[krule]

Well using sympatico security manager and i have to say it's quite horrible.. doesn't seem to detect any spyware on my pc.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:56:15 AM, on 6/2/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bell\Security Manager\Fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bell\Security Manager\Rps.exe
C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
F:\Program Files\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
c:\temp\svchost.exe
F:\Nero 8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Personal Vault\VaultClientUpgrade.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Bell\Security Manager\rpsupdaterR.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\Bell\Security Manager\RpsSecurityAware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
F:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Bell\Security Manager\pkR.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Sympatico Security Manager] "C:\Program Files\Bell\Security Manager\Rps.exe"
O4 - HKLM\..\Run: [SSA.exe] "C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" /AUTORUN
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.EXE /P23 "EPSON Stylus C64 Series" /O5 "LPT1:" /M "Stylus C64"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Bell\Security Manager\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NBKeyScan] "F:\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Bell\Security Manager\IdxClnR.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Bell\Security Manager\IdxClnR.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1210712166859
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun....ows-i586-jc.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Messager - Unknown owner - c:\temp\svchost.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - F:\Nero 8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Sympatico Security Manager (Radialpoint Security Services) - Radialpoint Inc. - C:\Program Files\Bell\Security Manager\RpsSecurityAware.exe
O23 - Service: Sympatico Security Manager Update Service (RPSUpdaterR) - Bell Sympatico - C:\Program Files\Bell\Security Manager\rpsupdaterR.exe
O23 - Service: Sympatico Security Manager Firewall (RP_FWS) - Bell Sympatico - C:\Program Files\Bell\Security Manager\Fws.exe
O23 - Service: Personal Vault Upgrade Service (VaultClientUpgrade) - BELL - C:\Program Files\Personal Vault\VaultClientUpgrade.exe

--
End of file - 8206 bytes

Not sure really what to fix,

Thanks alot in advance.

-Kyle-

[Advertisements]

Hello Krule and welcome to Geeks to Go!

I will be helping you clean your computer.

Please be patient as I review your log. I will be with you shortly

[Ness]

Hello Krule and welcome to Geeks to Go!

I will be helping you clean your computer.

Please be patient as I review your log. I will be with you shortly

[krule]

Hello Krule and welcome to Geeks to Go!

I will be helping you clean your computer.

Please be patient as I review your log. I will be with you shortly

Not a probelm thanks so much Ness, is there anything i can review or search to see if maybe i could fix this myself in future reference? also seems like the pops happen vastly when just opening up IE 7 for the first time, then they occur randomly after. just got one now, gahh and i gota end task them.

Edited by krule, 02 June 2008 - 09:02 AM.

[Ness]

Hello again Krule

1. Clean Temporary Files
------------------------------------------------

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

2. Deckard's System Scanner
------------------------------------------------

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

3. Kaspersky Online Scanner
------------------------------------------------

Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  Extended (if available otherwise Standard)
  
  • Scan Options:
  Scan Archives
  Scan Mail Bases
• Click OK
• Now under select a target to scan:Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post.

In your next post
------------------------------------------------

• DSS Log
• Kaspersky Log

[krule]

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, June 03, 2008 12:16:10 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 3 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 3/06/2008
Kaspersky Anti-Virus database records: 825458
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 87024
Number of viruses found: 3
Number of infected objects: 20
Number of suspicious objects: 0
Duration of the scan process: 01:48:11

Infected Object Name / Virus Name / Last Action
C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\~DF4BD8.tmp Object is locked skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\~DF4BE6.tmp Object is locked skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\~DF6D16.tmp Object is locked skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\~DF6D21.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Bell\Security Manager\Logs\Firewall - Blocked Packets - 06-03-2008--09-17-45.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Bell\Security Manager\Logs\FirewallService06-02-2008--15-14-01.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Bell\Security Manager\Logs\SafetyConsoleLog06-03-2008--09-17-33.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Bell\Security Manager\Logs\ServiceModel06-03-2008--09-17-33.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Nero\Nero8\Nero BackItUp\Cache\NeroBackItUpScheduler3.log Object is locked skipped
C:\Documents and Settings\Jasmine\Incomplete\T-3545425-girlicious leave you alone.mp3 Infected: Trojan-Downloader.WMA.Wimad.n skipped
C:\Documents and Settings\Jasmine\Incomplete\T-3545425-stronger than you think i am.mp3 Infected: Trojan-Downloader.WMA.Wimad.n skipped
C:\Documents and Settings\Jasmine\Incomplete\T-5745425-lauren christoff – wont stop.mp3 Infected: Trojan-Downloader.WMA.Wimad.n skipped
C:\Documents and Settings\Jasmine\Incomplete\T-5745425-stronger than you think i am.mp3 Infected: Trojan-Downloader.WMA.Wimad.n skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Bell\Sympatico Security Advisor\client_gateway.log Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_16E8_9004_E88F_DFFB\dfsr.db Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_16E8_9004_E88F_DFFB\fsr.log Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_16E8_9004_E88F_DFFB\fsrtmp.log Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_16E8_9004_E88F_DFFB\tmp.edb Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Live Contacts\[email protected]\real\members.stg Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Live Contacts\[email protected]\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DFF46A.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DFF59A.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\Program Files\CA\PPRT\logs\2008-06-02.csv Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{F413965B-48C2-434B-B02C-9CFF7F693C51}\RP45\change.log Object is locked skipped
C:\temp\svchost.exe Infected: Trojan.Win32.Delf.cmn skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
F:\everything\Nero Burning ROM 8\Nero Burning ROM 8\Nero PhotoShow Express\nero_photoshow_express_5_setup.exe/data0017 Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
F:\everything\Nero Burning ROM 8\Nero Burning ROM 8\Nero PhotoShow Express\nero_photoshow_express_5_setup.exe NSIS: infected - 1 skipped
F:\everything\Nero Burning ROM 8\Nero Burning ROM 8\Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
F:\everything\Nero Burning ROM 8\Nero Burning ROM 8\Ubehage\Nero 8 Update.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
F:\everything\Nero Burning ROM 8\Nero Burning ROM 8\Ubehage\Nero 8 Update.exe 7-Zip: infected - 1 skipped
F:\everything\Nero Burning ROM 8\Nero Burning ROM 8.iso/Nero PhotoShow Express/nero_photoshow_express_5_setup.exe;1/data0017 Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
F:\everything\Nero Burning ROM 8\Nero Burning ROM 8.iso/Nero PhotoShow Express/nero_photoshow_express_5_setup.exe;1 Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
F:\everything\Nero Burning ROM 8\Nero Burning ROM 8.iso/Toolbar.exe;1 Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
F:\everything\Nero Burning ROM 8\Nero Burning ROM 8.iso/Ubehage/Nero 8 Update.exe;1/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
F:\everything\Nero Burning ROM 8\Nero Burning ROM 8.iso/Ubehage/Nero 8 Update.exe;1 Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
F:\everything\Nero Burning ROM 8\Nero Burning ROM 8.iso ISOimage: infected - 5 skipped
F:\Nero 8\Nero BackItUp\BIU3.txt Object is locked skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
F:\System Volume Information\_restore{F413965B-48C2-434B-B02C-9CFF7F693C51}\RP27\A0005833.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
F:\System Volume Information\_restore{F413965B-48C2-434B-B02C-9CFF7F693C51}\RP27\A0005833.exe 7-Zip: infected - 1 skipped
F:\System Volume Information\_restore{F413965B-48C2-434B-B02C-9CFF7F693C51}\RP29\A0006154.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
F:\System Volume Information\_restore{F413965B-48C2-434B-B02C-9CFF7F693C51}\RP29\A0006154.exe 7-Zip: infected - 1 skipped
F:\System Volume Information\_restore{F413965B-48C2-434B-B02C-9CFF7F693C51}\RP45\change.log Object is locked skipped

Scan process completed.
Deckard's System Scanner v20071014.68
Run by Owner on 2008-06-03 09:24:45
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
45: 2008-06-03 13:24:53 UTC - RP45 - Deckard's System Scanner Restore Point
44: 2008-06-03 01:12:54 UTC - RP44 - System Checkpoint
43: 2008-06-01 23:47:12 UTC - RP43 - System Checkpoint
42: 2008-05-31 23:25:37 UTC - RP42 - System Checkpoint
41: 2008-05-30 17:53:59 UTC - RP41 - System Checkpoint


-- First Restore Point --
1: 2008-05-13 20:06:07 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:26:08 AM, on 6/3/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bell\Security Manager\Fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
c:\temp\svchost.exe
F:\Nero 8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Personal Vault\VaultClientUpgrade.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Bell\Security Manager\rpsupdaterR.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\Bell\Security Manager\RpsSecurityAware.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bell\Security Manager\Rps.exe
C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
F:\Program Files\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
F:\PROGRA~1\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Bell\Security Manager\pkR.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Sympatico Security Manager] "C:\Program Files\Bell\Security Manager\Rps.exe"
O4 - HKLM\..\Run: [SSA.exe] "C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" /AUTORUN
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.EXE /P23 "EPSON Stylus C64 Series" /O5 "LPT1:" /M "Stylus C64"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Bell\Security Manager\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NBKeyScan] "F:\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Bell\Security Manager\IdxClnR.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Bell\Security Manager\IdxClnR.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1210712166859
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun....ows-i586-jc.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Messager - Unknown owner - c:\temp\svchost.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - F:\Nero 8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Sympatico Security Manager (Radialpoint Security Services) - Radialpoint Inc. - C:\Program Files\Bell\Security Manager\RpsSecurityAware.exe
O23 - Service: Sympatico Security Manager Update Service (RPSUpdaterR) - Bell Sympatico - C:\Program Files\Bell\Security Manager\rpsupdaterR.exe
O23 - Service: Sympatico Security Manager Firewall (RP_FWS) - Bell Sympatico - C:\Program Files\Bell\Security Manager\Fws.exe
O23 - Service: Personal Vault Upgrade Service (VaultClientUpgrade) - BELL - C:\Program Files\Personal Vault\VaultClientUpgrade.exe

--
End of file - 8212 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 StarOpen - c:\windows\system32\drivers\staropen.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 Messager - c:\temp\svchost.exe
R2 Nero BackItUp Scheduler 3 - f:\nero 8\nero backitup\nbservice.exe
R2 VaultClientUpgrade (Personal Vault Upgrade Service) - c:\program files\personal vault\vaultclientupgrade.exe <Not Verified; BELL; Backup Manager>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Video Controller
Device ID: PCI\VEN_8086&DEV_2572&SUBSYS_00001849&REV_02\3&267A616A&0&10
Manufacturer:
Name: Video Controller
PNP Device ID: PCI\VEN_8086&DEV_2572&SUBSYS_00001849&REV_02\3&267A616A&0&10
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-05-29 23:13:41 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-05-03 and 2008-06-03 -----------------------------

2008-05-29 23:13:34 0 d-------- C:\Program Files\Apple Software Update
2008-05-28 19:43:32 0 d-------- C:\Documents and Settings\Jasmine\Shared
2008-05-28 19:43:23 0 d-------- C:\Documents and Settings\Jasmine\Incomplete
2008-05-28 19:42:37 0 d-------- C:\Documents and Settings\Jasmine\Application Data\LimeWire
2008-05-28 09:25:27 0 d-------- C:\Documents and Settings\Owner\Application Data\Apple Computer
2008-05-28 09:24:58 0 d-------- C:\Program Files\iPod
2008-05-28 09:23:48 0 d-------- C:\Program Files\QuickTime
2008-05-28 09:22:23 0 d-------- C:\Program Files\Common Files\Apple
2008-05-27 21:04:12 0 d-------- C:\WINDOWS\system32\PreInstall
2008-05-27 09:27:12 0 d-------- C:\Documents and Settings\Owner\Incomplete
2008-05-27 09:27:03 0 d-------- C:\Documents and Settings\Owner\Application Data\LimeWire
2008-05-27 06:34:52 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-05-27 06:29:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-05-27 06:13:48 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-05-27 06:12:31 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-27 06:08:44 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-05-27 06:07:34 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-05-27 06:06:33 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-05-27 06:02:29 0 d--hs---- C:\temp
2008-05-26 21:28:45 0 d-------- C:\Documents and Settings\Jasmine\Application Data\uTorrent
2008-05-26 21:15:14 0 d-------- C:\Documents and Settings\Jasmine\Application Data\Bell
2008-05-24 00:07:07 0 d-------- C:\Program Files\CA
2008-05-23 13:31:15 0 d-------- C:\Program Files\Windows Media Connect 2
2008-05-23 13:29:24 0 d-------- C:\WINDOWS\system32\LogFiles
2008-05-23 13:29:24 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-05-22 16:22:54 0 d-------- C:\WINDOWS\system32\Adobe
2008-05-22 11:20:46 0 d-------- C:\WINDOWS\pss
2008-05-21 23:24:14 0 d-------- C:\Documents and Settings\Owner\Application Data\Nero
2008-05-21 23:09:16 0 d-------- C:\Program Files\Common Files\Nero
2008-05-21 23:09:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-05-21 22:55:55 0 d-------- C:\WINDOWS\RegisteredPackages
2008-05-21 17:38:34 0 d-------- C:\Documents and Settings\Owner\Application Data\WinRAR
2008-05-21 09:57:31 540 --a------ C:\WINDOWS\system32\PDBootState
2008-05-21 09:02:47 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-05-20 21:04:17 0 d-------- C:\Documents and Settings\Ron\Application Data\Bell
2008-05-20 20:54:55 0 dr------- C:\Documents and Settings\LocalService\My Documents
2008-05-20 20:52:28 0 d-------- C:\Program Files\Personal Vault
2008-05-20 20:51:38 0 d-------- C:\Program Files\Common Files\Authentium
2008-05-20 20:51:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Raxco
2008-05-20 20:51:26 0 d-------- C:\Program Files\Raxco
2008-05-20 20:51:15 0 d-------- C:\Program Files\Common Files\Scanner
2008-05-20 20:49:30 0 d-------- C:\Documents and Settings\Owner\Application Data\InstallShield
2008-05-20 20:47:57 0 d-------- C:\Documents and Settings\Owner\Application Data\Bell
2008-05-20 20:47:48 0 d-------- C:\Program Files\Bell
2008-05-20 20:47:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Bell
2008-05-20 20:45:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-05-20 20:15:26 0 d-------- C:\Documents and Settings\Owner\Contacts
2008-05-20 20:09:30 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-20 20:09:24 0 d-------- C:\Program Files\Windows Live
2008-05-20 20:09:12 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-20 11:01:22 0 d-------- C:\Program Files\uTorrent
2008-05-20 11:01:19 0 d-------- C:\Documents and Settings\Owner\Application Data\uTorrent
2008-05-20 10:48:04 0 d-------- C:\Documents and Settings\Owner\Application Data\Sun
2008-05-18 12:49:32 0 d-------- C:\epson
2008-05-18 12:03:18 0 d-------- C:\Program Files\EPSON
2008-05-17 16:29:29 0 d-------- C:\Documents and Settings\Jasmine\Application Data\Apple Computer
2008-05-16 23:57:46 0 d-------- C:\Documents and Settings\Ron\Application Data\Apple Computer
2008-05-16 23:57:11 0 d-------- C:\Program Files\Bonjour
2008-05-16 23:56:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-16 23:56:03 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-05-16 23:55:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-05-16 23:17:06 0 d-------- C:\Documents and Settings\Ron\Application Data\LimeWire
2008-05-16 23:17:02 0 d-------- C:\WINDOWS\Sun
2008-05-16 23:17:02 0 d-------- C:\Documents and Settings\Ron\Application Data\Sun
2008-05-16 23:16:18 0 d-------- C:\Program Files\Java
2008-05-16 23:15:55 0 d-------- C:\Program Files\Common Files\Java
2008-05-16 16:01:35 0 d-------- C:\Documents and Settings\Jasmine\Application Data\Macromedia
2008-05-16 16:01:34 0 d-------- C:\Documents and Settings\Jasmine\Application Data\Adobe
2008-05-16 16:00:21 0 d-------- C:\Documents and Settings\Jasmine\Application Data\Identities
2008-05-16 16:00:11 0 d--h----- C:\Documents and Settings\Jasmine\Templates
2008-05-16 16:00:11 0 dr------- C:\Documents and Settings\Jasmine\Start Menu
2008-05-16 16:00:11 0 dr-h----- C:\Documents and Settings\Jasmine\SendTo
2008-05-16 16:00:11 0 dr-h----- C:\Documents and Settings\Jasmine\Recent
2008-05-16 16:00:11 0 d--h----- C:\Documents and Settings\Jasmine\PrintHood
2008-05-16 16:00:11 1835008 --ah----- C:\Documents and Settings\Jasmine\NTUSER.DAT
2008-05-16 16:00:11 0 d--h----- C:\Documents and Settings\Jasmine\NetHood
2008-05-16 16:00:11 0 dr------- C:\Documents and Settings\Jasmine\My Documents
2008-05-16 16:00:11 0 d--h----- C:\Documents and Settings\Jasmine\Local Settings
2008-05-16 16:00:11 0 dr------- C:\Documents and Settings\Jasmine\Favorites
2008-05-16 16:00:11 0 d-------- C:\Documents and Settings\Jasmine\Desktop
2008-05-16 16:00:11 0 d--hs---- C:\Documents and Settings\Jasmine\Cookies
2008-05-16 16:00:11 0 d--h----- C:\Documents and Settings\Jasmine\Application Data
2008-05-16 16:00:11 0 d---s---- C:\Documents and Settings\Jasmine\Application Data\Microsoft
2008-05-14 20:10:33 0 d-------- C:\Documents and Settings\Ron\Application Data\Macromedia
2008-05-14 20:07:49 0 d-------- C:\Documents and Settings\Ron\Application Data\Adobe
2008-05-14 20:06:25 0 d-------- C:\Documents and Settings\Ron\Application Data\Identities
2008-05-14 20:06:11 0 d--h----- C:\Documents and Settings\Ron\Templates
2008-05-14 20:06:11 0 dr------- C:\Documents and Settings\Ron\Start Menu
2008-05-14 20:06:11 0 dr-h----- C:\Documents and Settings\Ron\SendTo
2008-05-14 20:06:11 0 dr-h----- C:\Documents and Settings\Ron\Recent
2008-05-14 20:06:11 0 d--h----- C:\Documents and Settings\Ron\PrintHood
2008-05-14 20:06:11 1310720 --ah----- C:\Documents and Settings\Ron\NTUSER.DAT
2008-05-14 20:06:11 0 d--h----- C:\Documents and Settings\Ron\NetHood
2008-05-14 20:06:11 0 dr------- C:\Documents and Settings\Ron\My Documents
2008-05-14 20:06:11 0 d--h----- C:\Documents and Settings\Ron\Local Settings
2008-05-14 20:06:11 0 dr------- C:\Documents and Settings\Ron\Favorites
2008-05-14 20:06:11 0 d-------- C:\Documents and Settings\Ron\Desktop
2008-05-14 20:06:11 0 d--hs---- C:\Documents and Settings\Ron\Cookies
2008-05-14 20:06:11 0 d--h----- C:\Documents and Settings\Ron\Application Data
2008-05-14 20:06:11 0 d---s---- C:\Documents and Settings\Ron\Application Data\Microsoft
2008-05-13 22:05:53 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2008-05-13 21:52:44 0 d-------- C:\Program Files\Microsoft Works
2008-05-13 21:52:35 0 d-------- C:\Program Files\MSBuild
2008-05-13 21:51:49 0 d-------- C:\Program Files\Microsoft.NET
2008-05-13 21:49:58 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-05-13 21:49:19 0 d-------- C:\WINDOWS\SHELLNEW
2008-05-13 21:48:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-13 21:15:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Motive
2008-05-13 21:15:02 0 d-------- C:\Program Files\Common Files\Motive
2008-05-13 17:13:26 0 d-------- C:\Program Files\Common Files\Ahead
2008-05-13 17:07:55 0 d--h----- C:\WINDOWS\$hf_mig$
2008-05-13 17:02:38 0 d-------- C:\WINDOWS\system32\URTTemp
2008-05-13 16:59:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-05-13 16:57:01 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-05-13 16:56:04 0 d--hs---- C:\Documents and Settings\Owner\UserData
2008-05-13 16:48:06 0 d-------- C:\WINDOWS\nview
2008-05-13 16:47:36 0 d-------- C:\NVIDIA
2008-05-13 16:46:43 266240 --a------ C:\WINDOWS\CMIUninstall.exe <Not Verified; ; GeneralUninstall Application>
2008-05-13 16:46:43 225280 --a------ C:\WINDOWS\CmiRmRedundDir.exe <Not Verified; ; CmiRmRedundDir Application>
2008-05-13 16:46:43 28672 --a------ C:\WINDOWS\CMIRmDriver.dll
2008-05-13 16:46:43 0 d-------- C:\Program Files\C-Media 3D Audio
2008-05-13 16:46:33 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-05-13 16:40:19 0 d-------- C:\Program Files\Intel
2008-05-13 16:39:55 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-13 16:39:44 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-13 16:25:56 0 d-------- C:\Documents and Settings\Owner\Application Data\Macromedia
2008-05-13 16:21:42 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-05-13 16:21:10 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-05-13 16:21:03 0 d-------- C:\WINDOWS\Prefetch
2008-05-13 16:20:13 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-05-13 16:16:33 0 d-------- C:\WINDOWS\system32\scripting
2008-05-13 16:16:33 0 d-------- C:\WINDOWS\provisioning
2008-05-13 16:16:32 0 d-------- C:\WINDOWS\l2schemas
2008-05-13 16:16:31 0 d-------- C:\WINDOWS\system32\en
2008-05-13 16:16:31 0 d-------- C:\WINDOWS\system32\bits
2008-05-13 16:16:31 0 d-------- C:\WINDOWS\peernet
2008-05-13 16:15:10 0 d-------- C:\WINDOWS\ServicePackFiles
2008-05-13 16:13:18 0 d-------- C:\WINDOWS\network diagnostic
2008-05-13 16:11:51 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-05-13 16:09:50 0 d-------- C:\WINDOWS\EHome
2008-05-13 16:05:58 0 d--hs---- C:\WINDOWS\Installer
2008-05-13 16:05:56 0 d-------- C:\Documents and Settings\Owner\Application Data\Identities
2008-05-13 16:05:45 0 dr-h----- C:\Documents and Settings\Owner\SendTo
2008-05-13 16:05:45 0 dr-h----- C:\Documents and Settings\Owner\Recent
2008-05-13 16:05:45 0 d--h----- C:\Documents and Settings\Owner\PrintHood
2008-05-13 16:05:45 0 d--h----- C:\Documents and Settings\Owner\NetHood
2008-05-13 16:05:45 0 dr------- C:\Documents and Settings\Owner\My Documents
2008-05-13 16:05:45 0 d--h----- C:\Documents and Settings\Owner\Local Settings
2008-05-13 16:05:45 0 dr------- C:\Documents and Settings\Owner\Favorites
2008-05-13 16:05:45 0 d-------- C:\Documents and Settings\Owner\Desktop
2008-05-13 16:05:45 0 d--hs---- C:\Documents and Settings\Owner\Cookies
2008-05-13 16:05:45 0 d--h----- C:\Documents and Settings\Owner\Application Data
2008-05-13 16:05:44 0 d--h----- C:\Documents and Settings\Owner\Templates
2008-05-13 16:05:44 0 dr------- C:\Documents and Settings\Owner\Start Menu
2008-05-13 16:05:44 2621440 --a------ C:\Documents and Settings\Owner\NTUSER.DAT
2008-05-13 16:05:11 0 d--hs---- C:\System Volume Information
2008-05-13 16:05:09 229376 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-05-13 16:05:09 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-05-13 16:05:09 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies
2008-05-13 16:05:09 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-05-13 16:05:09 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-05-13 16:05:09 229376 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-05-13 16:05:09 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-05-13 16:05:09 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2008-05-13 16:05:09 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-05-13 16:05:09 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-05-13 16:02:21 0 d-------- C:\WINDOWS\system32\xircom
2008-05-13 16:02:21 0 d-------- C:\Program Files\microsoft frontpage
2008-05-13 16:02:19 229376 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-05-13 16:02:11 0 -rahs---- C:\MSDOS.SYS
2008-05-13 16:02:11 0 -rahs---- C:\IO.SYS
2008-05-13 16:02:11 0 --a------ C:\CONFIG.SYS
2008-05-13 16:02:11 0 --a------ C:\AUTOEXEC.BAT
2008-05-13 16:01:25 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-05-13 16:01:17 0 dr------- C:\WINDOWS\Offline Web Pages
2008-05-13 16:01:17 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-05-13 16:00:51 0 d-------- C:\WINDOWS\system32\DirectX
2008-05-13 15:59:52 0 d---s---- C:\WINDOWS\Tasks
2008-05-13 15:59:48 0 d-------- C:\Program Files\Common Files\MSSoap
2008-05-13 15:59:42 0 d-------- C:\WINDOWS\srchasst
2008-05-13 15:59:41 0 d-------- C:\WINDOWS\system32\Macromed
2008-05-13 15:59:39 0 d-------- C:\Program Files\Movie Maker
2008-05-13 15:59:34 0 d-------- C:\WINDOWS\PCHealth
2008-05-13 15:59:33 0 d-------- C:\WINDOWS\system32\Restore
2008-05-13 15:59:18 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-05-13 15:59:00 0 d-------- C:\WINDOWS\Registration
2008-05-13 15:58:36 0 d--h----- C:\Program Files\WindowsUpdate
2008-05-13 15:58:30 0 d-------- C:\Program Files\Messenger
2008-05-13 15:58:23 0 d-------- C:\Program Files\MSN Gaming Zone
2008-05-13 15:57:40 0 d-------- C:\Program Files\Windows NT
2008-05-13 15:57:37 40960 --a------ C:\WINDOWS\system32\tscupgrd.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-13 15:57:36 0 d-------- C:\WINDOWS\system32\MsDtc
2008-05-13 15:57:35 0 d-------- C:\WINDOWS\system32\Com
2008-05-13 11:53:40 0 d-------- C:\Program Files\Common Files\ODBC
2008-05-13 11:53:36 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-05-13 11:53:35 0 dr------- C:\Program Files
2008-05-13 11:53:35 0 d-------- C:\Program Files\Common Files
2008-05-13 11:53:05 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-05-13 11:53:05 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-05-13 11:53:05 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-05-13 11:53:05 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-05-13 11:53:05 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-05-13 11:53:05 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-05-13 11:53:05 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-05-13 11:53:05 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-05-13 11:53:05 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-05-13 11:53:05 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-05-13 11:53:05 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-05-13 11:53:05 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-05-13 11:53:05 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-05-13 11:53:05 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-05-13 11:53:05 0 dr------- C:\Documents and Settings\All Users\Documents
2008-05-13 11:53:05 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-05-13 11:52:54 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-05-13 11:52:54 0 d-------- C:\WINDOWS\system32\CatRoot
2008-05-13 11:52:48 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-05-13 11:52:48 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-05-13 11:52:48 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-05-13 11:52:48 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-05-13 11:52:18 0 d-------- C:\Documents and Settings
2008-05-13 11:46:57 0 d-------- C:\WINDOWS
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\WinSxS
2008-05-13 11:46:57 0 dr------- C:\WINDOWS\Web
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\twain_32
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\system32
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\system32\wins
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\system32\wbem
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\system32\usmt
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\system32\spool
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\system32\ShellExt
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\system32\Setup
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\system32\ras
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\system32\oobe
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\system32\npp
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\system32\mui
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\system32\inetsrv
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\system32\IME
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\system32\icsxml
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\system32\ias
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\system32\export
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\system32\drivers
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-05-13 11:46:57 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\system32\dhcp
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\system32\config
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\system32\3076
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\system32\2052
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\system32\1054
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\system32\1042
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\system32\1041
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\system32\1037
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\system32\1033
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\system32\1031
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\system32\1028
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\system32\1025
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\system
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\security
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\Resources
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\repair
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\mui
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\msapps
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\msagent
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\Media
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\java
2008-05-13 11:46:57 0 d--h----- C:\WINDOWS\inf
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\ime
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\Help
2008-05-13 11:46:57 0 dr--s---- C:\WINDOWS\Fonts
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\Driver Cache
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\Debug
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\Cursors
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\Connection Wizard
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\Config
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\AppPatch
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\addins


-- Find3M Report ---------------------------------------------------------------

2008-05-13 21:16:46 314 --a------ C:\Program Files\INSTALL.LOG
2008-05-13 11:53:05 62 --ahs---- C:\Documents and Settings\Owner\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/05/2007 01:41 AM]
"Sympatico Security Manager"="C:\Program Files\Bell\Security Manager\Rps.exe" [03/10/2008 12:25 PM]
"SSA.exe"="C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" [03/27/2007 10:33 AM]
"nwiz"="nwiz.exe" [12/05/2007 01:41 AM C:\WINDOWS\system32\nwiz.exe]
"EPSON Stylus C64 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.exe" [05/27/2003 03:00 AM]
"Cmaudio"="cmicnfg.cpl" []
"-FreedomNeedsReboot"="C:\Program Files\Bell\Security Manager\ZkRunOnceR.exe" [03/10/2008 12:26 PM]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12/05/2007 01:41 AM]
"NBKeyScan"="F:\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" []
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [03/01/2007 03:57 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="F:\Program Files\iTunesHelper.exe" [03/30/2008 10:36 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/14/2008 05:42 AM]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [08/03/2007 12:51 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"IndexCleaner"="C:\Program Files\Bell\Security Manager\IdxClnR.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"IndexCleaner"="C:\Program Files\Bell\Security Manager\IdxClnR.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"F:\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- End of Deckard's System Scanner: finished at 2008-06-03 09:28:54 ------------

<div class='codetop'>CODE</div><div class='codemain' style='height:200px;white-space:pre;overflow:auto'>Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.00GHz
Percentage of Memory in Use: 51%
Physical Memory (total/avail): 1022.79 MiB / 495.47 MiB
Pagefile Memory (total/avail): 2461.59 MiB / 2043.3 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1928.44 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 38.28 GiB total, 28.99 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Fixed (NTFS) - 298.09 GiB total, 228.8 GiB free.

\\.\PHYSICALDRIVE0 - Maxtor 6E040L0 - 38.29 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 38.28 GiB - C:

\\.\PHYSICALDRIVE1 - WDC WD3200KS-00PFB0 - 298.09 GiB - 1 partition
\PARTITION0 - Installable File System - 298.09 GiB - F:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=OWNER-9OFOJYRO3
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\OWNER-9OFOJYRO3
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\CA\PPRT\bin;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Nero\Lib\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=OWNER-9OFOJYRO3
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)
Jasmine
Ron


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> F:\Nero 8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4EC

Edited by krule, 03 June 2008 - 12:05 PM.

[krule]

That should be all the logs, anyone elses support is welcomed aswell. Have today off and would like to finish this mess.

Thankyou!

-kyle-

[krule]

Sympatico Security Manager Anti-Virus
Scanning Report (6/4/2008 10:40:57 AM)
Master Boot Records and Fixed Disk Boot Sectors
Scanned 2 Master Boot Record(s) for viruses.

Scanned 2 Boot Sector(s) for viruses.

Your Master Boot Record(s)/Boot Sector(s) are not infected.

Files
Drive C:\
C:\Documents and Settings\All Users\Application Data\Bell\Security Manager\Quarantine\20080522150229.zip
Some files in this archive could not be scanned because they are password protected. The real-time protection will automatically scan the files when you extract them from the archive.
C:\Documents and Settings\All Users\Application Data\Bell\Security Manager\Quarantine\20080522182113.zip
Some files in this archive could not be scanned because they are password protected. The real-time protection will automatically scan the files when you extract them from the archive.
C:\Documents and Settings\All Users\Application Data\Bell\Security Manager\Quarantine\20080525040130.zip
Some files in this archive could not be scanned because they are password protected. The real-time protection will automatically scan the files when you extract them from the archive.
C:\Documents and Settings\All Users\Application Data\Bell\Security Manager\Quarantine\20080525191703.zip
Some files in this archive could not be scanned because they are password protected. The real-time protection will automatically scan the files when you extract them from the archive.
C:\Documents and Settings\All Users\Application Data\Bell\Security Manager\Quarantine\20080528145030.zip
Some files in this archive could not be scanned because they are password protected. The real-time protection will automatically scan the files when you extract them from the archive.
C:\Documents and Settings\All Users\Application Data\Bell\Security Manager\Quarantine\20080529163557.zip
Some files in this archive could not be scanned because they are password protected. The real-time protection will automatically scan the files when you extract them from the archive.
C:\Documents and Settings\All Users\Application Data\Bell\Security Manager\Quarantine\20080601140859.zip
Some files in this archive could not be scanned because they are password protected. The real-time protection will automatically scan the files when you extract them from the archive.
Files scanned: 43681
Infected files: 0
Disinfected files: 0
Deleted files: 0
Files unable to scan: 7
Drive F:\
Files scanned: 35324
Infected files: 0
Disinfected files: 0
Deleted files: 0
Files unable to scan: 0
Report Summary
Files scanned: 79005
Total infected files: 0
Total disinfected files: 0
Total deleted files: 0
Total files unable to scan: 7
Anti-Virus engine status
Last update: 6/3/2008 8:05:48 PM
Virus definition file: C:\Program Files\Common Files\Authentium\AntiVirus\def-w32i-20080531182901-20080603164900.msp
File generated by Sympatico Security Manager Anti-Virus

working on anti-spyware scan now

[krule]

Sympatico Security Manager Anti-Spyware
Spyware Report (6/4/2008 11:25:48 AM)
Scan Target Scanned Items Detected Spyware Items
Local Disk (C:) 44151 0
New Volume (F:) 35584 0
Cookies 8 0
Registry 29809 0
Memory 9 0
Total 109561 0



File generated by Sympatico Security Manager Anti-Spyware


Well it's not detecting anything, but when windows is shutting down theres always an application called uipopupblockerhidden.exe something close to that, that has to be ended with end now option.

[krule]

SUPERAntiSpyware Scan Log
Generated 06/04/2008 at 02:13 PM

Application Version : 3.6.1000

Core Rules Database Version : 3473
Trace Rules Database Version: 1464

Scan type : Complete Scan
Total Scan Time : 00:36:19

Memory items scanned : 501
Memory threats detected : 1
Registry items scanned : 7282
Registry threats detected : 3
File items scanned : 42628
File threats detected : 1

Trojan.Downloader-SVCHost/Fake
C:\TEMP\SVCHOST.EXE
C:\TEMP\SVCHOST.EXE
HKLM\System\ControlSet001\Services\Messager
HKLM\System\ControlSet003\Services\Messager
HKLM\System\CurrentControlSet\Services\Messager

[krule]

As far as i can looks like i should be clean now, but what do i do with the quarantined items? remove/delete?

And this pic contains things that arent common processes running, could i remove them?

Edited by krule, 04 June 2008 - 02:38 PM.

[Ness]

Hello again Krule

1. Jotti File Submission
------------------------------------------------

Jotti File Submission:

• Please go to Jotti's malware scan
  
• Copy and paste the following file path into the "File to upload & scan"box on the top of the page:
  
  
  • c:\temp\svchost.exe
• Click on the submit button
  
• Follow the same steps for each of the following files:
• Please post the results in your next reply.

2. Program Removal
------------------------------------------------

Please go to Start > Run and select Add/Remove Programs. Then scroll down and uninstall the following programs:

F:\Nero 8\\nero\uninstall\UNNERO.exe /UNINSTALL

3. File Deletion
------------------------------------------------

Please download the OTMoveIt2 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  C:\Documents and Settings\Jasmine\Incomplete\T-3545425-girlicious leave you alone.mp3 
  C:\Documents and Settings\Jasmine\Incomplete\T-3545425-stronger than you think i am.mp3
  C:\Documents and Settings\Jasmine\Incomplete\T-5745425-lauren christoff – wont stop.mp3 
  C:\Documents and Settings\Jasmine\Incomplete\T-5745425-stronger than you think i am.mp3 
  F:\everything\Nero Burning ROM 8

• Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
• Click the red Moveit! button.
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


4. File Assocations
------------------------------------------------

Please go to Start > Run and type or copy/paste the following in the run box (including the quotation marks):

"%userprofile%\desktop\dss.exe" /daft

Then click OK.

5. Set a New System Restore Point
------------------------------------------------

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)

• Turn off System Restore:
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK.
• Reboot.
  
• Turn ON System Restore.
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • UN-Check *Turn off System Restore*.
  • Click Apply, and then click OK.

Finally post a new DSS log.

In your next post
------------------------------------------------

• Jotti Scan Log
• OTMoveIt2 Log
• New DSS LOg

[krule]

The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file
only found nero in add/remove programs
deleted the uninstall folder anyways said i had newer componets installed

File/Folder C:\Documents and Settings\Jasmine\Incomplete\T-3545425-girlicious leave you alone.mp3 not found.
File/Folder C:\Documents and Settings\Jasmine\Incomplete\T-3545425-stronger than you think i am.mp3 not found.
File/Folder C:\Documents and Settings\Jasmine\Incomplete\T-5745425-lauren christoff – wont stop.mp3 not found.
File/Folder C:\Documents and Settings\Jasmine\Incomplete\T-5745425-stronger than you think i am.mp3 not found.
F:\everything\Nero Burning ROM 8\Nero Burning ROM 8\SecurDiscViewer moved successfully.
F:\everything\Nero Burning ROM 8\Nero Burning ROM 8\Redist\Images\Logo\SDVR moved successfully.
F:\everything\Nero Burning ROM 8\Nero Burning ROM 8\Redist\Images\Logo\NVE moved successfully.
F:\everything\Nero Burning ROM 8\Nero Burning ROM 8\Redist\Images\Logo\NST moved successfully.
F:\everything\Nero Burning ROM 8\Nero Burning ROM 8\Redist\Images\Logo\NRD moved successfully.
F:\everything\Nero Burning ROM 8\Nero Burning ROM 8\Redist\Images\Logo\NPSE moved successfully.
F:\everything\Nero Burning ROM 8\Nero Burning ROM 8\Redist\Images\Logo\NMH moved successfully.
F:\everything\Nero Burning ROM 8\Nero Burning ROM 8\Redist\Images\Logo\NHME moved successfully.
F:\everything\Nero Burning ROM 8\Nero Burning ROM 8\Redist\Images\Logo\Nero Chili moved successfully.
F:\everything\Nero Burning ROM 8\Nero Burning ROM 8\Redist\Images\Logo\N3DS moved successfully.
F:\everything\Nero Burning ROM 8\Nero Burning ROM 8\Redist\Images\Logo\Default moved successfully.
F:\everything\Nero Burning ROM 8\Nero Burning ROM 8\Redist\Images\Logo moved successfully.
F:\everything\Nero Burning ROM 8\Nero Burning ROM 8\Redist\Images\Info moved successfully.
F:\everything\Nero Burning ROM 8\Nero Burning ROM 8\Redist\Images\Bckg moved successfully.
F:\everything\Nero Burning ROM 8\Nero Burning ROM 8\Redist\Images moved successfully.
F:\everything\Nero Burning ROM 8\Nero Burning ROM 8\Redist moved successfully.
F:\everything\Nero Burning ROM 8\Nero Burning ROM 8\Nero PhotoShow Express\Flash Player Install moved successfully.
F:\everything\Nero Burning ROM 8\Nero Burning ROM 8\Nero PhotoShow Express\data moved successfully.
F:\everything\Nero Burning ROM 8\Nero Burning ROM 8\Nero PhotoShow Express moved successfully.
F:\everything\Nero Burning ROM 8\Nero Burning ROM 8\Installation\Setup moved successfully.
F:\everything\Nero Burning ROM 8\Nero Burning ROM 8\Installation\Data\Windows\winsxs\refn04mk.ve6 moved successfully.
F:\everything\Nero Burning ROM 8\Nero Burning ROM 8\Installation\Data\Windows\winsxs\Policies\m3oqdoe3.l2 moved successfully.
F:\everything\Nero Burning ROM 8\Nero Burning ROM 8\Installation\Data\Windows\winsxs\Policies moved successfully.
F:\everything\Nero Burning ROM 8\Nero Burning ROM 8\Installation\Data\Windows\winsxs\pefn04mk.ve6 moved successfully.
F:\everything\Nero Burning ROM 8\Nero Burning ROM 8\Installation\Data\Windows\winsxs\n3oqdoe3.l2 moved successfully.
F:\everything\Nero Burning ROM 8\Nero Burning ROM 8\Installation\Data\Windows\winsxs\Manifests moved successfully.
F:\everything\Nero Burning ROM 8\Nero Burning ROM 8\Installation\Data\Windows\winsxs\b2rg91xw.1p4 moved successfully.
F:\everything\Nero Burning ROM 8\Nero Burning ROM 8\Installation\Data\Windows\winsxs\92rg91xw.1p4 moved successfully.
F:\everything\Nero Burning ROM 8\Nero Burning ROM 8\Installation\Data\Windows\winsxs\7z1v718o.6n8 moved successfully.
F:\everything\Nero Burning ROM 8\Nero Burning ROM 8\Installation\Data\Windows\winsxs\73t3z6j5.7ag moved successfully.
F:\everything\Nero Burning ROM 8\Nero Burning ROM 8\Installation\Data\Windows\winsxs\5z1v718o.6n8 moved successfully.
F:\everything\Nero Burning ROM 8\Nero Burning ROM 8\Installation\Data\Windows\winsxs\53t3z6j5.7ag moved successfully.
F:\everything\Nero Burning ROM 8\Nero Burning ROM 8\Installation\Data\Windows\winsxs moved successfully.
F:\everything\Nero Burning ROM 8\Nero Burning ROM 8\Installation\Data\Windows\system32\Ansi moved successfully.
F:\everything\Nero Burning ROM 8\Nero Burning ROM 8\Installation\Data\Windows\system32 moved successfully.
F:\everything\Nero Burning ROM 8\Nero Burning ROM 8\Installation\Data\Windows moved successfully.
F:\everything\Nero Burning ROM 8\Nero Burning ROM 8\Installation\Data\System moved successfully.
F:\everything\Nero Burning ROM 8\Nero Burning ROM 8\Installation\Data\Setup moved successfully.
F:\everything\Nero Burning ROM 8\Nero Burning ROM 8\Installation\Data\Redist\DirectX moved successfully.
F:\everything\Nero Burning ROM 8\Nero Burning ROM 8\Installation\Data\Redist\Config moved successfully.
F:\everything\Nero Burning ROM 8\Nero Burning ROM 8\Installation\Data\Redist moved successfully.
F:\everything\Nero Burning ROM 8\Nero Burning ROM 8\Installation\Data moved successfully.
F:\everything\Nero Burning ROM 8\Nero Burning ROM 8\Installation moved successfully.
F:\everything\Nero Burning ROM 8\Nero Burning ROM 8 moved successfully.
F:\everything\Nero Burning ROM 8 moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06052008_092324

DAFT Log saved on 2008-06-05 09:27:33
-----------------------------------------------------------------------
.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


Deckard's System Scanner v20071014.68
Run by Owner on 2008-06-05 09:43:22
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:43:31 AM, on 6/5/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bell\Security Manager\Fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bell\Security Manager\Rps.exe
C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
F:\Nero 8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Personal Vault\VaultClientUpgrade.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Bell\Security Manager\rpsupdaterR.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\WINDOWS\system32\wuauclt.exe
F:\PROGRA~1\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Bell\Security Manager\pkR.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Sympatico Security Manager] "C:\Program Files\Bell\Security Manager\Rps.exe"
O4 - HKLM\..\Run: [SSA.exe] "C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" /AUTORUN
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.EXE /P23 "EPSON Stylus C64 Series" /O5 "LPT1:" /M "Stylus C64"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Bell\Security Manager\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Bell\Security Manager\IdxClnR.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Bell\Security Manager\IdxClnR.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1210712166859
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun....ows-i586-jc.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadbl...ivex/sabspx.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - F:\Nero 8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Sympatico Security Manager (Radialpoint Security Services) - Radialpoint Inc. - C:\Program Files\Bell\Security Manager\RpsSecurityAware.exe
O23 - Service: Sympatico Security Manager Update Service (RPSUpdaterR) - Bell Sympatico - C:\Program Files\Bell\Security Manager\rpsupdaterR.exe
O23 - Service: Sympatico Security Manager Firewall (RP_FWS) - Bell Sympatico - C:\Program Files\Bell\Security Manager\Fws.exe
O23 - Service: Personal Vault Upgrade Service (VaultClientUpgrade) - BELL - C:\Program Files\Personal Vault\VaultClientUpgrade.exe

--
End of file - 7545 bytes

-- Files created between 2008-05-05 and 2008-06-05 -----------------------------

2008-06-04 21:00:06 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-06-04 13:41:59 0 --a------ C:\WINDOWS\system32\CMMGR32.EXE
2008-06-04 13:36:01 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-04 13:35:54 0 d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-05-29 23:13:34 0 d-------- C:\Program Files\Apple Software Update
2008-05-28 19:43:32 0 d-------- C:\Documents and Settings\Jasmine\Shared
2008-05-28 19:43:23 0 d-------- C:\Documents and Settings\Jasmine\Incomplete
2008-05-28 19:42:37 0 d-------- C:\Documents and Settings\Jasmine\Application Data\LimeWire
2008-05-28 09:25:27 0 d-------- C:\Documents and Settings\Owner\Application Data\Apple Computer
2008-05-28 09:24:58 0 d-------- C:\Program Files\iPod
2008-05-28 09:23:48 0 d-------- C:\Program Files\QuickTime
2008-05-28 09:22:23 0 d-------- C:\Program Files\Common Files\Apple
2008-05-27 21:04:12 0 d-------- C:\WINDOWS\system32\PreInstall
2008-05-27 09:27:12 0 d-------- C:\Documents and Settings\Owner\Incomplete
2008-05-27 09:27:03 0 d-------- C:\Documents and Settings\Owner\Application Data\LimeWire
2008-05-27 06:34:52 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-05-27 06:29:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-05-27 06:13:48 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-05-27 06:12:31 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-27 06:08:44 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-05-27 06:07:34 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-05-27 06:06:33 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-05-27 06:02:29 0 d--hs---- C:\temp
2008-05-26 21:28:45 0 d-------- C:\Documents and Settings\Jasmine\Application Data\uTorrent
2008-05-26 21:15:14 0 d-------- C:\Documents and Settings\Jasmine\Application Data\Bell
2008-05-24 00:07:07 0 d-------- C:\Program Files\CA
2008-05-23 13:31:15 0 d-------- C:\Program Files\Windows Media Connect 2
2008-05-23 13:29:24 0 d-------- C:\WINDOWS\system32\LogFiles
2008-05-23 13:29:24 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-05-22 16:22:54 0 d-------- C:\WINDOWS\system32\Adobe
2008-05-22 11:20:46 0 d-------- C:\WINDOWS\pss
2008-05-21 23:24:14 0 d-------- C:\Documents and Settings\Owner\Application Data\Nero
2008-05-21 23:09:16 0 d-------- C:\Program Files\Common Files\Nero
2008-05-21 23:09:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-05-21 22:55:55 0 d-------- C:\WINDOWS\RegisteredPackages
2008-05-21 17:38:34 0 d-------- C:\Documents and Settings\Owner\Application Data\WinRAR
2008-05-21 09:57:31 540 --a------ C:\WINDOWS\system32\PDBootState
2008-05-21 09:02:47 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-05-20 21:04:17 0 d-------- C:\Documents and Settings\Ron\Application Data\Bell
2008-05-20 20:54:55 0 dr------- C:\Documents and Settings\LocalService\My Documents
2008-05-20 20:52:28 0 d-------- C:\Program Files\Personal Vault
2008-05-20 20:51:38 0 d-------- C:\Program Files\Common Files\Authentium
2008-05-20 20:51:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Raxco
2008-05-20 20:51:26 0 d-------- C:\Program Files\Raxco
2008-05-20 20:51:15 0 d-------- C:\Program Files\Common Files\Scanner
2008-05-20 20:49:30 0 d-------- C:\Documents and Settings\Owner\Application Data\InstallShield
2008-05-20 20:47:57 0 d-------- C:\Documents and Settings\Owner\Application Data\Bell
2008-05-20 20:47:48 0 d-------- C:\Program Files\Bell
2008-05-20 20:47:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Bell
2008-05-20 20:45:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-05-20 20:15:26 0 d-------- C:\Documents and Settings\Owner\Contacts
2008-05-20 20:09:30 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-20 20:09:24 0 d-------- C:\Program Files\Windows Live
2008-05-20 20:09:12 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-20 11:01:22 0 d-------- C:\Program Files\uTorrent
2008-05-20 11:01:19 0 d-------- C:\Documents and Settings\Owner\Application Data\uTorrent
2008-05-20 10:48:04 0 d-------- C:\Documents and Settings\Owner\Application Data\Sun
2008-05-18 12:49:32 0 d-------- C:\epson
2008-05-18 12:03:18 0 d-------- C:\Program Files\EPSON
2008-05-17 16:29:29 0 d-------- C:\Documents and Settings\Jasmine\Application Data\Apple Computer
2008-05-16 23:57:46 0 d-------- C:\Documents and Settings\Ron\Application Data\Apple Computer
2008-05-16 23:57:11 0 d-------- C:\Program Files\Bonjour
2008-05-16 23:56:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-16 23:56:03 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-05-16 23:55:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-05-16 23:17:06 0 d-------- C:\Documents and Settings\Ron\Application Data\LimeWire
2008-05-16 23:17:02 0 d-------- C:\WINDOWS\Sun
2008-05-16 23:17:02 0 d-------- C:\Documents and Settings\Ron\Application Data\Sun
2008-05-16 23:16:18 0 d-------- C:\Program Files\Java
2008-05-16 23:15:55 0 d-------- C:\Program Files\Common Files\Java
2008-05-16 16:01:35 0 d-------- C:\Documents and Settings\Jasmine\Application Data\Macromedia
2008-05-16 16:01:34 0 d-------- C:\Documents and Settings\Jasmine\Application Data\Adobe
2008-05-16 16:00:21 0 d-------- C:\Documents and Settings\Jasmine\Application Data\Identities
2008-05-16 16:00:11 0 d--h----- C:\Documents and Settings\Jasmine\Templates
2008-05-16 16:00:11 0 dr------- C:\Documents and Settings\Jasmine\Start Menu
2008-05-16 16:00:11 0 dr-h----- C:\Documents and Settings\Jasmine\SendTo
2008-05-16 16:00:11 0 dr-h----- C:\Documents and Settings\Jasmine\Recent
2008-05-16 16:00:11 0 d--h----- C:\Documents and Settings\Jasmine\PrintHood
2008-05-16 16:00:11 1835008 --ah----- C:\Documents and Settings\Jasmine\NTUSER.DAT
2008-05-16 16:00:11 0 d--h----- C:\Documents and Settings\Jasmine\NetHood
2008-05-16 16:00:11 0 dr------- C:\Documents and Settings\Jasmine\My Documents
2008-05-16 16:00:11 0 d--h----- C:\Documents and Settings\Jasmine\Local Settings
2008-05-16 16:00:11 0 dr------- C:\Documents and Settings\Jasmine\Favorites
2008-05-16 16:00:11 0 d-------- C:\Documents and Settings\Jasmine\Desktop
2008-05-16 16:00:11 0 d--hs---- C:\Documents and Settings\Jasmine\Cookies
2008-05-16 16:00:11 0 d--h----- C:\Documents and Settings\Jasmine\Application Data
2008-05-16 16:00:11 0 d---s---- C:\Documents and Settings\Jasmine\Application Data\Microsoft
2008-05-14 20:10:33 0 d-------- C:\Documents and Settings\Ron\Application Data\Macromedia
2008-05-14 20:07:49 0 d-------- C:\Documents and Settings\Ron\Application Data\Adobe
2008-05-14 20:06:25 0 d-------- C:\Documents and Settings\Ron\Application Data\Identities
2008-05-14 20:06:11 0 d--h----- C:\Documents and Settings\Ron\Templates
2008-05-14 20:06:11 0 dr------- C:\Documents and Settings\Ron\Start Menu
2008-05-14 20:06:11 0 dr-h----- C:\Documents and Settings\Ron\SendTo
2008-05-14 20:06:11 0 dr-h----- C:\Documents and Settings\Ron\Recent
2008-05-14 20:06:11 0 d--h----- C:\Documents and Settings\Ron\PrintHood
2008-05-14 20:06:11 1310720 --ah----- C:\Documents and Settings\Ron\NTUSER.DAT
2008-05-14 20:06:11 0 d--h----- C:\Documents and Settings\Ron\NetHood
2008-05-14 20:06:11 0 dr------- C:\Documents and Settings\Ron\My Documents
2008-05-14 20:06:11 0 d--h----- C:\Documents and Settings\Ron\Local Settings
2008-05-14 20:06:11 0 dr------- C:\Documents and Settings\Ron\Favorites
2008-05-14 20:06:11 0 d-------- C:\Documents and Settings\Ron\Desktop
2008-05-14 20:06:11 0 d--hs---- C:\Documents and Settings\Ron\Cookies
2008-05-14 20:06:11 0 d--h----- C:\Documents and Settings\Ron\Application Data
2008-05-14 20:06:11 0 d---s---- C:\Documents and Settings\Ron\Application Data\Microsoft
2008-05-13 22:05:53 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2008-05-13 21:52:44 0 d-------- C:\Program Files\Microsoft Works
2008-05-13 21:52:35 0 d-------- C:\Program Files\MSBuild
2008-05-13 21:51:49 0 d-------- C:\Program Files\Microsoft.NET
2008-05-13 21:49:58 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-05-13 21:49:19 0 d-------- C:\WINDOWS\SHELLNEW
2008-05-13 21:48:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-13 21:15:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Motive
2008-05-13 21:15:02 0 d-------- C:\Program Files\Common Files\Motive
2008-05-13 17:13:26 0 d-------- C:\Program Files\Common Files\Ahead
2008-05-13 17:07:55 0 d--h----- C:\WINDOWS\$hf_mig$
2008-05-13 17:02:38 0 d-------- C:\WINDOWS\system32\URTTemp
2008-05-13 16:59:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-05-13 16:57:01 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-05-13 16:56:04 0 d--hs---- C:\Documents and Settings\Owner\UserData
2008-05-13 16:48:06 0 d-------- C:\WINDOWS\nview
2008-05-13 16:47:36 0 d-------- C:\NVIDIA
2008-05-13 16:46:43 266240 --a------ C:\WINDOWS\CMIUninstall.exe <Not Verified; ; GeneralUninstall Application>
2008-05-13 16:46:43 225280 --a------ C:\WINDOWS\CmiRmRedundDir.exe <Not Verified; ; CmiRmRedundDir Application>
2008-05-13 16:46:43 28672 --a------ C:\WINDOWS\CMIRmDriver.dll
2008-05-13 16:46:43 0 d-------- C:\Program Files\C-Media 3D Audio
2008-05-13 16:46:33 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-05-13 16:40:19 0 d-------- C:\Program Files\Intel
2008-05-13 16:39:55 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-13 16:39:44 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-13 16:25:56 0 d-------- C:\Documents and Settings\Owner\Application Data\Macromedia
2008-05-13 16:21:42 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-05-13 16:21:10 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-05-13 16:21:03 0 d-------- C:\WINDOWS\Prefetch
2008-05-13 16:20:13 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-05-13 16:16:33 0 d-------- C:\WINDOWS\system32\scripting
2008-05-13 16:16:33 0 d-------- C:\WINDOWS\provisioning
2008-05-13 16:16:32 0 d-------- C:\WINDOWS\l2schemas
2008-05-13 16:16:31 0 d-------- C:\WINDOWS\system32\en
2008-05-13 16:16:31 0 d-------- C:\WINDOWS\system32\bits
2008-05-13 16:16:31 0 d-------- C:\WINDOWS\peernet
2008-05-13 16:15:10 0 d-------- C:\WINDOWS\ServicePackFiles
2008-05-13 16:13:18 0 d-------- C:\WINDOWS\network diagnostic
2008-05-13 16:11:51 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-05-13 16:09:50 0 d-------- C:\WINDOWS\EHome
2008-05-13 16:05:58 0 d--hs---- C:\WINDOWS\Installer
2008-05-13 16:05:56 0 d-------- C:\Documents and Settings\Owner\Application Data\Identities
2008-05-13 16:05:45 0 dr-h----- C:\Documents and Settings\Owner\SendTo
2008-05-13 16:05:45 0 dr-h----- C:\Documents and Settings\Owner\Recent
2008-05-13 16:05:45 0 d--h----- C:\Documents and Settings\Owner\PrintHood
2008-05-13 16:05:45 0 d--h----- C:\Documents and Settings\Owner\NetHood
2008-05-13 16:05:45 0 dr------- C:\Documents and Settings\Owner\My Documents
2008-05-13 16:05:45 0 d--h----- C:\Documents and Settings\Owner\Local Settings
2008-05-13 16:05:45 0 dr------- C:\Documents and Settings\Owner\Favorites
2008-05-13 16:05:45 0 d-------- C:\Documents and Settings\Owner\Desktop
2008-05-13 16:05:45 0 d--hs---- C:\Documents and Settings\Owner\Cookies
2008-05-13 16:05:45 0 d--h----- C:\Documents and Settings\Owner\Application Data
2008-05-13 16:05:44 0 d--h----- C:\Documents and Settings\Owner\Templates
2008-05-13 16:05:44 0 dr------- C:\Documents and Settings\Owner\Start Menu
2008-05-13 16:05:44 2621440 --a------ C:\Documents and Settings\Owner\NTUSER.DAT
2008-05-13 16:05:11 0 d--hs---- C:\System Volume Information
2008-05-13 16:05:09 229376 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-05-13 16:05:09 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-05-13 16:05:09 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies
2008-05-13 16:05:09 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-05-13 16:05:09 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-05-13 16:05:09 229376 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-05-13 16:05:09 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-05-13 16:05:09 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2008-05-13 16:05:09 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-05-13 16:05:09 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-05-13 16:02:21 0 d-------- C:\WINDOWS\system32\xircom
2008-05-13 16:02:21 0 d-------- C:\Program Files\microsoft frontpage
2008-05-13 16:02:19 229376 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-05-13 16:02:11 0 -rahs---- C:\MSDOS.SYS
2008-05-13 16:02:11 0 -rahs---- C:\IO.SYS
2008-05-13 16:02:11 0 --a------ C:\CONFIG.SYS
2008-05-13 16:01:25 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-05-13 16:01:17 0 dr------- C:\WINDOWS\Offline Web Pages
2008-05-13 16:01:17 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-05-13 16:00:51 0 d-------- C:\WINDOWS\system32\DirectX
2008-05-13 15:59:52 0 d---s---- C:\WINDOWS\Tasks
2008-05-13 15:59:48 0 d-------- C:\Program Files\Common Files\MSSoap
2008-05-13 15:59:42 0 d-------- C:\WINDOWS\srchasst
2008-05-13 15:59:41 0 d-------- C:\WINDOWS\system32\Macromed
2008-05-13 15:59:39 0 d-------- C:\Program Files\Movie Maker
2008-05-13 15:59:34 0 d-------- C:\WINDOWS\PCHealth
2008-05-13 15:59:33 0 d-------- C:\WINDOWS\system32\Restore
2008-05-13 15:59:18 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-05-13 15:59:00 0 d-------- C:\WINDOWS\Registration
2008-05-13 15:58:36 0 d--h----- C:\Program Files\WindowsUpdate
2008-05-13 15:58:30 0 d-------- C:\Program Files\Messenger
2008-05-13 15:58:23 0 d-------- C:\Program Files\MSN Gaming Zone
2008-05-13 15:57:40 0 d-------- C:\Program Files\Windows NT
2008-05-13 15:57:37 40960 --a------ C:\WINDOWS\system32\tscupgrd.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-13 15:57:36 0 d-------- C:\WINDOWS\system32\MsDtc
2008-05-13 15:57:35 0 d-------- C:\WINDOWS\system32\Com
2008-05-13 11:53:40 0 d-------- C:\Program Files\Common Files\ODBC
2008-05-13 11:53:36 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-05-13 11:53:35 0 dr------- C:\Program Files
2008-05-13 11:53:35 0 d-------- C:\Program Files\Common Files
2008-05-13 11:53:05 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-05-13 11:53:05 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-05-13 11:53:05 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-05-13 11:53:05 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-05-13 11:53:05 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-05-13 11:53:05 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-05-13 11:53:05 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-05-13 11:53:05 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-05-13 11:53:05 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-05-13 11:53:05 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-05-13 11:53:05 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-05-13 11:53:05 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-05-13 11:53:05 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-05-13 11:53:05 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-05-13 11:53:05 0 dr------- C:\Documents and Settings\All Users\Documents
2008-05-13 11:53:05 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-05-13 11:52:54 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-05-13 11:52:54 0 d-------- C:\WINDOWS\system32\CatRoot
2008-05-13 11:52:48 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-05-13 11:52:48 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-05-13 11:52:48 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-05-13 11:52:48 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-05-13 11:52:18 0 d-------- C:\Documents and Settings
2008-05-13 11:46:57 0 d-------- C:\WINDOWS
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\WinSxS
2008-05-13 11:46:57 0 dr------- C:\WINDOWS\Web
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\twain_32
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\system32
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\system32\wins
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\system32\wbem
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\system32\usmt
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\system32\spool
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\system32\ShellExt
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\system32\Setup
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\system32\ras
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\system32\oobe
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\system32\npp
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\system32\mui
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\system32\inetsrv
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\system32\IME
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\system32\icsxml
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\system32\ias
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\system32\export
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\system32\drivers
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-05-13 11:46:57 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\system32\dhcp
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\system32\config
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\system32\3076
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\system32\2052
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\system32\1054
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\system32\1042
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\system32\1041
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\system32\1037
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\system32\1033
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\system32\1031
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\system32\1028
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\system32\1025
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\system
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\security
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\Resources
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\repair
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\mui
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\msapps
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\msagent
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\Media
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\java
2008-05-13 11:46:57 0 d--h----- C:\WINDOWS\inf
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\ime
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\Help
2008-05-13 11:46:57 0 dr--s---- C:\WINDOWS\Fonts
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\Driver Cache
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\Debug
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\Cursors
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\Connection Wizard
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\Config
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\AppPatch
2008-05-13 11:46:57 0 d-------- C:\WINDOWS\addins


-- Find3M Report ---------------------------------------------------------------

2008-05-13 21:16:46 314 --a------ C:\Program Files\INSTALL.LOG
2008-05-13 11:53:05 62 --ahs---- C:\Documents and Settings\Owner\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/05/2007 01:41 AM]
"Sympatico Security Manager"="C:\Program Files\Bell\Security Manager\Rps.exe" [03/10/2008 12:25 PM]
"SSA.exe"="C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" [03/27/2007 10:33 AM]
"nwiz"="nwiz.exe" [12/05/2007 01:41 AM C:\WINDOWS\system32\nwiz.exe]
"EPSON Stylus C64 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.exe" [05/27/2003 03:00 AM]
"-FreedomNeedsReboot"="C:\Program Files\Bell\Security Manager\ZkRunOnceR.exe" [03/10/2008 12:26 PM]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12/05/2007 01:41 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/14/2008 05:42 AM]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [08/03/2007 12:51 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"IndexCleaner"="C:\Program Files\Bell\Security Manager\IdxClnR.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"IndexCleaner"="C:\Program Files\Bell\Security Manager\IdxClnR.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"F:\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- End of Deckard's System Scanner: finished at 2008-06-05 09:46:07 ------------

Still 6 instances of svchost.exe running >_< but i guess that could be normal.. i disabled my sympatico security manager / windows firewall and it still wont let me upload the file.. i do use a router dlink-524 but i can upload on other sites with all these turned on..

Edited by krule, 05 June 2008 - 07:52 AM.

[Ness]

Hello again Krule

1. Jotti File Submission
------------------------------------------------

Jotti File Submission:

• Please go to Jotti's malware scan
  
• Copy and paste the following file path into the "File to upload & scan"box on the top of the page:
  
  
  • c:\temp\svchost.exe
• Click on the submit button
  
• Follow the same steps for each of the following files:
• Please post the results in your next reply.

2. Program Removal
------------------------------------------------

Please go to Start > Run and select Add/Remove Programs. Then scroll down and uninstall the following programs:

F:\Nero 8\\nero\uninstall\UNNERO.exe /UNINSTALL

3. File Deletion
------------------------------------------------

Please download the OTMoveIt2 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  C:\Documents and Settings\Jasmine\Incomplete\T-3545425-girlicious leave you alone.mp3 
  C:\Documents and Settings\Jasmine\Incomplete\T-3545425-stronger than you think i am.mp3
  C:\Documents and Settings\Jasmine\Incomplete\T-5745425-lauren christoff – wont stop.mp3 
  C:\Documents and Settings\Jasmine\Incomplete\T-5745425-stronger than you think i am.mp3 
  F:\everything\Nero Burning ROM 8

• Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
• Click the red Moveit! button.
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


4. File Assocations
------------------------------------------------

Please go to Start > Run and type or copy/paste the following in the run box (including the quotation marks):

"%userprofile%\desktop\dss.exe" /daft

Then click OK.

5. Set a New System Restore Point
------------------------------------------------

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)

• Turn off System Restore:
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK.
• Reboot.
  
• Turn ON System Restore.
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • UN-Check *Turn off System Restore*.
  • Click Apply, and then click OK.

Finally post a new DSS log.

In your next post
------------------------------------------------

• Jotti Scan Log
• OTMoveIt2 Log
• New DSS LOg

[krule]

Hello again Krule

1. Jotti File Submission
------------------------------------------------

Jotti File Submission:

• Please go to Jotti's malware scan
  
• Copy and paste the following file path into the "File to upload & scan"box on the top of the page:
  
  
  • c:\temp\svchost.exe
• Click on the submit button
  
• Follow the same steps for each of the following files:
• Please post the results in your next reply.

2. Program Removal
------------------------------------------------

Please go to Start > Run and select Add/Remove Programs. Then scroll down and uninstall the following programs:

F:\Nero 8\\nero\uninstall\UNNERO.exe /UNINSTALL

3. File Deletion
------------------------------------------------

Please download the OTMoveIt2 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  C:\Documents and Settings\Jasmine\Incomplete\T-3545425-girlicious leave you alone.mp3 
  C:\Documents and Settings\Jasmine\Incomplete\T-3545425-stronger than you think i am.mp3
  C:\Documents and Settings\Jasmine\Incomplete\T-5745425-lauren christoff – wont stop.mp3 
  C:\Documents and Settings\Jasmine\Incomplete\T-5745425-stronger than you think i am.mp3 
  F:\everything\Nero Burning ROM 8

• Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
• Click the red Moveit! button.
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


4. File Assocations
------------------------------------------------

Please go to Start > Run and type or copy/paste the following in the run box (including the quotation marks):

"%userprofile%\desktop\dss.exe" /daft

Then click OK.

5. Set a New System Restore Point
------------------------------------------------

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)

• Turn off System Restore:
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK.
• Reboot.
  
• Turn ON System Restore.
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • UN-Check *Turn off System Restore*.
  • Click Apply, and then click OK.

Finally post a new DSS log.

In your next post
------------------------------------------------

• Jotti Scan Log
• OTMoveIt2 Log
• New DSS LOg

it's all in my above post.

[krule]

pretty sure the superantispyware program cleaned it all up.