Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

zenosearch, Ad popups and slow laptop [RESOLVED]


  • This topic is locked This topic is locked

#1
kelvintp

kelvintp

    Member

  • Member
  • PipPip
  • 18 posts
Hi, I'm having a few issues with a fairly new laptop I have now. It is a Mac book pro, running XP through boot camp. Seems to run fine or as well as it can, however recently I have picked up a few Ad pop ups, that I cannot get rid of. The machine is also running slower by the day, so I have gone through and run panda, Super anti spyware etc ad below is the Hijack log.

I will add the active scan log, uninstall, superantispyware and Malwarebytes log too.

I look forward to any help you can offer.

Thanks in advance


HIJACK THIS
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:49:45, on 30/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\AppleOSSMgr.exe
C:\WINDOWS\system32\AppleTimeSrv.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\IRW.exe
C:\Program Files\Boot Camp\KbdMgr.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\SM1BG.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.....co.uk/ig?hl=en
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IRW] C:\WINDOWS\system32\IRW.exe
O4 - HKLM\..\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\KbdMgr.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {C0B8E968-6A2B-4825-8029-A92874CA6BD5} (VPlayer Control) - http://video.vividas...player_ocx.jpeg
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = bel.local
O17 - HKLM\Software\..\Telephony: DomainName = bel.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = bel.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = bel.local
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Apple OS Switch Manager (AppleOSSMgr) - Unknown owner - C:\WINDOWS\system32\AppleOSSMgr.exe
O23 - Service: Apple Time Service (AppleTimeSrv) - Apple Inc. - C:\WINDOWS\system32\AppleTimeSrv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 10641 bytes



Uninstall List

AC3Filter (remove only)
Ad-Aware 2007
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.2
Adobe Shockwave Player
Apple Mobile Device Support
Apple Software Update
AutoCAD 2008 - English
Autodesk DWF Viewer 7
Boot Camp Services
Browser Optimizer Dcads
CutePDF Writer 2.7
Cypress USB Mass Storage Driver Installation
DivX Author 1.5
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Enhancement Browser Tools Superiorads
EPSON TWAIN 5
FlashFXP v3
Free DWG Viewer 6.0
Google Earth
GPL MPEG-1/2 DirectShow Decoder Filter
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915800)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
igLoader
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
LimeWire 4.16.6
Macromedia Flash Player 8
Malwarebytes' Anti-Malware
McAfee VirusScan Enterprise
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (2.0.0.14)
MSVC80_x86
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
MySidesearch Search Assistant Bfinding
neroxml
Next Generation Visualisations
NVIDIA Drivers
OpenAL
Panda ActiveScan 2.0
PC Connectivity Solution
QuickTime
Realtek High Definition Audio Driver
Roxio Easy Media Creator 7
Safari
Security Update for Excel 2007 (KB946974)
Security Update for Office 2007 (KB934062)
Security Update for Office 2007 (KB947801)
Security Update for Outlook 2007 (KB946983)
Security Update for Publisher 2007 (KB936646)
Security Update for the 2007 Microsoft Office System (KB936960)
Security Update for Visio 2007 (KB947590)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Skype 3.6
Sothink Movie DVD Maker
SUPERAntiSpyware Free Edition
Trials 2
Trials 2 Second Edition
Trials Construction Yard (remove only)
Update for Office 2007 (KB932080)
Update for Office 2007 (KB934391)
Update for Office 2007 (KB934393)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb949037)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Word 2007 (KB934173)
USB Storage Adapter FX (SM1)
VCRedistSetup
VideoLAN VLC media player 0.8.6d
Windows Defender
Windows Desktop Search 3.01
Windows Driver Package - Apple Inc. (applebt) Bluetooth (06/27/2007 2.0.0.1)
Windows Driver Package - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1)
Windows Driver Package - Apple Inc. Apple Built-in iSight (04/09/2007 1.3.0.0)
Windows Driver Package - Apple Inc. Apple IR Receiver (07/16/2007 2.0.0.1)
Windows Driver Package - Apple Inc. Apple Keyboard (08/30/2007 2.0.1.4)
Windows Driver Package - Apple Inc. Apple Trackpad (08/28/2007 2.0.1.4)
Windows Driver Package - Apple Inc. Apple Trackpad Enabler (08/28/2007 2.0.1.4)
Windows Driver Package - Apple Inc. System (06/21/2007 2.0.0.0)
Windows Driver Package - Atheros (AR5211) Net (04/05/2007 5.3.0.35)
Windows Driver Package - Atheros (AR5416) Net (06/26/2007 6.0.3.94)
Windows Driver Package - Broadcom (BCM43XX) Net (01/08/2007 4.80.75.0)
Windows Driver Package - Intel (E1000) Net (01/06/2006 8.6.17.0)
Windows Driver Package - Intel (e1express) Net (04/03/2006 9.3.39.0)
Windows Driver Package - Marvell (yukonwxp) Net (03/23/2007 10.12.7.3)
Windows Driver Package - Nokia Modem (08/03/2007 3.2)
Windows Driver Package - Nokia Modem (10/12/2007 3.6)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
Xvid 1.1.3 final uninstall
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar



Malwarebytes' Anti-Malware 1.11
Database version: 700

Scan type: Quick Scan
Objects scanned: 42982
Time elapsed: 14 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 13
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\{a5779a34-e3dd-7d9d-6c2c-ed93c3d20c9b}.dll (Trojan.Agent) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{8d71eeb8-a1a7-4733-8fa2-1cac015c967d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adslice.slice (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adslice.slice.1 (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\rotator.gizmo3 (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\rotator.gizmo3.1 (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mysidesearchsearchassistant (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gooochi (Adware.Rotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3acf6146-a401-eaf6-0cb8-a4ea16e09103} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3acf6146-a401-eaf6-0cb8-a4ea16e09103} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\Sidebar.DLL (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MySidesearch (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Screensavers.com (Adware.Comet) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\spa_start (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\QdrDrive (Adware.AdBand) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\{a5779a34-e3dd-7d9d-6c2c-ed93c3d20c9b}.dll-uninst.exe (Adware.Rotator) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kelvin.BEL\Local Settings\Temp\SSSInstaller.dll (Adware.Comet) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\{a5779a34-e3dd-7d9d-6c2c-ed93c3d20c9b}.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\rwwnw64d.exe (Adware.Zenosearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msnav32.ax (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zxdnt3d.cfg (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kelvin.BEL\Start Menu\Programs\Startup\DW_Start.lnk (Trojan.Agent) -> Quarantined and deleted successfully.


Active Scan

;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-04-30 14:08:16
PROTECTIONS: 1
MALWARE: 12
SUSPECTS: 0
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
McAfee VirusScan Enterprise 8.5.0.781 Yes Yes
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00162220 Adware/BHO Adware No 0 Yes No C:\Documents and Settings\Kelvin.BEL\Local Settings\Temp\tmp27A.tmp.exe
00352595 Trj/Banker.FTI Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{E9E03A7E-1D20-4B6E-A13D-9F9511BE7D3B}\RP66\A0012692.dll
02886535 Adware/TrafficSol Adware No 0 No No C:\System Volume Information\_restore{E9E03A7E-1D20-4B6E-A13D-9F9511BE7D3B}\RP97\A0022491.exe[\bann.exe][■%%\spads.dll]
02886551 Adware/TrafficSol Adware No 0 No No C:\System Volume Information\_restore{E9E03A7E-1D20-4B6E-A13D-9F9511BE7D3B}\RP97\A0022491.exe[\bann.exe]
02886557 Adware/AdRotator Adware No 0 No No C:\System Volume Information\_restore{E9E03A7E-1D20-4B6E-A13D-9F9511BE7D3B}\RP97\A0022491.exe[\adw.exe][]
02886559 Adware/AdRotator Adware No 0 No No C:\System Volume Information\_restore{E9E03A7E-1D20-4B6E-A13D-9F9511BE7D3B}\RP97\A0022491.exe[\adw.exe][\nsBrowserOpt.dll]
02886559 Adware/AdRotator Adware No 0 Yes No C:\System Volume Information\_restore{E9E03A7E-1D20-4B6E-A13D-9F9511BE7D3B}\RP137\A0027429.dll
02886560 Adware/AdRotator Adware No 0 No No C:\System Volume Information\_restore{E9E03A7E-1D20-4B6E-A13D-9F9511BE7D3B}\RP97\A0022491.exe[\adw.exe]
02886561 Adware/TrafficSol Adware No 0 Yes No C:\System Volume Information\_restore{E9E03A7E-1D20-4B6E-A13D-9F9511BE7D3B}\RP97\A0022491.exe
02907959 Adware/BHO Adware No 0 No No C:\Documents and Settings\Kelvin.BEL\Local Settings\Temp\tmp27A.tmp.exe[\dcads_sidebar.dll]
02913340 Adware/InternetSpeedMonitor Adware No 0 No No C:\System Volume Information\_restore{E9E03A7E-1D20-4B6E-A13D-9F9511BE7D3B}\RP114\A0026210.exe[ism.exe]
02913340 Adware/InternetSpeedMonitor Adware No 0 No No C:\WINDOWS\b3423423.exe[ism.exe]
02913340 Adware/InternetSpeedMonitor Adware No 0 Yes No C:\System Volume Information\_restore{E9E03A7E-1D20-4B6E-A13D-9F9511BE7D3B}\RP114\A0026211.exe
02913340 Adware/InternetSpeedMonitor Adware No 0 No No C:\System Volume Information\_restore{E9E03A7E-1D20-4B6E-A13D-9F9511BE7D3B}\RP116\A0026255.exe[ism.exe]
02913340 Adware/InternetSpeedMonitor Adware No 0 Yes No C:\System Volume Information\_restore{E9E03A7E-1D20-4B6E-A13D-9F9511BE7D3B}\RP116\A0026256.exe
02913916 Adware/Zenosearch Adware No 0 Yes No C:\System Volume Information\_restore{E9E03A7E-1D20-4B6E-A13D-9F9511BE7D3B}\RP137\A0027427.exe
02913916 Adware/Zenosearch Adware No 0 Yes No C:\System Volume Information\_restore{E9E03A7E-1D20-4B6E-A13D-9F9511BE7D3B}\RP137\A0027426.exe
02913916 Adware/Zenosearch Adware No 0 Yes No C:\System Volume Information\_restore{E9E03A7E-1D20-4B6E-A13D-9F9511BE7D3B}\RP137\A0027425.exe
02917237 Adware/AdRotator Adware No 0 No No C:\Documents and Settings\Kelvin.BEL\Local Settings\Temp\s1s0[■%%\sprt_ads.dll]
02917237 Adware/AdRotator Adware No 0 Yes No C:\System Volume Information\_restore{E9E03A7E-1D20-4B6E-A13D-9F9511BE7D3B}\RP97\A0022483.dll
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location @
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
VULNERABILITIES
Id Severity Description @
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================



SUPERAntiSpyware Scan Log
Generated 04/30/2008 at 12:15 PM

Application Version : 3.6.1000

Core Rules Database Version : 3450
Trace Rules Database Version: 1442

Scan type : Complete Scan
Total Scan Time : 01:35:59

Memory items scanned : 553
Memory threats detected : 1
Registry items scanned : 7911
Registry threats detected : 1
File items scanned : 67880
File threats detected : 32

Trojan.Unclassified/BrowserDriver
C:\WINDOWS\SYSTEM32\RWWNW64D.EXE
C:\WINDOWS\SYSTEM32\RWWNW64D.EXE
[{78-8F-F3-34-DW}] C:\WINDOWS\SYSTEM32\RWWNW64D.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E9E03A7E-1D20-4B6E-A13D-9F9511BE7D3B}\RP114\A0026209.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E9E03A7E-1D20-4B6E-A13D-9F9511BE7D3B}\RP116\A0026254.EXE
C:\WINDOWS\B8987677.EXE
C:\WINDOWS\SYSTEM32\JJWNW64R.EXE
C:\WINDOWS\Prefetch\RWWNW64D.EXE-1B918897.pf

Trojan.ZenoSearch
C:\WINDOWS\system32\msnav32.ax

Adware.Tracking Cookie
C:\Documents and Settings\Kelvin.BEL\Cookies\[email protected][2].txt
C:\Documents and Settings\Kelvin.BEL\Cookies\[email protected][1].txt
C:\Documents and Settings\Kelvin.BEL\Cookies\[email protected][1].txt
C:\Documents and Settings\Kelvin.BEL\Cookies\k[email protected][1].txt
C:\Documents and Settings\Kelvin.BEL\Cookies\[email protected][2].txt
C:\Documents and Settings\Kelvin.BEL\Cookies\[email protected][1].txt
C:\Documents and Settings\Kelvin.BEL\Cookies\[email protected][2].txt

Adware.AdRotator/AdsSite
C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS\NSBROWSEROPT.DLL

Adware.DeeWoo/ThinkAdz
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E9E03A7E-1D20-4B6E-A13D-9F9511BE7D3B}\RP114\A0026207.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E9E03A7E-1D20-4B6E-A13D-9F9511BE7D3B}\RP116\A0026251.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E9E03A7E-1D20-4B6E-A13D-9F9511BE7D3B}\RP118\A0026806.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E9E03A7E-1D20-4B6E-A13D-9F9511BE7D3B}\RP119\A0026872.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E9E03A7E-1D20-4B6E-A13D-9F9511BE7D3B}\RP121\A0026935.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E9E03A7E-1D20-4B6E-A13D-9F9511BE7D3B}\RP123\A0027025.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E9E03A7E-1D20-4B6E-A13D-9F9511BE7D3B}\RP126\A0027110.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E9E03A7E-1D20-4B6E-A13D-9F9511BE7D3B}\RP127\A0027148.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E9E03A7E-1D20-4B6E-A13D-9F9511BE7D3B}\RP129\A0027215.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E9E03A7E-1D20-4B6E-A13D-9F9511BE7D3B}\RP131\A0027279.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E9E03A7E-1D20-4B6E-A13D-9F9511BE7D3B}\RP136\A0027401.EXE

Adware.Unknown Origin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E9E03A7E-1D20-4B6E-A13D-9F9511BE7D3B}\RP134\A0027385.CFG
C:\WINDOWS\SYSTEM32\ZXDNT3D.CFG

Trojan.Downloader-Gen/FotoMoto
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E9E03A7E-1D20-4B6E-A13D-9F9511BE7D3B}\RP97\A0022480.DLL

Trojan.Downloader-SysMon
C:\ZIP\KEYGEN\NERO-8-ULTRA-EDITION-8.3.2.1--KEYGEN.EXE
C:\ZIP\KEYGEN\NERO-8-ULTRA-EDITION-8.3.2.1KEYMAKERS-AND-PLUGIN-SERIALS-SHAREA.EXE
C:\ZIP\NERO-8-ULTRA-EDITION-8.3.2.1--KEYGEN.EXE
  • 0

Advertisements


#2
Tal

Tal

    Trusted Helper

  • Retired Staff
  • 2,138 posts
Hello kelvintp, sorry about the delay - our helpers have been very busy.

My name is Tal, and I will be helping you in the process of removing malware from your computer.

Before we proceed to clean your computer from malware, let's go over some points that will help both me and you, and prevent causing damage to your computer:
  • Please don't be afraid to ask questions! :) No question is considered dumb here. It's better to be safe than sorry!
  • Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
  • NEVER fix anything in HijackThis or other programs on your own! This can be very dangerous and cause harm to your system. If you see a certain entry or program you're unsure about, please don't hesitate to ask! :)

You may also want to Track This Topic. This feature of the forum will send out an email to the email address you've signed up with as soon as I reply, so you can be notified of my reply. To do this, please locate the Options menu, located just under the New Topic and New Reply icons. Once you've found it, click it, and choose Track This Topic from the dropdown menu (the first option). In the page that appears after you have clicked Track This Topic, select Immediate Email Notification, then click Proceed.

First let's disable Windows Defender as it might hinder our fixes. Please remember to re-enable it when we're done.

# Click on "Tools"
# Click on "General Settings"
# Scroll down to "Real-time protection options"
# Uncheck "Turn on Real-time protection (recommended)"
# Click "Save"

Step1 : Correcting entry with HijackThis

Please re-open HijackThis and click Scan. Put a check next to the following entries presented in the window: (Do NOT click Fix yet!)
O4 - HKLM\..\Run: [IRW] C:\WINDOWS\system32\IRW.exe


Now, close all other windows but HijackThis, including Explorer windows (folders) and this window, and click Fix. Note: It is vital you close all other windows, otherwise the fix will not succeed.

Step2 : Deleting file in Safe Mode

First, let's make Windows show hidden files and folders. Hidden files and folders are usually systems files and they are hidden to prevent users from accidentally deleting them. However, malware often uses hidden files and folders to prevent its deletion.
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.

Please save the following instructions in a notepad file on your desktop as you will not be able to access this website during this stage of the fix.

Restart your computer and as soon as it start booting up, continuously press F8. A menu will show up. Choose Safe Mode using the arrow keys and press enter. Note that Safe Mode might take some time to load, so please be patient.

After the computer has entered Safe Mode, navigate to the following folders, and delete the following files marked in bold:
C:\WINDOWS\system32\IRW.exe


Restart your computer. It will reboot back automatically into Normal Mode.

Please include a new HijackThis log in your next reply, as well as a report on how the computer is running.
  • 0

#3
kelvintp

kelvintp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hi Tal, thanks for looking into this for me. I have done the hijack fix and went to safe mode, however I was unable to log back into my laptop in safe mode is the keyboard and mouse seem to have been disabled or are not being seen.
Do you have any suggestion to get around this?
  • 0

#4
Tal

Tal

    Trusted Helper

  • Retired Staff
  • 2,138 posts
Hi kelvin,

Hold on. I'll be back with you soon.
  • 0

#5
Bobbi Flekman

Bobbi Flekman

    The Computer Whisperer

  • Expert
  • 3,761 posts
  • MVP
Hey Kelvintp,

I use a Mac as well, though I use VMware for my Windows experiences...

Tal will still be helping you but I will be on the sidelines to input some of the Mac related things.

First off: the thing that Tal made you fix is the Infrared remote program so the remote would work within BootCamp. I doubt that would be the reason for the keyboard to fail working. We will be getting it back though as it is legit.

You say that the SafeBoot doesn't work (no keyboard, no mouse). I think that is because Apple uses an intermediary mouse driver that is not loaded in Safe Mode. Does the keyboard work when you simply boot up into BootCamp (the Normal way)?
  • 0

#6
kelvintp

kelvintp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
HI, thanks for your input too!!

Yes the keyboard and mouse work as normal when I boot up into bootcamp. Thinking about it, I should have mentioned this earlier, but I can use my USB mouse, so was thinking that I USB keyboard would work to, but unfortunately I do not have one of these. So the laptop keyboard and mouse pad are disabled, but usb mouse does work.
  • 0

#7
Tal

Tal

    Trusted Helper

  • Retired Staff
  • 2,138 posts
Hi kelvintp,

So have you delete the file? Or is it still there? If you didn't, DON'T as it's legit. We will restore the HijackThis backups and make it work again.

Edited by Tal, 07 May 2008 - 06:27 AM.

  • 0

#8
kelvintp

kelvintp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hi Tal, I did not delete it in safe mode as I could not get onto the laptop, but I did do the fix in HijackThis
  • 0

#9
Tal

Tal

    Trusted Helper

  • Retired Staff
  • 2,138 posts
OK. So let's just restore the backups and the driver we've 'fixed' should be restored.

To restore the backups:
  • Open HiJackThis
  • Click on "View the list of Backups"
  • Place a check mark next to everything in that window
  • Click Restore
  • Click Yes
  • Reboot your computer
  • Run HiJackThis and post a new HiJackThis log for review.

  • 0

#10
kelvintp

kelvintp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hi, restore was done ok, here is the new log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:49:11, on 07/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\AppleOSSMgr.exe
C:\WINDOWS\system32\AppleTimeSrv.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Boot Camp\KbdMgr.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\userinit.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\SM1BG.EXE
C:\WINDOWS\system32\IRW.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.....co.uk/ig?hl=en
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\KbdMgr.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [IRW] C:\WINDOWS\system32\IRW.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {C0B8E968-6A2B-4825-8029-A92874CA6BD5} (VPlayer Control) - http://video.vividas...player_ocx.jpeg
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = bel.local
O17 - HKLM\Software\..\Telephony: DomainName = bel.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = bel.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = bel.local
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Apple OS Switch Manager (AppleOSSMgr) - Unknown owner - C:\WINDOWS\system32\AppleOSSMgr.exe
O23 - Service: Apple Time Service (AppleTimeSrv) - Apple Inc. - C:\WINDOWS\system32\AppleTimeSrv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 10744 bytes
  • 0

Advertisements


#11
Tal

Tal

    Trusted Helper

  • Retired Staff
  • 2,138 posts
It looks clean, but let's run an additional scan to be sure.

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply. Note: It's likely that the two logs won't fit into one post. If so, please post extra.txt in a separate post.

  • 0

#12
kelvintp

kelvintp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
OK here is the Main.txt log

Deckard's System Scanner v20071014.68
Run by Kelvin on 2008-05-07 14:05:15
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 3 Restore Point(s) --
3: 2008-05-07 13:05:27 UTC - RP142 - Deckard's System Scanner Restore Point
2: 2008-05-07 09:35:59 UTC - RP141 - Uniblue RegistryBooster
1: 2008-05-07 08:18:29 UTC - RP140 - Software Distribution Service 3.0


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Kelvin.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:10:10, on 07/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\AppleOSSMgr.exe
C:\WINDOWS\system32\AppleTimeSrv.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Boot Camp\KbdMgr.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\SM1BG.EXE
C:\WINDOWS\system32\IRW.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Kelvin.BEL\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Kelvin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.....co.uk/ig?hl=en
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\KbdMgr.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [IRW] C:\WINDOWS\system32\IRW.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {C0B8E968-6A2B-4825-8029-A92874CA6BD5} (VPlayer Control) - http://video.vividas...player_ocx.jpeg
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = bel.local
O17 - HKLM\Software\..\Telephony: DomainName = bel.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = bel.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = bel.local
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Apple OS Switch Manager (AppleOSSMgr) - Unknown owner - C:\WINDOWS\system32\AppleOSSMgr.exe
O23 - Service: Apple Time Service (AppleTimeSrv) - Apple Inc. - C:\WINDOWS\system32\AppleTimeSrv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 10717 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - AutoCADScriptFile - shell\open\command - "C:\WINDOWS\system32\notepad.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 DVDVRRdr_xp - c:\windows\system32\drivers\dvdvrrdr_xp.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R2 KeyAgent - c:\windows\system32\drivers\keyagent.sys <Not Verified; Apple Inc.; Boot Camp>
R2 MacHALDriver (Mac HAL) - c:\windows\system32\drivers\machaldriver.sys <Not Verified; Apple Inc.; >
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>

S3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Atheros AR5008 Wireless Network Adapter
Device ID: PCI\VEN_168C&DEV_0024&SUBSYS_0087106B&REV_01\4&139D1158&0&00E4
Manufacturer: Atheros
Name: Atheros AR5008 Wireless Network Adapter
PNP Device ID: PCI\VEN_168C&DEV_0024&SUBSYS_0087106B&REV_01\4&139D1158&0&00E4
Service: AR5416

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_283E&SUBSYS_00A0106B&REV_03\3&B1BFB68&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_283E&SUBSYS_00A0106B&REV_03\3&B1BFB68&0&FB
Service:

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Ktbel
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Ktbel
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd


-- Scheduled Tasks -------------------------------------------------------------

2008-05-07 14:00:40 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2007-12-08 13:44:47 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-04-07 and 2008-05-07 -----------------------------

2008-05-07 14:04:58 0 d-------- H:\Deckard
2008-05-07 10:27:17 0 d-------- C:\Documents and Settings\Kelvin.BEL\Application Data\Uniblue
2008-04-30 14:49:23 0 d-------- C:\Program Files\Trend Micro
2008-04-30 12:32:30 0 d-------- C:\Program Files\Panda Security
2008-04-30 10:40:09 88961 --a------ C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
2008-04-30 10:36:42 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-30 10:36:34 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-04-30 10:36:34 0 d-------- C:\Documents and Settings\Kelvin.BEL\Application Data\SUPERAntiSpyware.com
2008-04-30 10:10:59 0 d-------- C:\Documents and Settings\Kelvin.BEL\Application Data\Malwarebytes
2008-04-30 10:10:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-30 10:10:29 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-30 10:04:05 0 d-------- C:\Program Files\Common Files\Download Manager
2008-04-28 11:36:35 0 d-------- C:\Program Files\MagicISO
2008-04-23 13:00:39 0 d-------- C:\Program Files\MSXML 6.0
2008-04-21 14:25:33 0 d-------- C:\Program Files\AutoCAD 2008
2008-04-21 14:25:33 0 d-------- C:\Documents and Settings\Kelvin.BEL\Application Data\Autodesk
2008-04-21 14:25:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2008-04-21 14:24:21 0 d-------- C:\Program Files\Common Files\Autodesk Shared
2008-04-21 14:24:21 0 d-------- C:\Program Files\Autodesk
2008-04-18 15:08:31 298306 --a------ C:\WINDOWS\system32\gside.exe
2008-04-17 17:29:52 400630 --a------ C:\WINDOWS\system32\g31.exe
2008-04-17 16:36:55 0 d-------- C:\Documents and Settings\Kelvin.BEL\Application Data\AVS4YOU
2008-04-17 16:36:44 0 d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-04-17 16:35:07 0 d-------- C:\Program Files\Common Files\AVSMedia
2008-04-17 16:34:17 413760 --a------ C:\WINDOWS\system32\mpg4c32.dll <Not Verified; Microsoft Corporation; Microsoft MPEG-4 Video Codec>
2008-04-17 16:34:17 261632 --a------ C:\WINDOWS\system32\mcdvd_32.dll <Not Verified; MainConcept; MainConcept DV Codec "2.0.4>
2008-04-17 16:34:16 0 d-------- C:\Program Files\AVS4YOU
2008-04-17 15:44:49 0 d-------- C:\WINDOWS\system32\ffdshow
2008-04-17 15:44:48 0 d-------- C:\Program Files\SourceTec
2008-04-17 15:36:54 0 d-------- C:\Program Files\ImTOO
2008-04-17 14:29:56 0 d-------- C:\Program Files\NeroInstall.bak
2008-04-17 12:55:56 0 d-------- C:\Program Files\Nero
2008-04-17 12:50:51 861 --a------ C:\WINDOWS\system32\winpfz33.sys
2008-04-17 12:50:33 266608 --a------ C:\WINDOWS\b3423423.exe
2008-04-17 11:18:04 0 d-------- C:\Documents and Settings\Kelvin.BEL\Application Data\Roxio
2008-04-17 11:11:51 79800 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2008-04-17 11:09:15 36963 -ra------ C:\Program Files\Common Files\SM1updtr.dll <Not Verified; Cypress Semiconductor; Cypress USB Mass Storage Adapter>
2008-04-17 11:09:14 0 d-------- C:\WINDOWS\DRIVERS
2008-04-17 11:08:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Napster
2008-04-17 10:56:21 0 d-------- C:\Program Files\Roxio
2008-04-17 10:56:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Roxio
2008-04-17 10:56:15 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-04-07 14:30:31 83916 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-04-07 10:10:34 0 d-------- C:\Program Files\Safari
2008-04-07 10:08:32 0 d-------- C:\Program Files\iPod


-- Find3M Report ---------------------------------------------------------------

2008-05-07 11:13:16 0 d-------- C:\Documents and Settings\Kelvin.BEL\Application Data\Skype
2008-05-07 11:00:24 0 d-------- C:\Documents and Settings\Kelvin.BEL\Application Data\skypePM
2008-05-02 10:27:39 0 d-------- C:\Documents and Settings\Kelvin.BEL\Application Data\LimeWire
2008-04-30 12:32:31 2851 --a------ C:\WINDOWS\mozver.dat
2008-04-30 10:36:17 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-30 10:04:05 0 d-------- C:\Program Files\Common Files
2008-04-17 15:21:40 0 d-------- C:\Program Files\Common Files\Nero
2008-04-17 11:44:23 0 d-------- C:\Program Files\DivX
2008-04-17 11:09:14 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-17 11:08:28 0 d-------- C:\Program Files\Common Files\InstallShield
2008-04-15 12:33:59 0 d-------- C:\Program Files\Trials 2 Second Edition
2008-04-07 12:08:59 0 d-------- C:\Documents and Settings\Kelvin.BEL\Application Data\Apple Computer
2008-04-07 10:08:51 0 d-------- C:\Program Files\iTunes
2008-04-07 10:07:11 0 d-------- C:\Program Files\QuickTime
2008-03-31 22:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX>
2008-03-31 22:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX>
2008-03-31 22:25:46 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-03-31 22:25:46 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 22:25:46 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX>
2008-03-28 13:26:01 40730 --a------ C:\WINDOWS\system32\superiorads-uninst.exe
2008-03-28 13:25:31 80105 --a------ C:\WINDOWS\system32\dcads-remove.exe
2008-03-25 10:30:33 0 d-------- C:\Program Files\Java
2008-03-21 21:30:08 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 21:28:54 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-03-21 21:28:54 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-03-21 21:28:20 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-20 15:30:24 413696 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2008-03-20 15:30:24 110592 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions © Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL™ Library>
2008-03-17 13:11:01 0 d-------- C:\Documents and Settings\Kelvin.BEL\Application Data\InstallShield
2008-03-12 16:45:56 0 d-------- C:\Program Files\FlashFXP
2008-03-11 11:48:19 0 d-------- C:\Program Files\Lavasoft
2008-02-18 17:37:53 20992 --a------ C:\WINDOWS\jestertb.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [08/10/2007 21:58]
"nwiz"="nwiz.exe" [08/10/2007 21:59 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [08/10/2007 21:58]
"RTHDCPL"="RTHDCPL.EXE" [08/10/2007 21:59 C:\WINDOWS\RTHDCPL.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [27/07/2007 13:00 C:\WINDOWS\system32\bthprops.cpl]
"Apple_KbdMgr"="C:\Program Files\Boot Camp\KbdMgr.exe" [08/10/2007 23:06]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [22/02/2007 21:50]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [19/12/2006 12:27]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [27/10/2006 01:47]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03/11/2006 20:20]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 05:25]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 23:16]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [28/03/2008 23:37]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30/03/2008 10:36]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [27/01/2004 22:39]
"SM1BG"="C:\WINDOWS\SM1BG.EXE" [27/08/2003 14:20]
"IRW"="C:\WINDOWS\system32\IRW.exe" [08/10/2007 21:56]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [27/07/2007 13:00]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 12:34]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" []
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [30/08/2007 18:43]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [30/04/2008 14:47]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [05/02/2007 16:39 294400]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 30/04/2008 14:47 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ
HPZ12 Pml Driver HPZ12 Net Driver HPZ12


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55137344-bf83-11dc-a6d3-001e52d5135c}]
AutoRun\command- E:\InstallTomTomHOME.exe




-- End of Deckard's System Scanner: finished at 2008-05-07 14:10:37 ------------
  • 0

#13
kelvintp

kelvintp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
and here is the extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 Duo CPU T7700 @ 2.40GHz
CPU 1: Intel® Core™2 Duo CPU T7700 @ 2.40GHz
Percentage of Memory in Use: 27%
Physical Memory (total/avail): 2030.49 MiB / 1473.49 MiB
Pagefile Memory (total/avail): 3923.39 MiB / 3440.31 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1923.5 MiB

C: is Fixed (NTFS) - 61.12 GiB total, 43.75 GiB free.
D: is CDROM (No Media)
H: is Network (NTFS)
S: is Network (NTFS)
T: is Network (NTFS)
V: is Network (NTFS)
W: is Network (NTFS)

\\.\PHYSICALDRIVE0 - Hitachi HTS722020K9SA00 - 186.31 GiB - 3 partitions
\PARTITION0 - Unknown - 200.02 MiB
\PARTITION1 - Unknown - 124.88 GiB
\PARTITION2 (bootable) - Installable File System - 61.12 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: McAfee VirusScan Enterprise v8.5.0.781 (McAfee, Inc.)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"="C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe:*:Enabled:McAfee Framework Service"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"="C:\\Program Files\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\\Program Files\\SopCast\\SopCast.exe"="C:\\Program Files\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"="C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"="C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Disabled:Firefox"
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"="C:\\Program Files\\FlashFXP\\FlashFXP.exe:*:Enabled:FlashFXP v3"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"="C:\\Program Files\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\\Program Files\\SopCast\\SopCast.exe"="C:\\Program Files\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"="C:\\Program Files\\FlashFXP\\FlashFXP.exe:*:Enabled:FlashFXP v3"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Kelvin.BEL\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=KELVIN_MPRO
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFLOGDIR=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
FP_NO_HOST_CHECK=NO
HOMEDRIVE=H:
HOMEPATH=\
HOMESHARE=\\belserver\users home folders\Kelvint
LOGONSERVER=\\BELSERVER
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\PC Connectivity Solution\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Roxio Shared\DLLShared
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 11, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0b
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Kelvin.BEL\LOCALS~1\Temp
TMP=C:\DOCUME~1\Kelvin.BEL\LOCALS~1\Temp
USERDNSDOMAIN=BEL.LOCAL
USERDOMAIN=BEL
USERNAME=Kelvin
USERPROFILE=C:\Documents and Settings\Kelvin.BEL
VSEDEFLOGDIR=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Kelvin (admin)
Kelvin.BEL (admin)
Administrator (new local, admin, net ready)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
AC3Filter (remove only) --> C:\Program Files\AC3Filter\uninstall.exe
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{BB65C393-C76E-4F06-9B0C-2124AA8AF97B}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AutoCAD 2008 - English --> C:\Program Files\AutoCAD 2008\Setup\Setup.exe /P {5783F2D7-6001-0409-0002-0060B0CE6BBA} /M ACAD
Autodesk DWF Viewer 7 --> MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
Boot Camp Services --> MsiExec.exe /I{F0E45628-1218-4865-A516-8E8A54272ADC}
Browser Optimizer Dcads --> C:\WINDOWS\system32\dcads-remove.exe
CutePDF Writer 2.7 --> C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe /uninstall
Cypress USB Mass Storage Driver Installation --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0695EE-ED29-4D96-BD77-2A9A17EDF0D6}\Setup.exe" -l0x9 NotFirstInstall
DivX Author 1.5 --> C:\Program Files\DivX\DivX Author 1.5\DivXAuthorUninstall.exe /DIVX_AUTHOR
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Enhancement Browser Tools Superiorads --> C:\WINDOWS\system32\superiorads-uninst.exe
EPSON TWAIN 5 --> C:\Program Files\InstallShield Installation Information\{254BEB3E-1085-4D66-9CDC-0152C0DC2E93}\setup.exe -runfromtemp -l0x0009UNINSTALL -removeonly
FlashFXP v3 --> "C:\Program Files\FlashFXP\Uninstall.exe" "C:\Program Files\FlashFXP\install.log" -u
Free DWG Viewer 6.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B8B4D43C-EAA0-4EEC-B93E-D4D012316286}\setup.exe" -l0x9 -removeonly
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
GPL MPEG-1/2 DirectShow Decoder Filter --> MsiExec.exe /I{870815CA-6B60-47B6-88DD-A67F42D2F03E}
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
igLoader --> C:\Program Files\igLoader\uninstall.exe
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
LimeWire 4.16.6 --> "C:\Program Files\LimeWire\uninstall.exe"
Macromedia Flash Player 8 --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee VirusScan Enterprise --> MsiExec.exe /I{35C03C04-3F1F-42C2-A989-A757EE691F65}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISER /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{91120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVC80_x86 --> MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MySidesearch Search Assistant Bfinding --> C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Next Generation Visualisations --> MsiExec.exe /I{2E376AD9-5C49-4F7D-A0BA-6A44E8FA5A3B}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OpenAL --> "C:\Program Files\OpenAL\oalinst.exe" /U
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PC Connectivity Solution --> MsiExec.exe /I{BA084E7C-8ABA-4670-BDE8-B85E689A5C1B}
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Roxio Easy Media Creator 7 --> MsiExec.exe /I{CB4544EA-C189-41FE-9E3A-76591DDB852B}
Safari --> MsiExec.exe /I{F0E8F94D-6E68-4B35-92DF-3AA6DC6A6768}
Security Update for Excel 2007 (KB946974) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Office 2007 (KB934062) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Office 2007 (KB947801) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Security Update for Publisher 2007 (KB936646) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {A32E4BAF-6477-45FA-B8AB-E743FA8D63FF}
Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
Security Update for Visio 2007 (KB947590) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Skype 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sothink Movie DVD Maker --> "C:\Program Files\SourceTec\Sothink Movie DVD Maker\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Trials 2 --> C:\Program Files\Trials 2\Uninstall.exe
Trials 2 Second Edition --> C:\Program Files\Trials 2 Second Edition\Uninstall.exe
Trials Construction Yard (remove only) --> "C:\Program Files\Trials Construction Yard\uninst.exe"
Update for Office 2007 (KB932080) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB934391) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
Update for Office 2007 (KB934393) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {92FBAD46-E7F6-49FA-89B5-C39FC5BFAD15}
Update for Office 2007 (KB946691) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb949037) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {B4F188C6-6DBF-42A5-A8A3-3086D1A384F2}
Update for Word 2007 (KB934173) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {C6A89125-5473-45E3-B413-ED8186437475}
USB Storage Adapter FX (SM1) --> SM1UN.EXE SM1FX_AT
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VideoLAN VLC media player 0.8.6d --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Desktop Search 3.01 --> "C:\WINDOWS\$NtUninstallKB917013$\spuninst\spuninst.exe"
Windows Driver Package - Apple Inc. (applebt) Bluetooth (06/27/2007 2.0.0.1) --> C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\applebt_5F5CDDBA8C90066BFACA98E240B0E384FD78D0E5\applebt.inf
Windows Driver Package - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1) --> C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\bthkicker_22481FFE232728F300C3EA4B9D04741F71A78A6F\bthkicker.inf
Windows Driver Package - Apple Inc. Apple Built-in iSight (04/09/2007 1.3.0.0) --> C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\isight_457E352673E04E3628F3481F96106C5726855272\isight.inf
Windows Driver Package - Apple Inc. Apple IR Receiver (07/16/2007 2.0.0.1) --> C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\irfilter_6BAE4C4E6E43E4AF7524F089CA605ACCDD038710\irfilter.inf
Windows Driver Package - Apple Inc. Apple Keyboard (08/30/2007 2.0.1.4) --> C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\keymagic_5748EA9D9741D5BA6763BCAC4C6D158F8A7EF029\keymagic.inf
Windows Driver Package - Apple Inc. Apple Trackpad (08/28/2007 2.0.1.4) --> C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\aapltp_BF219E1F63B7461D0F5D650033C78F989EDEE0FB\aapltp.inf
Windows Driver Package - Apple Inc. Apple Trackpad Enabler (08/28/2007 2.0.1.4) --> C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\aapltctp_762C22B15E03318F1DF4F3D7EEB1E5C1D51F5032\aapltctp.inf
Windows Driver Package - Apple Inc. System (06/21/2007 2.0.0.0) --> C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\applenull_853A42E440968266FB61B6DCC69BD2406D991F68\applenull.inf
Windows Driver Package - Atheros (AR5211) Net (04/05/2007 5.3.0.35) --> C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\net5211_83E4E86F1350732D629D737DAECF97C35FD29B0F\net5211.inf
Windows Driver Package - Atheros (AR5416) Net (06/26/2007 6.0.3.94) --> C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\net5416_011416A5D099921307D4CC88E2E5BD075CE39446\net5416.inf
Windows Driver Package - Broadcom (BCM43XX) Net (01/08/2007 4.80.75.0) --> C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\bcmwl5_52A7865A91A2795EC5D7A8EC9B1E1622EA863FFF\bcmwl5.inf
Windows Driver Package - Intel (E1000) Net (01/06/2006 8.6.17.0) --> C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\e1000325_4D2F92D840FE9D1A0C33FEC20BFC7747BB0608EA\e1000325.inf
Windows Driver Package - Intel (e1express) Net (04/03/2006 9.3.39.0) --> C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\e1e5132_A95FC331A737294D9476DAB83E0F4371146BDFDE\e1e5132.inf
Windows Driver Package - Marvell (yukonwxp) Net (03/23/2007 10.12.7.3) --> C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\yk51x86_98FE2F08F37A78F4FF0C10AACFE1E827854D61AE\yk51x86.inf
Windows Driver Package - Nokia Modem (08/03/2007 3.2) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_05A76228EE0EF20D8B64523AD40E95C8F09D6988\pccs_bluetooth.inf
Windows Driver Package - Nokia Modem (10/12/2007 3.6) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_0A5D98F754C6588B2E3DDE89DDEF097075ADFFB7\nokia_bluetooth.inf
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Xvid 1.1.3 final uninstall --> "C:\Program Files\Xvid\unins000.exe"
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type3590 / Success
Event Submitted/Written: 05/06/2008 01:34:08 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type3567 / Success
Event Submitted/Written: 05/06/2008 09:05:00 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type3552 / Error
Event Submitted/Written: 05/02/2008 10:45:13 AM
Event ID/Source: 259 / McLogEvent
Event Description:
The file C:\Incomplete\T-202477-145 Mobile games + Phone Unlocking !!!! ALL WORKING Nokia, Motorola, Sony ericsson, LG, rar.zip\SETUP.EXE contains the Generic.dx Trojan. Undetermined clean error, deleted successfully. Detected using Scan engine version 5200.2160 DAT version 5286.0000.

Event Record #/Type3551 / Warning
Event Submitted/Written: 05/02/2008 10:45:08 AM
Event ID/Source: 258 / McLogEvent
Event Description:
The file C:\INCOMPLETE\T-202477-145 MOBILE GAMES + PHONE UNLOCKING !!!! ALL WORKING NOKIA, MOTOROLA, SONY ERICSSON, LG, RAR.ZIP contains Generic.dx Trojan. The file was successfully deleted.

Event Record #/Type3535 / Success
Event Submitted/Written: 05/02/2008 08:55:17 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type10750 / Warning
Event Submitted/Written: 05/07/2008 01:47:08 PM / 05/07/2008 01:47:25 PM
Event ID/Source: 18 / BTHUSB
Event Description:
Windows cannot store Bluetooth link keys on the local transceiver because it cannot determine whether proper security is enabled for the device.

Event Record #/Type10748 / Error
Event Submitted/Written: 05/07/2008 01:46:55 PM / 05/07/2008 01:47:25 PM
Event ID/Source: 1 / ACPIEC
Event Description:
\Device\ACPIEC: The embedded controller (EC) hardware didn't respond within the timeout period. This may indicate an error in the EC hardware or firmware, or possibly a poorly designed BIOS which accesses the EC in an unsafe manner. The EC driver will retry the failed transaction if possible.

Event Record #/Type10728 / Warning
Event Submitted/Written: 05/07/2008 11:31:32 AM / 05/07/2008 11:31:51 AM
Event ID/Source: 18 / BTHUSB
Event Description:
Windows cannot store Bluetooth link keys on the local transceiver because it cannot determine whether proper security is enabled for the device.

Event Record #/Type10726 / Error
Event Submitted/Written: 05/07/2008 11:31:21 AM / 05/07/2008 11:31:51 AM
Event ID/Source: 1 / ACPIEC
Event Description:
\Device\ACPIEC: The embedded controller (EC) hardware didn't respond within the timeout period. This may indicate an error in the EC hardware or firmware, or possibly a poorly designed BIOS which accesses the EC in an unsafe manner. The EC driver will retry the failed transaction if possible.

Event Record #/Type10711 / Error
Event Submitted/Written: 05/07/2008 11:24:02 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
AFD
cdudf_xp
Fips
intelppm
IPSec
mfetdik
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
SASDIFSV
SASKUTIL
Tcpip



-- End of Deckard's System Scanner: finished at 2008-05-07 14:10:37 ------------
  • 0

#14
Tal

Tal

    Trusted Helper

  • Retired Staff
  • 2,138 posts
Hello again kelvintp,

Please download the OTMoveIt2 by OldTimer. Please note: If you already have OTMoveIt on your system, please replace it with this newer version.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
    C:\WINDOWS\system32\gside.exe
    C:\WINDOWS\system32\g31.exe
    C:\WINDOWS\system32\winpfz33.sys
    C:\WINDOWS\b3423423.exe
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Do you still have any issues? If so, we will run deeper scans.

In your next reply, please include a new DSS log (DSS will only produce a shortened version of main.txt now) and the OTMoveIt log.

Regards

Tal

Edited by Tal, 07 May 2008 - 09:04 AM.
BBCode

  • 0

#15
kelvintp

kelvintp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hi Tal,

Here are the logs as requested. Things seem to be better for the moment, I will reboot and come back to you shortly, but in the meantime, here are the logs for you to see.

Deckard's System Scanner v20071014.68
Run by Kelvin on 2008-05-07 16:09:45
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Kelvin.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:09:53, on 07/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\AppleOSSMgr.exe
C:\WINDOWS\system32\AppleTimeSrv.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Boot Camp\KbdMgr.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\SM1BG.EXE
C:\WINDOWS\system32\IRW.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Kelvin.BEL\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Kelvin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.....co.uk/ig?hl=en
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\KbdMgr.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [IRW] C:\WINDOWS\system32\IRW.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {C0B8E968-6A2B-4825-8029-A92874CA6BD5} (VPlayer Control) - http://video.vividas...player_ocx.jpeg
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = bel.local
O17 - HKLM\Software\..\Telephony: DomainName = bel.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = bel.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = bel.local
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Apple OS Switch Manager (AppleOSSMgr) - Unknown owner - C:\WINDOWS\system32\AppleOSSMgr.exe
O23 - Service: Apple Time Service (AppleTimeSrv) - Apple Inc. - C:\WINDOWS\system32\AppleTimeSrv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 10761 bytes

-- Files created between 2008-04-07 and 2008-05-07 -----------------------------

2008-05-07 14:04:58 0 d-------- H:\Deckard
2008-05-07 10:27:17 0 d-------- C:\Documents and Settings\Kelvin.BEL\Application Data\Uniblue
2008-04-30 14:49:23 0 d-------- C:\Program Files\Trend Micro
2008-04-30 12:32:30 0 d-------- C:\Program Files\Panda Security
2008-04-30 10:36:42 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-30 10:36:34 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-04-30 10:36:34 0 d-------- C:\Documents and Settings\Kelvin.BEL\Application Data\SUPERAntiSpyware.com
2008-04-30 10:10:59 0 d-------- C:\Documents and Settings\Kelvin.BEL\Application Data\Malwarebytes
2008-04-30 10:10:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-30 10:10:29 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-30 10:04:05 0 d-------- C:\Program Files\Common Files\Download Manager
2008-04-28 11:36:35 0 d-------- C:\Program Files\MagicISO
2008-04-23 13:00:39 0 d-------- C:\Program Files\MSXML 6.0
2008-04-21 14:25:33 0 d-------- C:\Program Files\AutoCAD 2008
2008-04-21 14:25:33 0 d-------- C:\Documents and Settings\Kelvin.BEL\Application Data\Autodesk
2008-04-21 14:25:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2008-04-21 14:24:21 0 d-------- C:\Program Files\Common Files\Autodesk Shared
2008-04-21 14:24:21 0 d-------- C:\Program Files\Autodesk
2008-04-17 16:36:55 0 d-------- C:\Documents and Settings\Kelvin.BEL\Application Data\AVS4YOU
2008-04-17 16:36:44 0 d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-04-17 16:35:07 0 d-------- C:\Program Files\Common Files\AVSMedia
2008-04-17 16:34:17 413760 --a------ C:\WINDOWS\system32\mpg4c32.dll <Not Verified; Microsoft Corporation; Microsoft MPEG-4 Video Codec>
2008-04-17 16:34:17 261632 --a------ C:\WINDOWS\system32\mcdvd_32.dll <Not Verified; MainConcept; MainConcept DV Codec "2.0.4>
2008-04-17 16:34:16 0 d-------- C:\Program Files\AVS4YOU
2008-04-17 15:44:49 0 d-------- C:\WINDOWS\system32\ffdshow
2008-04-17 15:44:48 0 d-------- C:\Program Files\SourceTec
2008-04-17 15:36:54 0 d-------- C:\Program Files\ImTOO
2008-04-17 14:29:56 0 d-------- C:\Program Files\NeroInstall.bak
2008-04-17 12:55:56 0 d-------- C:\Program Files\Nero
2008-04-17 11:18:04 0 d-------- C:\Documents and Settings\Kelvin.BEL\Application Data\Roxio
2008-04-17 11:11:51 79800 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2008-04-17 11:09:15 36963 -ra------ C:\Program Files\Common Files\SM1updtr.dll <Not Verified; Cypress Semiconductor; Cypress USB Mass Storage Adapter>
2008-04-17 11:09:14 0 d-------- C:\WINDOWS\DRIVERS
2008-04-17 11:08:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Napster
2008-04-17 10:56:21 0 d-------- C:\Program Files\Roxio
2008-04-17 10:56:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Roxio
2008-04-17 10:56:15 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-04-07 14:30:31 83916 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-04-07 10:10:34 0 d-------- C:\Program Files\Safari
2008-04-07 10:08:32 0 d-------- C:\Program Files\iPod


-- Find3M Report ---------------------------------------------------------------

2008-05-07 11:13:16 0 d-------- C:\Documents and Settings\Kelvin.BEL\Application Data\Skype
2008-05-07 11:00:24 0 d-------- C:\Documents and Settings\Kelvin.BEL\Application Data\skypePM
2008-05-02 10:27:39 0 d-------- C:\Documents and Settings\Kelvin.BEL\Application Data\LimeWire
2008-04-30 12:32:31 2851 --a------ C:\WINDOWS\mozver.dat
2008-04-30 10:36:17 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-30 10:04:05 0 d-------- C:\Program Files\Common Files
2008-04-17 15:21:40 0 d-------- C:\Program Files\Common Files\Nero
2008-04-17 11:44:23 0 d-------- C:\Program Files\DivX
2008-04-17 11:09:14 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-17 11:08:28 0 d-------- C:\Program Files\Common Files\InstallShield
2008-04-15 12:33:59 0 d-------- C:\Program Files\Trials 2 Second Edition
2008-04-07 12:08:59 0 d-------- C:\Documents and Settings\Kelvin.BEL\Application Data\Apple Computer
2008-04-07 10:08:51 0 d-------- C:\Program Files\iTunes
2008-04-07 10:07:11 0 d-------- C:\Program Files\QuickTime
2008-03-31 22:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX>
2008-03-31 22:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX>
2008-03-31 22:25:46 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-03-31 22:25:46 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 22:25:46 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX>
2008-03-28 13:26:01 40730 --a------ C:\WINDOWS\system32\superiorads-uninst.exe
2008-03-28 13:25:31 80105 --a------ C:\WINDOWS\system32\dcads-remove.exe
2008-03-25 10:30:33 0 d-------- C:\Program Files\Java
2008-03-21 21:30:08 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 21:28:54 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-03-21 21:28:54 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-03-21 21:28:20 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-20 15:30:24 413696 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2008-03-20 15:30:24 110592 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions © Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL™ Library>
2008-03-17 13:11:01 0 d-------- C:\Documents and Settings\Kelvin.BEL\Application Data\InstallShield
2008-03-12 16:45:56 0 d-------- C:\Program Files\FlashFXP
2008-03-11 11:48:19 0 d-------- C:\Program Files\Lavasoft
2008-02-18 17:37:53 20992 --a------ C:\WINDOWS\jestertb.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [08/10/2007 21:58]
"nwiz"="nwiz.exe" [08/10/2007 21:59 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [08/10/2007 21:58]
"RTHDCPL"="RTHDCPL.EXE" [08/10/2007 21:59 C:\WINDOWS\RTHDCPL.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [27/07/2007 13:00 C:\WINDOWS\system32\bthprops.cpl]
"Apple_KbdMgr"="C:\Program Files\Boot Camp\KbdMgr.exe" [08/10/2007 23:06]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [22/02/2007 21:50]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [19/12/2006 12:27]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [27/10/2006 01:47]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03/11/2006 20:20]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 05:25]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 23:16]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [28/03/2008 23:37]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30/03/2008 10:36]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [27/01/2004 22:39]
"SM1BG"="C:\WINDOWS\SM1BG.EXE" [27/08/2003 14:20]
"IRW"="C:\WINDOWS\system32\IRW.exe" [08/10/2007 21:56]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [27/07/2007 13:00]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 12:34]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" []
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [30/08/2007 18:43]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [30/04/2008 14:47]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [05/02/2007 16:39 294400]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 30/04/2008 14:47 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ
HPZ12 Pml Driver HPZ12 Net Driver HPZ12


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55137344-bf83-11dc-a6d3-001e52d5135c}]
AutoRun\command- E:\InstallTomTomHOME.exe




-- End of Deckard's System Scanner: finished at 2008-05-07 16:10:11 ------------
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP