Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Slow computer after virus cleaning [CLOSED]

Started by London Beat , Jun 17 2008 11:31 AM

  • This topic is locked This topic is locked

#1
London Beat
Posted 17 June 2008 - 11:31 AM

London Beat

    Member

  • Member
  • PipPip
  • 27 posts
Hi,

I hope someone can help me :)

After i got the smitfraud worm.win32,netbooster i could restore almost my system to normal, at least i think, then i got another virus, i think that was soothing related to hldrrr.exe then i run combofix and others programs recomended in these forums and at one time my PC rebooted but when arriving to the desktop it rebooted again and stayed like this forever, i couldn´t even got to safe mode.

So i had to format 1 of 2 hard drives that i have, the one with the infected Windows XP and the program files. After i install again Win XP i started to hear lots of clicks from one of the hard drive, i think that was the HD with 750GB were i store everything exept the O.S. and the program files so i changed the PSU and the clicks stopped, the problem is that my system is a fresh XP instalation and already is to sloooooww! I don´t know if is related to hardware although i run Seatools from Seagate in the 2 HD and they passed all tests although on test in the drive of 750gb took 66 hours!
Another thing could be that my 750gb drive could have some virus from my past bad experiences mentioned above and infected the system again.
´
Please help my system is really slooow :) and i don´t want to install XP again took me 2 days the last time! :)


HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:28:02, on 17/06/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Chaos Software\Chaos 7\alarm.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Timex\Data Link USB\DataLinkLauncher.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Winamp\Winamp.exe
C:\WINDOWS\System32\WScript.exe
C:\WINDOWS\system32\defrag.exe
C:\WINDOWS\system32\DfrgNtfs.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Easy CD-DA Extractor 11\ezcddax.exe
C:\Program Files\Easy CD-DA Extractor 11\ezcddax.exe
C:\Program Files\Easy CD-DA Extractor 11\ezcddax.exe
C:\Program Files\Easy CD-DA Extractor 11\ezcddax.exe
C:\Documents and Settings\London Beat\Local Settings\Temp\wzb451\uefa-euro_alerts.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....k/?LinkId=71126
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: QT TabBar - {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - mscoree.dll (file missing)
O3 - Toolbar: QT Tab Standard Buttons - {D2BF470E-ED1C-487F-A666-2BD8835EB6CE} - mscoree.dll (file missing)
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [getPlusUninstall_ocx] rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [alarm.exe] "C:\Program Files\Chaos Software\Chaos 7\alarm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Avisos EURO 2008.lnk = C:\Documents and Settings\London Beat\Local Settings\Temp\wzb451\uefa-euro_alerts.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O4 - Global Startup: Timex Data Link USB Launcher.lnk = ?
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Preencher - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Salvar Formulários - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Preencher - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Preencher - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Salvar - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Salvar Formulários - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1213031595984
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{29CC2B01-57B9-4A14-ADDE-43A124E82843}: NameServer = 195.23.129.126,194.79.69.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{29CC2B01-57B9-4A14-ADDE-43A124E82843}: NameServer = 195.23.129.126,194.79.69.222
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

--
End of file - 11018 bytes
  • 0

Advertisements

#2
Chopin
Posted 21 June 2008 - 06:52 PM

Chopin

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,639 posts
Hello London Beat, doesn't look so bad. Let's get a more in-depth scan before we go crazy :)

1. Deckard's System Scanner
------------------------------------------------
Please download Deckard's System Scanner (DSS) and save it to your Desktop. Close ALL open windows before running the scan.

Note: This program will clear your temporary files.

  • On the first run, Deckard's System Scanner will provide you with two warnings. Press "OK" and allow DSS to scan.
  • The entire scanning process will take about five minutes, often less.
  • During the scan you may get warnings about sigcheck.exe trying to access the Internet; please make sure you allow it to do so.
  • Your antivirus may also warn you about nircmd.exe; please make sure you do not delete nircmd.exe as it will cause DSS to malfunction.
  • Once the scan is complete, you will get two logfiles - a main.txt (which you see) and an extra.txt (which is minimized). Copy the contents of both into a reply.
On subsequent runs, DSS will only provide a significantly shortened main.txt and not an extra.txt.
  • 0

#3
London Beat
Posted 22 June 2008 - 09:58 AM

London Beat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hello,

First of all thanks for your reply :) , it would be great if i don´t have any malware in my PC! :) I am afraid if some remaining malware from my past win xp installations is still active. :)

Here are the logs:

Deckard's System Scanner v20071014.68
Run by London Beat on 2008-06-22 16:45:19
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
21: 2008-06-22 15:45:34 UTC - RP38 - Deckard's System Scanner Restore Point
20: 2008-06-21 15:53:10 UTC - RP37 - Installed Java™ 6 Update 6
19: 2008-06-21 15:52:10 UTC - RP36 - Removed Java™ 6 Update 6
18: 2008-06-21 15:37:30 UTC - RP35 - Installed OpenOffice.org Installer 1.0
17: 2008-06-21 15:35:07 UTC - RP34 - Installed Java™ 6 Update 6


-- First Restore Point --
1: 2008-06-10 04:02:19 UTC - RP18 - Logitech SetPoint Mouse and Keyboard Device Drivers


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 2.55 GiB (less than 15%) free.


-- HijackThis (run as London Beat.exe) -----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:47:13, on 22/06/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Chaos Software\Chaos 7\alarm.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Timex\Data Link USB\DataLinkLauncher.exe
C:\Documents and Settings\London Beat\Local Settings\Temp\wzb451\uefa-euro_alerts.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\London Beat\Desktop\dss.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\London Beat.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....k/?LinkId=71126
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: QT TabBar - {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - mscoree.dll (file missing)
O3 - Toolbar: QT Tab Standard Buttons - {D2BF470E-ED1C-487F-A666-2BD8835EB6CE} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [alarm.exe] "C:\Program Files\Chaos Software\Chaos 7\alarm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Avisos EURO 2008.lnk = C:\Documents and Settings\London Beat\Local Settings\Temp\wzb451\uefa-euro_alerts.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O4 - Global Startup: Timex Data Link USB Launcher.lnk = ?
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Preencher - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Salvar Formulários - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Preencher - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Preencher - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Salvar - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Salvar Formulários - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1213031595984
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{29CC2B01-57B9-4A14-ADDE-43A124E82843}: NameServer = 195.23.129.126,194.79.69.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{29CC2B01-57B9-4A14-ADDE-43A124E82843}: NameServer = 195.23.129.126,194.79.69.222
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

--
End of file - 9904 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R3 EL2000 (3Com 3C2000x EtherLink XL Adapter) - c:\windows\system32\drivers\el2k_xp.sys <Not Verified; 3Com Corporation; 3Com Gigabit NIC (3C2000 Family)>

S3 catchme - c:\docume~1\london~1\locals~1\temp\catchme.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CTAudSvcService (Creative Audio Service) - c:\program files\creative\shared files\ctaudsvc.exe <Not Verified; Creative Technology Ltd; Creative Audio Service>

S3 Creative Audio Engine Licensing Service - "c:\program files\common files\creative labs shared\service\ctaelicensing.exe" <Not Verified; Creative Labs; Creative Audio Engine Licensing Service>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-16 00:38:20 1082 --a------ C:\WINDOWS\Tasks\defrag_all2.job


-- Files created between 2008-05-22 and 2008-06-22 -----------------------------

2008-06-22 07:31:30 0 d-------- C:\WINDOWS\Sun
2008-06-22 07:31:29 0 d-------- C:\Documents and Settings\London Beat\Application Data\Sun
2008-06-21 16:53:54 0 d-------- C:\Program Files\Java
2008-06-21 16:53:16 0 d-------- C:\Program Files\Common Files\Java
2008-06-21 16:37:32 0 d-------- C:\Program Files\Sun
2008-06-20 21:38:05 0 d-------- C:\Program Files\AllerCalc
2008-06-20 13:45:04 0 d--h----- C:\WINDOWS\PIF
2008-06-20 13:43:25 0 d-------- C:\Program Files\SizeExplorer Pro 3.8.7
2008-06-20 13:33:57 0 d-------- C:\Program Files\zabkat
2008-06-20 12:49:35 0 d-------- C:\Copia
2008-06-19 14:44:56 0 d-------- C:\Program Files\Flobo Hard Disk Repair
2008-06-18 19:12:27 0 d-------- C:\Documents and Settings\London Beat\Application Data\Help
2008-06-18 18:31:27 0 d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-06-18 18:31:20 0 d-------- C:\Program Files\Security Task Manager
2008-06-18 14:01:47 0 d-------- C:\Program Files\ProcessExplorer
2008-06-17 17:44:52 0 d-------- C:\Program Files\Lavasoft
2008-06-17 17:44:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-17 01:05:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-06-17 01:04:56 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-16 22:43:34 0 d-------- C:\WINDOWS\pss
2008-06-16 21:39:22 0 d-------- C:\Program Files\Trend Micro
2008-06-16 20:39:37 0 d-------- C:\Program Files\KeePass Password Safe
2008-06-16 16:06:01 0 d-------- C:\WINDOWS\Easy CD-DA Extractor 11.5.3
2008-06-16 16:06:01 0 d-------- C:\Program Files\Easy CD-DA Extractor 11
2008-06-16 15:46:22 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-16 15:43:08 0 d-------- C:\WINDOWS\Easy CD-DA Extractor 11.5
2008-06-16 06:50:07 0 d-------- C:\downloads <DOWNLO~1>
2008-06-16 06:50:07 0 d-------- C:\Documents and Settings\London Beat\Application Data\GrabPro
2008-06-16 06:49:44 0 d-------- C:\Documents and Settings\London Beat\Application Data\Orbit
2008-06-16 06:49:23 0 d-------- C:\Program Files\Orbitdownloader
2008-06-16 05:21:59 0 d-------- C:\Program Files\Cryptload
2008-06-16 04:06:46 0 d-------- C:\Documents and Settings\London Beat\Application Data\WinRAR
2008-06-16 01:44:47 0 d-------- C:\Documents and Settings\London Beat\Application Data\IEPro
2008-06-16 01:41:26 0 d-------- C:\Program Files\IEPro
2008-06-16 01:17:43 0 d-------- C:\Program Files\FLV Player
2008-06-16 01:04:46 0 d-------- C:\Program Files\YouTube Downloader
2008-06-15 23:58:19 0 dr-h----- C:\Documents and Settings\London Beat\Recent
2008-06-15 23:47:31 0 d-------- C:\Program Files\CCleaner
2008-06-15 17:49:57 0 d-------- C:\Program Files\PowerISO
2008-06-14 15:04:01 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-06-14 14:34:59 0 d-------- C:\Program Files\Microsoft Windows OneCare Live
2008-06-13 15:58:14 114688 --a------ C:\WINDOWS\system32\Vbis5032.dll <Not Verified; Software Source; Software Source vbis5032>
2008-06-13 15:58:14 126976 --a------ C:\WINDOWS\system32\Isb.dll
2008-06-13 15:58:13 0 d-------- C:\Program Files\Common Files\Chaos Software
2008-06-13 15:42:38 0 d-------- C:\Program Files\Chaos Software
2008-06-12 21:33:32 0 d-------- C:\Documents and Settings\London Beat\Application Data\Nero
2008-06-11 16:24:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
2008-06-11 04:52:49 0 d-------- C:\Program Files\Seagate
2008-06-11 04:36:44 0 d-------- C:\Documents and Settings\London Beat\Application Data\Uniblue
2008-06-11 04:18:45 0 d-------- C:\Program Files\Winamp Desk Band
2008-06-11 04:14:29 0 d-------- C:\Program Files\Winamp
2008-06-11 04:14:29 0 d-------- C:\Documents and Settings\London Beat\Application Data\Winamp
2008-06-11 03:26:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Creative Labs
2008-06-11 01:56:24 0 d-------- C:\Documents and Settings\London Beat\Application Data\OfficeUpdate12
2008-06-11 01:53:40 676224 --a------ C:\WINDOWS\system32\OGACheckControl.dll
2008-06-10 23:10:24 0 d-------- C:\Program Files\Vietcong
2008-06-10 18:15:31 0 d-------- C:\Program Files\HP
2008-06-10 18:04:44 0 d-------- C:\Documents and Settings\London Beat\Application Data\Share-to-Web Upload Folder
2008-06-10 18:02:50 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-06-10 18:02:44 0 d-------- C:\Program Files\Hewlett-Packard
2008-06-10 17:30:16 335 --a------ C:\WINDOWS\mozregistry.dat
2008-06-10 17:29:52 1160 --a------ C:\WINDOWS\mozver.dat
2008-06-10 17:26:54 0 d-------- C:\Documents and Settings\London Beat\dwhelper
2008-06-10 17:07:04 0 d-------- C:\Program Files\MozBackup
2008-06-10 16:58:45 0 d-------- C:\Documents and Settings\All Users\Application Data\RoboForm
2008-06-10 16:57:09 0 d-------- C:\Program Files\Siber Systems
2008-06-10 16:48:34 0 d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2008-06-10 16:41:16 0 d-------- C:\Documents and Settings\London Beat\Application Data\Talkback
2008-06-10 16:41:09 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-10 16:41:06 0 d-------- C:\Documents and Settings\London Beat\Application Data\Mozilla
2008-06-10 15:51:06 0 d-------- C:\Documents and Settings\London Beat\Application Data\Adobe
2008-06-10 15:44:12 0 d-------- C:\Program Files\QuickTime
2008-06-10 15:44:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-10 15:43:47 0 d-------- C:\Program Files\Apple Software Update
2008-06-10 15:43:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-06-10 05:25:02 0 d-------- C:\Program Files\NeroInstall.bak
2008-06-10 05:19:01 0 d-------- C:\Program Files\Nero
2008-06-10 05:19:01 0 d-------- C:\Program Files\Common Files\Nero
2008-06-10 05:19:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-06-10 05:12:49 717296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-06-10 05:12:48 0 d-------- C:\Documents and Settings\London Beat\Application Data\DAEMON Tools
2008-06-10 05:07:07 0 d-------- C:\Program Files\Common Files\Creative Labs Shared
2008-06-10 05:06:53 0 d-------- C:\Program Files\Creative
2008-06-10 05:06:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Creative
2008-06-10 05:06:17 102400 --a------ C:\WINDOWS\system32\cttele32.dll <Not Verified; Creative Technology Ltd; Creative Common Proxy Stud>
2008-06-10 05:05:39 0 d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-06-10 05:05:25 0 d-------- C:\Program Files\OpenAL
2008-06-10 05:05:15 0 d-------- C:\Documents and Settings\London Beat\Application Data\Logitech
2008-06-10 05:04:46 0 d-------- C:\WINDOWS\system32\Data
2008-06-10 05:01:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-06-10 05:01:07 0 d-------- C:\Program Files\Common Files\Logishrd
2008-06-10 05:01:04 0 d-------- C:\Program Files\Logitech
2008-06-10 05:01:02 0 d-------- C:\Documents and Settings\London Beat\Application Data\InstallShield
2008-06-10 04:40:36 718 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-10 04:02:17 0 d-------- C:\Documents and Settings\London Beat\Application Data\Google
2008-06-10 04:02:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-06-10 03:56:09 0 d-------- C:\Documents and Settings\London Beat\Application Data\ATI
2008-06-10 03:56:09 0 d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-06-10 03:52:29 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-06-10 03:40:59 0 d-------- C:\WINDOWS\ERUNT
2008-06-10 03:00:53 593920 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2008-06-10 03:00:27 0 d-------- C:\Program Files\ATI Technologies
2008-06-10 02:57:35 0 d-------- C:\ATI
2008-06-10 02:35:19 0 d-------- C:\Program Files\uTorrent
2008-06-10 02:35:14 0 d-------- C:\Documents and Settings\London Beat\Application Data\uTorrent
2008-06-10 02:08:07 0 d-------- C:\Documents and Settings\London Beat\Application Data\Macromedia
2008-06-10 01:44:55 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-10 01:44:50 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-10 01:44:50 0 d-------- C:\Documents and Settings\London Beat\Application Data\SUPERAntiSpyware.com
2008-06-10 01:44:36 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-10 01:27:15 0 d-------- C:\Documents and Settings\London Beat\Application Data\Malwarebytes
2008-06-10 01:27:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-10 01:27:12 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-10 00:42:27 68096 --a------ C:\WINDOWS\zip.exe
2008-06-10 00:42:27 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-10 00:42:27 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-10 00:42:27 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-10 00:42:27 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-10 00:42:27 98816 --a------ C:\WINDOWS\sed.exe
2008-06-10 00:42:27 80412 --a------ C:\WINDOWS\grep.exe
2008-06-10 00:42:27 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-09 23:41:22 33533 --a------ C:\WINDOWS\system32\CoreVorbis-uninstall.exe
2008-06-09 23:41:18 36734 --a------ C:\WINDOWS\system32\OggDSuninst.exe
2008-06-09 23:41:11 0 d-------- C:\Program Files\ffdshow
2008-06-09 23:40:58 77824 --a------ C:\WINDOWS\system32\MMSwitch.dll
2008-06-09 23:40:58 40960 --a------ C:\WINDOWS\system32\MMAVILNG.exe
2008-06-09 23:40:57 0 d-------- C:\Program Files\Morgan
2008-06-09 23:40:51 0 d-------- C:\Program Files\AC3Filter
2008-06-09 23:40:42 0 d-------- C:\Program Files\XviD
2008-06-09 23:39:34 0 d-------- C:\Program Files\Google
2008-06-09 23:39:30 1890 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-06-09 23:39:30 56 -r-hs---- C:\WINDOWS\system32\0C30A3A8B4.sys
2008-06-09 23:39:20 0 d-------- C:\Program Files\DivX
2008-06-09 23:00:05 0 d-------- C:\Program Files\eMule
2008-06-09 20:06:20 0 d-------- C:\Program Files\Windows Media Connect 2
2008-06-09 20:04:54 0 d-------- C:\WINDOWS\system32\LogFiles
2008-06-09 20:04:54 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-06-09 20:00:12 0 d-------- C:\WINDOWS\system32\URTTemp
2008-06-09 18:59:05 0 d-------- C:\WINDOWS\Prefetch
2008-06-09 18:49:51 0 d-------- C:\WINDOWS\system32\scripting
2008-06-09 18:49:51 0 d-------- C:\WINDOWS\l2schemas
2008-06-09 18:49:50 0 d-------- C:\WINDOWS\system32\en
2008-06-09 18:49:48 0 d-------- C:\WINDOWS\system32\bits
2008-06-09 18:46:54 0 d-------- C:\WINDOWS\ServicePackFiles
2008-06-09 18:44:27 0 d-------- C:\WINDOWS\network diagnostic
2008-06-09 18:42:06 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-06-09 18:17:02 0 d-------- C:\WINDOWS\system32\PreInstall
2008-06-09 18:17:00 0 d--h----- C:\WINDOWS\$hf_mig$
2008-06-09 18:13:58 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-06-09 18:13:00 0 d--hs---- C:\Documents and Settings\London Beat\UserData
2008-06-09 17:37:42 0 d--hs---- C:\WINDOWS\Installer
2008-06-09 17:37:41 0 d-------- C:\Program Files\Common Files\ODBC
2008-06-09 17:37:39 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-06-09 17:37:38 0 dr------- C:\Program Files
2008-06-09 17:37:38 0 d-------- C:\Program Files\Common Files
2008-06-09 17:37:12 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-06-09 17:37:12 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-06-09 17:37:12 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-06-09 17:37:12 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-06-09 17:37:12 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-06-09 17:37:12 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-06-09 17:37:12 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-06-09 17:37:12 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-06-09 17:37:12 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-06-09 17:37:12 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-06-09 17:37:12 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-06-09 17:37:12 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-06-09 17:37:12 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-06-09 17:37:12 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-06-09 17:37:12 0 dr------- C:\Documents and Settings\All Users\Documents
2008-06-09 17:37:12 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-06-09 17:35:21 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-06-09 17:35:21 0 d-------- C:\WINDOWS\system32\CatRoot
2008-06-09 17:35:16 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-06-09 17:35:16 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-06-09 17:35:15 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-06-09 17:35:15 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-06-09 17:34:56 0 d--hs---- C:\System Volume Information
2008-06-09 17:34:56 0 d-------- C:\Documents and Settings
2008-06-09 17:31:00 0 dra------ C:\WINDOWS
2008-06-09 17:31:00 0 d-------- C:\WINDOWS\WinSxS
2008-06-09 17:31:00 0 dr------- C:\WINDOWS\Web
2008-06-09 17:31:00 0 d-------- C:\WINDOWS\twain_32
2008-06-09 17:31:00 0 d-------- C:\WINDOWS\system32
2008-06-09 17:31:00 0 d-------- C:\WINDOWS\system32\wins
2008-06-09 17:31:00 0 d-------- C:\WINDOWS\system32\wbem
2008-06-09 17:31:00 0 d-------- C:\WINDOWS\system32\usmt
2008-06-09 17:31:00 0 d-------- C:\WINDOWS\system32\spool
2008-06-09 17:31:00 0 d-------- C:\WINDOWS\system32\ShellExt
2008-06-09 17:31:00 0 d-------- C:\WINDOWS\system32\Setup
2008-06-09 17:31:00 0 d-------- C:\WINDOWS\system32\ras
2008-06-09 17:31:00 0 d-------- C:\WINDOWS\system32\oobe
2008-06-09 17:31:00 0 d-------- C:\WINDOWS\system32\npp
2008-06-09 17:31:00 0 d-------- C:\WINDOWS\system32\mui
2008-06-09 17:31:00 0 d-------- C:\WINDOWS\system32\inetsrv
2008-06-09 17:31:00 0 d-------- C:\WINDOWS\system32\IME
2008-06-09 17:31:00 0 d-------- C:\WINDOWS\system32\icsxml
2008-06-09 17:31:00 0 d-------- C:\WINDOWS\system32\ias
2008-06-09 17:31:00 0 d-------- C:\WINDOWS\system32\export
2008-06-09 17:31:00 0 d-------- C:\WINDOWS\system32\drivers
2008-06-09 17:31:00 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-06-09 17:31:00 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-06-09 17:31:00 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-06-09 17:31:00 0 d-------- C:\WINDOWS\system32\dhcp
2008-06-09 17:31:00 0 d-------- C:\WINDOWS\system32\config
2008-06-09 17:31:00 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-06-09 17:31:00 0 d-------- C:\WINDOWS\system32\3076
2008-06-09 17:31:00 0 d-------- C:\WINDOWS\system32\2052
2008-06-09 17:31:00 0 d-------- C:\WINDOWS\system32\1054
2008-06-09 17:31:00 0 d-------- C:\WINDOWS\system32\1042
2008-06-09 17:31:00 0 d-------- C:\WINDOWS\system32\1041
2008-06-09 17:31:00 0 d-------- C:\WINDOWS\system32\1037
2008-06-09 17:31:00 0 d-------- C:\WINDOWS\system32\1033
2008-06-09 17:31:00 0 d-------- C:\WINDOWS\system32\1031
2008-06-09 17:31:00 0 d-------- C:\WINDOWS\system32\1028
2008-06-09 17:31:00 0 d-------- C:\WINDOWS\system32\1025
2008-06-09 17:31:00 0 d-------- C:\WINDOWS\system
2008-06-09 17:31:00 0 d-------- C:\WINDOWS\security
2008-06-09 17:31:00 0 d-------- C:\WINDOWS\Resources
2008-06-09 17:31:00 0 d-------- C:\WINDOWS\repair
2008-06-09 17:31:00 0 d-------- C:\WINDOWS\Provisioning
2008-06-09 17:31:00 0 d-------- C:\WINDOWS\PeerNet
2008-06-09 17:31:00 0 d-------- C:\WINDOWS\pchealth
2008-06-09 17:31:00 0 d-------- C:\WINDOWS\mui
2008-06-09 17:31:00 0 d-------- C:\WINDOWS\msapps
2008-06-09 17:31:00 0 d-------- C:\WINDOWS\msagent
2008-06-09 17:31:00 0 d-------- C:\WINDOWS\Media
2008-06-09 17:31:00 0 d-------- C:\WINDOWS\java
2008-06-09 17:31:00 0 d--h----- C:\WINDOWS\inf
2008-06-09 17:31:00 0 d-------- C:\WINDOWS\ime
2008-06-09 17:31:00 0 d-------- C:\WINDOWS\Help
2008-06-09 17:31:00 0 dr--s---- C:\WINDOWS\Fonts
2008-06-09 17:31:00 0 d-------- C:\WINDOWS\ehome
2008-06-09 17:31:00 0 d-------- C:\WINDOWS\Driver Cache
2008-06-09 17:31:00 0 d-------- C:\WINDOWS\Debug
2008-06-09 17:31:00 0 d-------- C:\WINDOWS\Cursors
2008-06-09 17:31:00 0 d-------- C:\WINDOWS\Connection Wizard
2008-06-09 17:31:00 0 d-------- C:\WINDOWS\Config
2008-06-09 17:31:00 0 d-------- C:\WINDOWS\AppPatch
2008-06-09 17:31:00 0 d-------- C:\WINDOWS\addins
2008-06-09 17:29:48 0 d-------- C:\Program Files\Timex
2008-06-09 17:29:48 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-09 17:29:37 0 d-------- C:\Program Files\Common Files\InstallShield
2008-06-09 17:27:15 0 d-------- C:\Documents and Settings\London Beat\Application Data\Chaos Software
2008-06-09 17:27:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Chaos Software
2008-06-09 17:24:39 96966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-06-09 17:24:39 88774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-06-09 17:24:20 543008 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-09 17:24:20 17222944 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-09 17:24:20 0 d-------- C:\Program Files\Kaspersky Lab
2008-06-09 17:24:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-09 17:23:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-06-09 17:17:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-06-09 17:17:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-06-09 17:08:51 0 d-------- C:\Program Files\Microsoft Works
2008-06-09 17:06:20 0 d-------- C:\WINDOWS\SHELLNEW
2008-06-09 17:06:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-09 17:05:28 0 dr-h----- C:\MSOCache
2008-06-09 16:55:12 0 d-------- C:\Documents and Settings\London Beat\Application Data\Identities
2008-06-09 16:54:55 0 d--h----- C:\Documents and Settings\London Beat\Templates
2008-06-09 16:54:55 0 dr------- C:\Documents and Settings\London Beat\Start Menu
2008-06-09 16:54:55 0 dr-h----- C:\Documents and Settings\London Beat\SendTo
2008-06-09 16:54:55 0 d--h----- C:\Documents and Settings\London Beat\PrintHood
2008-06-09 16:54:55 2621440 --ah----- C:\Documents and Settings\London Beat\NTUSER.DAT
2008-06-09 16:54:55 0 d--h----- C:\Documents and Settings\London Beat\NetHood
2008-06-09 16:54:55 0 dr------- C:\Documents and Settings\London Beat\My Documents
2008-06-09 16:54:55 0 d--h----- C:\Documents and Settings\London Beat\Local Settings
2008-06-09 16:54:55 0 dr------- C:\Documents and Settings\London Beat\Favorites
2008-06-09 16:54:55 0 d-------- C:\Documents and Settings\London Beat\Desktop
2008-06-09 16:54:55 0 d--hs---- C:\Documents and Settings\London Beat\Cookies
2008-06-09 16:54:55 0 dr-h----- C:\Documents and Settings\London Beat\Application Data
2008-06-09 16:53:53 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-06-09 16:53:51 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-06-09 16:53:51 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-06-09 16:53:51 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-06-09 16:53:51 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2008-06-09 16:53:51 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-06-09 16:53:51 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-06-09 16:53:33 262144 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-06-09 16:53:33 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-06-09 16:53:33 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2008-06-09 16:53:33 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-06-09 16:53:33 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-06-09 16:50:50 0 d-------- C:\WINDOWS\system32\xircom
2008-06-09 16:50:50 0 d-------- C:\Program Files\microsoft frontpage
2008-06-09 16:50:37 262144 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-06-09 16:50:26 0 -rahs---- C:\MSDOS.SYS
2008-06-09 16:50:26 0 -rahs---- C:\IO.SYS
2008-06-09 16:50:26 0 --a------ C:\CONFIG.SYS
2008-06-09 16:50:26 0 --a------ C:\AUTOEXEC.BAT
2008-06-09 16:49:33 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-06-09 16:49:24 0 dr------- C:\WINDOWS\Offline Web Pages
2008-06-09 16:49:24 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-06-09 16:49:14 0 d--h----- C:\Program Files\WindowsUpdate
2008-06-09 16:48:56 0 d-------- C:\WINDOWS\system32\DirectX
2008-06-09 16:48:29 0 d---s---- C:\WINDOWS\Tasks
2008-06-09 16:48:29 0 d-------- C:\Program Files\Common Files\MSSoap
2008-06-09 16:48:26 0 d-------- C:\WINDOWS\system32\Macromed
2008-06-09 16:48:26 0 d-------- C:\WINDOWS\srchasst
2008-06-09 16:48:20 0 d-------- C:\Program Files\Movie Maker
2008-06-09 16:48:14 0 d-------- C:\WINDOWS\system32\Restore
2008-06-09 16:47:37 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-06-09 16:47:23 0 d-------- C:\WINDOWS\Registration
2008-06-09 16:47:16 0 d-------- C:\Program Files\Online Services
2008-06-09 16:47:09 0 d-------- C:\Program Files\Messenger
2008-06-09 16:47:07 0 d-------- C:\Program Files\MSN Gaming Zone
2008-06-09 16:46:35 0 d-------- C:\Program Files\Windows NT
2008-06-09 16:46:31 0 d-------- C:\WINDOWS\system32\MsDtc
2008-06-09 16:46:29 0 d-------- C:\WINDOWS\system32\Com
2008-05-29 00:26:02 524288 --a------ C:\WINDOWS\opuc.dll <Not Verified; Microsoft Corporation; 2007 Microsoft Office system>


-- Find3M Report ---------------------------------------------------------------

2008-06-10 18:15:39 1508 --a------ C:\Documents and Settings\London Beat\Application Data\HPCOM_48BitScanUpdate.log
2008-06-09 17:37:12 62 --ahs---- C:\Documents and Settings\London Beat\Application Data\desktop.ini
2008-05-09 15:29:18 14336 --a------ C:\WINDOWS\system32\a3d.dll <Not Verified; ; a3dx5>
2008-05-09 15:29:00 13312 --a------ C:\WINDOWS\system32\ac3api.dll <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-05-09 15:28:42 2560 --a------ C:\WINDOWS\system32\CtxfiRes.dll <Not Verified; ; CTxfiRes Dynamic Link Library>
2008-05-09 15:28:42 2560 --a------ C:\WINDOWS\CTXFIRES.DLL <Not Verified; ; CTxfiRes Dynamic Link Library>
2008-05-09 15:28:40 39424 --a------ C:\WINDOWS\system32\CTxfiSpk.dll <Not Verified; Creative Technology Ltd; Ctxfispk Dynamic Link Library>
2008-05-09 15:28:40 41984 --a------ C:\WINDOWS\system32\CTxfiBtn.dll <Not Verified; Creative Technology Ltd; CTXFIBTN Dynamic Link Library>
2008-05-09 15:28:38 23040 --a------ C:\WINDOWS\system32\Ctxfihlp.exe <Not Verified; Creative Technology Ltd; CTXfiHlp Application>
2008-05-09 15:24:14 47104 --a------ C:\WINDOWS\system32\CTxfiReg.exe <Not Verified; Creative Technology Ltd; CTXFIREG>
2008-05-09 15:24:12 15360 --a------ C:\WINDOWS\system32\Ct20xspi.dll <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-05-09 15:24:08 1214464 --a------ C:\WINDOWS\system32\CTxfispi.exe <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-05-09 15:15:36 386852 --a------ C:\WINDOWS\system32\ctdnlstr.dat
2008-05-09 15:15:36 51787 --a------ C:\WINDOWS\system32\ctdlang.dat
2008-05-09 15:15:04 201216 --a------ C:\WINDOWS\system32\ctemupia.dll <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-05-09 15:12:16 194560 --a------ C:\WINDOWS\system32\ct_oal.dll <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-05-09 15:12:12 50688 --a------ C:\WINDOWS\system32\ctasio.dll <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-05-09 15:12:10 53248 --a------ C:\WINDOWS\system32\ctdproxy.dll <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-05-09 15:11:46 74240 --a------ C:\WINDOWS\system32\ctosuser.dll <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-05-09 15:11:44 10240 --a------ C:\WINDOWS\system32\sfman32.dll <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-05-09 15:11:42 130560 --a------ C:\WINDOWS\system32\sfms32.dll <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-05-09 15:11:38 16384 --a------ C:\WINDOWS\system32\regplib.exe
2008-05-09 15:11:36 68608 --a------ C:\WINDOWS\system32\piaproxy.dll <Not Verified; Creative Technology Ltd; E-mu PIA>
2008-05-09 15:08:12 7680 --a------ C:\WINDOWS\system32\enlocstr.exe
2008-05-09 15:08:08 12800 --a------ C:\WINDOWS\system32\killapps.exe <Not Verified; ; killapps>
2008-05-09 15:07:24 36864 --a------ C:\WINDOWS\system32\devreg.dll <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-05-05 15:17:26 585416 --a------ C:\WINDOWS\system32\APOIM32.exe <Not Verified; Creative Technology Ltd; Creative Audio Processing Object Interface Module>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [21/01/2008 12:17]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [29/02/2008 03:12 C:\WINDOWS\KHALMNPR.Exe]
"CTxfiHlp"="CTXFIHLP.EXE" [09/05/2008 15:28 C:\WINDOWS\system32\Ctxfihlp.exe]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [28/02/2008 09:59]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [08/02/2008 18:36]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [27/05/2008 10:50]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [15/03/2008 00:50]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [25/03/2008 04:28]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [14/04/2008 01:12]
"alarm.exe"="C:\Program Files\Chaos Software\Chaos 7\alarm.exe" [17/10/2006 17:22]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [10/06/2008 04:02]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [28/02/2008 17:07]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [10/06/2008 02:35]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [10/06/2008 17:04]
"eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [11/05/2008 12:19]

C:\Documents and Settings\London Beat\Start Menu\Programs\Startup\
Avisos EURO 2008.lnk - C:\Documents and Settings\London Beat\Local Settings\Temp\wzb451\uefa-euro_alerts.exe [5/27/2008 1:00:00 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [6/10/2008 5:02:03 AM]
Orbit.lnk - C:\Program Files\Orbitdownloader\orbitdm.exe [6/16/2008 6:49:31 AM]
Timex Data Link USB Launcher.lnk - C:\Program Files\Timex\Data Link USB\DataLinkLauncher.exe [6/9/2008 5:29:48 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [13/05/2008 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll 02/05/2008 02:42 72208 c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- End of Deckard's System Scanner: finished at 2008-06-22 16:50:15 ------------














Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.80GHz
Percentage of Memory in Use: 31%
Physical Memory (total/avail): 1022.73 MiB / 698.87 MiB
Pagefile Memory (total/avail): 2463.04 MiB / 2063.85 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1913.08 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 111.78 GiB total, 2.55 GiB free.
D: is Fixed (NTFS) - 698.63 GiB total, 336.02 GiB free.
E: is CDROM (No Media)
F: is CDROM (CDFS)
G: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST3120026AS - 111.79 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 111.78 GiB - C:

\\.\PHYSICALDRIVE1 - ST3750640AS - 698.64 GiB - 1 partition
\PARTITION0 (bootable) - Extended w/Extended Int 13 - 698.63 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\London Beat\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=LONDONBEAT-PC
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\London Beat
LOGONSERVER=\\LONDONBEAT-PC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\SizeExplorer Pro 3.8.7
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\LONDON~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\LONDON~1\LOCALS~1\Temp
USERDOMAIN=LONDONBEAT-PC
USERNAME=London Beat
USERPROFILE=C:\Documents and Settings\London Beat
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

London Beat (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CC3D3A93-C433-4329-AC3A-7EFC52A332C2}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CC3D3A93-C433-4329-AC3A-7EFC52A332C2}\setup.exe" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0
  • 0

#4
Chopin
Posted 23 June 2008 - 09:01 PM

Chopin

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,639 posts
Hello London Beat, just one or two bad things in there :)

Please read my entire post before commencing, and please follow my instructions in the order that they are given :) If you don't understand something, don't be afraid to ask!

1. Fix Entries with HijackThis
------------------------------------------------
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below (if present).

O4 - HKLM\..\RunOnce: [getPlusUninstall_ocx] rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

2. Fix File Associations
------------------------------------------------
Please go to Start > Run. In the box that appears, carefully copy and paste the following:

"%Userprofile%\Desktop\dss.exe" /daft

Accept the disclaimer, and click the "Scan" button. Place a checkmark next to everything that appears and press "Fix". Afterwards, close the window.

3. Scan with Kaspersky WebScanner
------------------------------------------------
Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

4. Re-scan with DSS
------------------------------------------------
Please go to Start > Run. In the box that appears, carefully copy and paste the following:

"%userprofile%\Desktop\dss.exe" /config

In addition to the default checked options (leave those!!), check "File Associations" and "Add/Remove Programs". Click "Scan!" DSS will produce main.txt and extra.txt, please post them back :)

In your next post
------------------------------------------------
  • Kaspersky WebScanner log
  • DSS main.txt and extra.txt

  • 0

#5
Chopin
Posted 02 July 2008 - 08:01 PM

Chopin

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,639 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP