Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Unknown Virus [CLOSED]

Started by Gone2Far , Aug 01 2008 06:21 AM

  • This topic is locked This topic is locked

#1
Gone2Far
Posted 01 August 2008 - 06:21 AM

Gone2Far

    New Member

  • Member
  • Pip
  • 6 posts
While playing a game, my friend used the games instant messenger (counterstrike) and sent me a link and said it as a cool slideshow he had. So I opened it, and everytime my computer restarts, it says something about obsidium protecting this file, do not distribute (and top left it says configuring something). Until I click it, my OS interface won't start (icons, start bar). But I'm not sure if that's the only problem. Sometimes when I'm backing up text, it would lag, playing games would create freeze ups before it even starts, and alt tabbing freezes until I bring up the task manager. I also seem to notice my PF usage noticeably high. In the end it turns out my friends counterstrike account was hacked by the same process (cool slideshow?). I'm really scared that a keylogger or something is on my computer, taking my passwords. I have HijackThis and all the tools. If you need the log I'll post it when you ask me. Thank you.

Here's the log from HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:19:11 PM, on 8/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bell\Security Manager\Fws.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Personal Vault\VaultClientUpgrade.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Bell\Security Manager\pkR.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0311.0\msneshellx.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0311.0\msneshellx.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [MSDrive] rundll32.exe C:\WINDOWS\system32\drvluk.dll,startup
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SSA.exe] "C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" /AUTORUN
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Bell\Security Manager\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [drwatsn32] C:\WINDOWS\system32:drw4tsn32.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} (DyynoX Class) - http://webserver.dyy...nt/DyynoCAB.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: pmnlkih - pmnlkih.dll (file missing)
O20 - Winlogon Notify: winock32 - winock32.dll (file missing)
O23 - Service: 5FDCB06E - Unknown owner - C:\WINDOWS\system32\1A212AA5.EXE (file missing)
O23 - Service: 96B687C3 - Unknown owner - C:\WINDOWS\system32\6E3906C6.EXE (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sympatico Security Manager (Radialpoint Security Services) - Radialpoint Inc. - C:\Program Files\Bell\Security Manager\RpsSecurityAware.exe
O23 - Service: Sympatico Security Manager Update Service (RPSUpdaterR) - Bell Sympatico - C:\Program Files\Bell\Security Manager\rpsupdaterR.exe
O23 - Service: Sympatico Security Manager Firewall (RP_FWS) - Bell Sympatico - C:\Program Files\Bell\Security Manager\Fws.exe
O23 - Service: Personal Vault Upgrade Service (VaultClientUpgrade) - BELL - C:\Program Files\Personal Vault\VaultClientUpgrade.exe

--
End of file - 11451 bytes

Reason for Edit: Merged posts.

Please don't post more than once or bump the topic as Helpers usually first look for threads with no replies.

Edited by Octagonal, 02 August 2008 - 01:33 AM.

  • 0

Advertisements

#2
fenzodahl512
Posted 03 August 2008 - 01:57 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, my name is fenzodahl512 and welcome to Geekstogo.. Please do the following...


Please download Deckard's System Scanner (DSS) from HERE or HERE and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • Please let your firewall allow the scanning/downloading process.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.



Regards
fenzodahl512
  • 0

#3
Gone2Far
Posted 04 August 2008 - 11:19 AM

Gone2Far

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
MAIN TEXT
Deckard's System Scanner v20071014.68
Run by Alexlu on 2008-08-04 13:09:21
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-08-04 17:09:24 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Alexlu.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:11:10 PM, on 8/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bell\Security Manager\Fws.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Steam\Steam.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Alexlu\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Alexlu.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Bell\Security Manager\pkR.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0311.0\msneshellx.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0311.0\msneshellx.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [MSDrive] rundll32.exe C:\WINDOWS\system32\drvluk.dll,startup
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SSA.exe] "C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" /AUTORUN
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Bell\Security Manager\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [BellCanada_McciTrayApp] C:\Program Files\BellCanada\McciTrayApp.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} (DyynoX Class) - http://webserver.dyy...nt/DyynoCAB.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: pmnlkih - pmnlkih.dll (file missing)
O20 - Winlogon Notify: winock32 - winock32.dll (file missing)
O23 - Service: 5FDCB06E - Unknown owner - C:\WINDOWS\system32\1A212AA5.EXE (file missing)
O23 - Service: 96B687C3 - Unknown owner - C:\WINDOWS\system32\6E3906C6.EXE (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sympatico Security Manager (Radialpoint Security Services) - Radialpoint Inc. - C:\Program Files\Bell\Security Manager\RpsSecurityAware.exe
O23 - Service: Sympatico Security Manager Update Service (RPSUpdaterR) - Bell Sympatico - C:\Program Files\Bell\Security Manager\rpsupdaterR.exe
O23 - Service: Sympatico Security Manager Firewall (RP_FWS) - Bell Sympatico - C:\Program Files\Bell\Security Manager\Fws.exe
O23 - Service: Personal Vault Upgrade Service (VaultClientUpgrade) - BELL - C:\Program Files\Personal Vault\VaultClientUpgrade.exe

--
End of file - 11385 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R1 StarOpen - c:\windows\system32\drivers\staropen.sys
R2 npkcrypt - c:\nexon\maplestory\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S3 MREMP50 (MREMP50 NDIS Protocol Driver) - c:\program files\common files\motive\mremp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 MREMP50a64 (MREMP50a64 NDIS Protocol Driver) - c:\progra~1\common~1\motive\mremp50a64.sys (file missing)
S3 MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - c:\program files\common files\motive\mrendis5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
S3 MRESP50 (MRESP50 NDIS Protocol Driver) - c:\program files\common files\motive\mresp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 MRESP50a64 (MRESP50a64 NDIS Protocol Driver) - c:\progra~1\common~1\motive\mresp50a64.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AntiVirScheduler (Avira AntiVir Personal - Free Antivirus Scheduler) - "c:\program files\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; AntiVir Workstation>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>

S2 5FDCB06E - c:\windows\system32\1a212aa5.exe -k (file missing)
S2 96B687C3 - c:\windows\system32\6e3906c6.exe -k (file missing)
S2 McciCMService - "c:\program files\common files\motive\mccicmservice.exe" <Not Verified; Motive Communications, Inc.; >
S2 VaultClientUpgrade (Personal Vault Upgrade Service) - c:\program files\personal vault\vaultclientupgrade.exe <Not Verified; BELL; Backup Manager>
S3 AresChatServer (Ares Chatroom server) - c:\program files\ares\chatserver.exe <Not Verified; Ares Development Group; Ares Chat Server>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\A95112110666
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\A95112110666
Service: NIC1394


-- Scheduled Tasks -------------------------------------------------------------

2008-07-28 19:48:05 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-07-14 09:01:14 424 --ah----- C:\WINDOWS\Tasks\User_Feed_Synchronization-{0A59A79A-C57D-4983-A5F4-D7071AA1C574}.job


-- Files created between 2008-07-04 and 2008-08-04 -----------------------------

2096-11-16 04:57:11 0 d-------- C:\Documents and Settings\Alexlu\Application Data\Grisoft
2096-11-16 04:56:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2096-11-16 04:51:30 0 d--hs---- C:\Documents and Settings\Alexlu\UserData
2096-11-16 04:50:52 0 d-------- C:\Program Files\DVD Shrink
2096-11-16 04:50:52 0 d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2096-11-16 04:50:28 0 d-------- C:\Program Files\DivX
2096-11-16 04:49:58 0 d-------- C:\Program Files\DVD Decrypter
2096-11-16 04:49:28 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2096-11-16 04:47:12 0 d-------- C:\Program Files\Nero
2096-11-16 04:47:12 0 d-------- C:\Program Files\Common Files\Ahead
2096-11-16 04:09:47 0 d-------- C:\WINDOWS\system32\LogFiles
2096-11-16 03:56:48 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2096-11-16 03:53:13 0 d-------- C:\Documents and Settings\Alexlu\Application Data\Ahead
2096-11-16 03:46:48 0 d-------- C:\Program Files\CyberLink
2096-11-16 03:46:44 40960 --a------ C:\Program Files\Uninstall_CDS.exe
2096-11-16 03:46:44 0 d-------- C:\Program Files\CyberLink DVD Solution
2096-11-16 03:42:44 0 d-------- C:\Program Files\ATI Technologies
2096-11-16 03:42:35 520192 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2096-11-16 03:42:29 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2096-11-16 03:38:22 0 d-------- C:\WINDOWS\Options
2096-11-16 03:34:28 0 d-------- C:\Program Files\Realtek AC97
2096-11-16 03:34:27 40960 --a------ C:\WINDOWS\system32\ChCfg.exe
2096-11-16 03:34:25 307200 --a------ C:\WINDOWS\alcupd.exe <Not Verified; Realtek Semiconductor Corp.; Realtek AC'97 Update driver Tool>
2096-11-16 03:34:25 212992 --a------ C:\WINDOWS\alcrmv.exe <Not Verified; Realtek Semiconductor Corp.; Realtek AC'97 Removing driver Tool>
2096-11-16 03:34:25 0 d--h----- C:\Program Files\InstallShield Installation Information
2096-11-16 03:34:19 0 d-------- C:\Program Files\Common Files\InstallShield
2096-11-15 06:55:02 0 d-------- C:\Documents and Settings\Alexlu\Application Data\Identities
2096-11-15 06:54:54 0 d--h----- C:\Documents and Settings\Alexlu\Templates
2096-11-15 06:54:54 0 dr------- C:\Documents and Settings\Alexlu\Start Menu
2096-11-15 06:54:54 0 dr-h----- C:\Documents and Settings\Alexlu\SendTo
2096-11-15 06:54:54 0 dr-h----- C:\Documents and Settings\Alexlu\Recent
2096-11-15 06:54:54 0 d--h----- C:\Documents and Settings\Alexlu\PrintHood
2096-11-15 06:54:54 0 d--h----- C:\Documents and Settings\Alexlu\NetHood
2096-11-15 06:54:54 0 dr------- C:\Documents and Settings\Alexlu\My Documents
2096-11-15 06:54:54 0 d--h----- C:\Documents and Settings\Alexlu\Local Settings
2096-11-15 06:54:54 0 dr------- C:\Documents and Settings\Alexlu\Favorites
2096-11-15 06:54:54 0 d-------- C:\Documents and Settings\Alexlu\Desktop
2096-11-15 06:54:54 0 d--hs---- C:\Documents and Settings\Alexlu\Cookies
2096-11-15 06:54:54 0 d--h----- C:\Documents and Settings\Alexlu\Application Data
2096-11-15 06:07:50 0 d-------- C:\WINDOWS\SoftwareDistribution
2096-11-15 06:07:49 0 d-------- C:\WINDOWS\Prefetch
2096-11-15 06:07:48 0 d---s---- C:\WINDOWS\system32\Microsoft
2096-11-15 06:07:47 237568 --a------ C:\Documents and Settings\LocalService\NTUSER.DAT
2096-11-15 06:07:47 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2096-11-15 06:07:47 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2096-11-15 06:07:47 0 d-------- C:\Documents and Settings\LocalService\Application Data
2096-11-15 06:07:47 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2096-11-15 04:42:03 237568 --a------ C:\Documents and Settings\NetworkService\NTUSER.DAT
2096-11-15 04:42:03 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2096-11-15 04:42:03 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies
2096-11-15 04:42:03 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2096-11-15 04:42:03 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2096-11-15 04:38:45 0 d-------- C:\WINDOWS\system32\xircom
2096-11-15 04:38:45 0 d-------- C:\Program Files\microsoft frontpage
2096-11-15 04:38:36 229376 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2096-11-15 04:37:07 0 d--hs---- C:\Documents and Settings\All Users\DRM
2096-11-15 04:36:56 0 dr------- C:\WINDOWS\Offline Web Pages
2096-11-15 04:36:56 0 d---s---- C:\WINDOWS\Downloaded Program Files
2096-11-15 04:36:45 0 d--h----- C:\Program Files\WindowsUpdate
2096-11-15 04:36:22 0 d-------- C:\WINDOWS\system32\DirectX
2096-11-15 04:35:41 0 d---s---- C:\WINDOWS\Tasks
2096-11-15 04:35:40 0 d-------- C:\Program Files\Common Files\MSSoap
2096-11-15 04:35:35 0 d-------- C:\WINDOWS\srchasst
2096-11-15 04:35:34 0 d-------- C:\WINDOWS\system32\Macromed
2096-11-15 04:35:12 0 d-------- C:\WINDOWS\system32\Restore
2096-11-15 04:29:46 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2096-11-15 04:29:28 0 d-------- C:\WINDOWS\Registration
2096-11-15 04:29:19 0 d-------- C:\Program Files\Online Services
2096-11-15 04:28:24 0 d-------- C:\Program Files\Windows Plus
2096-11-15 04:28:03 0 d-------- C:\Program Files\Movie Maker
2096-11-15 04:25:36 0 d-------- C:\Program Files\Messenger
2096-11-15 04:25:32 0 d-------- C:\Program Files\MSN Gaming Zone
2096-11-15 04:24:46 0 d-------- C:\Program Files\Windows NT
2096-11-15 04:24:42 0 d-------- C:\WINDOWS\system32\MsDtc
2096-11-15 04:24:40 0 d-------- C:\WINDOWS\system32\Com
2096-11-14 23:16:27 0 d--hs---- C:\WINDOWS\Installer
2096-11-14 23:16:26 0 d-------- C:\Program Files\Common Files\ODBC
2096-11-14 23:16:22 0 d-------- C:\Program Files\Common Files\SpeechEngines
2096-11-14 23:16:21 0 dr------- C:\Program Files
2096-11-14 23:16:21 0 d-------- C:\Program Files\Common Files
2096-11-14 23:15:53 0 d--h----- C:\Documents and Settings\Default User\Templates
2096-11-14 23:15:53 0 dr------- C:\Documents and Settings\Default User\Start Menu
2096-11-14 23:15:53 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2096-11-14 23:15:53 0 d--h----- C:\Documents and Settings\Default User\Recent
2096-11-14 23:15:53 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2096-11-14 23:15:53 0 d--h----- C:\Documents and Settings\Default User\NetHood
2096-11-14 23:15:53 0 d-------- C:\Documents and Settings\Default User\My Documents
2096-11-14 23:15:53 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2096-11-14 23:15:53 0 d-------- C:\Documents and Settings\Default User\Favorites
2096-11-14 23:15:53 0 d-------- C:\Documents and Settings\Default User\Desktop
2096-11-14 23:15:53 0 d---s---- C:\Documents and Settings\Default User\Cookies
2096-11-14 23:15:53 0 d--h----- C:\Documents and Settings\All Users\Templates
2096-11-14 23:15:53 0 dr------- C:\Documents and Settings\All Users\Start Menu
2096-11-14 23:15:53 0 d-------- C:\Documents and Settings\All Users\Favorites
2096-11-14 23:15:53 0 dr------- C:\Documents and Settings\All Users\Documents
2096-11-14 23:15:53 0 d-------- C:\Documents and Settings\All Users\Desktop
2096-11-14 23:15:40 0 d-------- C:\WINDOWS\system32\CatRoot2
2096-11-14 23:15:40 0 d-------- C:\WINDOWS\system32\CatRoot
2096-11-14 23:15:35 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2096-11-14 23:15:35 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2096-11-14 23:15:34 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2096-11-14 23:15:34 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2096-11-14 23:15:04 0 d--hs---- C:\System Volume Information
2096-11-14 23:15:04 0 d-------- C:\Documents and Settings
2096-11-14 23:05:58 0 d-------- C:\WINDOWS
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\WinSxS
2096-11-14 23:05:58 0 dr------- C:\WINDOWS\Web
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\twain_32
2096-11-14 23:05:58 0 d-a------ C:\WINDOWS\system32
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\wins
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\wbem
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\usmt
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\spool
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\ShellExt
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\Setup
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\ras
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\oobe
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\npp
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\mui
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\inetsrv
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\IME
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\icsxml
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\ias
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\export
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\drivers
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\drivers\etc
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\drivers\disdn
2096-11-14 23:05:58 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\dhcp
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\config
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\3com_dmi
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\3076
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\2052
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\1054
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\1042
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\1041
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\1037
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\1033
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\1031
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\1028
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\1025
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\security
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\Resources
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\repair
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\Provisioning
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\PeerNet
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\pchealth
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\mui
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\msapps
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\msagent
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\Media
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\java
2096-11-14 23:05:58 0 d--h----- C:\WINDOWS\inf
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\ime
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\Help
2096-11-14 23:05:58 0 dr--s---- C:\WINDOWS\Fonts
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\ehome
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\Driver Cache
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\Debug
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\Cursors
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\Connection Wizard
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\Config
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\AppPatch
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\addins
2008-08-04 12:24:21 0 d-------- C:\Program Files\BellCanada
2008-08-01 08:21:28 0 d-------- C:\Program Files\Avira
2008-08-01 08:21:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-07-31 19:58:40 0 d-------- C:\Program Files\RegScrubXP
2008-07-29 12:48:35 0 d-------- C:\Program Files\Bonjour
2008-07-22 13:31:06 0 d-------- C:\Documents and Settings\Alexlu\Application Data\Nexon
2008-07-22 13:28:02 0 d-------- C:\Nexon
2008-07-09 09:27:27 0 d-------- C:\Documents and Settings\Alexlu\Application Data\Bioshock
2008-07-09 09:27:22 0 dr-h----- C:\Documents and Settings\Alexlu\Application Data\SecuROM
2008-07-07 14:13:11 0 d-------- C:\Program Files\Common Files\SWF Studio
2008-07-06 19:42:18 0 d--h----- C:\WINDOWS\msdownld.tmp
2008-07-06 19:42:13 0 d-------- C:\WINDOWS\Logs
2008-07-06 19:41:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-07-06 17:22:17 0 d-------- C:\Documents and Settings\Alexlu\Application Data\Touchstone
2008-07-06 17:18:54 0 d-------- C:\Documents and Settings\Alexlu\Application Data\Leadertech
2008-07-06 17:02:58 0 d-------- C:\Program Files\Touchstone
2008-07-06 17:02:21 0 d-------- C:\WINDOWS\system32\AGEIA
2008-07-06 17:02:18 0 d-------- C:\Program Files\AGEIA Technologies


-- Find3M Report ---------------------------------------------------------------

2096-11-14 23:15:53 62 --ahs---- C:\Documents and Settings\Alexlu\Application Data\desktop.ini
2008-08-04 13:03:53 0 d-------- C:\Program Files\Steam
2008-08-04 12:25:04 1848 --a------ C:\Program Files\INSTALL.LOG
2008-08-04 12:24:39 0 d-------- C:\Program Files\Common Files\Motive
2008-08-04 12:21:25 0 d-------- C:\Program Files\Warcraft III
2008-08-03 22:01:24 0 d-------- C:\Documents and Settings\Alexlu\Application Data\LimeWire
2008-08-03 20:55:25 0 d-------- C:\Documents and Settings\Alexlu\Application Data\Xfire
2008-08-02 21:54:26 0 d-------- C:\Documents and Settings\Alexlu\Application Data\Apple Computer
2008-07-30 12:52:12 0 d-------- C:\Program Files\Lavasoft
2008-07-30 12:51:45 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-22 12:03:43 4646 --a------ C:\Documents and Settings\Alexlu\Application Data\wklnhst.dat
2008-07-14 08:25:36 0 d-------- C:\Program Files\Java
2008-07-13 16:53:43 0 d-------- C:\Program Files\iTunes
2008-07-13 16:53:30 0 d-------- C:\Program Files\iPod
2008-07-13 16:52:02 0 d-------- C:\Program Files\QuickTime
2008-07-10 18:53:51 0 d-------- C:\Program Files\LimeWire
2008-07-09 09:39:51 0 d-------- C:\Documents and Settings\Alexlu\Application Data\uTorrent
2008-07-02 15:02:16 0 d-------- C:\Program Files\GoldWave
2008-07-02 13:47:44 36104 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
2008-07-02 13:47:44 131072 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2008-07-02 13:39:42 0 d-------- C:\Program Files\Illustrate
2008-06-30 21:11:48 0 d-------- C:\Documents and Settings\Alexlu\Application Data\Lionhead Studios
2008-06-30 19:31:20 79269 --a------ C:\WINDOWS\War3Unin.dat
2008-06-27 14:06:54 0 d--h----- C:\Documents and Settings\Alexlu\Application Data\ijjigame
2008-06-26 11:55:39 0 d-------- C:\Program Files\DotA Gaming Network
2008-06-24 08:51:26 0 d-------- C:\Program Files\Gpotato
2008-06-21 12:55:42 0 d-------- C:\Documents and Settings\Alexlu\Application Data\Ventrilo
2008-06-21 12:55:22 0 d-------- C:\Program Files\Ventrilo
2008-06-18 15:26:16 0 d-------- C:\Program Files\FlashGet
2008-06-18 15:23:39 0 d-------- C:\Program Files\uTorrent
2008-06-17 10:53:20 0 d-------- C:\Program Files\HP
2008-06-17 10:53:08 0 d-------- C:\Program Files\Hewlett-Packard
2008-06-12 07:42:35 0 d-------- C:\Documents and Settings\Alexlu\Application Data\dyyno-vlc
2008-06-12 07:42:01 0 d-------- C:\Program Files\Dyyno
2008-06-12 07:37:28 0 d-------- C:\Program Files\Microsoft Silverlight
2008-06-09 18:57:47 0 d-------- C:\Program Files\Ares
2008-06-07 11:13:28 0 d-------- C:\Program Files\NHN USA
2008-06-05 22:22:24 0 d-------- C:\Program Files\illiminable


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
06/03/2008 04:17 PM 86032 --a------ C:\Program Files\MSN\Toolbar\3.0.0311.0\msneshellx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/10/2004 05:04 AM]
"AlcxMonitor"="ALCXMNTR.EXE" [09/07/2004 02:47 PM C:\WINDOWS\ALCXMNTR.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [06/29/2004 10:06 AM C:\WINDOWS\AGRSMMSG.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [04/04/2006 10:05 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [01/12/2006 04:40 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 05:25 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]
"MSDrive"="C:\WINDOWS\system32\drvluk.dll" []
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [08/06/2007 08:05 PM]
"SSA.exe"="C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" [03/27/2007 10:33 AM]
"-FreedomNeedsReboot"="C:\Program Files\Bell\Security Manager\ZkRunOnceR.exe" [03/10/2008 12:26 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/08/2007 04:24 PM]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [07/10/2008 09:47 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [05/27/2008 10:50 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [07/10/2008 10:51 AM]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [06/12/2008 02:28 PM]
"BellCanada_McciTrayApp"="C:\Program Files\BellCanada\McciTrayApp.exe" [05/28/2008 04:19 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [02/01/2006 05:45 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 08:00 AM]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 12:34 PM]
"Steam"="C:\Program Files\Steam\Steam.exe" [03/28/2008 07:26 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [06/04/2005 07:22 AM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 05:45 PM]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [02/13/2008 07:09 PM]
"DW6"="C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" [06/10/2008 04:18 PM]

C:\Documents and Settings\Alexlu\Start Menu\Programs\Startup\
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [7/15/2008 7:09:02 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 11:05:26 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [11/4/2004 8:28:24 PM]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [11/4/2004 8:50:52 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/20/2008 03:38 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 02:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnlkih]
pmnlkih.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winock32]
winock32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

*Newly Created Service* - MCCICMSERVICE

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D4A13FCC-B273-ED9F-1BFE-2D87E9E89540}]
C:\WINDOWS\system32:drw4tsn32.exe



-- End of Deckard's System Scanner: finished at 2008-08-04 13:12:28 ------------

EXTRA TEXT

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 Processor 3400+
Percentage of Memory in Use: 51%
Physical Memory (total/avail): 894.48 MiB / 430.46 MiB
Pagefile Memory (total/avail): 1399.22 MiB / 757.98 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1902.18 MiB

C: is Fixed (NTFS) - 186.3 GiB total, 151.31 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is CDROM (No Media)
K: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Maxtor 6L200M0 - 186.31 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 186.3 GiB - C:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntivirusOverride is set.

FW: Sympatico Security Manager Firewall v6.0.2 (Bell Sympatico (b1xxxxxx)) Disabled
AV: Sympatico Security Manager Anti-Virus v6.0.2 (Bell Sympatico (b1xxxxxx)) Disabled
AV: Avira AntiVir PersonalEdition v8.0.1.26 (Avira GmbH)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Steam\\steamapps\\chrisangus\\counter-strike\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\chrisangus\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\LittleFighter2\\LF2_v1.9c\\lf2.exe"="C:\\Program Files\\LittleFighter2\\LF2_v1.9c\\lf2.exe:*:Enabled:lf2"
"C:\\Program Files\\Steam\\steamapps\\chrisangus\\team fortress classic\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\chrisangus\\team fortress classic\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Steam\\steamapps\\chrisangus\\day of defeat\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\chrisangus\\day of defeat\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\FlashGet\\FlashGet.exe"="C:\\Program Files\\FlashGet\\FlashGet.exe:*:Enabled:Flashget"
"C:\\Program Files\\Steam\\steamapps\\chrisangus\\half-life\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\chrisangus\\half-life\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Steam\\steamapps\\chrisangus\\deathmatch classic\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\chrisangus\\deathmatch classic\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\ijji\\ENGLISH\\u_sf.exe"="C:\\ijji\\ENGLISH\\u_sf.exe:*:Enabled:<ijji Downloader>"
"C:\\ijji\\ENGLISH\\u_sf\\soldierfront.exe"="C:\\ijji\\ENGLISH\\u_sf\\soldierfront.exe:*:Enabled:soldierfront"
"C:\\Program Files\\Xfire\\xfire.exe"="C:\\Program Files\\Xfire\\xfire.exe:*:Enabled:Xfire"
"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\\Documents and Settings\\Alexlu\\Local Settings\\Application Data\\Dyyno Receiver\\DPPM.exe"="C:\\Documents and Settings\\Alexlu\\Local Settings\\Application Data\\Dyyno Receiver\\DPPM.exe:*:Enabled:Dyyno P2P Receiver"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\\ijji\\ENGLISH\\u_gunz.exe"="C:\\ijji\\ENGLISH\\u_gunz.exe:*:Enabled:<ijji Downloader>"
"C:\\Program Files\\Touchstone\\Turok\\Binaries\\TurokGame.exe"="C:\\Program Files\\Touchstone\\Turok\\Binaries\\TurokGame.exe:*:Enabled:Turok"
"C:\\Half-Life 2\\hl2.exe"="C:\\Half-Life 2\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Steam\\Steam.exe"="C:\\Program Files\\Steam\\Steam.exe:*:Enabled:Steam"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Alexlu\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ALEXLU-D17243CB
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Alexlu
LOGONSERVER=\\ALEXLU-D17243CB
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\CA\PPRT\bin;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 47 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2f00
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Alexlu\LOCALS~1\Temp
TMP=C:\DOCUME~1\Alexlu\LOCALS~1\Temp
USERDOMAIN=ALEXLU-D17243CB
USERNAME=Alexlu
USERPROFILE=C:\Documents and Settings\Alexlu
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Alexlu (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\PROGRA~1\Yahoo!\Common\unyt.exe
--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> MsiExec /X{A5B5A16D-277A-476B-8F62-1029A2F23072}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AGEIA PhysX v8.01.18 --> MsiExec.exe /X{A5B5A16D-277A-476B-8F62-1029A2F23072}
Agere Systems PCI Soft Modem --> agrsmdel
Apple Mobile Device Support --> MsiExec.exe /I{35B91753-5789-4517-9CF1-2CCE3A8CF4F1}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Ares 2.0.9 --> "C:\Program Files\Ares\uninstall.exe"
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Authentium AntiVirus SDK - 2 --> MsiExec.exe /I{C67DF120-4DD3-11D4-A3CA-005004AD2A5B}
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Avira AntiVir Personal - Free Antivirus --> C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Cinematize 2 Pro Demo --> MsiExec.exe /I{4FD663D9-A618-4475-9F9A-8A6A2D108641}
CodeBaby Player (Remove Only) 1.0.2.19 --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\codebaby.1.0.2.19.inf,DefaultUninstall,5
Counter-Strike --> "C:\Program Files\Steam\steam.exe" steam://uninstall/10
Day of Defeat --> "C:\Program Files\Steam\steam.exe" steam://uninstall/30
dBpowerAMP Music Converter --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
Deathmatch Classic --> "C:\Program Files\Steam\steam.exe" steam://uninstall/40
Diablo II --> C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DotA Client Build 1.87 (Tester) --> "C:\Program Files\DotA Gaming Network\unins000.exe"
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
DVD Solution --> "C:\Program Files\Uninstall_CDS.exe"
DyynoPlayer 0.8.6f --> C:\Program Files\Dyyno\Dyyno Player\uninstall.exe
Exterminate It! --> C:\Program Files\Exterminate It!\ExterminateIt_Uninst.exe
FlashGet 1.9.6.1073 --> C:\Program Files\FlashGet\uninst.exe
Full Tilt Poker.Net --> "C:\Program Files\InstallShield Installation Information\{E07B7A31-E160-466D-A003-3BB7B8989D52}\setup.exe" -runfromtemp -l0x0009 -removeonly
GoldWave v5.20 --> "C:\Program Files\GoldWave\unstall.exe" "GoldWave v5.20" "C:\Program Files\GoldWave\unstall.log"
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
GSC --> C:\Program Files\InstallShield Installation Information\{298FC7A4-44AF-411D-BB17-C8516C20849B}\setup.exe -runfromtemp -l0x0409
Guild Wars --> "C:\Program Files\Guild Wars\Gw.exe" -uninstall
Handbrake 2.4.1 --> C:\Program Files\Handbrake\uninst.exe
Hero Editor V0.96 --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\Hero Editor\ST6UNST.LOG"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Extended Capabilities 4.7 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Image Zone 4.7 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 4.7 --> "C:\Program Files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup\hpzscr01.exe" -datfile hposcr05.dat
HP Update --> MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
ijji --> C:\ijji\ENGLISH\ijjiUninstall.exe
ijji - Gunz --> C:\ijji\ENGLISH\Gunz\Uninstall.exe
ijji Auto Installer --> "C:\Program Files\InstallShield Installation Information\{1DCC7418-2089-4BDD-B321-3771956160FC}\setup.exe" -runfromtemp -l0x0009 -removeonly
Internet Check-Up --> C:\Program Files\BellCanada\bcunwise.exe
iPod for Windows 2006-01-10 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3D047C15-C859-45F7-81CE-F2681778069B} /l1033
iTunes --> MsiExec.exe /I{EF6C4600-306D-4F6A-A119-C2A877D25B4A}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
LimeWire 4.18.3 --> "C:\Program Files\LimeWire\uninstall.exe"
Little Fighter 2 1.9c --> C:\Program Files\LittleFighter2\LF2_v1.9c\uninst.exe
Macromedia Flash MX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}\Setup.exe" -l0x9 UNINSTALL
MapleStory --> MsiExec.exe /I{FF493A32-7886-4C6B-8EDD-9387670E4F93}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSN Toolbar --> MsiExec.exe /I{3B438F0E-21BE-4E80-B921-5A9AA4DAA402}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero 7 Demo --> MsiExec.exe /I{D29092CC-0AD2-7B53-A090-4CC3D33A1033}
Oblivion --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly
PerfectDisk --> MsiExec.exe /I{212F5777-1190-4DEF-8E4D-6B2F313B45E7}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PowerISO --&#
  • 0

#4
fenzodahl512
Posted 04 August 2008 - 07:45 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
5FDCB06E <delete service>
96B687C3 <delete service>
@C:\WINDOWS\system32:drw4tsn32.exe
c:\windows\system32\1a212aa5.exe
c:\windows\system32\6e3906c6.exe
C:\WINDOWS\system32\drvluk.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\MSDrive
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnlkih
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winock32
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D4A13FCC-B273-ED9F-1BFE-2D87E9E89540}
EmptyTemp
purity
[start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.




NEXT


Please download Malwarebytes' Anti-Malware from HERE or HERE

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.




Please post the following logs in your next reply..

1. OTMoveIt2
2. Malwarebytes'
3. A fresh DSS log (after Malwarebytes' step)
4. Tell me about your computer behaviour


Regards
fenzodahl512
  • 0

#5
Gone2Far
Posted 05 August 2008 - 10:35 AM

Gone2Far

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
OTMOVEIT LOG

Explorer killed successfully
5FDCB06E service deleted successfully.
96B687C3 service deleted successfully.
< @C:\WINDOWS\system32:drw4tsn32.exe >
Unable to delete ADS C:\WINDOWS\system32:drw4tsn32.exe .
File/Folder c:\windows\system32\1a212aa5.exe not found.
File/Folder c:\windows\system32\6e3906c6.exe not found.
File/Folder C:\WINDOWS\system32\drvluk.dll not found.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\MSDrive >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\MSDrive deleted successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnlkih >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnlkih\\ deleted successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winock32 >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winock32\\ deleted successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D4A13FCC-B273-ED9F-1BFE-2D87E9E89540} >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D4A13FCC-B273-ED9F-1BFE-2D87E9E89540}\\ deleted successfully.

DSS LOG --------------------------------

Deckard's System Scanner v20071014.68
Run by Alexlu on 2008-08-05 12:29:00
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Alexlu.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:29:08 PM, on 8/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bell\Security Manager\Fws.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Personal Vault\VaultClientUpgrade.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\BellCanada\McciTrayApp.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Alexlu\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Alexlu.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Bell\Security Manager\pkR.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0311.0\msneshellx.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0311.0\msneshellx.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SSA.exe] "C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" /AUTORUN
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Bell\Security Manager\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [BellCanada_McciTrayApp] C:\Program Files\BellCanada\McciTrayApp.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} (DyynoX Class) - http://webserver.dyy...nt/DyynoCAB.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sympatico Security Manager (Radialpoint Security Services) - Radialpoint Inc. - C:\Program Files\Bell\Security Manager\RpsSecurityAware.exe
O23 - Service: Sympatico Security Manager Update Service (RPSUpdaterR) - Bell Sympatico - C:\Program Files\Bell\Security Manager\rpsupdaterR.exe
O23 - Service: Sympatico Security Manager Firewall (RP_FWS) - Bell Sympatico - C:\Program Files\Bell\Security Manager\Fws.exe
O23 - Service: Personal Vault Upgrade Service (VaultClientUpgrade) - BELL - C:\Program Files\Personal Vault\VaultClientUpgrade.exe

--
End of file - 11279 bytes

-- Files created between 2008-07-05 and 2008-08-05 -----------------------------

2096-11-16 04:57:11 0 d-------- C:\Documents and Settings\Alexlu\Application Data\Grisoft
2096-11-16 04:56:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2096-11-16 04:51:30 0 d--hs---- C:\Documents and Settings\Alexlu\UserData
2096-11-16 04:50:52 0 d-------- C:\Program Files\DVD Shrink
2096-11-16 04:50:52 0 d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2096-11-16 04:50:28 0 d-------- C:\Program Files\DivX
2096-11-16 04:49:58 0 d-------- C:\Program Files\DVD Decrypter
2096-11-16 04:49:28 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2096-11-16 04:47:12 0 d-------- C:\Program Files\Nero
2096-11-16 04:47:12 0 d-------- C:\Program Files\Common Files\Ahead
2096-11-16 04:09:47 0 d-------- C:\WINDOWS\system32\LogFiles
2096-11-16 03:56:48 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2096-11-16 03:53:13 0 d-------- C:\Documents and Settings\Alexlu\Application Data\Ahead
2096-11-16 03:46:48 0 d-------- C:\Program Files\CyberLink
2096-11-16 03:46:44 40960 --a------ C:\Program Files\Uninstall_CDS.exe
2096-11-16 03:46:44 0 d-------- C:\Program Files\CyberLink DVD Solution
2096-11-16 03:42:44 0 d-------- C:\Program Files\ATI Technologies
2096-11-16 03:42:35 520192 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2096-11-16 03:42:29 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2096-11-16 03:38:22 0 d-------- C:\WINDOWS\Options
2096-11-16 03:34:28 0 d-------- C:\Program Files\Realtek AC97
2096-11-16 03:34:27 40960 --a------ C:\WINDOWS\system32\ChCfg.exe
2096-11-16 03:34:25 307200 --a------ C:\WINDOWS\alcupd.exe <Not Verified; Realtek Semiconductor Corp.; Realtek AC'97 Update driver Tool>
2096-11-16 03:34:25 212992 --a------ C:\WINDOWS\alcrmv.exe <Not Verified; Realtek Semiconductor Corp.; Realtek AC'97 Removing driver Tool>
2096-11-16 03:34:25 0 d--h----- C:\Program Files\InstallShield Installation Information
2096-11-16 03:34:19 0 d-------- C:\Program Files\Common Files\InstallShield
2096-11-15 06:55:02 0 d-------- C:\Documents and Settings\Alexlu\Application Data\Identities
2096-11-15 06:54:54 0 d--h----- C:\Documents and Settings\Alexlu\Templates
2096-11-15 06:54:54 0 dr------- C:\Documents and Settings\Alexlu\Start Menu
2096-11-15 06:54:54 0 dr-h----- C:\Documents and Settings\Alexlu\SendTo
2096-11-15 06:54:54 0 dr-h----- C:\Documents and Settings\Alexlu\Recent
2096-11-15 06:54:54 0 d--h----- C:\Documents and Settings\Alexlu\PrintHood
2096-11-15 06:54:54 0 d--h----- C:\Documents and Settings\Alexlu\NetHood
2096-11-15 06:54:54 0 dr------- C:\Documents and Settings\Alexlu\My Documents
2096-11-15 06:54:54 0 d--h----- C:\Documents and Settings\Alexlu\Local Settings
2096-11-15 06:54:54 0 dr------- C:\Documents and Settings\Alexlu\Favorites
2096-11-15 06:54:54 0 d-------- C:\Documents and Settings\Alexlu\Desktop
2096-11-15 06:54:54 0 d--hs---- C:\Documents and Settings\Alexlu\Cookies
2096-11-15 06:54:54 0 d--h----- C:\Documents and Settings\Alexlu\Application Data
2096-11-15 06:07:50 0 d-------- C:\WINDOWS\SoftwareDistribution
2096-11-15 06:07:49 0 d-------- C:\WINDOWS\Prefetch
2096-11-15 06:07:48 0 d---s---- C:\WINDOWS\system32\Microsoft
2096-11-15 06:07:47 237568 --a------ C:\Documents and Settings\LocalService\NTUSER.DAT
2096-11-15 06:07:47 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2096-11-15 06:07:47 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2096-11-15 06:07:47 0 d-------- C:\Documents and Settings\LocalService\Application Data
2096-11-15 06:07:47 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2096-11-15 04:42:03 237568 --a------ C:\Documents and Settings\NetworkService\NTUSER.DAT
2096-11-15 04:42:03 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2096-11-15 04:42:03 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies
2096-11-15 04:42:03 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2096-11-15 04:42:03 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2096-11-15 04:38:45 0 d-------- C:\WINDOWS\system32\xircom
2096-11-15 04:38:45 0 d-------- C:\Program Files\microsoft frontpage
2096-11-15 04:37:07 0 d--hs---- C:\Documents and Settings\All Users\DRM
2096-11-15 04:36:56 0 dr------- C:\WINDOWS\Offline Web Pages
2096-11-15 04:36:56 0 d---s---- C:\WINDOWS\Downloaded Program Files
2096-11-15 04:36:45 0 d--h----- C:\Program Files\WindowsUpdate
2096-11-15 04:36:22 0 d-------- C:\WINDOWS\system32\DirectX
2096-11-15 04:35:41 0 d---s---- C:\WINDOWS\Tasks
2096-11-15 04:35:40 0 d-------- C:\Program Files\Common Files\MSSoap
2096-11-15 04:35:35 0 d-------- C:\WINDOWS\srchasst
2096-11-15 04:35:34 0 d-------- C:\WINDOWS\system32\Macromed
2096-11-15 04:35:12 0 d-------- C:\WINDOWS\system32\Restore
2096-11-15 04:29:46 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2096-11-15 04:29:28 0 d-------- C:\WINDOWS\Registration
2096-11-15 04:29:19 0 d-------- C:\Program Files\Online Services
2096-11-15 04:28:24 0 d-------- C:\Program Files\Windows Plus
2096-11-15 04:28:03 0 d-------- C:\Program Files\Movie Maker
2096-11-15 04:25:36 0 d-------- C:\Program Files\Messenger
2096-11-15 04:25:32 0 d-------- C:\Program Files\MSN Gaming Zone
2096-11-15 04:24:46 0 d-------- C:\Program Files\Windows NT
2096-11-15 04:24:42 0 d-------- C:\WINDOWS\system32\MsDtc
2096-11-15 04:24:40 0 d-------- C:\WINDOWS\system32\Com
2096-11-14 23:16:27 0 d--hs---- C:\WINDOWS\Installer
2096-11-14 23:16:26 0 d-------- C:\Program Files\Common Files\ODBC
2096-11-14 23:16:22 0 d-------- C:\Program Files\Common Files\SpeechEngines
2096-11-14 23:16:21 0 dr------- C:\Program Files
2096-11-14 23:16:21 0 d-------- C:\Program Files\Common Files
2096-11-14 23:15:53 0 d--h----- C:\Documents and Settings\All Users\Templates
2096-11-14 23:15:53 0 dr------- C:\Documents and Settings\All Users\Start Menu
2096-11-14 23:15:53 0 d-------- C:\Documents and Settings\All Users\Favorites
2096-11-14 23:15:53 0 dr------- C:\Documents and Settings\All Users\Documents
2096-11-14 23:15:53 0 d-------- C:\Documents and Settings\All Users\Desktop
2096-11-14 23:15:40 0 d-------- C:\WINDOWS\system32\CatRoot2
2096-11-14 23:15:40 0 d-------- C:\WINDOWS\system32\CatRoot
2096-11-14 23:15:34 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2096-11-14 23:15:34 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2096-11-14 23:15:04 0 d--hs---- C:\System Volume Information
2096-11-14 23:15:04 0 d-------- C:\Documents and Settings
2096-11-14 23:05:58 0 d-------- C:\WINDOWS
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\WinSxS
2096-11-14 23:05:58 0 dr------- C:\WINDOWS\Web
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\twain_32
2096-11-14 23:05:58 0 d-a------ C:\WINDOWS\system32
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\wins
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\wbem
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\usmt
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\spool
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\ShellExt
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\Setup
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\ras
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\oobe
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\npp
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\mui
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\inetsrv
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\IME
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\icsxml
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\ias
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\export
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\drivers
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\drivers\etc
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\drivers\disdn
2096-11-14 23:05:58 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\dhcp
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\config
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\3com_dmi
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\3076
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\2052
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\1054
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\1042
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\1041
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\1037
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\1033
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\1031
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\1028
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\1025
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\security
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\Resources
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\repair
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\Provisioning
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\PeerNet
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\pchealth
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\mui
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\msapps
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\msagent
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\Media
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\java
2096-11-14 23:05:58 0 d--h----- C:\WINDOWS\inf
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\ime
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\Help
2096-11-14 23:05:58 0 dr--s---- C:\WINDOWS\Fonts
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\ehome
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\Driver Cache
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\Debug
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\Cursors
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\Connection Wizard
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\Config
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\AppPatch
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\addins
2008-08-05 09:58:40 0 d-------- C:\Documents and Settings\Alexlu\Application Data\Malwarebytes
2008-08-05 09:58:36 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-05 09:58:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-05 06:50:06 0 d-------- C:\Documents and Settings\Alexlu\Application Data\Motive
2008-08-04 12:24:21 0 d-------- C:\Program Files\BellCanada
2008-08-01 08:21:28 0 d-------- C:\Program Files\Avira
2008-08-01 08:21:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-07-31 19:58:40 0 d-------- C:\Program Files\RegScrubXP
2008-07-29 12:48:35 0 d-------- C:\Program Files\Bonjour
2008-07-22 13:31:06 0 d-------- C:\Documents and Settings\Alexlu\Application Data\Nexon
2008-07-22 13:28:02 0 d-------- C:\Nexon
2008-07-09 09:27:27 0 d-------- C:\Documents and Settings\Alexlu\Application Data\Bioshock
2008-07-09 09:27:22 0 dr-h----- C:\Documents and Settings\Alexlu\Application Data\SecuROM
2008-07-07 14:13:11 0 d-------- C:\Program Files\Common Files\SWF Studio
2008-07-06 19:42:18 0 d--h----- C:\WINDOWS\msdownld.tmp
2008-07-06 19:42:13 0 d-------- C:\WINDOWS\Logs
2008-07-06 19:41:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-07-06 17:22:17 0 d-------- C:\Documents and Settings\Alexlu\Application Data\Touchstone
2008-07-06 17:18:54 0 d-------- C:\Documents and Settings\Alexlu\Application Data\Leadertech
2008-07-06 17:02:58 0 d-------- C:\Program Files\Touchstone
2008-07-06 17:02:21 0 d-------- C:\WINDOWS\system32\AGEIA
2008-07-06 17:02:18 0 d-------- C:\Program Files\AGEIA Technologies


-- Find3M Report ---------------------------------------------------------------

2096-11-14 23:15:53 62 --ahs---- C:\Documents and Settings\Alexlu\Application Data\desktop.ini
2008-08-05 09:54:50 0 d-------- C:\Program Files\Steam
2008-08-04 20:45:22 0 d-------- C:\Program Files\Warcraft III
2008-08-04 12:25:04 1848 --a------ C:\Program Files\INSTALL.LOG
2008-08-04 12:24:39 0 d-------- C:\Program Files\Common Files\Motive
2008-08-03 22:01:24 0 d-------- C:\Documents and Settings\Alexlu\Application Data\LimeWire
2008-08-03 20:55:25 0 d-------- C:\Documents and Settings\Alexlu\Application Data\Xfire
2008-08-02 21:54:26 0 d-------- C:\Documents and Settings\Alexlu\Application Data\Apple Computer
2008-07-30 12:52:12 0 d-------- C:\Program Files\Lavasoft
2008-07-30 12:51:45 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-22 12:03:43 4646 --a------ C:\Documents and Settings\Alexlu\Application Data\wklnhst.dat
2008-07-14 08:25:36 0 d-------- C:\Program Files\Java
2008-07-13 16:53:43 0 d-------- C:\Program Files\iTunes
2008-07-13 16:53:30 0 d-------- C:\Program Files\iPod
2008-07-13 16:52:02 0 d-------- C:\Program Files\QuickTime
2008-07-10 18:53:51 0 d-------- C:\Program Files\LimeWire
2008-07-09 09:39:51 0 d-------- C:\Documents and Settings\Alexlu\Application Data\uTorrent
2008-07-02 15:02:16 0 d-------- C:\Program Files\GoldWave
2008-07-02 13:47:44 36104 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
2008-07-02 13:47:44 131072 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2008-07-02 13:39:42 0 d-------- C:\Program Files\Illustrate
2008-06-30 21:11:48 0 d-------- C:\Documents and Settings\Alexlu\Application Data\Lionhead Studios
2008-06-30 19:31:20 79269 --a------ C:\WINDOWS\War3Unin.dat
2008-06-27 14:06:54 0 d--h----- C:\Documents and Settings\Alexlu\Application Data\ijjigame
2008-06-26 11:55:39 0 d-------- C:\Program Files\DotA Gaming Network
2008-06-24 08:51:26 0 d-------- C:\Program Files\Gpotato
2008-06-21 12:55:42 0 d-------- C:\Documents and Settings\Alexlu\Application Data\Ventrilo
2008-06-21 12:55:22 0 d-------- C:\Program Files\Ventrilo
2008-06-18 15:26:16 0 d-------- C:\Program Files\FlashGet
2008-06-18 15:23:39 0 d-------- C:\Program Files\uTorrent
2008-06-17 10:53:20 0 d-------- C:\Program Files\HP
2008-06-17 10:53:08 0 d-------- C:\Program Files\Hewlett-Packard
2008-06-12 07:42:35 0 d-------- C:\Documents and Settings\Alexlu\Application Data\dyyno-vlc
2008-06-12 07:42:01 0 d-------- C:\Program Files\Dyyno
2008-06-12 07:37:28 0 d-------- C:\Program Files\Microsoft Silverlight
2008-06-09 18:57:47 0 d-------- C:\Program Files\Ares
2008-06-07 11:13:28 0 d-------- C:\Program Files\NHN USA
2008-06-05 22:22:24 0 d-------- C:\Program Files\illiminable


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
06/03/2008 04:17 PM 86032 --a------ C:\Program Files\MSN\Toolbar\3.0.0311.0\msneshellx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/10/2004 05:04 AM]
"AlcxMonitor"="ALCXMNTR.EXE" [09/07/2004 02:47 PM C:\WINDOWS\ALCXMNTR.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [06/29/2004 10:06 AM C:\WINDOWS\AGRSMMSG.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [04/04/2006 10:05 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [01/12/2006 04:40 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 05:25 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [08/06/2007 08:05 PM]
"SSA.exe"="C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" [03/27/2007 10:33 AM]
"-FreedomNeedsReboot"="C:\Program Files\Bell\Security Manager\ZkRunOnceR.exe" [03/10/2008 12:26 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/08/2007 04:24 PM]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [07/10/2008 09:47 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [05/27/2008 10:50 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [07/10/2008 10:51 AM]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [06/12/2008 02:28 PM]
"BellCanada_McciTrayApp"="C:\Program Files\BellCanada\McciTrayApp.exe" [05/28/2008 04:19 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [02/01/2006 05:45 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 08:00 AM]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 12:34 PM]
"Steam"="C:\Program Files\Steam\Steam.exe" [03/28/2008 07:26 AM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 05:45 PM]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [02/13/2008 07:09 PM]
"DW6"="C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" [06/10/2008 04:18 PM]

C:\Documents and Settings\Alexlu\Start Menu\Programs\Startup\
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [7/15/2008 7:09:02 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 11:05:26 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [11/4/2004 8:28:24 PM]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [11/4/2004 8:50:52 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/20/2008 03:38 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 02:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"




-- End of Deckard's System Scanner: finished at 2008-08-05 12:29:54 ------------


I haven't checked the performance yet, but I already know it's better :) . Thanks a lot for your help, and if I find anything else, I'll post it in here.
< EmptyTemp >
File delete failed. C:\DOCUME~1\Alexlu\LOCALS~1\Temp\hpodvd09.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Alexlu\LOCALS~1\Temp\~DF3F47.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Alexlu\LOCALS~1\Temp\~DF3F59.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Alexlu\LOCALS~1\Temp\~DFA763.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Alexlu\LOCALS~1\Temp\~DFE7E3.tmp scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08052008_094945

MBAM LOG -------------------------------------

Malwarebytes' Anti-Malware 1.24
Database version: 1026
Windows 5.1.2600 Service Pack 2

12:11:10 PM 8/5/2008
mbam-log-8-5-2008 (12-11-10).txt

Scan type: Full Scan (C:\|)
Objects scanned: 110514
Time elapsed: 45 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 12
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Typelib\{d685b6db-1ed0-4345-8a86-674a4f0198ee} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{17a1dbb5-dad8-4e78-bf7e-9be4b965408b} (Trojan.Fakealert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DataDisp32 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\pmspl.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\Alexlu\Application Data\EasySpywareCleaner.com (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alexlu\Application Data\EasySpywareCleaner.com\EasySpywareCleaner (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alexlu\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alexlu\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\HKCURun (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alexlu\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\HKCURun\RunOnce (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alexlu\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\HKCURun\RunOnceEx (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alexlu\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\HKLMRun (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alexlu\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\HKLMRun\RunOnce (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alexlu\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\HKLMRun\RunOnceEx (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alexlu\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\StartMenuAllUsers (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alexlu\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\Autorun\StartMenuCurrentUser (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alexlu\Application Data\EasySpywareCleaner.com\EasySpywareCleaner\BrowserObjects (Rogue.EasySpywareCleaner) -> Quarantined and deleted successfully.

Files Infected:
(No malicious items detected)
  • 0

#6
Gone2Far
Posted 05 August 2008 - 04:19 PM

Gone2Far

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I noticed that after the virus removal and scan, my IE seems to be running slower than before, watching YouTube videos take 5 seconds to switch between different ones. Not so much of the internet speed, but of the loading of everything. Any ideas?
  • 0

#7
fenzodahl512
Posted 05 August 2008 - 09:42 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Not sure why your IE become slower.. Lets do this..


Please download SDFix by Andy Manchesta and save it to your desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • In Safe Mode, right click the SDFix.zip folder and choose Extract All,
  • A new folder will be extracted to your %systemdrive%, typically C:\SDFix
  • Open the extracted folder and double click RunThis.bat to start the script.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
  • Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt along with any other requested logs at the end of these instructions.



Also include me a fresh DSS log after that :)
  • 0

#8
Gone2Far
Posted 07 August 2008 - 12:15 PM

Gone2Far

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Here's the log from SDFIX:


SDFix: Version 1.214
Run by Alexlu on Thu 08/07/2008 at 01:57 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\Documents and Settings\Alexlu\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.redtube.com\settings.sol - Deleted



Folder C:\Documents and Settings\Alexlu\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.redtube.com - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-07 14:09:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:aa,b6,8d,1f,7e,e0,41,90,1e,bd,3e,d1,ae,70,70,99,4d,1e,5a,fd,33,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,e6,f1,6f,f6,6f,f8,9d,d3,52,14,07,60,76,37,10,19,88,..
"khjeh"=hex:f7,6c,cc,b1,b0,a3,59,8d,41,52,36,f0,f6,83,b9,fd,68,22,e0,92,ec,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:d5,b7,99,9e,49,07,ce,5e,51,e9,0c,8d,b2,14,7a,5e,d4,36,33,9e,83,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:aa,b6,8d,1f,7e,e0,41,90,1e,bd,3e,d1,ae,70,70,99,4d,1e,5a,fd,33,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,e6,f1,6f,f6,6f,f8,9d,d3,52,14,07,60,76,37,10,19,88,..
"khjeh"=hex:f7,6c,cc,b1,b0,a3,59,8d,41,52,36,f0,f6,83,b9,fd,68,22,e0,92,ec,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:d5,b7,99,9e,49,07,ce,5e,51,e9,0c,8d,b2,14,7a,5e,d4,36,33,9e,83,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Steam\\steamapps\\chrisangus\\counter-strike\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\chrisangus\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\LittleFighter2\\LF2_v1.9c\\lf2.exe"="C:\\Program Files\\LittleFighter2\\LF2_v1.9c\\lf2.exe:*:Enabled:lf2"
"C:\\Program Files\\Steam\\steamapps\\chrisangus\\team fortress classic\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\chrisangus\\team fortress classic\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Steam\\steamapps\\chrisangus\\day of defeat\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\chrisangus\\day of defeat\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\FlashGet\\FlashGet.exe"="C:\\Program Files\\FlashGet\\FlashGet.exe:*:Enabled:Flashget"
"C:\\Program Files\\Steam\\steamapps\\chrisangus\\half-life\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\chrisangus\\half-life\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Steam\\steamapps\\chrisangus\\deathmatch classic\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\chrisangus\\deathmatch classic\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\ijji\\ENGLISH\\u_sf.exe"="C:\\ijji\\ENGLISH\\u_sf.exe:*:Enabled:<ijji Downloader>"
"C:\\ijji\\ENGLISH\\u_sf\\soldierfront.exe"="C:\\ijji\\ENGLISH\\u_sf\\soldierfront.exe:*:Enabled:soldierfront"
"C:\\Program Files\\Xfire\\xfire.exe"="C:\\Program Files\\Xfire\\xfire.exe:*:Enabled:Xfire"
"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\\Documents and Settings\\Alexlu\\Local Settings\\Application Data\\Dyyno Receiver\\DPPM.exe"="C:\\Documents and Settings\\Alexlu\\Local Settings\\Application Data\\Dyyno Receiver\\DPPM.exe:*:Enabled:Dyyno P2P Receiver"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\\ijji\\ENGLISH\\u_gunz.exe"="C:\\ijji\\ENGLISH\\u_gunz.exe:*:Enabled:<ijji Downloader>"
"C:\\Program Files\\Touchstone\\Turok\\Binaries\\TurokGame.exe"="C:\\Program Files\\Touchstone\\Turok\\Binaries\\TurokGame.exe:*:Enabled:Turok"
"C:\\Half-Life 2\\hl2.exe"="C:\\Half-Life 2\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Steam\\Steam.exe"="C:\\Program Files\\Steam\\Steam.exe:*:Enabled:Steam"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Sat 26 Jul 2008 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 2 Aug 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\BITB.tmp"
Wed 9 Jul 2008 3,633 ...HR --- "C:\Documents and Settings\Alexlu\Application Data\SecuROM\UserData\securom_v7_01.bak"
Sat 31 May 2008 214,016 A..H. --- "C:\Deckard\System Scanner\20080805122859\backup\DOCUME~1\Alexlu\LOCALS~1\Temp\~D7.tmp"
Sun 27 Jul 2008 243,712 A..H. --- "C:\Deckard\System Scanner\20080805122859\backup\DOCUME~1\Alexlu\LOCALS~1\Temp\~F4.tmp"

Finished!

DSS LOG --------------------

Deckard's System Scanner v20071014.68
Run by Alexlu on 2008-08-07 14:16:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Alexlu.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:16:42 PM, on 8/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bell\Security Manager\Fws.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Personal Vault\VaultClientUpgrade.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\BellCanada\McciTrayApp.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Alexlu\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Alexlu.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Bell\Security Manager\pkR.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0311.0\msneshellx.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0311.0\msneshellx.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SSA.exe] "C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" /AUTORUN
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Bell\Security Manager\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [BellCanada_McciTrayApp] C:\Program Files\BellCanada\McciTrayApp.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} (DyynoX Class) - http://webserver.dyy...nt/DyynoCAB.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sympatico Security Manager (Radialpoint Security Services) - Radialpoint Inc. - C:\Program Files\Bell\Security Manager\RpsSecurityAware.exe
O23 - Service: Sympatico Security Manager Update Service (RPSUpdaterR) - Bell Sympatico - C:\Program Files\Bell\Security Manager\rpsupdaterR.exe
O23 - Service: Sympatico Security Manager Firewall (RP_FWS) - Bell Sympatico - C:\Program Files\Bell\Security Manager\Fws.exe
O23 - Service: Personal Vault Upgrade Service (VaultClientUpgrade) - BELL - C:\Program Files\Personal Vault\VaultClientUpgrade.exe

--
End of file - 11516 bytes

-- Files created between 2008-07-07 and 2008-08-07 -----------------------------

2096-11-16 04:57:11 0 d-------- C:\Documents and Settings\Alexlu\Application Data\Grisoft
2096-11-16 04:56:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2096-11-16 04:51:30 0 d--hs---- C:\Documents and Settings\Alexlu\UserData
2096-11-16 04:50:52 0 d-------- C:\Program Files\DVD Shrink
2096-11-16 04:50:52 0 d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2096-11-16 04:50:28 0 d-------- C:\Program Files\DivX
2096-11-16 04:49:58 0 d-------- C:\Program Files\DVD Decrypter
2096-11-16 04:49:28 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2096-11-16 04:47:12 0 d-------- C:\Program Files\Nero
2096-11-16 04:47:12 0 d-------- C:\Program Files\Common Files\Ahead
2096-11-16 04:09:47 0 d-------- C:\WINDOWS\system32\LogFiles
2096-11-16 03:56:48 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2096-11-16 03:53:13 0 d-------- C:\Documents and Settings\Alexlu\Application Data\Ahead
2096-11-16 03:46:48 0 d-------- C:\Program Files\CyberLink
2096-11-16 03:46:44 40960 --a------ C:\Program Files\Uninstall_CDS.exe
2096-11-16 03:46:44 0 d-------- C:\Program Files\CyberLink DVD Solution
2096-11-16 03:42:44 0 d-------- C:\Program Files\ATI Technologies
2096-11-16 03:42:35 520192 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2096-11-16 03:42:29 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2096-11-16 03:38:22 0 d-------- C:\WINDOWS\Options
2096-11-16 03:34:28 0 d-------- C:\Program Files\Realtek AC97
2096-11-16 03:34:27 40960 --a------ C:\WINDOWS\system32\ChCfg.exe
2096-11-16 03:34:25 307200 --a------ C:\WINDOWS\alcupd.exe <Not Verified; Realtek Semiconductor Corp.; Realtek AC'97 Update driver Tool>
2096-11-16 03:34:25 212992 --a------ C:\WINDOWS\alcrmv.exe <Not Verified; Realtek Semiconductor Corp.; Realtek AC'97 Removing driver Tool>
2096-11-16 03:34:25 0 d--h----- C:\Program Files\InstallShield Installation Information
2096-11-16 03:34:19 0 d-------- C:\Program Files\Common Files\InstallShield
2096-11-15 06:55:02 0 d-------- C:\Documents and Settings\Alexlu\Application Data\Identities
2096-11-15 06:54:54 0 d--h----- C:\Documents and Settings\Alexlu\Templates
2096-11-15 06:54:54 0 dr------- C:\Documents and Settings\Alexlu\Start Menu
2096-11-15 06:54:54 0 dr-h----- C:\Documents and Settings\Alexlu\SendTo
2096-11-15 06:54:54 0 dr-h----- C:\Documents and Settings\Alexlu\Recent
2096-11-15 06:54:54 0 d--h----- C:\Documents and Settings\Alexlu\PrintHood
2096-11-15 06:54:54 0 d--h----- C:\Documents and Settings\Alexlu\NetHood
2096-11-15 06:54:54 0 dr------- C:\Documents and Settings\Alexlu\My Documents
2096-11-15 06:54:54 0 d--h----- C:\Documents and Settings\Alexlu\Local Settings
2096-11-15 06:54:54 0 dr------- C:\Documents and Settings\Alexlu\Favorites
2096-11-15 06:54:54 0 d-------- C:\Documents and Settings\Alexlu\Desktop
2096-11-15 06:54:54 0 d--hs---- C:\Documents and Settings\Alexlu\Cookies
2096-11-15 06:54:54 0 d--h----- C:\Documents and Settings\Alexlu\Application Data
2096-11-15 06:07:50 0 d-------- C:\WINDOWS\SoftwareDistribution
2096-11-15 06:07:49 0 d-------- C:\WINDOWS\Prefetch
2096-11-15 06:07:48 0 d---s---- C:\WINDOWS\system32\Microsoft
2096-11-15 06:07:47 237568 --a------ C:\Documents and Settings\LocalService\NTUSER.DAT
2096-11-15 06:07:47 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2096-11-15 06:07:47 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2096-11-15 06:07:47 0 d-------- C:\Documents and Settings\LocalService\Application Data
2096-11-15 06:07:47 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2096-11-15 04:42:03 237568 --a------ C:\Documents and Settings\NetworkService\NTUSER.DAT
2096-11-15 04:42:03 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2096-11-15 04:42:03 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies
2096-11-15 04:42:03 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2096-11-15 04:42:03 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2096-11-15 04:38:45 0 d-------- C:\WINDOWS\system32\xircom
2096-11-15 04:38:45 0 d-------- C:\Program Files\microsoft frontpage
2096-11-15 04:37:07 0 d--hs---- C:\Documents and Settings\All Users\DRM
2096-11-15 04:36:56 0 dr------- C:\WINDOWS\Offline Web Pages
2096-11-15 04:36:56 0 d---s---- C:\WINDOWS\Downloaded Program Files
2096-11-15 04:36:45 0 d--h----- C:\Program Files\WindowsUpdate
2096-11-15 04:36:22 0 d-------- C:\WINDOWS\system32\DirectX
2096-11-15 04:35:41 0 d---s---- C:\WINDOWS\Tasks
2096-11-15 04:35:40 0 d-------- C:\Program Files\Common Files\MSSoap
2096-11-15 04:35:35 0 d-------- C:\WINDOWS\srchasst
2096-11-15 04:35:34 0 d-------- C:\WINDOWS\system32\Macromed
2096-11-15 04:35:12 0 d-------- C:\WINDOWS\system32\Restore
2096-11-15 04:29:46 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2096-11-15 04:29:28 0 d-------- C:\WINDOWS\Registration
2096-11-15 04:29:19 0 d-------- C:\Program Files\Online Services
2096-11-15 04:28:24 0 d-------- C:\Program Files\Windows Plus
2096-11-15 04:28:03 0 d-------- C:\Program Files\Movie Maker
2096-11-15 04:25:36 0 d-------- C:\Program Files\Messenger
2096-11-15 04:25:32 0 d-------- C:\Program Files\MSN Gaming Zone
2096-11-15 04:24:46 0 d-------- C:\Program Files\Windows NT
2096-11-15 04:24:42 0 d-------- C:\WINDOWS\system32\MsDtc
2096-11-15 04:24:40 0 d-------- C:\WINDOWS\system32\Com
2096-11-14 23:16:27 0 d--hs---- C:\WINDOWS\Installer
2096-11-14 23:16:26 0 d-------- C:\Program Files\Common Files\ODBC
2096-11-14 23:16:22 0 d-------- C:\Program Files\Common Files\SpeechEngines
2096-11-14 23:16:21 0 dr------- C:\Program Files
2096-11-14 23:16:21 0 d-------- C:\Program Files\Common Files
2096-11-14 23:15:53 0 d--h----- C:\Documents and Settings\All Users\Templates
2096-11-14 23:15:53 0 dr------- C:\Documents and Settings\All Users\Start Menu
2096-11-14 23:15:53 0 d-------- C:\Documents and Settings\All Users\Favorites
2096-11-14 23:15:53 0 dr------- C:\Documents and Settings\All Users\Documents
2096-11-14 23:15:53 0 d-------- C:\Documents and Settings\All Users\Desktop
2096-11-14 23:15:40 0 d-------- C:\WINDOWS\system32\CatRoot2
2096-11-14 23:15:40 0 d-------- C:\WINDOWS\system32\CatRoot
2096-11-14 23:15:34 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2096-11-14 23:15:34 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2096-11-14 23:15:04 0 d--hs---- C:\System Volume Information
2096-11-14 23:15:04 0 d-------- C:\Documents and Settings
2096-11-14 23:05:58 0 d-------- C:\WINDOWS
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\WinSxS
2096-11-14 23:05:58 0 dr------- C:\WINDOWS\Web
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\twain_32
2096-11-14 23:05:58 0 d-a------ C:\WINDOWS\system32
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\wins
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\wbem
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\usmt
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\spool
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\ShellExt
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\Setup
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\ras
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\oobe
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\npp
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\mui
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\inetsrv
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\IME
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\icsxml
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\ias
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\export
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\drivers
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\drivers\etc
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\drivers\disdn
2096-11-14 23:05:58 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\dhcp
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\config
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\3com_dmi
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\3076
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\2052
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\1054
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\1042
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\1041
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\1037
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\1033
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\1031
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\1028
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system32\1025
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\system
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\security
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\Resources
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\repair
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\Provisioning
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\PeerNet
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\pchealth
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\mui
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\msapps
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\msagent
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\Media
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\java
2096-11-14 23:05:58 0 d--h----- C:\WINDOWS\inf
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\ime
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\Help
2096-11-14 23:05:58 0 dr--s---- C:\WINDOWS\Fonts
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\ehome
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\Driver Cache
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\Debug
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\Cursors
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\Connection Wizard
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\Config
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\AppPatch
2096-11-14 23:05:58 0 d-------- C:\WINDOWS\addins
2008-08-07 13:50:48 0 d-------- C:\WINDOWS\ERUNT
2008-08-05 09:58:40 0 d-------- C:\Documents and Settings\Alexlu\Application Data\Malwarebytes
2008-08-05 09:58:36 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-05 09:58:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-05 06:50:06 0 d-------- C:\Documents and Settings\Alexlu\Application Data\Motive
2008-08-04 12:24:21 0 d-------- C:\Program Files\BellCanada
2008-08-01 08:21:28 0 d-------- C:\Program Files\Avira
2008-08-01 08:21:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-07-31 19:58:40 0 d-------- C:\Program Files\RegScrubXP
2008-07-29 12:48:35 0 d-------- C:\Program Files\Bonjour
2008-07-22 13:31:06 0 d-------- C:\Documents and Settings\Alexlu\Application Data\Nexon
2008-07-22 13:28:02 0 d-------- C:\Nexon
2008-07-09 09:27:27 0 d-------- C:\Documents and Settings\Alexlu\Application Data\Bioshock
2008-07-09 09:27:22 0 dr-h----- C:\Documents and Settings\Alexlu\Application Data\SecuROM
2008-07-07 14:13:11 0 d-------- C:\Program Files\Common Files\SWF Studio


-- Find3M Report ---------------------------------------------------------------

2096-11-14 23:15:53 62 --ahs---- C:\Documents and Settings\Alexlu\Application Data\desktop.ini
2008-08-07 14:14:22 0 d-------- C:\Program Files\Steam
2008-08-06 20:40:23 0 d-------- C:\Program Files\Warcraft III
2008-08-06 13:22:07 0 d-------- C:\Documents and Settings\Alexlu\Application Data\LimeWire
2008-08-05 13:14:03 0 d-------- C:\Documents and Settings\Alexlu\Application Data\Xfire
2008-08-04 12:25:04 1848 --a------ C:\Program Files\INSTALL.LOG
2008-08-04 12:24:39 0 d-------- C:\Program Files\Common Files\Motive
2008-08-02 21:54:26 0 d-------- C:\Documents and Settings\Alexlu\Application Data\Apple Computer
2008-07-30 12:52:12 0 d-------- C:\Program Files\Lavasoft
2008-07-30 12:51:45 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-22 12:03:43 4646 --a------ C:\Documents and Settings\Alexlu\Application Data\wklnhst.dat
2008-07-14 08:25:36 0 d-------- C:\Program Files\Java
2008-07-13 16:53:43 0 d-------- C:\Program Files\iTunes
2008-07-13 16:53:30 0 d-------- C:\Program Files\iPod
2008-07-13 16:52:02 0 d-------- C:\Program Files\QuickTime
2008-07-10 18:53:51 0 d-------- C:\Program Files\LimeWire
2008-07-09 09:39:51 0 d-------- C:\Documents and Settings\Alexlu\Application Data\uTorrent
2008-07-06 17:18:54 0 d-------- C:\Documents and Settings\Alexlu\Application Data\Leadertech
2008-07-06 17:02:58 0 d-------- C:\Program Files\Touchstone
2008-07-06 17:02:38 0 d-------- C:\Program Files\AGEIA Technologies
2008-07-02 15:02:16 0 d-------- C:\Program Files\GoldWave
2008-07-02 13:47:44 36104 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
2008-07-02 13:47:44 131072 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2008-07-02 13:39:42 0 d-------- C:\Program Files\Illustrate
2008-06-30 21:11:48 0 d-------- C:\Documents and Settings\Alexlu\Application Data\Lionhead Studios
2008-06-30 19:31:20 79269 --a------ C:\WINDOWS\War3Unin.dat
2008-06-27 14:06:54 0 d--h----- C:\Documents and Settings\Alexlu\Application Data\ijjigame
2008-06-26 11:55:39 0 d-------- C:\Program Files\DotA Gaming Network
2008-06-24 08:51:26 0 d-------- C:\Program Files\Gpotato
2008-06-21 12:55:42 0 d-------- C:\Documents and Settings\Alexlu\Application Data\Ventrilo
2008-06-21 12:55:22 0 d-------- C:\Program Files\Ventrilo
2008-06-18 15:26:16 0 d-------- C:\Program Files\FlashGet
2008-06-18 15:23:39 0 d-------- C:\Program Files\uTorrent
2008-06-17 10:53:20 0 d-------- C:\Program Files\HP
2008-06-17 10:53:08 0 d-------- C:\Program Files\Hewlett-Packard
2008-06-12 07:42:35 0 d-------- C:\Documents and Settings\Alexlu\Application Data\dyyno-vlc
2008-06-12 07:42:01 0 d-------- C:\Program Files\Dyyno
2008-06-12 07:37:28 0 d-------- C:\Program Files\Microsoft Silverlight
2008-06-09 18:57:47 0 d-------- C:\Program Files\Ares
2008-06-07 11:13:28 0 d-------- C:\Program Files\NHN USA


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
06/03/2008 04:17 PM 86032 --a------ C:\Program Files\MSN\Toolbar\3.0.0311.0\msneshellx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/10/2004 05:04 AM]
"AlcxMonitor"="ALCXMNTR.EXE" [09/07/2004 02:47 PM C:\WINDOWS\ALCXMNTR.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [06/29/2004 10:06 AM C:\WINDOWS\AGRSMMSG.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [04/04/2006 10:05 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [01/12/2006 04:40 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 05:25 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [08/06/2007 08:05 PM]
"SSA.exe"="C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" [03/27/2007 10:33 AM]
"-FreedomNeedsReboot"="C:\Program Files\Bell\Security Manager\ZkRunOnceR.exe" [03/10/2008 12:26 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/08/2007 04:24 PM]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [07/10/2008 09:47 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [05/27/2008 10:50 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [07/10/2008 10:51 AM]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [06/12/2008 02:28 PM]
"BellCanada_McciTrayApp"="C:\Program Files\BellCanada\McciTrayApp.exe" [05/28/2008 04:19 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [02/01/2006 05:45 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 08:00 AM]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 12:34 PM]
"Steam"="C:\Program Files\Steam\Steam.exe" [03/28/2008 07:26 AM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 05:45 PM]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [02/13/2008 07:09 PM]
"DW6"="C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" [06/10/2008 04:18 PM]

C:\Documents and Settings\Alexlu\Start Menu\Programs\Startup\
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [7/15/2008 7:09:02 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 11:05:26 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [11/4/2004 8:28:24 PM]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [11/4/2004 8:50:52 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/20/2008 03:38 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 02:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"




-- End of Deckard's System Scanner: finished at 2008-08-07 14:17:28 ------------
  • 0

#9
fenzodahl512
Posted 07 August 2008 - 10:21 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please re-open HijackThis and click on Do a system scan only. Check the boxes next to all the entries listed below.

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

Now close all windows other than HijackThis, then click Fix checked. Close HijackThis.



NEXT


Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Edited by fenzodahl512, 07 August 2008 - 10:22 PM.

  • 0

#10
fenzodahl512
Posted 12 August 2008 - 01:51 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP