Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

explorer.exe + drwtsn32.exe errors [CLOSED]


  • This topic is locked This topic is locked

#1
danieljr1992

danieljr1992

    Member

  • Member
  • PipPip
  • 26 posts
This is my Problem that i posted and a Artellos told me to post here with my panda scan log file but i couldn't do it for some reason so i have a hijack this logfile.

And here it is:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:16:10 PM, on 10/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Xfire\xfire.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC09.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTW09.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTW09.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Ventrillo\Ventrilo.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dsl.optusnet.com.au/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.optusn...nd=ODSL&panel=1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {36D9CB8D-B8CA-4A85-A879-06A71109F11E} - C:\WINDOWS\system32\geBttTjg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Arrow - {DBE6BDAE-BA75-40AB-B249-3ED782871F5E} - http://www.arrowcomputers.com.au (file missing) (HKCU)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplane...C_2.3.6.108.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www4.snapfish...fishActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1196912219296
O20 - Winlogon Notify: geBttTjg - C:\WINDOWS\SYSTEM32\geBttTjg.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--
End of file - 8112 bytes
  • 0

Advertisements


#2
danieljr1992

danieljr1992

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
OK panda active scan worked and here is the log file:


;*******************************************************************************
********************************************************************************
*
*******************
ANALYSIS: 2008-06-10 21:25:38
PROTECTIONS: 1
MALWARE: 10
SUSPECTS: 0
;*******************************************************************************
********************************************************************************
*
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
================================================================================
=
===================
Trend Micro Internet Security 16.10.1079 Yes Yes
;===============================================================================
================================================================================
=
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
================================================================================
=
===================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Sgt.Alien\Cookies\[email protected][2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Sgt.Alien\Application Data\Mozilla\Firefox\Profiles\hgx175d9.default\cookies.txt[.doubleclick.net/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Sgt.Alien\Application Data\Mozilla\Firefox\Profiles\hgx175d9.default\cookies.txt[.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Sgt.Alien\Cookies\[email protected][2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Sgt.Alien\Application Data\Mozilla\Firefox\Profiles\hgx175d9.default\cookies.txt[.mediaplex.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Sgt.Alien\Application Data\Mozilla\Firefox\Profiles\hgx175d9.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Sgt.Alien\Application Data\Mozilla\Firefox\Profiles\hgx175d9.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Sgt.Alien\Application Data\Mozilla\Firefox\Profiles\hgx175d9.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Sgt.Alien\Application Data\Mozilla\Firefox\Profiles\hgx175d9.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Sgt.Alien\Application Data\Mozilla\Firefox\Profiles\hgx175d9.default\cookies.txt[ad.yieldmanager.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Sgt.Alien\Application Data\Mozilla\Firefox\Profiles\hgx175d9.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Sgt.Alien\Application Data\Mozilla\Firefox\Profiles\hgx175d9.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Sgt.Alien\Application Data\Mozilla\Firefox\Profiles\hgx175d9.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Sgt.Alien\Application Data\Mozilla\Firefox\Profiles\hgx175d9.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Sgt.Alien\Application Data\Mozilla\Firefox\Profiles\hgx175d9.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Sgt.Alien\Application Data\Mozilla\Firefox\Profiles\hgx175d9.default\cookies.txt[.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Sgt.Alien\Cookies\[email protected][1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Sgt.Alien\Application Data\Mozilla\Firefox\Profiles\hgx175d9.default\cookies.txt[.bs.serving-sys.com/]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Sgt.Alien\Application Data\Mozilla\Firefox\Profiles\hgx175d9.default\cookies.txt[statse.webtrendslive.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Sgt.Alien\Application Data\Mozilla\Firefox\Profiles\hgx175d9.default\cookies.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Sgt.Alien\Application Data\Mozilla\Firefox\Profiles\hgx175d9.default\cookies.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Sgt.Alien\Application Data\Mozilla\Firefox\Profiles\hgx175d9.default\cookies.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Sgt.Alien\Application Data\Mozilla\Firefox\Profiles\hgx175d9.default\cookies.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Sgt.Alien\Application Data\Mozilla\Firefox\Profiles\hgx175d9.default\cookies.txt[.adultfriendfinder.com/]
01343188 Adware/WebSearch Adware No 0 Yes No C:\DOCUMENTS AND SETTINGS\SUE\LOCAL SETTINGS\TEMP\{70E7FFF6-D6DC-4405-80AA-369A3DA66F4D}\_EXTRA\OBJECTS\CMDLINE.DLL
02985928 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\mlJArqrs.dll
02985928 Spyware/Virtumonde Spyware Yes 2 Yes No C:\WINDOWS\SYSTEM32\GEBTTTJG.DLL
;===============================================================================
================================================================================
=
===================
SUSPECTS
Sent Location 
;===============================================================================
================================================================================
=
===================
;===============================================================================
================================================================================
=
===================
VULNERABILITIES
Id Severity Description 
;===============================================================================
================================================================================
=
===================
182048 HIGH MS07-069 
176382 HIGH MS07-057 
170907 HIGH MS07-046 
170906 HIGH MS07-045 
170904 HIGH MS07-043 
164913 HIGH MS07-033 
160623 HIGH MS07-027 
150253 HIGH MS07-016 
141030 HIGH MS06-072 
137568 HIGH MS06-067 
126083 HIGH MS06-042 
120814 HIGH MS06-021 
114664 HIGH MS06-013 
;===============================================================================
================================================================================
=
===================

Edited by danieljr1992, 11 June 2008 - 03:23 AM.

  • 0

#3
danieljr1992

danieljr1992

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Even I can see from that panda scan i have some problems :)
10 malware doesn't sound good.

Anyway I'm all ears from now on :)
  • 0

#4
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Hello danieljr1992 and Welcome to Geeks to Go!

Sorry for the long wait, been busy.

After checking your log, I found signs of malware on your system.
Please stick with me until we get you cleaned up. :)

Let's start.

First,

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next,

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Post back with the following logs.
- MBAM log
- SuperAntispyware log
  • 0

#5
danieljr1992

danieljr1992

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
thanks a lot mate. here's my log file from anti-mailware


Malwarebytes' Anti-Malware 1.17
Database version: 863

8:09:35 PM 17/06/2008
mbam-log-6-17-2008 (20-09-35).txt

Scan type: Quick Scan
Objects scanned: 66694
Time elapsed: 20 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\awtussqq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mlJArqrs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
  • 0

#6
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Did you do a SuperAntispyware scan?
You seem to forgotten to paste the log.
  • 0

#7
danieljr1992

danieljr1992

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
yea sorry man. Forgot to put that in. Here's my superantispyware log, i had 232 i think. omg is that normal O_o??? here it is:




SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/18/2008 at 10:19 PM

Application Version : 4.15.1000

Core Rules Database Version : 3484
Trace Rules Database Version: 1475

Scan type : Complete Scan
Total Scan Time : 01:30:08

Memory items scanned : 476
Memory threats detected : 0
Registry items scanned : 5610
Registry threats detected : 7
File items scanned : 37131
File threats detected : 45

Adware.Vundo Variant
HKLM\Software\Classes\CLSID\{36D9CB8D-B8CA-4A85-A879-06A71109F11E}
HKCR\CLSID\{36D9CB8D-B8CA-4A85-A879-06A71109F11E}
HKCR\CLSID\{36D9CB8D-B8CA-4A85-A879-06A71109F11E}\InprocServer32
HKCR\CLSID\{36D9CB8D-B8CA-4A85-A879-06A71109F11E}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\GEBTTTJG.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{36D9CB8D-B8CA-4A85-A879-06A71109F11E}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{36D9CB8D-B8CA-4A85-A879-06A71109F11E}
HKCR\CLSID\{36D9CB8D-B8CA-4A85-A879-06A71109F11E}

Adware.Tracking Cookie
C:\Documents and Settings\Sgt.Alien\Cookies\[email protected][2].txt
C:\Documents and Settings\Sgt.Alien\Cookies\[email protected][1].txt
C:\Documents and Settings\Sgt.Alien\Cookies\[email protected][1].txt
C:\Documents and Settings\Sgt.Alien\Cookies\[email protected][2].txt
C:\Documents and Settings\Sgt.Alien\Cookies\[email protected][2].txt
.serving-sys.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9icht3lu.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9icht3lu.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9icht3lu.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9icht3lu.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9icht3lu.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9icht3lu.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9icht3lu.default\cookies.txt ]
.bs.serving-sys.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9icht3lu.default\cookies.txt ]
.doubleclick.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9icht3lu.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9icht3lu.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9icht3lu.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9icht3lu.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9icht3lu.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9icht3lu.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9icht3lu.default\cookies.txt ]
.ad.yieldmanager.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9icht3lu.default\cookies.txt ]
pcbannerhost.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9icht3lu.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9icht3lu.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9icht3lu.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9icht3lu.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9icht3lu.default\cookies.txt ]
ads.revsci.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9icht3lu.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9icht3lu.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9icht3lu.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9icht3lu.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9icht3lu.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9icht3lu.default\cookies.txt ]
.atdmt.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9icht3lu.default\cookies.txt ]
.richmedia.yahoo.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9icht3lu.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9icht3lu.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9icht3lu.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9icht3lu.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9icht3lu.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9icht3lu.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9icht3lu.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9icht3lu.default\cookies.txt ]
media.sensis.com.au [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9icht3lu.default\cookies.txt ]
.countryclubtasmania.com.au [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9icht3lu.default\cookies.txt ]
.countryclubtasmania.com.au [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9icht3lu.default\cookies.txt ]
.bluestreak.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9icht3lu.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9icht3lu.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9icht3lu.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9icht3lu.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9icht3lu.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9icht3lu.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9icht3lu.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9icht3lu.default\cookies.txt ]
.wotifcom.112.2o7.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9icht3lu.default\cookies.txt ]
statse.webtrendslive.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9icht3lu.default\cookies.txt ]
.questionmarket.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9icht3lu.default\cookies.txt ]
.questionmarket.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9icht3lu.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9icht3lu.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9icht3lu.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9icht3lu.default\cookies.txt ]
.overture.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9icht3lu.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9icht3lu.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9icht3lu.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9icht3lu.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9icht3lu.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9icht3lu.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9icht3lu.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9icht3lu.default\cookies.txt ]
.adinterax.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9icht3lu.default\cookies.txt ]
.adinterax.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9icht3lu.default\cookies.txt ]
.burstnet.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9icht3lu.default\cookies.txt ]
.burstnet.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9icht3lu.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9icht3lu.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9icht3lu.default\cookies.txt ]
.tripod.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9icht3lu.default\cookies.txt ]
.tripod.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9icht3lu.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9icht3lu.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9icht3lu.default\cookies.txt ]
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
.3mobile.112.2o7.net [ C:\Documents and Settings\Sgt.Alien\Application Data\Mozilla\Firefox\Profiles\hgx175d9.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Sgt.Alien\Application Data\Mozilla\Firefox\Profiles\hgx175d9.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Sgt.Alien\Application Data\Mozilla\Firefox\Profiles\hgx175d9.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Sgt.Alien\Application Data\Mozilla\Firefox\Profiles\hgx175d9.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Sgt.Alien\Application Data\Mozilla\Firefox\Profiles\hgx175d9.default\cookies.txt ]
.doubleclick.net [ C:\Documents and Settings\Sgt.Alien\Application Data\Mozilla\Firefox\Profiles\hgx175d9.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Sgt.Alien\Application Data\Mozilla\Firefox\Profiles\hgx175d9.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Sgt.Alien\Application Data\Mozilla\Firefox\Profiles\hgx175d9.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Sgt.Alien\Application Data\Mozilla\Firefox\Profiles\hgx175d9.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Sgt.Alien\Application Data\Mozilla\Firefox\Profiles\hgx175d9.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Sgt.Alien\Application Data\Mozilla\Firefox\Profiles\hgx175d9.default\cookies.txt ]
.atdmt.com [ C:\Documents and Settings\Sgt.Alien\Application Data\Mozilla\Firefox\Profiles\hgx175d9.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Sgt.Alien\Application Data\Mozilla\Firefox\Profiles\hgx175d9.default\cookies.txt ]
.bs.serving-sys.com [ C:\Documents and Settings\Sgt.Alien\Application Data\Mozilla\Firefox\Profiles\hgx175d9.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Sgt.Alien\Application Data\Mozilla\Firefox\Profiles\hgx175d9.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Sgt.Alien\Application Data\Mozilla\Firefox\Profiles\hgx175d9.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Sgt.Alien\Application Data\Mozilla\Firefox\Profiles\hgx175d9.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Sgt.Alien\Application Data\Mozilla\Firefox\Profiles\hgx175d9.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Sgt.Alien\Application Data\Mozilla\Firefox\Profiles\hgx175d9.default\cookies.txt ]
bf2stats.formitron.com [ C:\Documents and Settings\Sgt.Alien\Application Data\Mozilla\Firefox\Profiles\hgx175d9.default\cookies.txt ]
.bf2stats.formitron.com [ C:\Documents and Settings\Sgt.Alien\Application Data\Mozilla\Firefox\Profiles\hgx175d9.default\cookies.txt ]
.bf2stats.formitron.com [ C:\Documents and Settings\Sgt.Alien\Application Data\Mozilla\Firefox\Profiles\hgx175d9.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Sgt.Alien\Application Data\Mozilla\Firefox\Profiles\hgx175d9.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Sgt.Alien\Application Data\Mozilla\Firefox\Profiles\hgx175d9.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Sgt.Alien\Application Data\Mozilla\Firefox\Profiles\hgx175d9.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Sgt.Alien\Application Data\Mozilla\Firefox\Profiles\hgx175d9.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Sgt.Alien\Application Data\Mozilla\Firefox\Profiles\hgx175d9.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Sgt.Alien\Application Data\Mozilla\Firefox\Profiles\hgx175d9.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Sgt.Alien\Application Data\Mozilla\Firefox\Profiles\hgx175d9.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Sgt.Alien\Application Data\Mozilla\Firefox\Profiles\hgx175d9.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Sgt.Alien\Application Data\Mozilla\Firefox\Profiles\hgx175d9.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\Sgt.Alien\Application Data\Mozilla\Firefox\Profiles\hgx175d9.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\Sgt.Alien\Application Data\Mozilla\Firefox\Profiles\hgx175d9.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Sgt.Alien\Application Data\Mozilla\Firefox\Profiles\hgx175d9.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Sgt.Alien\Application Data\Mozilla\Firefox\Profiles\hgx175d9.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Sgt.Alien\Application Data\Mozilla\Firefox\Profiles\hgx175d9.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Sgt.Alien\Application Data\Mozilla\Firefox\Profiles\hgx175d9.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Sgt.Alien\Application Data\Mozilla\Firefox\Profiles\hgx175d9.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Sgt.Alien\Application Data\Mozilla\Firefox\Profiles\hgx175d9.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Sgt.Alien\Application Data\Mozilla\Firefox\Profiles\hgx175d9.default\cookies.txt ]
.apmebf.com [ C:\Documents and Settings\Sgt.Alien\Application Data\Mozilla\Firefox\Profiles\hgx175d9.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Sgt.Alien\Application Data\Mozilla\Firefox\Profiles\hgx175d9.default\cookies.txt ]
.mediaplex.com [ C:\Documents and Settings\Sgt.Alien\Application Data\Mozilla\Firefox\Profiles\hgx175d9.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Sgt.Alien\Application Data\Mozilla\Firefox\Profiles\hgx175d9.default\cookies.txt ]
statse.webtrendslive.com [ C:\Documents and Settings\Sgt.Alien\Application Data\Mozilla\Firefox\Profiles\hgx175d9.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Sgt.Alien\Application Data\Mozilla\Firefox\Profiles\hgx175d9.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Sgt.Alien\Application Data\Mozilla\Firefox\Profiles\hgx175d9.default\cookies.txt ]
media.sensis.com.au [ C:\Documents and Settings\Sgt.Alien\Application Data\Mozilla\Firefox\Profiles\hgx175d9.default\cookies.txt ]
.adultfriendfinder.com [ C:\Documents and Settings\Sgt.Alien\Application Data\Mozilla\Firefox\Profiles\hgx175d9.default\cookies.txt ]
.adultfriendfinder.com [ C:\Documents and Settings\Sgt.Alien\Application Data\Mozilla\Firefox\Profiles\hgx175d9.default\cookies.txt ]
.adultfriendfinder.com [ C:\Documents and Settings\Sgt.Alien\Application Data\Mozilla\Firefox\Profiles\hgx175d9.default\cookies.txt ]
.adultfriendfinder.com [ C:\Documents and Settings\Sgt.Alien\Application Data\Mozilla\Firefox\Profiles\hgx175d9.default\cookies.txt ]
www.countertracker.com [ C:\Documents and Settings\Sgt.Alien\Application Data\Mozilla\Firefox\Profiles\hgx175d9.default\cookies.txt ]
www.countertracker.com [ C:\Documents and Settings\Sgt.Alien\Application Data\Mozilla\Firefox\Profiles\hgx175d9.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\Sgt.Alien\Application Data\Mozilla\Firefox\Profiles\hgx175d9.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\Sgt.Alien\Application Data\Mozilla\Firefox\Profiles\hgx175d9.default\cookies.txt ]
.stats.adbrite.com [ C:\Documents and Settings\Sgt.Alien\Application Data\Mozilla\Firefox\Profiles\hgx175d9.default\cookies.txt ]
C:\Documents and Settings\Sgt.Alien\Local Settings\Temp\Cookies\[email protected][2].txt
.doubleclick.net [ C:\Documents and Settings\Sue\Application Data\Mozilla\Firefox\Profiles\7bqe4igg.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\Sue\Application Data\Mozilla\Firefox\Profiles\7bqe4igg.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\Sue\Application Data\Mozilla\Firefox\Profiles\7bqe4igg.default\cookies.txt ]
.atdmt.com [ C:\Documents and Settings\Sue\Application Data\Mozilla\Firefox\Profiles\7bqe4igg.default\cookies.txt ]
.ad.yieldmanager.com [ C:\Documents and Settings\Sue\Application Data\Mozilla\Firefox\Profiles\7bqe4igg.default\cookies.txt ]
.ad.yieldmanager.com [ C:\Documents and Settings\Sue\Application Data\Mozilla\Firefox\Profiles\7bqe4igg.default\cookies.txt ]
.ad.yieldmanager.com [ C:\Documents and Settings\Sue\Application Data\Mozilla\Firefox\Profiles\7bqe4igg.default\cookies.txt ]
.ad.yieldmanager.com [ C:\Documents and Settings\Sue\Application Data\Mozilla\Firefox\Profiles\7bqe4igg.default\cookies.txt ]
.ad.yieldmanager.com [ C:\Documents and Settings\Sue\Application Data\Mozilla\Firefox\Profiles\7bqe4igg.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Sue\Application Data\Mozilla\Firefox\Profiles\7bqe4igg.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Sue\Application Data\Mozilla\Firefox\Profiles\7bqe4igg.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Sue\Application Data\Mozilla\Firefox\Profiles\7bqe4igg.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Sue\Application Data\Mozilla\Firefox\Profiles\7bqe4igg.default\cookies.txt ]
.ingaustralia.112.2o7.net [ C:\Documents and Settings\Sue\Application Data\Mozilla\Firefox\Profiles\7bqe4igg.default\cookies.txt ]
.112.2o7.net [ C:\Documents and Settings\Sue\Application Data\Mozilla\Firefox\Profiles\7bqe4igg.default\cookies.txt ]
.112.2o7.net [ C:\Documents and Settings\Sue\Application Data\Mozilla\Firefox\Profiles\7bqe4igg.default\cookies.txt ]
.ingdirect.112.2o7.net [ C:\Documents and Settings\Sue\Application Data\Mozilla\Firefox\Profiles\7bqe4igg.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Sue\Application Data\Mozilla\Firefox\Profiles\7bqe4igg.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Sue\Application Data\Mozilla\Firefox\Profiles\7bqe4igg.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Sue\Application Data\Mozilla\Firefox\Profiles\7bqe4igg.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Sue\Application Data\Mozilla\Firefox\Profiles\7bqe4igg.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Sue\Application Data\Mozilla\Firefox\Profiles\7bqe4igg.default\cookies.txt ]
.bs.serving-sys.com [ C:\Documents and Settings\Sue\Application Data\Mozilla\Firefox\Profiles\7bqe4igg.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Sue\Application Data\Mozilla\Firefox\Profiles\7bqe4igg.default\cookies.txt ]
.overture.com [ C:\Documents and Settings\Sue\Application Data\Mozilla\Firefox\Profiles\7bqe4igg.default\cookies.txt ]
.overture.com [ C:\Documents and Settings\Sue\Application Data\Mozilla\Firefox\Profiles\7bqe4igg.default\cookies.txt ]
.overture.com [ C:\Documents and Settings\Sue\Application Data\Mozilla\Firefox\Profiles\7bqe4igg.default\cookies.txt ]
.ehg-newsinteractive.hitbox.com [ C:\Documents and Settings\Sue\Application Data\Mozilla\Firefox\Profiles\7bqe4igg.default\cookies.txt ]
.hitbox.com [ C:\Documents and Settings\Sue\Application Data\Mozilla\Firefox\Profiles\7bqe4igg.default\cookies.txt ]
.richmedia.yahoo.com [ C:\Documents and Settings\Sue\Application Data\Mozilla\Firefox\Profiles\7bqe4igg.default\cookies.txt ]
.partner2profit.com [ C:\Documents and Settings\Sue\Application Data\Mozilla\Firefox\Profiles\7bqe4igg.default\cookies.txt ]
.partner2profit.com [ C:\Documents and Settings\Sue\Application Data\Mozilla\Firefox\Profiles\7bqe4igg.default\cookies.txt ]
.partner2profit.com [ C:\Documents and Settings\Sue\Application Data\Mozilla\Firefox\Profiles\7bqe4igg.default\cookies.txt ]
.partner2profit.com [ C:\Documents and Settings\Sue\Application Data\Mozilla\Firefox\Profiles\7bqe4igg.default\cookies.txt ]
.partner2profit.com [ C:\Documents and Settings\Sue\Application Data\Mozilla\Firefox\Profiles\7bqe4igg.default\cookies.txt ]
.sitestat.mayoclinic.com [ C:\Documents and Settings\Sue\Application Data\Mozilla\Firefox\Profiles\7bqe4igg.default\cookies.txt ]
.statse.webtrendslive.com [ C:\Documents and Settings\Sue\Application Data\Mozilla\Firefox\Profiles\7bqe4igg.default\cookies.txt ]
.wotifcom.112.2o7.net [ C:\Documents and Settings\Sue\Application Data\Mozilla\Firefox\Profiles\7bqe4igg.default\cookies.txt ]
.sussex.com.au [ C:\Documents and Settings\Sue\Application Data\Mozilla\Firefox\Profiles\7bqe4igg.default\cookies.txt ]
.propertyfinderltd.122.2o7.net [ C:\Documents and Settings\Sue\Application Data\Mozilla\Firefox\Profiles\7bqe4igg.default\cookies.txt ]
.valueclick.net [ C:\Documents and Settings\Sue\Application Data\Mozilla\Firefox\Profiles\7bqe4igg.default\cookies.txt ]
.fdau.adbureau.net [ C:\Documents and Settings\Sue\Application Data\Mozilla\Firefox\Profiles\7bqe4igg.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Sue\Application Data\Mozilla\Firefox\Profiles\7bqe4igg.default\cookies.txt ]
.mediaonenetwork.net [ C:\Documents and Settings\Sue\Application Data\Mozilla\Firefox\Profiles\7bqe4igg.default\cookies.txt ]
.mediaonenetwork.net [ C:\Documents and Settings\Sue\Application Data\Mozilla\Firefox\Profiles\7bqe4igg.default\cookies.txt ]
.ehg-aha.hitbox.com [ C:\Documents and Settings\Sue\Application Data\Mozilla\Firefox\Profiles\7bqe4igg.default\cookies.txt ]
.harpo.122.2o7.net [ C:\Documents and Settings\Sue\Application Data\Mozilla\Firefox\Profiles\7bqe4igg.default\cookies.txt ]
.adinterax.com [ C:\Documents and Settings\Sue\Application Data\Mozilla\Firefox\Profiles\7bqe4igg.default\cookies.txt ]
.adinterax.com [ C:\Documents and Settings\Sue\Application Data\Mozilla\Firefox\Profiles\7bqe4igg.default\cookies.txt ]
.media6degrees.com [ C:\Documents and Settings\Sue\Application Data\Mozilla\Firefox\Profiles\7bqe4igg.default\cookies.txt ]
.ads.mediamayhemcorp.com [ C:\Documents and Settings\Sue\Application Data\Mozilla\Firefox\Profiles\7bqe4igg.default\cookies.txt ]
C:\Documents and Settings\Sue\Cookies\[email protected][1].txt
C:\Documents and Settings\Sue\Cookies\[email protected][1].txt
C:\Documents and Settings\Sue\Cookies\[email protected][2].txt
C:\Documents and Settings\Sue\Cookies\[email protected][2].txt
C:\Documents and Settings\Sue\Cookies\[email protected][2].txt
C:\Documents and Settings\Sue\Cookies\[email protected][1].txt
C:\Documents and Settings\Sue\Cookies\[email protected][1].txt
C:\Documents and Settings\Sue\Cookies\[email protected][1].txt
C:\Documents and Settings\Sue\Cookies\[email protected][1].txt
C:\Documents and Settings\Sue\Cookies\[email protected][2].txt
C:\Documents and Settings\Sue\Cookies\[email protected][2].txt
C:\Documents and Settings\Sue\Cookies\[email protected][2].txt
C:\Documents and Settings\Sue\Cookies\[email protected][2].txt
C:\Documents and Settings\Sue\Cookies\[email protected][2].txt
C:\Documents and Settings\Sue\Cookies\[email protected][2].txt
C:\Documents and Settings\Sue\Cookies\[email protected][1].txt
C:\Documents and Settings\Sue\Cookies\[email protected][1].txt
C:\Documents and Settings\Sue\Cookies\[email protected][1].txt
C:\Documents and Settings\Sue\Cookies\[email protected][1].txt
C:\Documents and Settings\Sue\Cookies\[email protected][1].txt
C:\Documents and Settings\Sue\Cookies\[email protected][2].txt
C:\Documents and Settings\Sue\Cookies\[email protected][1].txt
C:\Documents and Settings\Sue\Cookies\[email protected][2].txt
C:\Documents and Settings\Sue\Cookies\[email protected][2].txt
C:\Documents and Settings\Sue\Cookies\[email protected][1].txt
C:\Documents and Settings\Sue\Cookies\[email protected][1].txt
C:\Documents and Settings\Sue\Cookies\[email protected][2].txt
C:\Documents and Settings\Sue\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Sue\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Sue\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Sue\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Sue\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Sue\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Sue\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Sue\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Sue\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Sue\Local Settings\Temp\Cookies\[email protected]lcomau.112.2o7[1].txt
  • 0

#8
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Nah.. A bunch of what SuperAntispyware found was cooking.

Next,

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

Close all other windows before proceeding.

Click on Start, click on Run
copy and paste the following in bold in the open window and then click OK
"%userprofile%\desktop\dss.exe" /config
This will open up DSS configuration
click on Check All
click Scan
DSS will now run again when finished
Please post back both logs that open in notepad
Main txt and extra txt
  • 0

#9
danieljr1992

danieljr1992

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
My problem is fixed by the way!!! ^^ thanks a lot guys. I'm still gunna continue coz this can only do good for my system. unless we're done now. here's my dss log:




Deckard's System Scanner v20071014.68
Run by Sgt.Alien on 2008-06-19 16:33:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
48: 2008-06-19 08:33:44 UTC - RP48 - Deckard's System Scanner Restore Point
47: 2008-06-18 12:41:25 UTC - RP47 - Installed SUPERAntiSpyware Free Edition
46: 2008-06-18 02:25:23 UTC - RP46 - Installed Tom Clancy's Rainbow Six 3: Raven Shield
45: 2008-06-17 13:17:18 UTC - RP45 - Installed Battlefield 2 Patch v1.41
44: 2008-06-17 13:10:11 UTC - RP44 - Installed Battlefield 2: Special Forces


-- First Restore Point --
1: 2008-05-25 04:01:56 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Sgt.Alien.exe) -------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:34:55 PM, on 19/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Ventrillo\Ventrilo.exe
C:\Program Files\Xfire\xfire.exe
C:\Documents and Settings\Sgt.Alien\desktop\dss.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Sgt.Alien.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dsl.optusnet.com.au/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.optusn...nd=ODSL&panel=1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Arrow - {DBE6BDAE-BA75-40AB-B249-3ED782871F5E} - http://www.arrowcomputers.com.au (file missing) (HKCU)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplane...C_2.3.6.108.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www4.snapfish...fishActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1196912219296
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: geBttTjg - geBttTjg.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--
End of file - 7478 bytes

-- File Associations -----------------------------------------------------------

.js - JSFile - shell\open\command - NOTEPAD.EXE %1
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*
.vbs - VBSFile - shell\open\command - NOTEPAD.EXE %1


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S3 rtl8139 (Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver) - c:\windows\system32\drivers\rtl8139.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R3 ServiceLayer - "c:\program files\common files\pcsuite\services\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>

S2 InCDsrvR (InCD Helper (read only)) - c:\program files\ahead\incd\incdsrv.exe -r <Not Verified; Nero AG; Nero AG incdsrv>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F}
Description: OHCI Compliant IEEE 1394 Host Controller
Device ID: PCI\VEN_11C1&DEV_5811&SUBSYS_05021799&REV_61\4&CF81C54&0&10F0
Manufacturer: IEEE 1394 OHCI Compliant Host Controller Vendor
Name: OHCI Compliant IEEE 1394 Host Controller
PNP Device ID: PCI\VEN_11C1&DEV_5811&SUBSYS_05021799&REV_61\4&CF81C54&0&10F0
Service: ohci1394


-- Process Modules -------------------------------------------------------------

C:\WINDOWS\system32\winlogon.exe (pid 1096)
2007-04-19 13:41:36 294912 --a------ C:\Program Files\SUPERAntiSpyware\SASWINLO.dll <Not Verified; SUPERAntiSpyware.com; SUPERAntiSpyware WinLogon Processor>

C:\WINDOWS\explorer.exe (pid 1308)
2008-03-30 10:36:40 43008 --a------ C:\Program Files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll <Not Verified; Apple Inc.; iTunes>
2008-03-30 10:36:40 129536 --a------ C:\Program Files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll <Not Verified; Apple Inc.; iTunes>
2006-06-12 08:08:50 544768 --a------ C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll <Not Verified; Nokia; Phone Browser>
2006-06-01 10:51:34 557056 --a------ C:\Program Files\Nokia\Nokia PC Suite 6\PCSCM.dll <Not Verified; Nokia; PCSCM>
2006-06-05 14:04:02 242688 --a------ C:\WINDOWS\system32\ConnAPI.dll <Not Verified; Nokia.; Nokia Connectivity API>
2006-06-08 12:36:28 25088 --a------ C:\Program Files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng.NLR <Not Verified; Nokia; Nokia Phone Browser>
2006-06-01 11:00:46 569344 --a------ C:\Program Files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.NGR <Not Verified; Nokia; Nokia Phone Browser>
2008-05-13 10:13:36 77824 --a------ C:\Program Files\SUPERAntiSpyware\SASSEH.DLL <Not Verified; SuperAdBlocker.com; SuperAntiSpyware>


-- Scheduled Tasks -------------------------------------------------------------

2008-06-10 11:30:00 330 --a------ C:\WINDOWS\Tasks\HP DArC Task #Hewlett-Packard#deskjet5100#MY3B44M2T28B.job
2007-12-17 20:09:17 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-05-19 and 2008-06-19 -----------------------------

2030-08-09 08:00:16 0 d-------- C:\Program Files\Westnet
2030-08-09 07:50:26 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2030-08-09 07:50:08 0 d--h----- C:\Program Files\InstallShield Installation Information
2030-08-09 07:50:06 0 d-------- C:\Program Files\CyberLink
2030-08-09 07:49:54 0 d-------- C:\Program Files\Common Files\InstallShield
2030-08-09 07:49:00 0 d-------- C:\Optional Software for XP
2030-08-09 07:33:15 0 d-------- C:\Program Files\Nero
2030-08-09 07:33:15 0 d-------- C:\Program Files\Common Files\Ahead
2030-08-09 07:32:54 0 d-------- C:\WINDOWS\RegisteredPackages
2030-08-09 07:26:58 0 d--h----- C:\Documents and Settings\Owner\Templates
2030-08-09 07:26:58 0 dr------- C:\Documents and Settings\Owner\Start Menu
2030-08-09 07:26:58 0 dr-h----- C:\Documents and Settings\Owner\SendTo
2030-08-09 07:26:58 0 dr-h----- C:\Documents and Settings\Owner\Recent
2030-08-09 07:26:58 0 d--h----- C:\Documents and Settings\Owner\PrintHood
2030-08-09 07:26:58 0 d--h----- C:\Documents and Settings\Owner\NetHood
2030-08-09 07:26:58 0 dr------- C:\Documents and Settings\Owner\My Documents
2030-08-09 07:26:58 0 d--h----- C:\Documents and Settings\Owner\Local Settings
2030-08-09 07:26:58 0 dr------- C:\Documents and Settings\Owner\Favorites
2030-08-09 07:26:58 0 dr------- C:\Documents and Settings\Owner\Desktop
2030-08-09 07:26:58 0 d---s---- C:\Documents and Settings\Owner\Cookies
2030-08-09 07:26:58 0 dr-h----- C:\Documents and Settings\Owner\Application Data
2030-08-09 07:26:58 0 d---s---- C:\Documents and Settings\Owner\Application Data\Microsoft
2030-08-09 07:26:58 0 d-------- C:\Documents and Settings\Owner\Application Data\Identities
2030-08-09 07:26:57 4194304 --ah----- C:\Documents and Settings\Owner\ntuser.dat
2030-08-09 07:26:51 0 d-------- C:\WINDOWS\SoftwareDistribution
2030-08-09 07:26:48 0 d---s---- C:\WINDOWS\system32\Microsoft
2030-08-09 07:26:47 237568 --a------ C:\Documents and Settings\LocalService\NTUSER.DAT
2030-08-09 07:26:47 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2030-08-09 07:26:47 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2030-08-09 07:26:47 0 d-------- C:\Documents and Settings\LocalService\Application Data
2030-08-09 07:26:47 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2030-08-09 07:26:46 237568 --a------ C:\Documents and Settings\NetworkService\NTUSER.DAT
2030-08-09 07:26:46 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2030-08-09 07:26:46 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies
2030-08-09 07:26:46 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2030-08-09 07:26:46 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2030-08-09 07:24:25 0 d-------- C:\WINDOWS\system32\xircom
2030-08-09 07:24:25 0 d-------- C:\Program Files\microsoft frontpage
2030-08-09 07:24:23 335872 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2030-08-09 07:24:23 0 d-------- C:\Documents and Settings\Default User\Application Data\Identities
2030-08-09 07:23:36 0 d--hs---- C:\Documents and Settings\All Users\DRM
2030-08-09 07:23:29 0 dr------- C:\WINDOWS\Offline Web Pages
2030-08-09 07:23:29 0 d---s---- C:\WINDOWS\Downloaded Program Files
2030-08-09 07:23:21 0 d--h----- C:\Program Files\WindowsUpdate
2030-08-09 07:23:14 0 d-------- C:\WINDOWS\system32\DirectX
2030-08-09 07:23:09 0 d---s---- C:\WINDOWS\Tasks
2030-08-09 07:23:09 0 d-------- C:\WINDOWS\system32\Macromed
2030-08-09 07:23:09 0 d-------- C:\WINDOWS\srchasst
2030-08-09 07:23:09 0 d-------- C:\Program Files\Common Files\MSSoap
2030-08-09 07:23:07 0 d-------- C:\Program Files\Movie Maker
2030-08-09 07:23:05 0 d-------- C:\WINDOWS\system32\Restore
2030-08-09 07:23:02 23428 --a------ C:\WINDOWS\system32\emptyregdb.dat
2030-08-09 07:22:49 0 d-------- C:\WINDOWS\Registration
2030-08-09 07:22:28 0 d-------- C:\Program Files\Online Services
2030-08-09 07:22:24 0 d-------- C:\Program Files\Messenger
2030-08-09 07:22:23 0 d-------- C:\Program Files\MSN Gaming Zone
2030-08-09 07:22:16 0 d-------- C:\Program Files\Windows NT
2030-08-09 07:22:15 0 d-------- C:\WINDOWS\system32\MsDtc
2030-08-09 07:22:15 0 d-------- C:\WINDOWS\system32\Com
2030-08-09 07:10:39 755200 --a------ C:\WINDOWS\system32\Ir50_32.dll <Not Verified; Intel Corporation; Intel Indeo® video 5.11>
2030-08-09 07:08:18 0 d-------- C:\WINDOWS\I386
2030-08-09 00:19:50 0 d--hs---- C:\WINDOWS\Installer
2030-08-09 00:19:49 0 d-------- C:\Program Files\Common Files\ODBC
2030-08-09 00:19:48 0 dr------- C:\Program Files
2030-08-09 00:19:48 0 d-------- C:\Program Files\Common Files
2030-08-09 00:19:48 0 d-------- C:\Program Files\Common Files\SpeechEngines
2030-08-09 00:19:37 0 d--h----- C:\Documents and Settings\Default User\Templates
2030-08-09 00:19:37 0 dr------- C:\Documents and Settings\Default User\Start Menu
2030-08-09 00:19:37 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2030-08-09 00:19:37 0 dr-h----- C:\Documents and Settings\Default User\Recent
2030-08-09 00:19:37 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2030-08-09 00:19:37 0 d--h----- C:\Documents and Settings\Default User\NetHood
2030-08-09 00:19:37 0 dr------- C:\Documents and Settings\Default User\My Documents
2030-08-09 00:19:37 0 d--h----- C:\Documents and Settings\Default User\Local Settings
2030-08-09 00:19:37 0 dr------- C:\Documents and Settings\Default User\Favorites
2030-08-09 00:19:37 0 dr------- C:\Documents and Settings\Default User\Desktop
2030-08-09 00:19:37 0 d---s---- C:\Documents and Settings\Default User\Cookies
2030-08-09 00:19:37 0 d--h----- C:\Documents and Settings\All Users\Templates
2030-08-09 00:19:37 0 dr------- C:\Documents and Settings\All Users\Start Menu
2030-08-09 00:19:37 0 d-------- C:\Documents and Settings\All Users\Favorites
2030-08-09 00:19:37 0 dr------- C:\Documents and Settings\All Users\Documents
2030-08-09 00:19:37 0 d-------- C:\Documents and Settings\All Users\Desktop
2030-08-09 00:19:27 0 d-------- C:\WINDOWS\system32\CatRoot2
2030-08-09 00:19:27 0 d-------- C:\WINDOWS\system32\CatRoot
2030-08-09 00:19:22 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2030-08-09 00:19:22 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2030-08-09 00:19:22 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2030-08-09 00:19:22 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2030-08-09 00:19:11 0 d-------- C:\Documents and Settings
2030-08-09 00:17:15 0 d-------- C:\WINDOWS
2030-08-09 00:17:15 0 d-------- C:\WINDOWS\WinSxS
2030-08-09 00:17:15 0 dr------- C:\WINDOWS\Web
2030-08-09 00:17:15 0 d-------- C:\WINDOWS\twain_32
2030-08-09 00:17:15 0 d-------- C:\WINDOWS\system32
2030-08-09 00:17:15 0 d-------- C:\WINDOWS\system32\wins
2030-08-09 00:17:15 0 d-------- C:\WINDOWS\system32\wbem
2030-08-09 00:17:15 0 d-------- C:\WINDOWS\system32\usmt
2030-08-09 00:17:15 0 d-------- C:\WINDOWS\system32\spool
2030-08-09 00:17:15 0 d-------- C:\WINDOWS\system32\ShellExt
2030-08-09 00:17:15 0 d-------- C:\WINDOWS\system32\Setup
2030-08-09 00:17:15 0 d-------- C:\WINDOWS\system32\ras
2030-08-09 00:17:15 0 d-------- C:\WINDOWS\system32\oobe
2030-08-09 00:17:15 0 d-------- C:\WINDOWS\system32\npp
2030-08-09 00:17:15 0 d-------- C:\WINDOWS\system32\mui
2030-08-09 00:17:15 0 d-------- C:\WINDOWS\system32\inetsrv
2030-08-09 00:17:15 0 d-------- C:\WINDOWS\system32\IME
2030-08-09 00:17:15 0 d-------- C:\WINDOWS\system32\icsxml
2030-08-09 00:17:15 0 d-------- C:\WINDOWS\system32\ias
2030-08-09 00:17:15 0 d-------- C:\WINDOWS\system32\export
2030-08-09 00:17:15 0 d-------- C:\WINDOWS\system32\drivers
2030-08-09 00:17:15 0 d-------- C:\WINDOWS\system32\drivers\etc
2030-08-09 00:17:15 0 d-------- C:\WINDOWS\system32\drivers\disdn
2030-08-09 00:17:15 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2030-08-09 00:17:15 0 d-------- C:\WINDOWS\system32\dhcp
2030-08-09 00:17:15 0 d-------- C:\WINDOWS\system32\config
2030-08-09 00:17:15 0 d-------- C:\WINDOWS\system32\3com_dmi
2030-08-09 00:17:15 0 d-------- C:\WINDOWS\system32\3076
2030-08-09 00:17:15 0 d-------- C:\WINDOWS\system32\2052
2030-08-09 00:17:15 0 d-------- C:\WINDOWS\system32\1054
2030-08-09 00:17:15 0 d-------- C:\WINDOWS\system32\1042
2030-08-09 00:17:15 0 d-------- C:\WINDOWS\system32\1041
2030-08-09 00:17:15 0 d-------- C:\WINDOWS\system32\1037
2030-08-09 00:17:15 0 d-------- C:\WINDOWS\system32\1033
2030-08-09 00:17:15 0 d-------- C:\WINDOWS\system32\1031
2030-08-09 00:17:15 0 d-------- C:\WINDOWS\system32\1028
2030-08-09 00:17:15 0 d-------- C:\WINDOWS\system32\1025
2030-08-09 00:17:15 0 d-------- C:\WINDOWS\system
2030-08-09 00:17:15 0 d-------- C:\WINDOWS\security
2030-08-09 00:17:15 0 d-------- C:\WINDOWS\Resources
2030-08-09 00:17:15 0 d-------- C:\WINDOWS\repair
2030-08-09 00:17:15 0 d-------- C:\WINDOWS\Provisioning
2030-08-09 00:17:15 0 d-------- C:\WINDOWS\PeerNet
2030-08-09 00:17:15 0 d-------- C:\WINDOWS\pchealth
2030-08-09 00:17:15 0 d-------- C:\WINDOWS\mui
2030-08-09 00:17:15 0 d-------- C:\WINDOWS\msapps
2030-08-09 00:17:15 0 d-------- C:\WINDOWS\msagent
2030-08-09 00:17:15 0 d-------- C:\WINDOWS\Media
2030-08-09 00:17:15 0 d-------- C:\WINDOWS\java
2030-08-09 00:17:15 0 d--h----- C:\WINDOWS\inf
2030-08-09 00:17:15 0 d-------- C:\WINDOWS\ime
2030-08-09 00:17:15 0 d-------- C:\WINDOWS\Help
2030-08-09 00:17:15 0 dr--s---- C:\WINDOWS\Fonts
2030-08-09 00:17:15 0 d-------- C:\WINDOWS\Driver Cache
2030-08-09 00:17:15 0 d-------- C:\WINDOWS\Debug
2030-08-09 00:17:15 0 d-------- C:\WINDOWS\Cursors
2030-08-09 00:17:15 0 d-------- C:\WINDOWS\Connection Wizard
2030-08-09 00:17:15 0 d-------- C:\WINDOWS\Config
2030-08-09 00:17:15 0 d-------- C:\WINDOWS\AppPatch
2030-08-09 00:17:15 0 d-------- C:\WINDOWS\addins
2008-06-18 20:41:26 0 d-------- C:\Documents and Settings\Sgt.Alien\Application Data\SUPERAntiSpyware.com
2008-06-17 17:20:24 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-10 21:32:31 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-10 21:32:20 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-10 21:06:07 0 d-------- C:\Documents and Settings\Sgt.Alien\Application Data\Malwarebytes
2008-06-10 21:06:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-10 21:05:50 0 d-------- C:\Program Files\Common Files\Download Manager
2008-06-02 13:57:40 0 d-------- C:\Program Files\iPod
2008-06-02 13:57:31 0 d-------- C:\Program Files\iTunes
2008-06-02 13:54:01 0 d-------- C:\Program Files\QuickTime
2008-05-30 15:55:04 0 d-------- C:\Program Files\Sierra
2008-05-29 19:51:08 0 d-------- C:\WINDOWS\network diagnostic
2008-05-29 19:42:58 0 d-------- C:\8196806e45bbcc3e7a76
2008-05-29 19:05:25 0 d-------- C:\WINDOWS\system32\CatRoot_bak
2008-05-28 21:55:55 0 d-------- C:\Documents and Settings\Sue\Application Data\Mozilla
2008-05-28 16:13:58 0 d-------- C:\Documents and Settings\Owner\Application Data\MSN6
2008-05-28 16:13:58 0 d-------- C:\Documents and Settings\All Users\Application Data\MSN6
2008-05-26 20:48:58 0 d-------- C:\Documents and Settings\Sgt.Alien\Application Data\Nokia Multimedia Player
2008-05-26 16:07:36 0 d-------- C:\Documents and Settings\Owner\Application Data\PC Suite
2008-05-26 13:52:22 0 d-------- C:\Documents and Settings\Sue\Application Data\PC Suite
2008-05-25 21:55:28 0 d-------- C:\Documents and Settings\Sgt.Alien\Application Data\DataLayer
2008-05-25 21:55:25 0 d-------- C:\Documents and Settings\Sgt.Alien\Phone Browser
2008-05-25 21:54:27 0 d-------- C:\Documents and Settings\Sgt.Alien\Application Data\Nokia
2008-05-25 21:52:26 0 d-------- C:\Program Files\DIFX
2008-05-25 21:50:58 0 d-------- C:\Program Files\Common Files\Nokia
2008-05-25 21:50:29 0 d-------- C:\Program Files\Nokia
2008-05-25 21:50:24 0 d-------- C:\Documents and Settings\Sgt.Alien\Application Data\PC Suite
2008-05-25 21:50:22 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-05-25 21:50:15 0 d-------- C:\Program Files\Common Files\PCSuite
2008-05-25 21:46:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-05-25 18:57:04 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-05-25 18:55:08 0 d-------- C:\WINDOWS\Prefetch
2008-05-25 18:37:42 0 d-------- C:\WINDOWS\EHome
2008-05-25 15:08:19 0 d-------- C:\Program Files\System Mechanic
2008-05-24 22:55:18 0 d-------- C:\Documents and Settings\Sgt.Alien\Contacts
2008-05-22 20:02:42 0 d-------- C:\Documents and Settings\Owner\Application Data\iolo
2008-05-21 18:34:50 0 d-------- C:\Documents and Settings\LocalService\Application Data\iolo
2008-05-21 18:30:20 74703 --a------ C:\WINDOWS\system32\mfc45.dll
2008-05-21 18:15:31 0 d-------- C:\Documents and Settings\Sgt.Alien\Application Data\iolo
2008-05-21 18:15:31 0 d-------- C:\Documents and Settings\All Users\Application Data\iolo
2008-05-21 17:56:30 0 d-------- C:\Program Files\Panda Security


-- Find3M Report ---------------------------------------------------------------

2030-08-09 07:24:23 0 d-------- C:\Documents and Settings\Sgt.Alien\Application Data\Identities
2030-08-09 00:19:37 62 --ahs---- C:\Documents and Settings\Sgt.Alien\Application Data\desktop.ini
2008-06-18 20:41:11 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-18 20:26:55 0 d-------- C:\Documents and Settings\Sgt.Alien\Application Data\Xfire
2008-06-10 21:15:09 0 d-------- C:\Program Files\Trend Micro
2008-06-10 19:02:53 0 d-------- C:\Program Files\Microsoft Works
2008-06-10 11:56:52 0 d-------- C:\Program Files\Xfire
2008-06-01 10:50:02 0 d-------- C:\Documents and Settings\Sgt.Alien\Application Data\Ventrilo
2008-05-29 17:54:30 0 d-------- C:\Program Files\Paint Shop Pro 5
2008-05-25 19:24:29 0 d-------- C:\Program Files\D-Link
2008-05-24 20:26:45 0 d-------- C:\Program Files\OptusNet DSL Internet
2008-05-21 18:48:18 0 d-------- C:\Documents and Settings\Sgt.Alien\Application Data\uTorrent
2008-05-21 18:48:18 0 d-------- C:\Documents and Settings\Sgt.Alien\Application Data\LimeWire
2008-05-21 17:57:31 2572 --a------ C:\WINDOWS\mozver.dat
2008-05-18 19:27:38 0 d-------- C:\Program Files\THQ
2008-05-18 19:27:08 0 d-------- C:\Program Files\AC Milan Screensaver
2008-05-07 22:15:00 0 d-------- C:\Documents and Settings\Sgt.Alien\Application Data\iPodder
2008-05-05 21:57:22 0 d-------- C:\Documents and Settings\Sgt.Alien\Application Data\CyberLink
2008-05-05 21:27:58 0 d-------- C:\Program Files\Ahead
2008-05-05 21:23:40 0 d-------- C:\Program Files\Common Files\Nero
2008-05-05 20:58:59 0 d-------- C:\Program Files\NeroInstall.bak
2008-05-05 20:57:35 0 d-------- C:\Documents and Settings\Sgt.Alien\Application Data\Nero
2008-05-05 16:46:18 0 d-------- C:\Program Files\Windows Live
2008-05-05 16:46:03 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-31 21:38:29 0 --a------ C:\AUTOEXEC.BAT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [03/11/2004 11:24 AM]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [29/01/2007 06:22 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/12/2007 12:41 AM]
"nwiz"="nwiz.exe" [05/12/2007 12:41 AM C:\WINDOWS\system32\nwiz.exe]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [15/02/2008 11:56 PM]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [08/07/2006 07:14 AM]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [08/07/2006 07:15 AM]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [25/06/2003 10:24 AM]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [28/07/2003 10:43 PM]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [11/04/2003 02:25 PM]
"DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [21/05/2003 05:37 PM]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 10:50 AM]
"SoundMan"="SOUNDMAN.EXE" [17/11/2006 05:42 AM C:\WINDOWS\soundman.exe]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [15/06/2006 12:36 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [28/03/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30/03/2008 10:36 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 12:56 AM]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [27/06/2006 04:21 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [13/05/2008 10:13 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geBttTjg]
geBttTjg.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2008-06-19 16:36:33 ------------
  • 0

#10
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Hey danieljr1992,

My problem is fixed by the way!!! ^^ thanks a lot guys. I'm still gunna continue coz this can only do good for my system. unless we're done now. here's my dss log:


Thank you for sticking around. :)

You forgot to paste the other log.
Extra.txt should be located in C:\DEckard.

koko

Edited by koko_crunch, 19 June 2008 - 05:42 AM.

  • 0

Advertisements


#11
danieljr1992

danieljr1992

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
no worries. here's my extra.txt log. I had to re-do it but it should be the same


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 Duo CPU E4600 @ 2.40GHz
CPU 1: Intel® Core™2 Duo CPU E4600 @ 2.40GHz
Percentage of Memory in Use: 31%
Physical Memory (total/avail): 2047.29 MiB / 1401.45 MiB
Pagefile Memory (total/avail): 3940.27 MiB / 3441.39 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1886.24 MiB

C: is Fixed (NTFS) - 465.76 GiB total, 214.07 GiB free.
D: is CDROM (UDF)
E: is Removable (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Fixed (FAT32) - 233.7 GiB total, 222.28 GiB free.

\\.\PHYSICALDRIVE0 - WDC WD5000AAKS-07TMA0 - 465.76 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 465.76 GiB - C:

\\.\PHYSICALDRIVE3 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE5 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE2 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB SM Reader USB Device

\\.\PHYSICALDRIVE1 - Maxtor 6 L250R0 USB Device - 233.76 GiB - 1 partition
\PARTITION0 (bootable) - Unknown - 233.76 GiB - I:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

FW: Trend Micro Personal Firewall v5.2 (Trend Micro Inc.)
AV: Trend Micro Internet Security v16.10.1079 ()

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"="C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe:*:Enabled:Crysis_32"
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"="C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic.exe"="C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic.exe:*:Enabled:World in Conflict"
"C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_online.exe"="C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_online.exe:*:Enabled:World in Conflict - Online Only"
"C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"="C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_ds.exe:*:Enabled:World in Conflict - Dedicated Server"
"C:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Game.exe"="C:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Game.exe:*:Enabled:Rainbow Six Vegas"
"C:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Launcher.exe"="C:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Launcher.exe:*:Enabled:Rainbow Six Vegas Updater"
"C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"="C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe:*:Enabled:Battlefield 2"
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"="C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe:*:Enabled:Battlefield 2"
"C:\\Program Files\\THQ\\Frontlines-Fuel of War\\Binaries\\FFOW.exe"="C:\\Program Files\\THQ\\Frontlines-Fuel of War\\Binaries\\FFOW.exe:*:Enabled:Frontlines Game"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\THQ\\uTorrent\\uTorrent.exe"="C:\\Program Files\\THQ\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Sierra\\FEAR\\FEAR.exe"="C:\\Program Files\\Sierra\\FEAR\\FEAR.exe:*:Enabled:FEAR"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Xfire\\xfire.exe"="C:\\Program Files\\Xfire\\xfire.exe:*:Enabled:Xfire"
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™ "
"C:\\Documents and Settings\\Sgt.Alien\\Desktop\\MW4TRIAL\\MW4.EXE"="C:\\Documents and Settings\\Sgt.Alien\\Desktop\\MW4TRIAL\\MW4.EXE:*:Enabled:MechWarrior IV"
"C:\\Program Files\\Microsoft Games\\MechWarrior Vengeance Trial\\MW4.exe"="C:\\Program Files\\Microsoft Games\\MechWarrior Vengeance Trial\\MW4.exe:*:Enabled:MechWarrior IV"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Sgt.Alien\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=OWNER-PC
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Sgt.Alien
LOGONSERVER=\\OWNER-PC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0d
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\SGT~1.ALI\LOCALS~1\Temp
TMP=C:\DOCUME~1\SGT~1.ALI\LOCALS~1\Temp
USERDOMAIN=OWNER-PC
USERNAME=Sgt.Alien
USERPROFILE=C:\Documents and Settings\Sgt.Alien
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Owner (admin)
Sgt.Alien (admin)
Sue (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\NuNInst.exe /UNINSTALL
--> C:\WINDOWS\unmrw.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNNMP.exe /UNINSTALL
--> MsiExec /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
AGEIA PhysX v7.11.13 --> MsiExec.exe /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ArcSoft Panorama Maker 4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D45E8C45-B601-4A80-AFD8-E16338744DE1}\setup.exe" -l0x9
ArcSoft PhotoBase --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ArcSoft\PhotoBase\Uninst.isu"
ArcSoft PhotoStudio 2000 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ArcSoft\PhotoStudio 2000\Uninst.isu"
AutoHotkey 1.0.47.05 --> C:\Program Files\AutoHotkey\uninst.exe
Battlefield 2™ --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x9 -removeonly
Battlefield 2142 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}\setup.exe" -l0x9 -removeonly
Caere Scan Manager 5.1 --> MsiExec.exe /I{81D62C32-0984-11D3-86CD-00105AD33021}
Call of Duty® 4 - Modern Warfare™ --> C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.2 Patch --> C:\Program Files\InstallShield Installation Information\{E5141379-B2D9-4BBC-BB2A-5805541571DD}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.3 Patch --> C:\Program Files\InstallShield Installation Information\{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.4 Patch --> C:\Program Files\InstallShield Installation Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.5 Multiplayer Patch --> C:\Program Files\InstallShield Installation Information\{8503C901-85D7-4262-88D2-8D8B2A7B08B8}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.6 Patch --> C:\Program Files\InstallShield Installation Information\{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}\setup.exe -runfromtemp -l0x0409
Championship Bass --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\EA SPORTS\Championship Bass\Uninst.isu"
Crysis® --> MsiExec.exe /I{000E79B7-E725-4F01-870A-C12942B7F8E4}
D-Link DSL-302G USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACCEC3BD-FFCA-4146-8587-17650B86165B}\Setup.exe"
EA Network Play System --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Electronic Arts\Network Play System\uninst.isu"
EA SPORTS online 2007 --> C:\Program Files\EA SPORTS\EA SPORTS online\EASOUNInstaller.exe
Eureka's 125,000 Clipart --> C:\WINDOWS\uninst.exe -fC:\NODTRON\125TCLIP\DeIsL1.isu
FEAR --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2B653229-9854-4989-B780-D978F5F13EAB}\setup.exe" -l0x9 -removeonly
Fraps (remove only) --> "C:\Fraps\uninstall.exe"
Frontlines Screensaver --> C:\Program Files\Ayzenberg\Frontlines\Uninstall.exe
Frontlines: Fuel of War --> "C:\Program Files\InstallShield Installation Information\{C711E88C-9DC2-4254-A989-D6E017844DDF}\setup.exe" -runfromtemp -l0x0009 -removeonly
Google Earth --> MsiExec.exe /I{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}
GTA San Andreas --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x9 -removeonly
GTactix --> MsiExec.exe /I{046ED2B7-14D5-4F2C-A275-09D54CEFE757}
Half-Life® 2 --> MsiExec.exe /I{D45EC259-4A19-4656-B588-C2C360DD18EA}
Hamachi 1.0.2.5 --> C:\Program Files\Hamachi\uninstall.exe
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for MSXML 2 (KB887606) --> "C:\WINDOWS\$SQLUninstallMSXML2SP6-KB887606-x86-ENU$\spuninst\spuninst.exe"
hp deskjet 5100 --> msiexec /x{FEDA56C4-82F3-46DD-8B50-FC592BBE1C0D}
HP Memories Disc --> MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
HP Photo and Imaging 2.0 - Deskjet Series --> MsiExec.exe /I{E0828692-FD9D-459F-9312-C645C3CA6650}
hp print screen utility --> C:\Program Files\Hewlett-Packard\hp print screen utility\UnInstall\prnunins.exe
Indeo® software --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Intel\Indeo\Uninst.isu" -c"C:\Program Files\Intel\Indeo\SavedSystemFiles\indounin.dll"
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office 2000 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft Office Publisher 2003 --> MsiExec.exe /I{91190409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works 2000 --> MsiExec.exe /I{56364334-9530-11D2-BFFC-00C04FA329AA}
Motorola SM56 Speakerphone Modem --> rundll32.exe sm56co6a.dll,SM56UnInstaller
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
NBA LIVE 07 --> C:\Program Files\EA SPORTS\NBA LIVE 07\EAUninstall.exe
Need for Speed™ Most Wanted --> C:\Program Files\EA GAMES\Need for Speed Most Wanted\EAUninstall.exe
Need for Speed™ ProStreet --> MsiExec.exe /X{343737F4-C04D-49F4-BE58-C7EAA8EBA57A}
Nero Suite --> C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nokia Connectivity Cable Driver --> MsiExec.exe /X{9BD3BC83-C14A-4C54-A5FB-F43D93D5E4EF}
Nokia PC Connectivity Solution --> MsiExec.exe /I{0D80391C-0A72-43BB-9BC2-143F63CC111D}
Nokia PC Suite --> MsiExec.exe /I{E1B34BF3-6333-47DC-AD85-D89A95829478}
NVIDIA Drivers --> C:\WINDOWS\System32\nvuninst.exe UninstallGUI
OLYMPUS Master 2 --> MsiExec.exe /X{CBC85F2E-1981-4C55-9418-908D08D2C6E8}
OLYMPUS muvee theaterPack --> MsiExec.exe /X{DDDE47E5-C711-4D17-9FA6-E3D7C340192A}
OmniPage Pro 9.0 --> C:\Program Files\Caere\OmniPagePro90\uninstall.exe -f"C:\Program Files\Caere\OmniPagePro90\DeIsL1.isu"
OptusNet DSL --> C:\Program Files\OptusNet DSL Internet\Uninstall.exe
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
Pivot Stickfigure Animator --> MsiExec.exe /I{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PunkBuster Services --> C:\WINDOWS\system32\pbsvc.exe -u
Python 2.5.1 --> MsiExec.exe /I{31800004-6386-4999-A519-518F2D78D8F0}
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Realtek AC'97 Audio --> Alcrmv.exe -r -m
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
SierraAddressBook 3.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7CE979C6-E5FF-41C5-B6CC-4EE18071563B}\setup.exe"
SierraHome Print Artist 15.0 --> C:\WINDOWS\IsUninst.exe -f"C:\Sierra\Print Artist 15.0\HiUninst.isu" -c"C:\Sierra\Print Artist 15.0\Uninstpa.DLL"
Steam™ --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Tom Clancy's Rainbow Six Vegas --> C:\Program Files\InstallShield Installation Information\{5731C0A8-B266-451A-8D3F-8066AA21836F}\setup.exe -runfromtemp -l0x0009 -removeonly
Trend Micro Internet Security --> C:\Program Files\Trend Micro\Internet Security\remove.exe
Trend Micro Internet Security --> MsiExec.exe /X{A621B45A-D138-4A95-BE10-7CABA05EF94E}
ubi.com --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AEDDF5A3-29CE-11D5-A8C2-000102246AAE}\Setup.exe" -l0x9 UNINSTALL-L0x9 -uninst
Welcome to AC Milan Screensaver 2 Kakŕ --> "C:\Program Files\AC Milan Screensaver\unins001.exe"
Western Australian Time Zone Update --> MsiExec.exe /X{C098DAEC-29EF-4A59-B18E-0E950169CA3C}
Westnet Internet Easy Online Signup 3.0 --> "C:\Program Files\Westnet\uninstall.exe"
Windows Driver Package - Nokia Modem (07/24/2006 6.81.0.23) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_8BEAEC6636531F9CD10CFDA4ECE6AA29199B8974\nokbtmdm.inf
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
World in Conflict --> C:\Program Files\InstallShield Installation Information\{F11ADC64-C89E-47F4-A0B3-3665FF859397}\setup.exe -runfromtemp -l0x0009 -removeonly
Xfire (remove only) --> "C:\Program Files\Xfire\uninst.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type4642 / Warning
Event Submitted/Written: 06/19/2008 04:28:45 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type4636 / Warning
Event Submitted/Written: 06/18/2008 10:28:20 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type4629 / Warning
Event Submitted/Written: 06/18/2008 08:35:32 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type4623 / Warning
Event Submitted/Written: 06/18/2008 11:15:25 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type4617 / Warning
Event Submitted/Written: 06/17/2008 10:44:38 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type33614 / Error
Event Submitted/Written: 06/19/2008 04:29:04 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {66B093B7-B5E3-4CFE-B32B-FEB55F172481} did not register with DCOM within the required timeout.

Event Record #/Type33587 / Error
Event Submitted/Written: 06/19/2008 02:42:51 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
ohci1394

Event Record #/Type33556 / Error
Event Submitted/Written: 06/18/2008 10:22:11 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
ohci1394

Event Record #/Type33528 / Error
Event Submitted/Written: 06/18/2008 08:35:50 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {66B093B7-B5E3-4CFE-B32B-FEB55F172481} did not register with DCOM within the required timeout.

Event Record #/Type33507 / Error
Event Submitted/Written: 06/18/2008 04:38:21 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {66B093B7-B5E3-4CFE-B32B-FEB55F172481} did not register with DCOM within the required timeout.



-- End of Deckard's System Scanner: finished at 2008-06-19 16:36:33 ------------
  • 0

#12
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
We're nearly done. Just a few more clean up. :)

First,

Please download DAFT and save it to your desktop:
  • Double-click the daft.exe icon.
  • Click on the Scan button.
  • Select everything it is displaying there
  • Click the Fix button.
  • Then rescan with DAFT again - it should say now that "All associations are OK"
  • Close DAFT if you receive that message. This means that it is fixed now.


Next,

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\Documents and Settings\Sgt.Alien\Application Data\uTorrent
    C:\Documents and Settings\Sgt.Alien\Application Data\LimeWire
    C:\Program Files\THQ\uTorrent
    C:\Program Files\uTorrent
    
    HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\uTorrent\uTorrent.exe
    HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\THQ\uTorrent\uTorrent.exe
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geBttTjg
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Then,

Upgrading Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 6.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u6-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.

Finally,

Please do an online scan with Kaspersky WebScanner

Welcome Information page will open. Click on Accept
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded, click on Scan
    • Now under that section select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save Report as button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Please post back with

- Kaspersky log
- New HijackThis log
  • 0

#13
danieljr1992

danieljr1992

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
wow that daft thing was fast. do you guys make these programs? some of them are really good and i've never heard of them before. i also noticed limewire on the moveit program. isn't that a music downloading thing that gives u viruses? i don't want that on here if it is so how do i delete it? and i couldn't do the java just yet as i have to go soon so I'll download it tomorrow and then I'll be able to do the kaspersky scan. I'll post back tomorrow with those.




MOVE IT LOG FILE:
C:\Documents and Settings\Sgt.Alien\Application Data\uTorrent moved successfully.
C:\Documents and Settings\Sgt.Alien\Application Data\LimeWire\xml\data moved successfully.
C:\Documents and Settings\Sgt.Alien\Application Data\LimeWire\xml moved successfully.
C:\Documents and Settings\Sgt.Alien\Application Data\LimeWire\themes\limewirePro_theme moved successfully.
C:\Documents and Settings\Sgt.Alien\Application Data\LimeWire\themes moved successfully.
C:\Documents and Settings\Sgt.Alien\Application Data\LimeWire\.AppSpecialShare moved successfully.
C:\Documents and Settings\Sgt.Alien\Application Data\LimeWire moved successfully.
C:\Program Files\THQ\uTorrent moved successfully.
File/Folder C:\Program Files\uTorrent not found.
File/Folder not found.
< HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\uTorrent\uTorrent.exe >
Registry value HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\uTorrent\uTorrent.exe deleted successfully.
< HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\THQ\uTorrent\uTorrent.exe >
Registry value HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\THQ\uTorrent\uTorrent.exe deleted successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geBttTjg >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geBttTjg\\ deleted successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06202008_182043
  • 0

#14
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Ok. :)
  • 0

#15
danieljr1992

danieljr1992

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
I've been trying the kaspersky scan but it's not working even though I've updated java.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP