Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

My system feels a bit dodgy. [RESOLVED]

Started by Marc Parchow Figueiredo , Jan 10 2008 04:37 PM

  • This topic is locked This topic is locked

#1
Marc Parchow Figueiredo
Posted 10 January 2008 - 04:37 PM

Marc Parchow Figueiredo

    Member

  • Member
  • PipPip
  • 22 posts
Some years ago I was Helped by Phil (CrustyOldBloke) and everything was just fine. I learned a lot and mantained my computer clean and working thanks to him.

Until I bought a new machine some time ago.
Now my Problems are these:
The computer takes ages to start and to shutdown. And about 10s after I start Bittorrent my Internet goes. Nothing works - Not bittorrent and not Firefox.

About My System:
Processor: Intel Core2 Quad Q6600 @ 2.40GHz
Bios: ASUS P5N-E SLI ACPI BIOS Revision 0703
Memory: 2Gb RAM
Hard Disk: 2 SATA 250Gb using Raid1 + 1 IDE 3GB (for my Pagefile) + 1 SATA 250Gb eventually for Linux on dual-boot
Windows XP Professional SP2: 5.1 (Build 2600)
Firefox Browser but IE still installed.
I'vg got AVG, Spybot, A2, Superantispyware and Adaware installed and use them regularly

My Lock2Me log:

Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 10-01-2008 22:01:04


Attempting to delete infected files...

Making registry repairs.


Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrators - Succeeded

My Hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:20:58, on 10-01-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Portrait Displays\HP My Display\DTSRVC.exe
C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvraidservice.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\CNAC4RPK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe
O4 - HKLM\..\Run: [DT Task] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=012208 serial=DR12WEX-1504397-KTY lang=EN
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1198627271232
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1198630926530
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{34879753-03CE-47E0-BCA0-BECBD251C162}: NameServer = 192.168.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{34879753-03CE-47E0-BCA0-BECBD251C162}: NameServer = 192.168.2.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - C:\PROGRA~1\CACHEM~1\CachemanXP.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\HP My Display\DTSRVC.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 13499 bytes


I hope you will help me to get bittorrent working and ease my mind about my system stability.
I will also need help to configure the dualboot for my computer: I am using Windows installed on my primary disk (two 250gb disks on Raid 1) and I installed Dabian Linux on a single 250Gb Disk.
On installing Linuk, Grub did not indnetify windows becaus of the RAID (I supose) and I didn't want to screw around with the Boot.

I thank you in advance for all the help you can spare.

Marc
  • 0

Advertisements

#2
Rorschach112
Posted 19 January 2008 - 07:33 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.




Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.



Download rootchk by Ejvindh to your desktop.
  • Temporarily Disable Real Time Monitoring Programs you have running that are listed here, such as TeaTimer, Adwatch, and HIPs programs like Prevx, while we complete the fixes (see **Note below).
  • Disconnect from the internet
  • Double click rootchk.exe to run the program
  • After a short time a logfile will open.
  • Copy the contents of the log into your next reply.
  • Re-enable active protection on any program you have disabled while completing the scan

**Note:If you are using the ZoneAlarm Pro firewall or any other security program that protects your registry (Teatimer, Adwatch, Prevx), rootchk may produce false positives. That is why it is important for you to disable these programs before running a rootchk scan. To prevent ZoneAlarm Pro conflicts, first enable the Windows Firewall (click start | Control Panel | Windows Firewall and select the checkbox to turn it on). Then disable ZoneAlarm Pro before running the rootchk. Also, disable any other active protection programs including HIPs that block registry write access. After the scan, be sure re-enable ZoneAlarm Pro and any other active protection programs you have temporarily disabled.
  • 0

#3
Marc Parchow Figueiredo
Posted 19 January 2008 - 07:06 PM

Marc Parchow Figueiredo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
//////////////////////////////DSS Main.txt - Part1////////////////////////////////
Deckard's System Scanner v20071014.68
Run by Marc on 2008-01-20 00:44:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
13: 2008-01-20 00:44:12 UTC - RP92 - Deckard's System Scanner Restore Point
12: 2008-01-19 00:18:34 UTC - RP91 - Printer Driver Adobe PDF Converter Installed
11: 2008-01-16 15:49:58 UTC - RP90 - System Checkpoint
10: 2008-01-13 17:40:33 UTC - RP89 - System Checkpoint
9: 2008-01-12 17:14:44 UTC - RP88 - Spybot-S&D Spyware removal


-- First Restore Point --
1: 2008-01-08 22:08:35 UTC - RP80 - Removed Macromedia Flash 8 Video Encoder


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Marc.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:45:32, on 20-01-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Portrait Displays\HP My Display\DTSRVC.exe
C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\CNAC4RPK.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvraidservice.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\Tablet.exe
C:\Documents and Settings\Marc\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Marc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe
O4 - HKLM\..\Run: [DT Task] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=012208 serial=DR12WEX-1504397-KTY lang=EN
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1198627271232
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1198630926530
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{34879753-03CE-47E0-BCA0-BECBD251C162}: NameServer = 192.168.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{34879753-03CE-47E0-BCA0-BECBD251C162}: NameServer = 192.168.2.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - C:\PROGRA~1\CACHEM~1\CachemanXP.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\HP My Display\DTSRVC.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 13087 bytes

-- File Associations -----------------------------------------------------------

.js - jsfile - DefaultIcon - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\dreamweaver.exe",7
.js - jsfile - shell\open\command - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\dreamweaver.exe","%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R2 atksgt - c:\windows\system32\drivers\atksgt.sys
R2 Haspnt - c:\windows\system32\drivers\haspnt.sys <Not Verified; Aladdin Knowledge Systems; Windows NT HASP Kernel Device Driver>
R2 lirsgt - c:\windows\system32\drivers\lirsgt.sys
R3 NVR0Dev - c:\windows\nvoclock.sys <Not Verified; NVidia Corp.; NVidia System Utility Driver>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S3 pdiddcci (DDC/CI monitor) - c:\windows\system32\drivers\pdiddcci.sys <Not Verified; Portrait Displays, Inc.; Portrait Displays DDC/CI Monitor Device Driver>
S3 SE2Ebus (Sony Ericsson Device 046 Driver driver (WDM)) - c:\windows\system32\drivers\se2ebus.sys <Not Verified; MCCI; Sony Ericsson Device 046 Driver>
S3 SE2Emdfl (Sony Ericsson Device 046 USB WMC Modem Filter) - c:\windows\system32\drivers\se2emdfl.sys <Not Verified; MCCI; Sony Ericsson Device 046 USB WMC Modem Filter Driver>
S3 SE2Emdm (Sony Ericsson Device 046 USB WMC Modem Driver) - c:\windows\system32\drivers\se2emdm.sys <Not Verified; MCCI; Sony Ericsson Device 046 USB WMC Data Modem>
S3 SE2Emgmt (Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM)) - c:\windows\system32\drivers\se2emgmt.sys <Not Verified; MCCI; Sony Ericsson Device 046 USB WMC Device Management>
S3 se2End5 (Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS)) - c:\windows\system32\drivers\se2end5.sys <Not Verified; MCCI; Sony Ericsson Device 046 USB Ethernet Emulation>
S3 SE2Eobex (Sony Ericsson Device 046 USB WMC OBEX Interface) - c:\windows\system32\drivers\se2eobex.sys <Not Verified; MCCI; Sony Ericsson Device 046 USB WMC OBEX Interface>
S3 se2Eunic (Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM)) - c:\windows\system32\drivers\se2eunic.sys <Not Verified; MCCI; Sony Ericsson Device 046 USB Ethernet Emulation>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 DTSRVC (Portrait Displays Display Tune Service) - c:\program files\portrait displays\hp my display\dtsrvc.exe
R2 FirebirdGuardianDefaultInstance (Firebird Guardian - DefaultInstance) - c:\program files\firebird\firebird_2_0\bin\fbguard.exe -s <Not Verified; FirebirdSQL Project; Firebird SQL Server>
R2 ForceWare Intelligent Application Manager (IAM) - c:\program files\nvidia corporation\networkaccessmanager\bin\nsvcappflt.exe
R2 ForcewareWebInterface (Forceware Web Interface) - "c:\program files\nvidia corporation\networkaccessmanager\apache group\apache2\bin\apache.exe" -k runservice <Not Verified; Apache Software Foundation; Apache HTTP Server>
R2 nSvcIp (ForceWare IP service) - c:\program files\nvidia corporation\networkaccessmanager\bin\nsvcip.exe
R2 nSvcLog (ForceWare user log service) - c:\program files\nvidia corporation\networkaccessmanager\bin\nsvclog.exe
R2 nTuneService (nTune Service) - c:\program files\nvidia corporation\ntune\ntuneservice.exe /startservice
R3 FirebirdServerDefaultInstance (Firebird Server - DefaultInstance) - c:\program files\firebird\firebird_2_0\bin\fbserver.exe -s <Not Verified; FirebirdSQL Project; Firebird SQL Server>
R3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>

S3 CachemanXPService (CachemanXP) - c:\progra~1\cachem~1\cachemanxp.exe <Not Verified; OuterTechnologies; >


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2007-12-20 and 2008-01-20 -----------------------------

2008-01-19 23:06:16 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-19 23:06:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-19 23:06:15 0 d-------- C:\WINDOWS\LastGood
2008-01-12 12:13:36 0 d-------- C:\Documents and Settings\Marc\Application Data\DivX
2008-01-12 10:38:08 0 d-------- C:\Documents and Settings\Marc\Application Data\SiteAdvisor
2008-01-12 10:38:08 0 d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-01-12 10:38:08 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-01-12 09:45:19 0 d-------- C:\Documents and Settings\Marc\Application Data\NeroDCTemplates
2008-01-12 09:32:12 0 d-------- C:\Program Files\Common Files\LightScribe
2008-01-12 08:54:17 0 d-------- C:\Program Files\DivX
2008-01-11 21:22:32 0 d-------- C:\Program Files\winLAME
2008-01-10 20:07:09 0 d-------- C:\Documents and Settings\Marc\Application Data\Canon
2008-01-09 19:42:00 0 d-------- C:\Program Files\Sony Ericsson
2008-01-09 19:42:00 0 d-------- C:\Program Files\Common Files\Teleca Shared
2008-01-09 18:27:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Teleca
2008-01-09 18:27:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-01-08 22:36:41 0 d-------- C:\Program Files\MSXML 4.0
2008-01-08 22:08:22 0 d-------- C:\WINDOWS\system32\appmgmt
2008-01-08 21:23:08 18704 -ra------ C:\WINDOWS\system32\drivers\se2End5.sys <Not Verified; MCCI; Sony Ericsson Device 046 USB Ethernet Emulation>
2008-01-08 21:23:01 90800 -ra------ C:\WINDOWS\system32\drivers\se2Eunic.sys <Not Verified; MCCI; Sony Ericsson Device 046 USB Ethernet Emulation>
2008-01-08 21:23:01 88688 -ra------ C:\WINDOWS\system32\drivers\SE2Emgmt.sys <Not Verified; MCCI; Sony Ericsson Device 046 USB WMC Device Management>
2008-01-08 21:23:01 4128 -ra------ C:\WINDOWS\system32\drivers\se2Ecr.sys <Not Verified; MCCI; Sony Ericsson Device 046 USB Ethernet Emulation>
2008-01-08 21:22:57 86560 -ra------ C:\WINDOWS\system32\drivers\SE2Eobex.sys <Not Verified; MCCI; Sony Ericsson Device 046 USB WMC OBEX Interface>
2008-01-08 21:22:49 97184 -ra------ C:\WINDOWS\system32\drivers\SE2Emdm.sys <Not Verified; MCCI; Sony Ericsson Device 046 USB WMC Data Modem>
2008-01-08 21:22:49 9360 -ra------ C:\WINDOWS\system32\drivers\SE2Emdfl.sys <Not Verified; MCCI; Sony Ericsson Device 046 USB WMC Modem Filter Driver>
2008-01-08 21:22:49 6240 -ra------ C:\WINDOWS\system32\drivers\SE2Ecmnt.sys <Not Verified; MCCI; Sony Ericsson Device 046 USB WMC OBEX Interface>
2008-01-08 21:22:49 6240 -ra------ C:\WINDOWS\system32\drivers\SE2Ecm.sys <Not Verified; MCCI; Sony Ericsson Device 046 USB WMC OBEX Interface>
2008-01-08 21:22:45 5872 -ra------ C:\WINDOWS\system32\drivers\SE2Ewhnt.sys <Not Verified; MCCI; Sony Ericsson Device 046 Driver>
2008-01-08 21:22:45 5872 -ra------ C:\WINDOWS\system32\drivers\SE2Ewh.sys <Not Verified; MCCI; Sony Ericsson Device 046 Driver>
2008-01-08 21:22:45 61600 -ra------ C:\WINDOWS\system32\drivers\SE2Ebus.sys <Not Verified; MCCI; Sony Ericsson Device 046 Driver>
2008-01-08 21:21:30 0 d-------- C:\Documents and Settings\Marc\Application Data\Teleca
2008-01-08 21:21:24 0 d-------- C:\Documents and Settings\Marc\Application Data\Sony Ericsson
2008-01-07 23:08:32 0 d-------- C:\Documents and Settings\Marc\WINDOWS
2008-01-07 22:25:35 0 d-------- C:\Program Files\CachemanXP
2008-01-07 22:23:19 0 d-------- C:\Documents and Settings\Marc\Application Data\Corel
2008-01-07 21:44:16 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-01-07 21:30:51 0 d-------- C:\Program Files\Common Files\Control Panels
2008-01-07 21:29:46 0 d-------- C:\Documents and Settings\All Users\Application Data\ALM
2008-01-07 21:23:54 0 d-------- C:\Program Files\QuickTime
2008-01-07 21:17:53 0 d-------- C:\Program Files\Bonjour
2008-01-07 21:15:57 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-01-07 20:31:11 0 d-------- C:\Program Files\Sandra2004
2008-01-07 20:23:49 0 d-------- C:\Documents and Settings\Marc\Application Data\Skype
2008-01-07 20:23:33 0 d-------- C:\Program Files\Skype
2008-01-07 20:23:33 0 d-------- C:\Program Files\Common Files\Skype
2008-01-07 20:23:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-01-07 20:20:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Macromedia
2008-01-07 20:20:25 0 d-------- C:\Program Files\Macromedia
2008-01-07 20:20:25 0 d-------- C:\Program Files\Common Files\Macromedia
2008-01-07 20:18:50 0 d-------- C:\WINDOWS\Downloaded Installations
2008-01-07 20:13:15 0 d-------- C:\Program Files\Common Files\Corel
2008-01-07 20:12:48 0 d-------- C:\Program Files\Corel
2008-01-07 19:53:19 8 --a------ C:\WINDOWS\system32\nvModes.dat
2008-01-07 19:52:00 0 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-01-06 09:17:48 389120 --a------ C:\WINDOWS\system32\FBCLIENT.DLL <Not Verified; FirebirdSQL Project; Firebird SQL Server>
2008-01-06 09:17:46 0 d-------- C:\Program Files\Firebird
2008-01-06 09:17:43 356431 --a------ C:\WINDOWS\system32\gds32.dll <Not Verified; The Firebird Project; Firebird SQL Server>
2008-01-06 09:17:42 6656 --a------ C:\WINDOWS\system32\haspvdd.dll <Not Verified; Aladdin Knowledge Systems.; Windows NT HASP Virtual Device Driver>
2008-01-06 09:17:42 383 --a------ C:\WINDOWS\system32\haspdos.sys
2008-01-06 09:17:42 47616 --a------ C:\WINDOWS\system32\drivers\Haspnt.sys <Not Verified; Aladdin Knowledge Systems; Windows NT HASP Kernel Device Driver>
2008-01-06 09:17:41 0 d-------- C:\Program Files\Common Files\Borland Shared
2008-01-06 09:17:28 1804288 --a------ C:\WINDOWS\system32\hinstd.dll <Not Verified; Aladdin Knowledge Systems.; Aladdin Device Driver Custom Installation API>
2008-01-06 09:17:26 99840 --a------ C:\WINDOWS\system32\ZIPDLL.DLL <Not Verified; ; Delphi Zip>
2008-01-06 09:17:26 94208 --a------ C:\WINDOWS\system32\UNZDLL.DLL <Not Verified; ; Delphi Zip>
2008-01-06 09:17:26 243845 --a------ C:\WINDOWS\system32\tutil32.dll
2008-01-06 09:17:26 294912 --a------ C:\WINDOWS\system32\haspms32.dll <Not Verified; Aladdin Knowledge Systems.; Win32 DLL for Microsoft C>
2008-01-06 09:17:25 0 d-------- C:\Program Files\TeT
2008-01-05 18:26:47 0 d-------- C:\Program Files\Windows Media Connect 2
2008-01-05 18:26:14 0 d-------- C:\92aacc31a5c7c87b1812cc
2008-01-05 18:26:11 0 d-------- C:\WINDOWS\system32\LogFiles
2008-01-05 18:26:11 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-01-05 18:25:53 0 d-------- C:\eda823fb2abb4efe83c9eec320d6
2008-01-05 09:34:29 2560 --a------ C:\WINDOWS\system32\bitcometres.dll <Not Verified; BitComet; BitComet BCTP Helper>
2008-01-05 08:51:42 0 d-------- C:\Documents and Settings\Marc\Application Data\Dynamic
2008-01-05 08:51:41 0 d-------- C:\Documents and Settings\Marc\Application Data\Sites
2008-01-05 08:51:41 0 d-------- C:\Documents and Settings\Marc\Application Data\SiteClasses
2008-01-05 08:51:35 0 d-------- C:\Program Files\vmntoolbar
2008-01-05 08:51:35 0 d-------- C:\Documents and Settings\Marc\Application Data\vmntoolbar
2008-01-05 08:51:29 0 d-------- C:\Program Files\AceFTP
2008-01-05 01:04:03 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-05 01:04:00 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-01-05 01:04:00 0 d-------- C:\Documents and Settings\Marc\Application Data\SUPERAntiSpyware.com
2008-01-05 01:03:43 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-05 00:51:58 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-01-05 00:21:08 0 d-------- C:\Documents and Settings\Marc\Application Data\WTablet
2008-01-05 00:20:51 0 d-------- C:\WINDOWS\system32\WTablet
2008-01-05 00:20:46 0 d-------- C:\Program Files\Tablet
2008-01-04 22:51:37 0 d-------- C:\Documents and Settings\Marc\Application Data\Logitech
2008-01-04 22:50:47 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-01-04 22:50:44 69632 --a------ C:\WINDOWS\system32\KemXML.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
2008-01-04 22:50:44 110592 --a------ C:\WINDOWS\system32\KemWnd.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
2008-01-04 22:50:44 135168 --a------ C:\WINDOWS\system32\KemUtil.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
2008-01-04 22:50:44 163840 --a------ C:\WINDOWS\system32\kemutb.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
2008-01-04 22:50:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-01-04 22:50:30 0 d-------- C:\Program Files\Logitech
2008-01-04 22:50:28 0 d-------- C:\Program Files\Common Files\Logitech
2008-01-04 21:58:50 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-01-04 21:57:22 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-01-04 21:57:22 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-01-04 21:57:12 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-04 21:57:10 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-01-04 21:57:10 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-04 21:57:10 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-04 21:56:24 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-01-03 18:49:29 0 d-------- C:\Program Files\NVIDIA nTune Performance Application
2008-01-03 18:39:17 0 d-------- C:\WINDOWS\NV37563760.TMP
2008-01-03 18:38:52 0 d-------- C:\Program Files\nvidia
2008-01-02 18:03:02 0 d-------- C:\Program Files\a-squared Free
2008-01-02 17:45:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-02 17:14:45 0 d-------- C:\Documents and Settings\Marc\Application Data\Lavasoft
2008-01-02 17:14:35 0 d-------- C:\Program Files\Lavasoft
2008-01-02 09:34:18 0 d-------- C:\Program Files\GoodSync
2008-01-02 09:34:18 0 d-------- C:\Documents and Settings\Marc\Application Data\GoodSync
2007-12-29 00:50:13 0 d-------- C:\WINDOWS\Sun
2007-12-29 00:50:13 0 d-------- C:\Documents and Settings\Marc\Application Data\Sun
2007-12-29 00:47:17 0 d-------- C:\Program Files\Java
2007-12-29 00:47:05 0 d-------- C:\Program Files\Common Files\Java
2007-12-29 00:46:38 659 --a------ C:\WINDOWS\mozver.dat
2007-12-28 19:17:51 24 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000003-00000000-00000007-00001102-00000002-80611102}.dat
2007-12-28 19:17:51 24 --a------ C:\WINDOWS\system32\DVCState-{00000003-00000000-00000007-00001102-00000002-80611102}.dat
2007-12-28 19:04:02 0 d-------- C:\Downloads
2007-12-28 19:03:18 0 d-------- C:\Program Files\BitComet
2007-12-28 18:22:37 0 d-------- C:\Documents and Settings\Marc\Application Data\Talkback
2007-12-28 18:22:17 0 --a------ C:\WINDOWS\nsreg.dat
2007-12-28 18:22:14 0 d-------- C:\Documents and Settings\Marc\Application Data\Mozilla
2007-12-27 23:22:46 1048576 -----n--- C:\WINDOWS\system32\SFMAN.DAT
2007-12-27 23:22:46 54784 -----n--- C:\WINDOWS\system32\INETWH32.DLL <Not Verified; Blue Sky Software Corporation.; Blue Sky Software - INETWH32>
2007-12-27 23:22:46 26768 -----n--- C:\WINDOWS\system32\CTL3D.DLL <Not Verified; Microsoft Corporation; 3D Windows Control>
2007-12-27 23:22:46 53552 -----n--- C:\WINDOWS\CTCCW.DLL <Not Verified; Creative® Technology Ltd.; Custom Control for Windows>
2007-12-27 23:22:45 0 d-------- C:\WINDOWS\system32\Defaults
2007-12-27 23:22:36 270336 --a------ C:\WINDOWS\system32\SFMS32.DLL <Not Verified; Creative Technology Ltd; Creative Audio Product>
2007-12-27 23:22:36 36864 --a------ C:\WINDOWS\system32\REGPLIB.EXE
2007-12-27 23:22:36 110592 --a------ C:\WINDOWS\system32\PIAPROXY.DLL <Not Verified; Creative Technology Ltd; E-mu PIA>
2007-12-27 23:22:36 135168 --a------ C:\WINDOWS\system32\OPENAL32.DLL <Not Verified; Creative Technology Ltd; Creative Audio Product>
2007-12-27 23:22:36 49152 --a------ C:\WINDOWS\system32\KILLAPPS.EXE
2007-12-27 23:22:36 77824 --a------ C:\WINDOWS\system32\EAXAC3.DLL <Not Verified; Creative Labs; EAX-AC3 DLL>
2007-12-27 23:22:36 0 d-------- C:\WINDOWS\system32\Data
2007-12-27 23:22:36 184320 --a------ C:\WINDOWS\PSCONV.EXE
2007-12-27 23:22:36 61440 --a------ C:\WINDOWS\MIDIDEF.EXE <Not Verified; Creative Technology Ltd; Creative Audio Product>
2007-12-27 23:22:36 94208 --a------ C:\WINDOWS\DEVREG.DLL <Not Verified; Creative Technology Ltd; Creative Audio Product>
2007-12-27 23:22:36 49152 --a------ C:\WINDOWS\CTDCRES.DLL <Not Verified; Creative Technology Ltd; Creative Technology Ltd CTDCRES>
2007-12-27 23:22:35 28672 --a------ C:\WINDOWS\system32\CTSPKHLP.DLL <Not Verified; Creative Technology Ltd; CtSpkHlp Dynamic Link Library>
2007-12-27 23:22:35 643072 --a------ C:\WINDOWS\system32\CTSBLFX.DLL <Not Verified; Creative Technology Ltd; Creative Audio Product>
2007-12-27 23:22:35 155648 --a------ C:\WINDOWS\system32\CTOSUSER.DLL <Not Verified; Creative Technology Ltd; Creative Audio Product>
2007-12-27 23:22:35 24576 --a------ C:\WINDOWS\system32\CTHELPER.EXE <Not Verified; Creative Technology Ltd; CtHelper Application>
2007-12-27 23:22:35 36864 --a------ C:\WINDOWS\system32\CTEMUPIA.DLL <Not Verified; Creative Technology Ltd; Creative Audio Product>
2007-12-27 23:22:35 106496 --a------ C:\WINDOWS\system32\CTDPROXY.DLL <Not Verified; Creative Technology Ltd; Creative Audio Product>
2007-12-27 23:22:35 319488 --a------ C:\WINDOWS\system32\CTDEVCON.DLL <Not Verified; Creative Technology Ltd; Creative Audio Product>
2007-12-27 23:22:35 106496 --a------ C:\WINDOWS\system32\CTASIO.DLL <Not Verified; Creative Technology Ltd; Creative Audio Product>
2007-12-27 23:22:35 61440 --a------ C:\WINDOWS\system32\CTAGENT.DLL <Not Verified; Creative Technology Ltd; ctagent>
2007-12-27 23:22:35 110592 --a------ C:\WINDOWS\system32\COMMONFX.DLL <Not Verified; Creative Technology Ltd; Creative Audio Product>
2007-12-27 23:22:35 53248 --a------ C:\WINDOWS\system32\AC3API.DLL <Not Verified; Creative Technology Ltd; Creative Audio Product>
2007-12-27 23:21:57 0 d-------- C:\Program Files\Creative
2007-12-27 21:15:39 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2007-12-27 21:15:30 0 d-------- C:\Program Files\CyberLink
2007-12-27 19:35:33 0 d-------- C:\Documents and Settings\Marc\Application Data\DisplayTune
2007-12-27 19:24:55 0 d-------- C:\Documents and Settings\Marc\Application Data\AdobeUM
2007-12-27 19:03:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-12-27 18:54:32 11776 --a------ C:\WINDOWS\system32\drivers\pdiddcci.sys <Not Verified; Portrait Displays, Inc.; Portrait Displays DDC/CI Monitor Device Driver>
2007-12-27 18:54:25 0 d-------- C:\Program Files\Portrait Displays
2007-12-27 18:43:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2007-12-27 18:24:03 0 d-------- C:\Program Files\Common Files\L&H
2007-12-27 18:24:01 0 d-------- C:\Program Files\Microsoft.NET
2007-12-27 18:23:57 0 d-------- C:\Program Files\Microsoft ActiveSync
2007-12-27 18:23:31 0 d-------- C:\WINDOWS\SHELLNEW
2007-12-27 18:11:24 0 d-------- C:\Program Files\Canon
2007-12-27 18:10:41 0 d-------- C:\WINDOWS\Profiles
2007-12-27 18:10:40 0 d-------- C:\WINDOWS\system32\Adobe
2007-12-27 18:10:40 0 d-------- C:\Program Files\Common Files\Adobe
2007-12-27 18:10:40 0 d-------- C:\Documents and Settings\Marc\Application Data\InterTrust
2007-12-27 18:09:25 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2007-12-27 18:08:41 0 d--h----- C:\CanoScan
2007-12-26 21:50:29 0 d-------- C:\Documents and Settings\All Users\Application Data\LightScribe
2007-12-26 21:15:01 0 d-------- C:\Documents and Settings\Marc\Application Data\Macromedia
2007-12-26 21:15:01 0 d-------- C:\Documents and Settings\Marc\Application Data\Adobe
2007-12-26 02:56:32 18048 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2007-12-26 02:56:32 271360 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2007-12-26 02:46:37 0 d-------- C:\Program Files\Gothic III
2007-12-26 02:37:48 0 d-------- C:\WINDOWS\system32\Lang
2007-12-26 02:29:08 24576 -ra------ C:\WINDOWS\system32\AsIO.dll <Not Verified; ; AsIO Dynamic Link Library>
2007-12-26 02:28:48 0 d-------- C:\Program Files\ASUS
2007-12-26 02:21:33 49152 -r------- C:\WINDOWS\system32\ChCfg.exe
2007-12-26 02:21:25 0 d-------- C:\WINDOWS\system32\RTCOM
2007-12-26 02:20:06 0 d-------- C:\Program Files\Realtek
2007-12-26 02:19:59 499712 -r------- C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2007-12-26 02:08:33 0 d-------- C:\WINDOWS\network diagnostic
2007-12-26 01:29:29 0 d-------- C:\WINDOWS\system32\PreInstall
2007-12-26 01:29:27 0 d--h----- C:\WINDOWS\$hf_mig$
2007-12-26 01:25:53 0 d-------- C:\WINDOWS\nview
2007-12-26 01:21:42 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2007-12-26 01:21:17 0 d-------- C:\WINDOWS\Prefetch
2007-12-26 01:15:02 0 d-------- C:\WINDOWS\provisioning
2007-12-26 01:15:02 0 d-------- C:\WINDOWS\peernet
2007-12-26 01:14:18 0 d-------- C:\WINDOWS\ServicePackFiles
2007-12-26 01:12:35 0 d-------- C:\WINDOWS\EHome
2007-12-26 01:06:41 0 d-------- C:\Documents and Settings\Marc\Application Data\Ahead
2007-12-26 01:05:30 0 d-------- C:\Documents and Settings\Marc\Application Data\AVG7
2007-12-26 01:05:21 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-26 01:05:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-26 01:04:29 0 d-------- C:\Program Files\Nero
2007-12-26 01:04:29 0 d-------- C:\Program Files\Common Files\Ahead
2007-12-26 01:04:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-12-26 00:57:12 0 d-------- C:\af09b71b1a2a61d7a7fb372ed298428f
2007-12-26 00:56:56 0 d-------- C:\d895793aa6d3f6d1503a5842eb2eca35
2007-12-26 00:54:59 0 d---s---- C:\WINDOWS\system32\Microsoft
2007-12-26 00:54:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-12-26 00:54:41 26112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-26 00:54:41 0 d--h---c- C:\WINDOWS\$xpsp1hfm$
2007-12-26 00:54:41 0 d-------- C:\1396b121bf696b73b62244bb62d4b9e2
2007-12-26 00:22:35 0 d-------- C:\WINDOWS\RegisteredPackages
2007-12-26 00:22:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2007-12-26 00:03:51 0 d-------- C:\Program Files\xp-AntiSpy
2007-12-26 00:03:31 0 d-------- C:\WINDOWS\system32\bits
2007-12-26 00:01:18 0 d-------- C:\WINDOWS\SoftwareDistribution
2007-12-26 00:01:11 0 d--hs---- C:\Documents and Settings\Marc\UserData
2007-12-25 23:53:21 139264 -r------- C:\WINDOWS\system32\JMRaidAPI.dll <Not Verified; JMicron Technology Corp.; JMB36X RAID API Dynamic Link Library>
2007-12-25 23:53:20 1953792 -r------- C:\WINDOWS\system32\JMRaidSetup.exe <Not Verified; JMicron Technology Corp.; JMicron JMB36X RAID Configurer>
2007-12-25 23:53:14 0 d-------- C:\WINDOWS\JM
2007-12-25 23:35:57 0 d-------- C:\WINDOWS\ASUSInstAll
2007-12-25 23:33:37 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-25 23:33:27 22 --a------ C:\WINDOWS\FileName
2007-12-25 23:33:24 0 d-------- C:\Program Files\NVIDIA Corporation
2007-12-25 23:33:20 495616 -ra------ C:\WINDOWS\system32\AsusSetup.exe <Not Verified; ASUS; AsusSetup>
2007-12-25 23:32:06 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2007-12-25 23:32:00 0 d-------- C:\WINDOWS\NV9882000.TMP
2007-12-25 23:31:50 0 d-------- C:\Program Files\Common Files\InstallShield
2007-12-25 23:30:49 10288 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2007-12-25 23:20:12 0 d--hs---- C:\WINDOWS\Installer
2007-12-25 23:20:11 0 d-------- C:\Documents and Settings\Marc\Application Data\Identities
2007-12-25 23:20:06 0 d--h----- C:\Documents and Settings\Marc\Templates
2007-12-25 23:20:06 0 dr------- C:\Documents and Settings\Marc\Start Menu
2007-12-25 23:20:06 0 dr-h----- C:\Documents and Settings\Marc\SendTo
2007-12-25 23:20:06 0 dr-h----- C:\Documents and Settings\Marc\Recent
2007-12-25 23:20:06 0 d--h----- C:\Documents and Settings\Marc\PrintHood
2007-12-25 23:20:06 4718592 --ah----- C:\Documents and Settings\Marc\NTUSER.DAT
2007-12-25 23:20:06 0 d--h----- C:\Documents and Settings\Marc\NetHood
2007-12-25 23:20:06 0 dr------- C:\Documents and Settings\Marc\My Documents
2007-12-25 23:20:06 0 d--h----- C:\Documents and Settings\Marc\Local Settings
2007-12-25 23:20:06 0 dr------- C:\Documents and Settings\Marc\Favorites
2007-12-25 23:20:06 0 d-------- C:\Documents and Settings\Marc\Desktop
2007-12-25 23:20:06 0 d--hs---- C:\Documents and Settings\Marc\Cookies
2007-12-25 23:20:06 0 dr-h----- C:\Documents and Settings\Marc\Application Data
2007-12-25 23:18:48 0 d--hs---- C:\System Volume Information
2007-12-25 23:18:48 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2007-12-25 23:18:48 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2007-12-25 23:18:48 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2007-12-25 23:18:48 0 d-------- C:\Documents and Settings\LocalService\Application Data
2007-12-25 23:18:48 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2007-12-25 23:18:47 262144 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2007-12-25 23:18:47 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2007-12-25 23:18:47 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2007-12-25 23:18:47 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2007-12-25 23:18:47 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2007-12-25 23:16:57 0 d-------- C:\WINDOWS\system32\xircom
2007-12-25 23:16:57 0 d-------- C:\Program Files\microsoft frontpage
2007-12-25 23:16:52 262144 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT
2007-12-25 23:16:50 0 -rahs---- C:\MSDOS.SYS
2007-12-25 23:16:50 0 -rahs---- C:\IO.SYS
2007-12-25 23:16:50 0 --a------ C:\CONFIG.SYS
2007-12-25 23:16:50 0 --a------ C:\AUTOEXEC.BAT
2007-12-25 23:16:27 0 d--hs---- C:\Documents and Settings\All Users\DRM
2007-12-25 23:16:23 0 dr------- C:\WINDOWS\Offline Web Pages
2007-12-25 23:16:23 0 d---s---- C:\WINDOWS\Downloaded Program Files
2007-12-25 23:16:13 0 d-------- C:\WINDOWS\srchasst
2007-12-25 23:16:09 0 d-------- C:\WINDOWS\system32\Macromed
2007-12-25 23:16:09 0 d-------- C:\WINDOWS\system32\DirectX
2007-12-25 23:16:01 0 d-------- C:\Program Files\Movie Maker
2007-12-25 23:15:43 0 d-------- C:\WINDOWS\system32\Restore
2007-12-25 23:15:40 0 d-------- C:\WINDOWS\PCHEALTH
2007-12-25 23:15:36 0 d---s---- C:\WINDOWS\Tasks
2007-12-25 23:15:34 0 d-------- C:\Program Files\Common Files\MSSoap
2007-12-25 23:15:21 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-12-25 23:15:19 0 d-------- C:\WINDOWS\Registration
2007-12-25 23:15:18 0 d--h----- C:\Program Files\WindowsUpdate
2007-12-25 23:15:18 0 d-------- C:\Program Files\Online Services
2007-12-25 23:15:16 0 d-------- C:\Program Files\Messenger
2007-12-25 23:15:10 0 d-------- C:\Program Files\MSN Gaming Zone
2007-12-25 23:15:04 0 d-------- C:\Program Files\Windows NT
2007-12-25 23:14:57 0 d-------- C:\WINDOWS\system32\MsDtc
2007-12-25 23:14:55 0 d-------- C:\WINDOWS\system32\Com
2007-12-25 23:09:35 0 d-------- C:\Program Files\Common Files\ODBC
2007-12-25 23:09:34 0 dr------- C:\Program Files
2007-12-25 23:09:34 0 d-------- C:\Program Files\Common Files
2007-12-25 23:09:34 0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-12-25 23:09:22 0 d--h----- C:\Documents and Settings\Default User\Templates
2007-12-25 23:09:22 0 dr------- C:\Documents and Settings\Default User\Start Menu
2007-12-25 23:09:22 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2007-12-25 23:09:22 0 d--h----- C:\Documents and Settings\Default User\Recent
2007-12-25 23:09:22 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2007-12-25 23:09:22 0 d--h----- C:\Documents and Settings\Default User\NetHood
2007-12-25 23:09:22 0 d-------- C:\Documents and Settings\Default User\My Documents
2007-12-25 23:09:22 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2007-12-25 23:09:22 0 d-------- C:\Documents and Settings\Default User\Favorites
2007-12-25 23:09:22 0 d-------- C:\Documents and Settings\Default User\Desktop
2007-12-25 23:09:22 0 d---s---- C:\Documents and Settings\Default User\Cookies
2007-12-25 23:09:22 0 d--h----- C:\Documents and Settings\All Users\Templates
2007-12-25 23:09:22 0 dr------- C:\Documents and Settings\All Users\Start Menu
2007-12-25 23:09:22 0 d-------- C:\Documents and Settings\All Users\Favorites
2007-12-25 23:09:22 0 dr------- C:\Documents and Settings\All Users\Documents
2007-12-25 23:09:22 0 d-------- C:\Documents and Settings\All Users\Desktop
2007-12-25 23:09:15 0 d-------- C:\WINDOWS\system32\CatRoot2
2007-12-25 23:09:15 0 d-------- C:\WINDOWS\system32\CatRoot
2007-12-25 23:09:10 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2007-12-25 23:09:10 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2007-12-25 23:09:10 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2007-12-25 23:09:10 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2007-12-25 23:08:58 0 d-------- C:\Documents and Settings
2007-12-25 23:01:25 0 d-------- C:\WINDOWS
2007-12-25 23:01:25 0 d-------- C:\WINDOWS\WinSxS
2007-12-25 23:01:25 0 dr------- C:\WINDOWS\Web
2007-12-25 23:01:25 0 d-------- C:\WINDOWS\twain_32
2007-12-25 23:01:25 0 d-------- C:\WINDOWS\system32
2007-12-25 23:01:25 0 d-------- C:\WINDOWS\system32\wins
2007-12-25 23:01:25 0 d-------- C:\WINDOWS\system32\wbem
2007-12-25 23:01:25 0 d-------- C:\WINDOWS\system32\usmt
2007-12-25 23:01:25 0 d-------- C:\WINDOWS\system32\spool
2007-12-25 23:01:25 0 d-------- C:\WINDOWS\system32\ShellExt
2007-12-25 23:01:25 0 d-------- C:\WINDOWS\system32\Setup
2007-12-25 23:01:25 0 d-------- C:\WINDOWS\system32\ras
2007-12-25 23:01:25 0 d-------- C:\WINDOWS\system32\oobe
2007-12-25 23:01:25 0 d-------- C:\WINDOWS\system32\npp
2007-12-25 23:01:25 0 d-------- C:\WINDOWS\system32\mui
2007-12-25 23:01:25 0 d-------- C:\WINDOWS\system32\inetsrv
2007-12-25 23:01:25 0 d-------- C:\WINDOWS\system32\IME
2007-12-25 23:01:25 0 d-------- C:\WINDOWS\system32\icsxml
2007-12-25 23:01:25 0 d-------- C:\WINDOWS\system32\ias
2007-12-25 23:01:25 0 d-------- C:\WINDOWS\system32\export
2007-12-25 23:01:25 0 d-------- C:\WINDOWS\system32\drivers
2007-12-25 23:01:25 0 d-------- C:\WINDOWS\system32\drivers\etc
2007-12-25 23:01:25 0 d-------- C:\WINDOWS\system32\drivers\disdn
2007-12-25 23:01:25 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2007-12-25 23:01:25 0 d-------- C:\WINDOWS\system32\dhcp
2007-12-25 23:01:25 0 d-------- C:\WINDOWS\system32\config
2007-12-25 23:01:25 0 d-------- C:\WINDOWS\system32\3com_dmi
2007-12-25 23:01:25 0 d-------- C:\WINDOWS\system32\3076
2007-12-25 23:01:25 0 d-------- C:\WINDOWS\system32\2052
2007-12-25 23:01:25 0 d-------- C:\WINDOWS\system32\1054
2007-12-25 23:01:25 0 d-------- C:\WINDOWS\system32\1042
2007-12-25 23:01:25 0 d-------- C:\WINDOWS\system32\1041
2007-12-25 23:01:25 0 d-------- C:\WINDOWS\system32\1037
2007-12-25 23:01:25 0 d-------- C:\WINDOWS\system32\1033
2007-12-25 23:01:25 0 d-------- C:\WINDOWS\system32\1031
2007-12-25 23:01:25 0 d-------- C:\WINDOWS\system32\1028
2007-12-25 23:01:25 0 d-------- C:\WINDOWS\system32\1025
2007-12-25 23:01:25 0 d-------- C:\WINDOWS\system
2007-12-25 23:01:25 0 d-------- C:\WINDOWS\security
2007-12-25 23:01:25 0 d-------- C:\WINDOWS\Resources
2007-12-25 23:01:25 0 d-------- C:\WINDOWS\repair
2007-12-25 23:01:25 0 d-------- C:\WINDOWS\OemDir
2007-12-25 23:01:25 0 d-------- C:\WINDOWS\mui
2007-12-25 23:01:25 0 d-------- C:\WINDOWS\msapps
2007-12-25 23:01:25 0 d-------- C:\WINDOWS\msagent
2007-12-25 23:01:25 0 d-------- C:\WINDOWS\Media
2007-12-25 23:01:25 0 d-------- C:\WINDOWS\java
2007-12-25 23:01:25 0 d--h----- C:\WINDOWS\inf
2007-12-25 23:01:25 0 d-------- C:\WINDOWS\ime
2007-12-25 23:01:25 0 d-------- C:\WINDOWS\Help
2007-12-25 23:01:25 0 dr--s---- C:\WINDOWS\Fonts
2007-12-25 23:01:25 0 d-------- C:\WINDOWS\Driver Cache
2007-12-25 23:01:25 0 d-------- C:\WINDOWS\Debug
2007-12-25 23:01:25 0 d-------- C:\WINDOWS\Cursors
2007-12-25 23:01:25 0 d-------- C:\WINDOWS\Connection Wizard
2007-12-25 23:01:25 0 d-------- C:\WINDOWS\Config
2007-12-25 23:01:25 0 d-------- C:\WINDOWS\AppPatch
2007-12-25 23:01:25 0 d-------- C:\WINDOWS\addins

/////////////////////////////End Part 1////////////////////////////////

Edited by Marc Parchow Figueiredo, 20 January 2008 - 04:15 AM.

  • 0

#4
Marc Parchow Figueiredo
Posted 20 January 2008 - 04:16 AM

Marc Parchow Figueiredo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
/////////////////////////////DSS _Main Part2////////////////////

-- Find3M Report ---------------------------------------------------------------

2008-01-14 21:56:36 12800 --a------ C:\Documents and Settings\Marc\Application Data\Settings.cfg
2007-12-25 23:09:22 62 --ahs---- C:\Documents and Settings\Marc\Application Data\desktop.ini
2007-12-05 01:41:00 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2007-12-05 01:41:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-12-05 01:41:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-12-05 01:41:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-12-05 01:41:00 1474560 --a------ C:\WINDOWS\system32\nview.dll
2007-12-05 01:41:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-12-05 01:41:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-12-05 01:41:00 425984 --a------ C:\WINDOWS\system32\keystone.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-8287-79A187E26987}]
24-10-2007 14:27 1918936 --a------ C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-8287-79A187E26987}"= C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL [24-10-2007 14:27 1918936]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-8287-79A187E26987}]
[HKEY_CLASSES_ROOT\vmntoolbar.VMNTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="C:\WINDOWS\System32\nvraidservice.exe" [07-04-2006 10:37]
"nTrayFw"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [17-02-2006 10:40]
"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [30-10-2006 12:44]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [26-12-2007 01:06]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [04-07-2007 14:20]
"nwiz"="nwiz.exe" [05-12-2007 01:41 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [14-11-2006 09:21 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [16-05-2006 10:04 C:\WINDOWS\SkyTel.exe]
"Alcmtr"="ALCMTR.EXE" [03-05-2005 10:43 C:\WINDOWS\Alcmtr.exe]
"AsusStartupHelp"="C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe" [14-11-2006 06:25]
"DT Task"="C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe" [03-11-2006 13:20]
"WINDVDPatch"="CTHELPER.EXE" [02-07-2002 17:56 C:\WINDOWS\system32\CTHELPER.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [11-05-2000 01:00]
"Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [29-11-2001 01:00]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25-09-2007 01:11]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [23-01-2007 15:44 C:\WINDOWS\KHALMNPR.Exe]
"CorelDRAW Graphics Suite 11b"="C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe" [25-11-2003 13:39]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [10-05-2007 22:46]
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [20-03-2007 16:40]
"@"="" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [04-07-2007 14:01]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04-08-2004 07:56]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" [07-12-2007 15:03]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [04-09-2007 19:25]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [27-02-2007 11:39]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [13-09-2007 13:31]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [04-01-2008 22:50:44]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20-12-2006 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 27-02-2007 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"



-- End of Deckard's System Scanner: finished at 2008-01-20 00:48:50 ------------

///////////////////////////End Part 2//////////////////////////////
  • 0

#5
Marc Parchow Figueiredo
Posted 20 January 2008 - 04:17 AM

Marc Parchow Figueiredo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
///////////////////DSS _Extras////////////////////

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz
CPU 1: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz
CPU 2: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz
CPU 3: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz
Percentage of Memory in Use: 35%
Physical Memory (total/avail): 2046.47 MiB / 1314.73 MiB
Pagefile Memory (total/avail): 4453.02 MiB / 3935.23 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1930.23 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 97.65 GiB total, 81.31 GiB free.
D: is Fixed (NTFS) - 368.1 GiB total, 50.47 GiB free.
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is CDROM (No Media)
P: is Fixed (NTFS) - 3.02 GiB total, 0.5 GiB free.

\\.\PHYSICALDRIVE0 - FUJITSU MPB3032ATU E - 3.02 GiB - 1 partition
\PARTITION0 - Installable File System - 3.02 GiB - P:

\\.\PHYSICALDRIVE2 - ST3250410AS - 232.88 GiB - 2 partitions
\PARTITION0 (bootable) - Unknown - 230.36 GiB
\PARTITION1 - Extended Partition - 2.53 GiB

\\.\PHYSICALDRIVE1 - NVIDIA STRIPE 465.77G - 465.77 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 97.65 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 368.1 GiB - D:

\\.\PHYSICALDRIVE3 - Generic- Compact Flash USB Device

\\.\PHYSICALDRIVE6 - Generic- MS/MS-Pro USB Device

\\.\PHYSICALDRIVE5 - Generic- SD/MMC USB Device

\\.\PHYSICALDRIVE4 - Generic- SM/xD-Picture USB Device



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before install.
Windows Internal Firewall is enabled.

FW: ActiveArmor Firewall v1.0 (NVIDIA Corporation)
AV: AVG 7.5.516 v7.5.516 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\system32\\CNAC4RPK.EXE"="C:\\WINDOWS\\system32\\CNAC4RPK.EXE:*:Enabled:Canon LBP5000 RPC Server Process"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"="C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Marc\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=NINHO
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Marc
LOGONSERVER=\\NINHO
NUMBER_OF_PROCESSORS=4
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Teleca Shared
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 11, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0b
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Marc\LOCALS~1\Temp
TMP=C:\DOCUME~1\Marc\LOCALS~1\Temp
USERDOMAIN=NINHO
USERNAME=Marc
USERPROFILE=C:\Documents and Settings\Marc
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Marc (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative\SBLive\Program\Ctzapxx.EXE" /X /U /S
--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58582977-44D2-44A0-A09B-031CC2AE5938}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58582977-44D2-44A0-A09B-031CC2AE5938}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A731533B-B325-4D9C-91A4-D93C8E294C19}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A731533B-B325-4D9C-91A4-D93C8E294C19}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
a-squared Free 2.0 --> "C:\Program Files\a-squared Free\unins000.exe"
AC-3 ACM Decompressor --> C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\AC3ACM.inf
AceFTP 3 Freeware --> "C:\Program Files\AceFTP\uninst-ftp.exe"
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Add or Remove Adobe Creative Suite 3 Design Premium --> C:\Program Files\Common Files\Adobe\Installers\c14ac4070fd9614ffe63f4bb533db2c\Setup.exe
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe BridgeTalk Plugin CS3 --> MsiExec.exe /I{B7F560B3-6EFF-4026-A982-843895A41149}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Creative Suite 3 Design Premium --> MsiExec.exe /I{D1C18EDD-571A-4BDD-BE7B-1DD86027D7FF}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3 --> MsiExec.exe /I{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Extension Manager CS3 --> MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Flash CS3 --> MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
Adobe Flash Player 9 Plugin --> MsiExec.exe /X{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Video Encoder --> MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Illustrator CS3 --> MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
Adobe InDesign CS3 --> MsiExec.exe /I{CB3F8375-B600-4B9F-83C9-238ED1E583FD}
Adobe InDesign CS3 Icon Handler --> MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files --> MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Setup --> MsiExec.exe /I{09E2111C-16B1-4DDF-BF0D-F994C9A12350}
Adobe SING CS3 --> MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe Version Cue CS3 Server --> MsiExec.exe /I{1D58229F-C505-45CA-8223-F35F3A34B963}
Adobe WAS CS3 --> MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AHV content for Acrobat and Flash --> MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
ASUSUpdate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\setup.exe" -l0x9
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
BitComet 0.97 --> C:\Program Files\BitComet\uninst.exe
CachemanXP 1.12 --> C:\PROGRA~1\CACHEM~1\UNINST~1\UNWISE.EXE C:\PROGRA~1\CACHEM~1\UNINST~1\install.log
Canon CanoScan Toolbox 4.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BCE46757-7674-4416-BEDB-68205A60409E}\setup.exe" -l0x9
Canon LBP5000 --> C:\Program Files\Canon\PrnUninstall\Canon LBP5000\CNAC4UN.EXE
CDDRV_Installer --> MsiExec.exe /I{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}
CorelDRAW Graphics Suite 12 --> MsiExec.exe /I{505AFDC0-5E72-4928-8368-5DEA385E3647}
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Firebird 2.0.1 --> "C:\Program Files\Firebird\Firebird_2_0\unins000.exe"
GoodSync V6 --> "C:\Program Files\GoodSync\uninstall.exe"
Gothic III --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{02B244A2-7F6A-42E8-A36F-8C385D7A1625}\setup.exe" -l0x9 -removeonly
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Program Files\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP My Display --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84288B51-B162-47FB-A74E-25C6D67E44BB}\setup.exe" -l0x9 -removeonly
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
JMB36X Raid Configurer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\setup.exe" -l0x9 -removeonly
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
KhalSetup --> MsiExec.exe /I{C89C8D86-4423-4A58-AA40-DD259ACE07C1}
LightScribe System Software 1.10.27.1 --> MsiExec.exe /X{CBCF859F-04BE-4A07-B6FA-F4FAD69EF1ED}
Logitech SetPoint --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9 -removeonly
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office 2003 Proofing Tools --> MsiExec.exe /I{901F0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office 2003 Resource Kit --> MsiExec.exe /I{90240409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero 7 Essentials --> MsiExec.exe /X{3BDEE284-1516-40E8-B784-00FEBE1B1033}
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA ForceWare Network Access Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{1F6423DE-7959-4178-80E0-023C7EAA5347} /l1033
NVIDIA nTune --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF} /l1033
Passware Kit 5.7 --> C:\PROGRA~1\MICROS~2\Passware\UNWISE.EXE /U C:\PROGRA~1\MICROS~2\Passware\kit.log
PC Probe II --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}\setup.exe" -l0x9
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x9 -removeonly
SiSoftware Sandra Standard 2004.SP2 (Win32 x86) --> "C:\Program Files\Sandra2004\unins000.exe"
Skype™ 3.5 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sony Ericsson Device Data --> MsiExec.exe /I{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}
Sony Ericsson Drivers --> MsiExec.exe /I{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}
Sony Ericsson PC Suite --> C:\WINDOWS\Installer\{D6BF6477-8369-489F-8DE6-3731F4B88560}\Setup.exe /uninstall
Sound Blaster Live! Web 2K/XP --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FCAADB8-EB1B-11D6-AB2D-0090271A23A2}\Setup.exe" -l0x9
Spybot - Search & Destroy 1.3 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Tablet --> C:\Program Files\Tablet\Remove.exe /u
TeT - Facturacao --> C:\Program Files\TeT\Facturacao\TeTuninstall.exe
VMN Toolbar --> C:\Program Files\vmntoolbar\uninstall.exe
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
winLAME prerelease4 --> MsiExec.exe /I{062BFFA1-0CCC-400B-B840-F162328D8C00}
xp-AntiSpy 3.96-6 --> C:\Program Files\xp-AntiSpy\Uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type970 / Error
Event Submitted/Written: 01/20/2008 00:47:50 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: This network connection does not exist.

Event Record #/Type969 / Error
Event Submitted/Written: 01/20/2008 00:47:50 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: This operation returned because the timeout period expired.

Event Record #/Type968 / Error
Event Submitted/Written: 01/20/2008 00:46:24 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: This network connection does not exist.

Event Record #/Type967 / Error
Event Submitted/Written: 01/20/2008 00:46:24 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: This network connection does not exist.

Event Record #/Type966 / Error
Event Submitted/Written: 01/20/2008 00:46:24 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: This operation returned because the timeout period expired.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type3494 / Error
Event Submitted/Written: 01/19/2008 10:57:28 PM
Event ID/Source: 7022 / Service Control Manager
Event Description:
The TabletService service hung on starting.

Event Record #/Type3461 / Error
Event Submitted/Written: 01/19/2008 08:09:14 PM
Event ID/Source: 7022 / Service Control Manager
Event Description:
The TabletService service hung on starting.

Event Record #/Type3425 / Error
Event Submitted/Written: 01/19/2008 08:20:09 AM
Event ID/Source: 7022 / Service Control Manager
Event Description:
The TabletService service hung on starting.

Event Record #/Type3412 / Warning
Event Submitted/Written: 01/19/2008 00:18:34 AM
Event ID/Source: 20 / Print
Event Description:
Printer Driver Adobe PDF Converter for Windows NT x86 Version-3 was added or updated. Files:- PSCRIPT5.DLL, Ps5ui.dll, ADPDF8.PPD, Pscript.hlp, ADREGP.DLL, ADUIGP.DLL, ADGELP.INI, PSCRIPT.NTF.

Event Record #/Type3407 / Warning
Event Submitted/Written: 01/19/2008 00:17:06 AM
Event ID/Source: 3 / Print
Event Description:
Printer Adobe PDF was deleted.



-- End of Deckard's System Scanner: finished at 2008-01-20 00:48:50 ------------

/////////////////////////End Extras/////////////////////////////////
  • 0

#6
Marc Parchow Figueiredo
Posted 20 January 2008 - 04:19 AM

Marc Parchow Figueiredo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
////////////////////////////////////Kaspersky///////////////////////////////



-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, January 20, 2008 10:06:42 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 20/01/2008
Kaspersky Anti-Virus database records: 524621
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
F:\
G:\
H:\
I:\
J:\
P:\

Scan Statistics:
Total number of scanned objects: 148808
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 01:00:45

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Marc\Application Data\Skype\qualalbatroz\call256.dbb Object is locked skipped
C:\Documents and Settings\Marc\Application Data\Skype\qualalbatroz\callmember256.dbb Object is locked skipped
C:\Documents and Settings\Marc\Application Data\Skype\qualalbatroz\chat512.dbb Object is locked skipped
C:\Documents and Settings\Marc\Application Data\Skype\qualalbatroz\chatmember256.dbb Object is locked skipped
C:\Documents and Settings\Marc\Application Data\Skype\qualalbatroz\chatmsg256.dbb Object is locked skipped
C:\Documents and Settings\Marc\Application Data\Skype\qualalbatroz\chatmsg512.dbb Object is locked skipped
C:\Documents and Settings\Marc\Application Data\Skype\qualalbatroz\contactgroup256.dbb Object is locked skipped
C:\Documents and Settings\Marc\Application Data\Skype\qualalbatroz\dyncontent\bundle.dat Object is locked skipped
C:\Documents and Settings\Marc\Application Data\Skype\qualalbatroz\index2.dat Object is locked skipped
C:\Documents and Settings\Marc\Application Data\Skype\qualalbatroz\profile4096.dbb Object is locked skipped
C:\Documents and Settings\Marc\Application Data\Skype\qualalbatroz\user1024.dbb Object is locked skipped
C:\Documents and Settings\Marc\Application Data\Skype\qualalbatroz\user16384.dbb Object is locked skipped
C:\Documents and Settings\Marc\Application Data\Skype\qualalbatroz\user256.dbb Object is locked skipped
C:\Documents and Settings\Marc\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SUPERANTISPYWARE.LOG Object is locked skipped
C:\Documents and Settings\Marc\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Marc\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped
C:\Documents and Settings\Marc\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped
C:\Documents and Settings\Marc\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Marc\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Marc\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Marc\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Marc\Local Settings\History\History.IE5\MSHist012008012020080121\index.dat Object is locked skipped
C:\Documents and Settings\Marc\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Marc\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Marc\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Marc\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\access_log Object is locked skipped
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\error.log Object is locked skipped
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\error_log Object is locked skipped
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\ssl_request_log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{957EBFD6-ED2A-4EB2-AE05-CA1C07E062FA}\RP92\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\hlktmp Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_1b4.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{957EBFD6-ED2A-4EB2-AE05-CA1C07E062FA}\RP92\change.log Object is locked skipped
P:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
P:\System Volume Information\_restore{957EBFD6-ED2A-4EB2-AE05-CA1C07E062FA}\RP92\change.log Object is locked skipped

Scan process completed.


///////////////////////////End Kaspersky///////////////////////////////
  • 0

#7
Marc Parchow Figueiredo
Posted 20 January 2008 - 04:21 AM

Marc Parchow Figueiredo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
///////////////////////////Rootchk//////////////////////////////////

********************************* ROOTCHK-(28-12-07)-LOG, by ejvindh
20-01-2008 0:53:28,96

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end


catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-20 00:53:29
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...
IPC error: 2 The system cannot find the file specified.

scanning hidden services & system hive ...
IPC error: 2 The system cannot find the file specified.

scanning hidden registry entries ...

scanning hidden files ...
IPC error: 2 The system cannot find the file specified.

hidden processes: 0
hidden services: 0
hidden files: 0

//////////////////////////End Rootchk////////////////////////////


Thanks for your time!
Marc
  • 0

#8
Rorschach112
Posted 20 January 2008 - 09:02 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Your logs are clean, you have nothing to worry about. I saw something that may be responsible, you have two firewalls running, so you need to disable Windows Firewall

1. Click Start, click Run, type Firewall.cpl, and then click OK.
2. On the General tab, click Off (not recommended), and then click OK.



1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.



You can delete the programs we ran


Now we need to create a new System Restore point.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.



You now need to update your Java and remove your older versions.

Please follow these steps to remove older version Java components.

* Click Start > Control Panel.
* Click Add/Remove Programs.
* Check any item with Java Runtime Environment (JRE) in the name.
* Click the Remove or Change/Remove button.

Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
here



Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts.

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.
  • 0

#9
Marc Parchow Figueiredo
Posted 22 January 2008 - 02:12 PM

Marc Parchow Figueiredo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Hello,

I did what you said, but, still, everytime I start Bitcomet, my Internet Connection goes haywire: Bitcomet doesn't work, outlook doesn´t work and any browser (IE or Firefox) works very badly - It loads a page, or part of a page and stops - I have to reload for it to load another littel bit of the page. I mean the connection is there, but it doesn´t "move".

I Use cable connected to a wireless rooter and have 3 computers connected to the net. The other computers are OK and bitcomet works on them. I'm sorry it I burden you with useless information, but I have no idea of how to help you understand my problem.

Oh, and another thing - everytime i start my computer the same folder-window opens. Ever since the time I had some problems re-instalint the drivers for my videocard.

Please Help!

Thanks, Marc
  • 0

#10
Rorschach112
Posted 22 January 2008 - 05:54 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello Marc

This isn't a malware issue unfortunately, so you would be better off posting in the Windows XP forum and tell them your problems. Tell them I sent you from here.


Good luck
  • 0

#11
Marc Parchow Figueiredo
Posted 23 January 2008 - 01:30 AM

Marc Parchow Figueiredo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Thank you for your help!
M.
  • 0

#12
Rorschach112
Posted 23 January 2008 - 06:58 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP