 d-------- C:\Program Files\MagicISO
2008-03-25 14:12:40 0 d-------- C:\Documents and Settings\Sam\Application Data\DNA
2008-03-24 00:27:47 0 d-------- C:\Documents and Settings\Sam\Application Data\GlarySoft
2008-03-23 23:41:53 0 d-------- C:\Program Files\Common Files\Ahead
2008-03-23 16:14:16 0 d-------- C:\Documents and Settings\Sam\Application Data\LimeWire
2008-03-22 22:05:07 3478 --a------ C:\WINDOWS\mozver.dat
2008-03-14 21:20:50 0 d-------- C:\Documents and Settings\Sam\Application Data\Mozilla
2008-03-10 02:29:43 0 d-------- C:\Program Files\Glary Utilities
2008-03-09 20:02:47 0 d-------- C:\Program Files\LimeWire
2008-03-09 12:44:56 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-09 12:38:13 0 d-------- C:\Program Files\Stardock
2008-03-09 01:04:00 1611 --a------ C:\Program Files\INSTALL.LOG
2008-03-08 13:15:00 0 d-------- C:\Program Files\Microsoft Games
2008-03-07 00:54:10 0 d-------- C:\Documents and Settings\Sam\Application Data\Apple Computer
2008-02-27 19:22:07 0 d-------- C:\Program Files\AGEIA Technologies
2008-02-26 16:12:50 0 d-------- C:\Program Files\AlienGUIse
2008-02-26 16:06:41 0 d-------- C:\Program Files\Common Files\Stardock
2008-02-26 15:57:27 0 d-------- C:\Program Files\Game Cam v1.4
2008-02-20 20:40:18 0 d-------- C:\Documents and Settings\Sam\Application Data\Help
2008-02-20 19:34:55 0 d-------- C:\Documents and Settings\Sam\Application Data\Ahead
2008-02-18 22:18:06 0 --a------ C:\program1
2008-02-08 22:24:54 0 d-------- C:\Documents and Settings\Sam\Application Data\Macromedia
2008-02-08 22:10:54 0 d-------- C:\Program Files\Common Files\Macromedia Shared
2008-02-08 22:10:01 0 d-------- C:\Program Files\Common Files\Macromedia
2008-02-08 22:09:15 0 d-------- C:\Program Files\Macromedia
2008-01-31 17:35:47 0 d-------- C:\Program Files\Web Publish
2008-01-27 17:48:33 0 d-------- C:\Documents and Settings\Sam\Application Data\DAEMON Tools
2008-01-27 17:43:49 0 d-------- C:\Program Files\DaemonScript
2008-01-26 17:12:30 0 dr-h----- C:\Documents and Settings\Sam\Application Data\SecuROM
2008-01-04 21:58:50 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-01-04 21:57:22 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-01-04 21:57:22 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-01-04 21:57:12 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-04 21:57:10 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-01-04 21:57:10 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-04 21:56:24 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-31 19:13:51 134377 --a------ C:\Documents and Settings\Sam\Application Data\Cosmos Prefs
2007-12-29 14:06:07 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-12-29 01:24:50 0 --a------ C:\WINDOWS\nsreg.dat
2007-12-28 22:50:19 0 -rahs---- C:\MSDOS.SYS
2007-12-28 22:50:19 0 -rahs---- C:\IO.SYS
2007-12-28 22:50:19 0 --a------ C:\CONFIG.SYS
2007-12-28 22:50:19 0 --a------ C:\AUTOEXEC.BAT
2007-12-28 22:48:04 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-12-28 22:42:25 62 --ahs---- C:\Documents and Settings\Sam\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [30/10/2006 12:44]
"JMB36X Configure"="C:\WINDOWS\system32\JMRaidSetup.exe" [30/10/2006 12:44]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [10/11/2006 12:35]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [18/12/2006 13:34]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [13/03/2008 23:11]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [24/03/2008 00:47]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [20/09/2007 09:51]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [01/12/2007 08:26]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [18/10/2007 11:34]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 15/11/2007 18:46 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 20/12/2001 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, credssp.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBCSSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinGate Engine Monitor.lnk]
backup=C:\WINDOWS\pss\WinGate Engine Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinGate VPN Monitor.lnk]
backup=C:\WINDOWS\pss\WinGate VPN Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
"C:\Program Files\DNA\btdna.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
"C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
"C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SiteAdvisor Service"=2 (0x2)
"Microsoft Office Groove Audit Service"=3 (0x3)
"odserv"=3 (0x3)
"MpfService"=2 (0x2)
"McNASvc"=2 (0x2)
"MSK80Service"=2 (0x2)
"NBService"=3 (0x3)
"McSysmon"=3 (0x3)
"mcmscsvc"=2 (0x2)
"McODS"=3 (0x3)
"McShield"=2 (0x2)
"McProxy"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"LogMeIn"=2 (0x2)
"LMIMaint"=2 (0x2)
"LanmanServer"=2 (0x2)
"Bonjour Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
"McENUI"=C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
"MskAgentexe"=C:\Program Files\McAfee\MSK\MskAgent.exe
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"SBCSTray"=C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
"4oD"="C:\Program Files\Kontiki\KHost.exe" -all

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc

*Newly Created Service* - SBAPIFS
*Newly Created Service* - SENTINEL
*Newly Created Service* - SENTINELKEYSSERVER
*Newly Created Service* - SENTINELPROTECTIONSERVER



-- End of Deckard's System Scanner: finished at 2008-03-26 21:59:31 ------------








Extra:


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 Duo CPU E4500 @ 2.20GHz
Percentage of Memory in Use: 35%
Physical Memory (total/avail): 2047.11 MiB / 1325.05 MiB
Pagefile Memory (total/avail): 3939.05 MiB / 3213.03 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1905.8 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 232.88 GiB total, 30.18 GiB free.
D: is CDROM (No Media)
I: is CDROM (No Media)
J: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - MAXTOR S TM325082 SCSI Disk Device - 232.88 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 232.88 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Sam\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=SAM-7F54CEF626E
ComSpec=C:\WINDOWS\system32\cmd.exe
CYGWIN=tty
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Sam
LOGONSERVER=\\SAM-7F54CEF626E
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Smart Projects\IsoBuster
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0d
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Sam\LOCALS~1\Temp
TMP=C:\DOCUME~1\Sam\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=SAM-7F54CEF626E
USERNAME=Sam
USERPROFILE=C:\Documents and Settings\Sam
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Sam (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> MsiExec /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
4oD --> MsiExec.exe /I {8B7443F5-E141-42A0-AB61-ED2331AAD606}
AC3Filter (remove only) --> C:\Program Files\AC3Filter\uninstall.exe
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings --> MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{77D2A9D3-5800-43E3-B274-87841BC87DB2}
Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{8E9DB7EF-5DD3-499E-BA2A-A1F3153A4DF8}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Premiere Pro CS3 --> C:\Program Files\Common Files\Adobe\Installers\32fdd767b4383606e8168e834af5d90\Setup.exe
Adobe Premiere Pro CS3 --> MsiExec.exe /I{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}
Adobe Premiere Pro CS3 Functional Content --> MsiExec.exe /I{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}
Adobe Premiere Pro CS3 Third Party Content --> MsiExec.exe /I{485ACF57-F364-440A-8496-E1E81C8FA1AA}
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
Adobe Setup --> MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup --> MsiExec.exe /I{8AE03988-8C8C-40EE-BDC7-76781BEF1B1D}
Adobe Setup --> MsiExec.exe /I{BB81360F-041C-4CF7-B15E-71380D154244}
Adobe Setup --> MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP DVA Panels CS3 --> MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
Adobe XMP Panels CS3 --> MsiExec.exe /I{D5A31AB1-345D-47C7-A87B-036A669F6DF1}
Age of Empires III --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}
AGEIA PhysX v7.09.13 --> MsiExec.exe /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
AlienGUIse Theme Manager --> C:\PROGRA~1\ALIENG~1\thememgr.exe /uninstallwise
Apple Mobile Device Support --> MsiExec.exe /I{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x6974
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HYDRAVISION --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{083F79E4-6FE9-46FB-A6C6-4F8862742947}\setup.exe"
ATI Parental Control & Encoder --> MsiExec.exe /I{36CDA33B-909B-4719-97D1-C4B99309BDC7}
ATI Problem Report Wizard --> MsiExec.exe /X{5DA6F06A-B389-407B-BF8C-1548767914D8}
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
AVI Codec Pack --> C:\Program Files\AVI Codec Pack\uninstall.exe
AVIVO --> MsiExec.exe /X{5399ACAF-7B15-43D5-9233-4E797B184FD2}
AVS DVDMenu Editor 1.2.1.19 --> "C:\Program Files\Common Files\AVSMedia\AVS DVDMenu Editor\unins000.exe"
AVS Video Tools 5.6 --> "C:\Program Files\AVSMedia\VideoTools\unins000.exe"
BitTorrent --> "C:\Program Files\BitTorrent\BitTorrent.exe" /UNINSTALL
CamStudio --> C:\Program Files\CamStudio\uninstall.exe
CDRWIN 6.1 --> MsiExec.exe /I{C8310658-4019-4934-A7AC-AD1E35EDD8F5}
D-Link VGA Webcam --> C:\WINDOWS\CleanDev.exe C:\WINDOWS\ov519.TXT
DaemonScript --> MsiExec.exe /X{0A21D2E9-F8A2-4CF9-88D7-E04A1C4C90AE}
Data Doctor Recovery FAT (Demo) 3.0.1.5 --> C:\Program Files\Data Doctor Recovery FAT (Demo)\Uninstall.exe
DawnOfWar --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{362D5167-9716-44BE-89FD-BF9EB6EF814B}
DAZ|Mimic 3.1 --> C:\WINDOWS\unvise32.exe C:\Program Files\DAZ\Mimic 3.1\DAZ Mimic Uninstall.log
DAZ|Studio1.8.1.5 --> C:\WINDOWS\unvise32.exe C:\Program Files\DAZ\Studio\DAZ Studio Uninstall.log
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUP
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP