Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

HiJackThis Log [RESOLVED]

Started by l0st.en.Drago , Jun 02 2008 09:44 PM

  • This topic is locked This topic is locked

#1
l0st.en.Drago
Posted 02 June 2008 - 09:44 PM

l0st.en.Drago

    Member

  • Member
  • PipPip
  • 61 posts
So. I think I've been hijacked.. Whenever I try and view a image from Google my browser refreshes and refreshes.. and I get an error/
The image "*location*" cannot be displayed because it contains errors.

Sometimes my Firefox will just freeze and shut down and I'm not doing anything.. I'd have 1 tab open and maybe skype..
Now-- I just got an email saying "thank you for your order" that was ordered thirty minutes ago.. a perchance order from skype.. and I wasn't even here.. and I didn't make that order.. I think maybe someones in my computer or has some keylogger.. I emailed my bank and skype.. but lets fix this.. please. I scanned my computer w/ AVG and SUPERAntiSpyware.. and I show nothing..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:36:19 PM, on 6/2/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\IDT\WDM\sttray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\windows\softwaredistribution\download\install\STacSV.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Pidgin\pidgin.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Hide-The-IP] "C:\Documents and Settings\Joe\Desktop\Hide.The.IP.v2.0.1-CR\HideTheIP.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1211563830937
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1211607403468
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\windows\softwaredistribution\download\install\STacSV.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 6024 bytes
  • 0

Advertisements

#2
l0st.en.Drago
Posted 03 June 2008 - 02:47 PM

l0st.en.Drago

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
bump.
  • 0

#3
l0st.en.Drago
Posted 04 June 2008 - 07:11 AM

l0st.en.Drago

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
.. 2nd day.. BUMP.
  • 0

#4
l0st.en.Drago
Posted 05 June 2008 - 06:40 PM

l0st.en.Drago

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
bump.. day 3.
  • 0

#5
l0st.en.Drago
Posted 07 June 2008 - 09:08 AM

l0st.en.Drago

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
4th day.. BUMP.
  • 0

#6
Mike
Posted 08 June 2008 - 09:07 AM

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
hi there l0st.en.Drago,

You aren't receiving help because you continually BUMP your thread. Learn to be patient please.
We take logs that have 0 replies since others look as they are already being helped.

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
Note:These logs may be too large to post in one reply, if so, please post extra.txt in a seperate reply.

Edited by Mike, 08 June 2008 - 09:11 AM.

  • 0

#7
l0st.en.Drago
Posted 08 June 2008 - 10:23 AM

l0st.en.Drago

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
Deckard's System Scanner v20071014.68
Run by Joe on 2008-06-08 09:20:06
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
46: 2008-06-08 16:20:09 UTC - RP46 - Deckard's System Scanner Restore Point
45: 2008-06-07 22:33:18 UTC - RP45 - Installed OpenOffice.org 2.4
44: 2008-06-07 22:33:12 UTC - RP44 - Removed OpenOffice.org Installer 1.0
43: 2008-06-07 22:32:43 UTC - RP43 - Installed Java™ 6 Update 4
42: 2008-06-07 18:14:04 UTC - RP42 - Installed Project64 1.6


-- First Restore Point --
1: 2008-05-23 17:16:14 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Joe.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:20:34 AM, on 6/8/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\windows\softwaredistribution\download\install\STacSV.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\Joe\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Joe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1211563830937
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1211607403468
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\windows\softwaredistribution\download\install\STacSV.exe

--
End of file - 5759 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*
.js - jsfile - DefaultIcon - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe",7
.js - jsfile - shell\open\command - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R4 AvgTdiX (AVG8 Network Redirector) - c:\windows\system32\drivers\avgtdix.sys (file missing)

S2 LMIInfo (LogMeIn Kernel Information Provider) - c:\program files\logmein\x86\rainfo.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_544E8086&REV_01\3&61AAA01&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_544E8086&REV_01\3&61AAA01&0&FB
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-06-08 09:00:00 482 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job


-- Files created between 2008-05-08 and 2008-06-08 -----------------------------

2008-06-07 15:35:51 0 d-------- C:\Documents and Settings\Joe\Application Data\OpenOffice.org2
2008-06-07 15:33:22 0 d-------- C:\Program Files\OpenOffice.org 2.4
2008-06-07 15:31:58 0 d-------- C:\Program Files\OpenOffice.org 2.4 (en-US) Installation Files
2008-06-07 11:14:04 0 d-------- C:\Program Files\Project64 1.6
2008-06-07 10:38:00 0 d-------- C:\Documents and Settings\Joe\Application Data\ESET
2008-06-07 10:37:21 0 d-------- C:\WINDOWS\LastGood
2008-06-07 10:36:59 0 d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-06-07 10:35:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-06-07 10:14:48 0 d-------- C:\WINDOWS\5888428E699C4E71BF7194EE06B497DA.TMP
2008-06-03 16:53:18 0 d-------- C:\Documents and Settings\All Users\Application Data\LogMeIn
2008-06-02 20:52:29 0 d-------- C:\WINDOWS\Sun
2008-06-02 20:52:29 0 d-------- C:\Documents and Settings\Joe\Application Data\Sun
2008-06-02 20:51:22 0 d-------- C:\Program Files\Java
2008-06-02 20:49:09 0 d-------- C:\Program Files\Common Files\Java
2008-06-02 20:36:10 0 d-------- C:\Program Files\Trend Micro
2008-06-02 19:37:42 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-05-31 16:11:36 0 d-------- C:\Program Files\Microsoft.NET
2008-05-31 16:11:36 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-05-31 16:11:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-31 07:52:49 0 d-------- C:\Program Files\Notepad++
2008-05-31 07:52:49 0 d-------- C:\Documents and Settings\Joe\Application Data\Notepad++
2008-05-29 12:30:58 0 d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-05-29 12:30:55 0 d-------- C:\Program Files\TuneUp Utilities 2008
2008-05-29 12:21:55 0 d-------- C:\Documents and Settings\Joe\Application Data\TuneUp Software
2008-05-28 09:51:51 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-05-27 20:51:34 0 d-------- C:\Program Files\QuickTime
2008-05-27 20:50:34 0 d-------- C:\Program Files\Bonjour
2008-05-27 20:45:54 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-05-27 09:12:08 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-27 09:12:04 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-05-27 09:12:04 0 d-------- C:\Documents and Settings\Joe\Application Data\SUPERAntiSpyware.com
2008-05-27 09:11:52 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-26 19:02:44 0 d-------- C:\WINDOWS\system32\appmgmt
2008-05-24 16:39:45 0 d-------- C:\Program Files\Tensons
2008-05-24 16:26:29 0 d-------- C:\Documents and Settings\Joe\Application Data\WebStripper
2008-05-24 16:26:17 0 d-------- C:\Program Files\Solent
2008-05-24 15:30:53 0 d-------- C:\Documents and Settings\Joe\Application Data\AVGTOOLBAR
2008-05-24 15:30:49 0 d-------- C:\Program Files\AVG
2008-05-24 10:56:33 14 --a------ C:\WINDOWS\system32\SystemInfo32.sys
2008-05-24 10:55:45 0 d-------- C:\Program Files\DVD X Studios
2008-05-24 10:55:45 0 d-------- C:\Documents and Settings\All Users\Application Data\DVD X Studios
2008-05-24 10:33:26 0 d-------- C:\Program Files\FlashFXP
2008-05-24 10:33:26 0 d-------- C:\Documents and Settings\All Users\Application Data\FlashFXP
2008-05-24 09:55:22 0 d-------- C:\Program Files\Common Files\Macromedia Shared
2008-05-24 09:55:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
2008-05-23 22:39:44 0 d-------- C:\Program Files\Microsoft Silverlight
2008-05-23 21:37:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-05-23 21:37:00 0 d-------- C:\Documents and Settings\Joe\Application Data\gtk-2.0
2008-05-23 21:31:33 0 d-------- C:\Program Files\Messenger Plus! Live
2008-05-23 21:07:07 0 d-------- C:\Documents and Settings\Joe\Contacts
2008-05-23 21:04:23 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-05-23 20:57:04 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-23 20:56:46 0 d-------- C:\Program Files\Windows Live
2008-05-23 20:56:38 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-23 17:35:39 0 d-------- C:\Program Files\7-Zip
2008-05-23 17:25:27 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-05-23 17:25:27 0 d-------- C:\Documents and Settings\Joe\Application Data\skypePM
2008-05-23 17:24:55 0 d-------- C:\Documents and Settings\Joe\Application Data\Skype
2008-05-23 17:19:36 0 d-------- C:\Program Files\Skype
2008-05-23 17:19:36 0 d-------- C:\Program Files\Common Files\Skype
2008-05-23 17:19:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-05-23 17:12:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-05-23 17:12:46 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-05-23 17:12:00 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-23 17:12:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-05-23 15:18:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-05-23 15:18:44 0 d-------- C:\Documents and Settings\Joe\Application Data\Azureus
2008-05-23 15:16:23 0 d-------- C:\Program Files\Azureus
2008-05-23 12:39:23 0 d-------- C:\Documents and Settings\Joe\Application Data\Macromedia
2008-05-23 12:39:22 0 d-------- C:\Documents and Settings\Joe\Application Data\Adobe
2008-05-23 12:39:18 1796 --a------ C:\WINDOWS\mozver.dat
2008-05-23 12:35:00 0 d-------- C:\Program Files\Windows Media Connect 2
2008-05-23 12:34:12 0 d-------- C:\WINDOWS\system32\LogFiles
2008-05-23 12:34:12 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-05-23 12:31:07 0 d-------- C:\WINDOWS\system32\URTTemp
2008-05-23 12:14:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-05-23 12:13:12 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-23 12:13:10 0 d-------- C:\Documents and Settings\Joe\Application Data\Mozilla
2008-05-23 12:12:04 0 d-------- C:\WINDOWS\Prefetch
2008-05-23 12:00:29 0 d-------- C:\WINDOWS\system32\scripting
2008-05-23 12:00:29 0 d-------- C:\WINDOWS\l2schemas
2008-05-23 12:00:28 0 d-------- C:\WINDOWS\system32\en
2008-05-23 12:00:28 0 d-------- C:\WINDOWS\system32\bits
2008-05-23 11:59:26 0 d-------- C:\WINDOWS\ServicePackFiles
2008-05-23 11:57:54 0 d-------- C:\WINDOWS\network diagnostic
2008-05-23 11:56:54 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-05-23 11:55:21 0 d-------- C:\Documents and Settings\Joe\Application Data\.purple
2008-05-23 10:53:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-05-23 10:53:18 0 d-------- C:\WINDOWS\system32\PreInstall
2008-05-23 10:52:11 0 d-------- C:\Program Files\Pidgin
2008-05-23 10:52:04 0 d-------- C:\Program Files\Common Files\GTK
2008-05-23 10:49:33 0 d-------- C:\WINDOWS\nview
2008-05-23 10:49:09 0 d-------- C:\NVIDIA
2008-05-23 10:48:10 40960 --a------ C:\WINDOWS\system32\SFIMLARK.dll <Not Verified; Sonic Focus, Inc; Sonic Focus SFIMLARK>
2008-05-23 10:48:10 61440 --a------ C:\WINDOWS\system32\SFIDLOCK.dll <Not Verified; Sonic Focus, Inc; Silicon Pixels SFIDLOCK>
2008-05-23 10:48:10 266240 --a------ C:\WINDOWS\system32\IASMXDLL.dll <Not Verified; Sonic Focus, Inc; Sonic Focus IASMXDLL>
2008-05-23 10:48:10 274432 --a------ C:\WINDOWS\system32\IASDLL.dll <Not Verified; Sonic Focus, Inc; Sonic Focus IASDLL>
2008-05-23 10:48:10 53248 --a------ C:\WINDOWS\system32\IASBB.dll <Not Verified; Sonic Focus, Inc; IASBB>
2008-05-23 10:48:09 0 d-------- C:\Program Files\Intel Audio Studio
2008-05-23 10:47:16 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-23 10:47:16 0 d-------- C:\Program Files\IDT
2008-05-23 10:47:13 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-23 10:31:24 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-05-23 10:25:30 0 d--hs---- C:\Documents and Settings\Joe\UserData
2008-05-23 10:23:22 0 d-------- C:\Program Files\Intel
2008-05-23 10:16:03 0 d-------- C:\Documents and Settings\Joe\Application Data\Identities
2008-05-23 10:15:56 0 d--h----- C:\Documents and Settings\Joe\Templates <TEMPLA~1>
2008-05-23 10:15:56 0 dr------- C:\Documents and Settings\Joe\Start Menu <STARTM~1>
2008-05-23 10:15:56 0 dr-h----- C:\Documents and Settings\Joe\SendTo
2008-05-23 10:15:56 0 dr-h----- C:\Documents and Settings\Joe\Recent
2008-05-23 10:15:56 0 d--h----- C:\Documents and Settings\Joe\PrintHood <PRINTH~1>
2008-05-23 10:15:56 2097152 --ah----- C:\Documents and Settings\Joe\NTUSER.DAT
2008-05-23 10:15:56 0 d--h----- C:\Documents and Settings\Joe\NetHood
2008-05-23 10:15:56 0 dr------- C:\Documents and Settings\Joe\My Documents <MYDOCU~1>
2008-05-23 10:15:56 0 d--h----- C:\Documents and Settings\Joe\Local Settings <LOCALS~1>
2008-05-23 10:15:56 0 dr------- C:\Documents and Settings\Joe\Favorites <FAVORI~1>
2008-05-23 10:15:56 0 d-------- C:\Documents and Settings\Joe\Desktop
2008-05-23 10:15:56 0 d--hs---- C:\Documents and Settings\Joe\Cookies
2008-05-23 10:15:56 0 dr-h----- C:\Documents and Settings\Joe\Application Data <APPLIC~1>
2008-05-23 10:11:32 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-05-23 10:11:30 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-05-23 10:11:30 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2008-05-23 10:11:30 0 d-------- C:\Documents and Settings\LocalService\Application Data <APPLIC~1>
2008-05-23 10:11:30 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-05-23 10:11:29 229376 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-05-23 10:11:29 0 d--h----- C:\Documents and Settings\LocalService\Local Settings <LOCALS~1>
2008-05-23 10:11:13 229376 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-05-23 10:11:13 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings <LOCALS~1>
2008-05-23 10:11:13 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2008-05-23 10:11:13 0 d-------- C:\Documents and Settings\NetworkService\Application Data <APPLIC~1>
2008-05-23 10:11:13 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-05-23 10:08:57 0 d-------- C:\WINDOWS\system32\xircom
2008-05-23 10:08:57 0 d-------- C:\Program Files\microsoft frontpage
2008-05-23 10:08:48 229376 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-05-23 10:08:46 0 d--h----- C:\WINDOWS\$hf_mig$
2008-05-23 10:08:36 0 -rahs---- C:\MSDOS.SYS
2008-05-23 10:08:36 0 -rahs---- C:\IO.SYS
2008-05-23 10:08:36 0 --a------ C:\CONFIG.SYS
2008-05-23 10:08:36 0 --a------ C:\AUTOEXEC.BAT
2008-05-23 10:07:48 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-05-23 10:07:39 0 dr------- C:\WINDOWS\Offline Web Pages
2008-05-23 10:07:39 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-05-23 10:07:30 0 d--h----- C:\Program Files\WindowsUpdate
2008-05-23 10:07:13 0 d-------- C:\WINDOWS\system32\DirectX
2008-05-23 10:06:48 0 d---s---- C:\WINDOWS\Tasks
2008-05-23 10:06:47 0 d-------- C:\Program Files\Common Files\MSSoap
2008-05-23 10:06:44 0 d-------- C:\WINDOWS\srchasst
2008-05-23 10:06:43 0 d-------- C:\WINDOWS\system32\Macromed
2008-05-23 10:06:37 0 d-------- C:\Program Files\Movie Maker
2008-05-23 10:06:31 0 d-------- C:\WINDOWS\system32\Restore
2008-05-23 10:05:59 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-05-23 10:05:46 0 d-------- C:\WINDOWS\Registration
2008-05-23 10:05:41 0 d-------- C:\Program Files\Online Services
2008-05-23 10:05:36 0 d-------- C:\Program Files\Messenger
2008-05-23 10:05:33 0 d-------- C:\Program Files\MSN Gaming Zone
2008-05-23 10:05:02 0 d-------- C:\Program Files\Windows NT
2008-05-23 10:05:00 0 d-------- C:\WINDOWS\system32\MsDtc
2008-05-23 10:04:58 0 d-------- C:\WINDOWS\system32\Com
2008-05-23 03:59:17 0 d--hs---- C:\WINDOWS\Installer
2008-05-23 03:59:16 0 d-------- C:\Program Files\Common Files\ODBC
2008-05-23 03:59:13 0 dr------- C:\Program Files
2008-05-23 03:59:13 0 d-------- C:\Program Files\Common Files
2008-05-23 03:59:13 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-05-23 03:58:54 0 d--h----- C:\Documents and Settings\Default User\Templates <TEMPLA~1>
2008-05-23 03:58:54 0 dr------- C:\Documents and Settings\Default User\Start Menu <STARTM~1>
2008-05-23 03:58:54 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-05-23 03:58:54 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-05-23 03:58:54 0 d--h----- C:\Documents and Settings\Default User\PrintHood <PRINTH~1>
2008-05-23 03:58:54 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-05-23 03:58:54 0 d-------- C:\Documents and Settings\Default User\My Documents <MYDOCU~1>
2008-05-23 03:58:54 0 dr-h----- C:\Documents and Settings\Default User\Local Settings <LOCALS~1>
2008-05-23 03:58:54 0 d-------- C:\Documents and Settings\Default User\Favorites <FAVORI~1>
2008-05-23 03:58:54 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-05-23 03:58:54 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-05-23 03:58:54 0 d--h----- C:\Documents and Settings\All Users\Templates <TEMPLA~1>
2008-05-23 03:58:54 0 dr------- C:\Documents and Settings\All Users\Start Menu <STARTM~1>
2008-05-23 03:58:54 0 d-------- C:\Documents and Settings\All Users\Favorites <FAVORI~1>
2008-05-23 03:58:54 0 dr------- C:\Documents and Settings\All Users\Documents
2008-05-23 03:58:44 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-05-23 03:58:44 0 d-------- C:\WINDOWS\system32\CatRoot
2008-05-23 03:58:39 0 dr-h----- C:\Documents and Settings\Default User\Application Data <APPLIC~1>
2008-05-23 03:58:39 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-05-23 03:58:39 0 dr-h----- C:\Documents and Settings\All Users\Application Data <APPLIC~1>
2008-05-23 03:58:39 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-05-23 03:58:21 0 d--hs---- C:\System Volume Information
2008-05-23 03:58:21 0 d-------- C:\Documents and Settings
2008-05-23 03:52:45 0 d-------- C:\WINDOWS
2008-05-23 03:52:45 0 d-------- C:\WINDOWS\WinSxS
2008-05-23 03:52:45 0 dr------- C:\WINDOWS\Web
2008-05-23 03:52:45 0 d-------- C:\WINDOWS\twain_32
2008-05-23 03:52:45 0 d-------- C:\WINDOWS\system32
2008-05-23 03:52:45 0 d-------- C:\WINDOWS\system32\wins
2008-05-23 03:52:45 0 d-------- C:\WINDOWS\system32\wbem
2008-05-23 03:52:45 0 d-------- C:\WINDOWS\system32\usmt
2008-05-23 03:52:45 0 d-------- C:\WINDOWS\system32\spool
2008-05-23 03:52:45 0 d-------- C:\WINDOWS\system32\ShellExt
2008-05-23 03:52:45 0 d-------- C:\WINDOWS\system32\Setup
2008-05-23 03:52:45 0 d-------- C:\WINDOWS\system32\ras
2008-05-23 03:52:45 0 d-------- C:\WINDOWS\system32\oobe
2008-05-23 03:52:45 0 d-------- C:\WINDOWS\system32\npp
2008-05-23 03:52:45 0 d-------- C:\WINDOWS\system32\mui
2008-05-23 03:52:45 0 d-------- C:\WINDOWS\system32\inetsrv
2008-05-23 03:52:45 0 d-------- C:\WINDOWS\system32\IME
2008-05-23 03:52:45 0 d-------- C:\WINDOWS\system32\icsxml
2008-05-23 03:52:45 0 d-------- C:\WINDOWS\system32\ias
2008-05-23 03:52:45 0 d-------- C:\WINDOWS\system32\export
2008-05-23 03:52:45 0 d-------- C:\WINDOWS\system32\drivers
2008-05-23 03:52:45 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-05-23 03:52:45 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-05-23 03:52:45 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-05-23 03:52:45 0 d-------- C:\WINDOWS\system32\dhcp
2008-05-23 03:52:45 0 d-------- C:\WINDOWS\system32\config
2008-05-23 03:52:45 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-05-23 03:52:45 0 d-------- C:\WINDOWS\system32\3076
2008-05-23 03:52:45 0 d-------- C:\WINDOWS\system32\2052
2008-05-23 03:52:45 0 d-------- C:\WINDOWS\system32\1054
2008-05-23 03:52:45 0 d-------- C:\WINDOWS\system32\1042
2008-05-23 03:52:45 0 d-------- C:\WINDOWS\system32\1041
2008-05-23 03:52:45 0 d-------- C:\WINDOWS\system32\1037
2008-05-23 03:52:45 0 d-------- C:\WINDOWS\system32\1033
2008-05-23 03:52:45 0 d-------- C:\WINDOWS\system32\1031
2008-05-23 03:52:45 0 d-------- C:\WINDOWS\system32\1028
2008-05-23 03:52:45 0 d-------- C:\WINDOWS\system32\1025
2008-05-23 03:52:45 0 d-------- C:\WINDOWS\system
2008-05-23 03:52:45 0 d-------- C:\WINDOWS\security
2008-05-23 03:52:45 0 d-------- C:\WINDOWS\Resources
2008-05-23 03:52:45 0 d-------- C:\WINDOWS\repair
2008-05-23 03:52:45 0 d-------- C:\WINDOWS\Provisioning
2008-05-23 03:52:45 0 d-------- C:\WINDOWS\PeerNet
2008-05-23 03:52:45 0 d-------- C:\WINDOWS\pchealth
2008-05-23 03:52:45 0 d-------- C:\WINDOWS\mui
2008-05-23 03:52:45 0 d-------- C:\WINDOWS\msapps
2008-05-23 03:52:45 0 d-------- C:\WINDOWS\msagent
2008-05-23 03:52:45 0 d-------- C:\WINDOWS\Media
2008-05-23 03:52:45 0 d-------- C:\WINDOWS\java
2008-05-23 03:52:45 0 d--h----- C:\WINDOWS\inf
2008-05-23 03:52:45 0 d-------- C:\WINDOWS\ime
2008-05-23 03:52:45 0 d-------- C:\WINDOWS\Help
2008-05-23 03:52:45 0 dr--s---- C:\WINDOWS\Fonts
2008-05-23 03:52:45 0 d-------- C:\WINDOWS\ehome
2008-05-23 03:52:45 0 d-------- C:\WINDOWS\Driver Cache
2008-05-23 03:52:45 0 d-------- C:\WINDOWS\Debug
2008-05-23 03:52:45 0 d-------- C:\WINDOWS\Cursors
2008-05-23 03:52:45 0 d-------- C:\WINDOWS\Connection Wizard
2008-05-23 03:52:45 0 d-------- C:\WINDOWS\Config
2008-05-23 03:52:45 0 d-------- C:\WINDOWS\AppPatch
2008-05-23 03:52:45 0 d-------- C:\WINDOWS\addins


-- Find3M Report ---------------------------------------------------------------

2008-05-23 03:58:54 62 --ahs---- C:\Documents and Settings\Joe\Application Data\desktop.ini
2008-03-24 11:35:00 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2008-03-24 11:35:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2008-03-24 11:35:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2008-03-24 11:35:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2008-03-24 11:35:00 1482752 --a------ C:\WINDOWS\system32\nview.dll
2008-03-24 11:35:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2008-03-24 11:35:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2008-03-24 11:35:00 425984 --a------ C:\WINDOWS\system32\keystone.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelAudioStudio"="C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" [01/24/2008 06:35 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [03/24/2008 11:35 AM]
"nwiz"="nwiz.exe" [03/24/2008 11:35 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [03/24/2008 11:35 AM]
"SysTrayApp"="C:\Program Files\IDT\WDM\sttray.exe" [04/10/2008 08:07 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [04/23/2008 02:57 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 05:12 PM]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [10/18/2007 11:34 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [04/13/2008 05:12 PM]

C:\Documents and Settings\Joe\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 7:16:50 PM]
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [1/21/2008 3:41:28 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 05/28/2008 12:32 PM 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc

*Newly Created Service* - EAMON
*Newly Created Service* - EASDRV
*Newly Created Service* - EKRN
*Newly Created Service* - EPFW
*Newly Created Service* - EPFWTDI



-- End of Deckard's System Scanner: finished at 2008-06-08 09:22:36 ------------
  • 0

#8
l0st.en.Drago
Posted 08 June 2008 - 10:24 AM

l0st.en.Drago

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
Here you go. Sorry about the replys it's just after a day there are already 100 other post in front of mine. Sorry.

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® D CPU 3.20GHz
Percentage of Memory in Use: 16%
Physical Memory (total/avail): 3581.96 MiB / 3007.86 MiB
Pagefile Memory (total/avail): 5464.48 MiB / 5103.13 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1904.11 MiB

C: is Fixed (NTFS) - 232.88 GiB total, 215.75 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)

\\.\PHYSICALDRIVE0 - WDC WD2500KS-00MJB0 - 232.88 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 232.88 GiB - C:

\\.\PHYSICALDRIVE4 - Generic IC1210 MMC/SD USB Device

\\.\PHYSICALDRIVE2 - Generic IC1210 CF USB Device

\\.\PHYSICALDRIVE3 - Generic IC1210 MS USB Device

\\.\PHYSICALDRIVE5 - Generic IC1210 SM USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Joe\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JOSEPH-DESKTOP
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Joe
LOGONSERVER=\\JOSEPH-DESKTOP
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Intel\DMIX;C:\Program Files\Common Files\Adobe\AGL
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 6 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0604
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Joe\LOCALS~1\Temp
TMP=C:\DOCUME~1\Joe\LOCALS~1\Temp
USERDOMAIN=JOSEPH-DESKTOP
USERNAME=Joe
USERPROFILE=C:\Documents and Settings\Joe
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Joe (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.58 beta --> "C:\Program Files\7-Zip\Uninstall.exe"
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color Common Settings --> C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings --> MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3 --> C:\Program Files\Common Files\Adobe\Installers\435a6af7459cb02a9c1138113a26e93\Setup.exe
Adobe Dreamweaver CS3 --> MsiExec.exe /I{F01D5ED5-D53A-4468-B428-149DC2CB3110}
Adobe ExtendScript Toolkit 2 --> C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Extension Manager CS3 --> MsiExec.exe /I{2A539CD9-0F75-4875-9A32-E06DD93C4114}
Adobe Flash CS3 --> MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash CS3 Professional --> C:\Program Files\Common Files\Adobe\Installers\c3c7fe8b09d497ab2b3fd91c9353390\Setup.exe
Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
Adobe Flash Player 9 Plugin --> MsiExec.exe /X{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Video Encoder --> MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Setup --> MsiExec.exe /I{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}
Adobe Setup --> MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup --> MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Setup --> MsiExec.exe /I{FFC1ADE3-944B-4231-894E-3903C37271D2}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Azureus Vuze --> C:\Program Files\Azureus\uninstall.exe
CleanUp! --> C:\Program Files\CleanUp!\uninstall.exe
DVD X Player 4.1 Standard --> "C:\Program Files\DVD X Studios\DVD X Player 4.1 Standard\unins000.exe"
ESET Smart Security --> MsiExec.exe /I{00F0588F-5F9C-4661-84E0-176790BDF709}
FlashFXP v3 --> "C:\Program Files\FlashFXP\Uninstall.exe" "C:\Program Files\FlashFXP\install.log" -u
GTK+ Runtime 2.12.8 rev a (remove only) --> C:\Program Files\Common Files\GTK\2.0\uninst.exe
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
IDT Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\setup.exe" -l0x9 -remove -removeonly
Intel Audio Studio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4AC7761F-7B49-482A-9BA1-E223D32D2B64}\setup.exe" -l0x9
Intel® PRO Network Connections 12.1.12.0 --> MsiExec.exe /i{777CA40C-0206-4EF6-A0FC-618BF06BF8D0} ARPREMOVE=1
Java™ 6 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java™ 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Notepad++ --> C:\Program Files\Notepad++\uninstall.exe
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
OpenOffice.org 2.4 --> MsiExec.exe /I{F87A8E11-02A4-4875-A3A5-5961081B0E4E}
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Pidgin --> C:\Program Files\Pidgin\pidgin-uninst.exe
Project64 1.6 --> MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Skype™ 3.8 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
TuneUp Utilities 2008 --> MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Zune Desktop Theme --> MsiExec.exe /X{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}


-- Application Event Log -------------------------------------------------------

Event Record #/Type296 / Error
Event Submitted/Written: 06/03/2008 04:49:57 PM
Event ID/Source: 1001 / Application Hang
Event Description:
Fault bucket 765418700.

Event Record #/Type295 / Error
Event Submitted/Written: 06/03/2008 04:49:52 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application pidgin.exe, version 2.4.2.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type288 / Error
Event Submitted/Written: 06/02/2008 07:31:50 AM
Event ID/Source: 1001 / Application Hang
Event Description:
Fault bucket 713234062.

Event Record #/Type287 / Error
Event Submitted/Written: 06/02/2008 07:31:46 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application firefox.exe, version 1.8.20080.40413, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type277 / Success
Event Submitted/Written: 05/30/2008 08:49:16 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type689 / Warning
Event Submitted/Written: 06/08/2008 00:16:43 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type635 / Error
Event Submitted/Written: 06/07/2008 06:31:57 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3

Event Record #/Type623 / Warning
Event Submitted/Written: 06/06/2008 06:46:18 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type600 / Warning
Event Submitted/Written: 06/04/2008 07:47:20 PM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type567 / Warning
Event Submitted/Written: 06/03/2008 04:53:14 PM
Event ID/Source: 20 / Print
Event Description:
Printer Driver LogMeIn Printer Driver for Windows NT x86 Version-3 was added or updated. Files:- LMIprinter.dll, LMIprinterui.dll, LMIprinterdat.dll.



-- End of Deckard's System Scanner: finished at 2008-06-08 09:22:36 ------------
  • 0

#9
Mike
Posted 08 June 2008 - 12:20 PM

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi again,

No worries about the bumping, as long as you understand that there are simply to many logs to get to everyone and that others need to wait as long or longer than you.

Now I don't see much in your logs, you say that your sensitive information has been breached, have you taken the precautions (call your bank, change your passwords from a clean computer?)

Go ahead and uninstall this old Java entry for me please.

Java™ 6 Update 4

Delete this file please : C:\WINDOWS\5888428E699C4E71BF7194EE06B497DA.TMP

Jotti Scan

  • Please go to Jotti's malware scan
  • Copy and paste the following file path into the "File to upload & scan"box on the top of the page:

    • C:\WINDOWS\system32\SystemInfo32.sys
  • Click on the submit button
  • Please post the results in your next reply.

Running ATF Cleaner

Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Now download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Please attach the log it produces to your next post.
  • 0

#10
l0st.en.Drago
Posted 08 June 2008 - 01:11 PM

l0st.en.Drago

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
The jotti scan.. you cannot download it. I guess they are having SQL connection problems.

Ok. Now Geeks to go.. and Geeks to go only.. it renders no images! It looks soo weird.

Now here is a picture of what g2g looks like
http://img367.images...7791/wowvh6.jpg

Also Jotti scan is working.. I will post the log as soon as its done.

Im editing and delting this log and will post the saved txt file I have on my PC. but the Jottis scan went down again
Error: unable to connect to database. The administrator has already been notified, it is not necessary to contact us.

Edited by l0st.en.Drago, 08 June 2008 - 01:30 PM.

  • 0

Advertisements

#11
Mike
Posted 08 June 2008 - 01:27 PM

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi there,

The log got cut off, Please attach the log it produces to your next post rather than posting them in the thread directly.

For that file I wanted you to check, please do the same here http://www.virustotal.com/ and post back the results.

Edited by Mike, 08 June 2008 - 01:29 PM.

  • 0

#12
l0st.en.Drago
Posted 08 June 2008 - 01:31 PM

l0st.en.Drago

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
log file is way to big and its hard to follow conversations so yesterday I posted the same file in pastbin. and deleted this msg not to disrespect you but because i want this to be easier to read. I see that you're online now.

http://pastebin.ca/1042249

Edited by l0st.en.Drago, 09 June 2008 - 11:27 AM.

  • 0

#13
l0st.en.Drago
Posted 08 June 2008 - 01:34 PM

l0st.en.Drago

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
Im making it easier and posted it at pastebin.ca as its too big to be added as a reply

http://pastebin.ca/1042249


File has already been analysed:
MD5: 58d904a2fa970bc23b636c47cb60e649
First received: -
Date: 06.05.2008 13:44:03 (CET) [>3D]
Results: 0/32
Permalink: analisis/637d7d2a900e7ad1a92e4b82a076c5b7
http://www.virustota...92e4b82a076c5b7

Can you also check out my screenshot:
http://img367.images...7791/wowvh6.jpg

How come Geeks to Go looks like that for me?!


Also I did the Online Malware scan for that file:

A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Ikarus
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing

Edited by l0st.en.Drago, 08 June 2008 - 01:43 PM.

  • 0

#14
l0st.en.Drago
Posted 09 June 2008 - 07:23 AM

l0st.en.Drago

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
I just want to show you how this webpages looks for me. but why!?

Posted Image


*Actually I dont know what happened but it now looks fine.. I didnt do anything different.*

Edited by l0st.en.Drago, 09 June 2008 - 11:29 AM.

  • 0

#15
Mike
Posted 09 June 2008 - 12:21 PM

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi there,

The log was so extremely long because you decided to add way to many extra items rather than doing it the way I had asked you to.

Let's try it again so that we can save ourselves a lot of time rather than looking at a log over 1000 lines long.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and attach the file in your next post (do not try to copy/paste it into the post).

Edited by Mike, 09 June 2008 - 12:23 PM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP